Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible trojan/virus infection "Verified By Visa"


  • Please log in to reply
10 replies to this topic

#1 pete301

pete301

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:03:26 PM

Posted 07 March 2012 - 06:16 PM

Hi everyone,

I have recently been having a few problems with firefox in particular (not being able to click on certain things especially on gmail) and it has been acting very slow. I thought nothing of it at first. However I have just been to purchase something online and as I was going to checkout I had a popup (it wasn't in a separate window and it was a new website to me so I foolishly thought it genuine) asking for my card details through verified by visa, although it was asking a few odd questions such as my ATM pin number. Unfortunately I was in a hurry and decided to throw in my pin number, but on the next stage of the so called "verified by visa" pop up it was asking for my parent's maiden name which made me very suspicious.

I immediately closed firefox and attempted the same transaction in google chrome, what I'm using right now, I found that this popup did not appear when attempting the transaction although I still did not complete the transaction for fear of safety.

I have read about that I could have a backdoor trojan or something. I have ran spybot s&d, and I attempted to run malware bytes, however my computer restarted unexpectedly at the start of the scan (another telling sign). I managed to run malware bytes in safe mode, however both that and spybot came up with nothing. I would like to know if there is anything I can do to get rid of this, there doesn't seem to be anything that out of the ordinary in my processes list either.

Thanks in advance,
Pete

p.s. I have moved my money temporarily to a savings account in case I have given away any details. I feel so stupid :S.

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,040 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:26 AM

Posted 07 March 2012 - 09:12 PM

First call the Card Bank and apprise them of this so they can watch the card and perhaps close it.
Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall



Lets see if we can find what was here.


Run RKill....


Download and Run RKill
  • Please download RKill by Grinler from one of the 4 links below and save it to your desktop.

    Link 1
    Link 2
    Link 3
    Link 4

  • Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.
  • Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
  • A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
  • If nothing happens or if the tool does not run, please let me know in your next reply

Do not reboot your computer after running rkill as the malware programs will start again. Or if rebooting is required run it again.


If you continue having problems running rkill.com, you can download iExplore.exe or eXplorer.exe, which are renamed copies of rkill.com, and try them instead.



Next run Superantisypware (SAS):

Download and scan with SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)
  • In the Main Menu, click the Preferences... button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.
If you have a problem downloading, installing or getting SAS to run, try downloading and using the SUPERAntiSpyware Portable Scanner instead. Save the randomly named file (i.e. SAS_1710895.COM) to a usb drive or CD and transfer to the infected computer. Then double-click on it to launch and scan. The file is randomly named to help keep malware from blocking the scanner.


Rerun MBAM (MalwareBytes) like this:

Open MBAM in normal mode and click Update tab, select Check for Updates,when done
click Scanner tab,select Quick scan and scan (normal mode).
After scan click Remove Selected, Post new scan log and Reboot into normal mode.



Please download TDSSKiller.zip and and extract it.
  • Run TDSSKiller.exe.
  • Click Start scan.
  • When it is finished the utility outputs a list of detected objects with description.
    The utility automatically selects an action (Cure or Delete) for malicious objects.
    The utility prompts the user to select an action to apply to suspicious objects (Skip, by default). Let the options as it is and click Continue
  • Let reboot if needed and tell me if the tool needed a reboot.
  • Click on Report and post the contents of the text file that will open.

    Note: By default, the utility outputs the log into system disk (it is usually the disk with installed operating system, C:\) root folder. The Log has a name like: TDSSKiller.Version_Date_Time_log.txt.



If TDSSKiller does not run, try renaming it. To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to these[/color] instructions. [color=green]In some cases it may be necessary to redownload TDSSKiller and randomly rename it before downloading and saving to the computer.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 pete301

pete301
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:03:26 PM

Posted 08 March 2012 - 07:25 AM

Thank you for the reply :). I have gone through all of the steps that you explained. SAS highlighted a lot of tracker files however I think they're all nearly harmless. TDSS did highlight 2 major threats however. Here are the logs for both. Yes I did have to reboot after using TDSS.

SAS:


SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 03/08/2012 at 06:31 AM

Application Version : 5.0.1146

Core Rules Database Version : 8315
Trace Rules Database Version: 6127

Scan type : Quick Scan
Total Scan Time : 00:06:51

Operating System Information
Windows 7 Professional 64-bit, Service Pack 1 (Build 6.01.7601)
UAC Off - Administrator

Memory items scanned : 606
Memory threats detected : 0
Registry items scanned : 58386
Registry threats detected : 0
File items scanned : 15351
File threats detected : 150

Adware.Tracking Cookie
E:\Users\Pete\AppData\Roaming\Microsoft\Windows\Cookies\pete@atdmt[1].txt [ /atdmt ]
E:\Users\Pete\AppData\Roaming\Microsoft\Windows\Cookies\pete@bs.serving-sys[1].txt [ /bs.serving-sys ]
E:\Users\Pete\AppData\Roaming\Microsoft\Windows\Cookies\pete@bs.serving-sys[2].txt [ /bs.serving-sys ]
E:\Users\Pete\AppData\Roaming\Microsoft\Windows\Cookies\pete@imrworldwide[2].txt [ /imrworldwide ]
E:\Users\Pete\AppData\Roaming\Microsoft\Windows\Cookies\pete@maniapub.trackmania[2].txt [ /maniapub.trackmania ]
E:\Users\Pete\AppData\Roaming\Microsoft\Windows\Cookies\pete@protectyourbubblecom.solution.weborama[2].txt [ /protectyourbubblecom.solution.weborama ]
E:\Users\Pete\AppData\Roaming\Microsoft\Windows\Cookies\pete@serving-sys[1].txt [ /serving-sys ]
E:\Users\Pete\AppData\Roaming\Microsoft\Windows\Cookies\pete@serving-sys[3].txt [ /serving-sys ]
E:\Users\Pete\AppData\Roaming\Microsoft\Windows\Cookies\pete@weborama[1].txt [ /weborama ]
E:\Users\Pete\AppData\Roaming\Microsoft\Windows\Cookies\SF7ULW2M.txt [ /amazon-adsystem.com ]
E:\Users\Pete\AppData\Roaming\Microsoft\Windows\Cookies\G3D6FA2S.txt [ /openstat.net ]
E:\Users\Pete\AppData\Roaming\Microsoft\Windows\Cookies\Y7IFX8ZX.txt [ /uk.at.atwola.com ]
E:\Users\Pete\AppData\Roaming\Microsoft\Windows\Cookies\PQ62IHJB.txt [ /in.getclicky.com ]
E:\USERS\PETE\Cookies\pete@maniapub.trackmania[2].txt [ Cookie:pete@maniapub.trackmania.com/banner/ ]
E:\USERS\PETE\Cookies\pete@serving-sys[3].txt [ Cookie:pete@serving-sys.com/ ]
E:\USERS\PETE\Cookies\SF7ULW2M.txt [ Cookie:pete@amazon-adsystem.com/ ]
E:\USERS\PETE\Cookies\pete@imrworldwide[2].txt [ Cookie:pete@imrworldwide.com/cgi-bin ]
E:\USERS\PETE\Cookies\Y7IFX8ZX.txt [ Cookie:pete@uk.at.atwola.com/ ]
E:\USERS\PETE\Cookies\PQ62IHJB.txt [ Cookie:pete@in.getclicky.com/ ]
.eaeacom.112.2o7.net [ E:\USERS\PETE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.specificclick.net [ E:\USERS\PETE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.atdmt.com [ E:\USERS\PETE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ E:\USERS\PETE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.liveperson.net [ E:\USERS\PETE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ E:\USERS\PETE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ E:\USERS\PETE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ E:\USERS\PETE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ E:\USERS\PETE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.phones4ultd.112.2o7.net [ E:\USERS\PETE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
accounts.google.com [ E:\USERS\PETE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adtech.de [ E:\USERS\PETE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www4.smartadserver.com [ E:\USERS\PETE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.liveperson.net [ E:\USERS\PETE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adtech.de [ E:\USERS\PETE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adtech.de [ E:\USERS\PETE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adbrite.com [ E:\USERS\PETE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.liveperson.net [ E:\USERS\PETE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.crakmedia.com [ E:\USERS\PETE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.girlsteachsex.com [ E:\USERS\PETE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media6degrees.com [ E:\USERS\PETE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.exoclick.com [ E:\USERS\PETE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.crakmedia.com [ E:\USERS\PETE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.crakmedia.com [ E:\USERS\PETE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ads.crakmedia.com [ E:\USERS\PETE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adserver.adtechus.com [ E:\USERS\PETE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.divx.112.2o7.net [ E:\USERS\PETE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.syndication.traffichaus.com [ E:\USERS\PETE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.syndication.traffichaus.com [ E:\USERS\PETE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.syndication.traffichaus.com [ E:\USERS\PETE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ E:\USERS\PETE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ E:\USERS\PETE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.nickelodeonuk.112.2o7.net [ E:\USERS\PETE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ E:\USERS\PETE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ E:\USERS\PETE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ E:\USERS\PETE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ E:\USERS\PETE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.bs.serving-sys.com [ E:\USERS\PETE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adviva.net [ E:\USERS\PETE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.247realmedia.com [ E:\USERS\PETE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.247realmedia.com [ E:\USERS\PETE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.doubleclick.net [ E:\USERS\PETE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.liveperson.net [ E:\USERS\PETE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.liveperson.net [ E:\USERS\PETE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
server.lon.liveperson.net [ E:\USERS\PETE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.doubleclick.net [ E:\USERS\PETE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ E:\USERS\PETE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.martiniadnetwork.com [ E:\USERS\PETE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.martiniadnetwork.com [ E:\USERS\PETE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.martiniadnetwork.com [ E:\USERS\PETE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ E:\USERS\PETE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ E:\USERS\PETE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ E:\USERS\PETE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ E:\USERS\PETE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ E:\USERS\PETE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media6degrees.com [ E:\USERS\PETE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ E:\USERS\PETE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ E:\USERS\PETE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ E:\USERS\PETE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ E:\USERS\PETE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adbrite.com [ E:\USERS\PETE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adbrite.com [ E:\USERS\PETE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ E:\USERS\PETE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ E:\USERS\PETE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ E:\USERS\PETE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ E:\USERS\PETE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ E:\USERS\PETE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ E:\USERS\PETE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
tracking.oggifinogi.com [ E:\USERS\PETE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ E:\USERS\PETE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ E:\USERS\PETE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ E:\USERS\PETE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.247realmedia.com [ E:\USERS\PETE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.kontera.com [ E:\USERS\PETE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.at.atwola.com [ E:\USERS\PETE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ E:\USERS\PETE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
track.solocpm.com [ E:\USERS\PETE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
track.solocpm.com [ E:\USERS\PETE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
track.solocpm.com [ E:\USERS\PETE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
track.solocpm.com [ E:\USERS\PETE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
track.solocpm.com [ E:\USERS\PETE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
track.solocpm.com [ E:\USERS\PETE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
track.solocpm.com [ E:\USERS\PETE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
track.solocpm.com [ E:\USERS\PETE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
track.solocpm.com [ E:\USERS\PETE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
track.solocpm.com [ E:\USERS\PETE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
track.solocpm.com [ E:\USERS\PETE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
track.solocpm.com [ E:\USERS\PETE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
track.solocpm.com [ E:\USERS\PETE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
track.solocpm.com [ E:\USERS\PETE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
track.solocpm.com [ E:\USERS\PETE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
track.solocpm.com [ E:\USERS\PETE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
track.solocpm.com [ E:\USERS\PETE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
track.solocpm.com [ E:\USERS\PETE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
track.solocpm.com [ E:\USERS\PETE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
track.solocpm.com [ E:\USERS\PETE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
track.solocpm.com [ E:\USERS\PETE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
track.solocpm.com [ E:\USERS\PETE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
track.solocpm.com [ E:\USERS\PETE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ru4.com [ E:\USERS\PETE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tradedoubler.com [ E:\USERS\PETE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tradedoubler.com [ E:\USERS\PETE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tradedoubler.com [ E:\USERS\PETE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ E:\USERS\PETE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ E:\USERS\PETE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media6degrees.com [ E:\USERS\PETE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media6degrees.com [ E:\USERS\PETE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media6degrees.com [ E:\USERS\PETE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media6degrees.com [ E:\USERS\PETE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media6degrees.com [ E:\USERS\PETE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ E:\USERS\PETE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ E:\USERS\PETE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ E:\USERS\PETE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ E:\USERS\PETE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ E:\USERS\PETE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tribalfusion.com [ E:\USERS\PETE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.solvemedia.com [ E:\USERS\PETE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.solvemedia.com [ E:\USERS\PETE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.atdmt.com [ E:\USERS\PETE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.h.atdmt.com [ E:\USERS\PETE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.h.atdmt.com [ E:\USERS\PETE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.atdmt.com [ E:\USERS\PETE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.atdmt.com [ E:\USERS\PETE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.h.atdmt.com [ E:\USERS\PETE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.h.atdmt.com [ E:\USERS\PETE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ E:\USERS\PETE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ E:\USERS\PETE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ E:\USERS\PETE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ E:\USERS\PETE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ E:\USERS\PETE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.microsoftsto.112.2o7.net [ E:\USERS\PETE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]


TDSS:

12:09:17.0703 4572 TDSS rootkit removing tool 2.7.19.0 Mar 5 2012 11:23:39
12:09:17.0805 4572 ============================================================
12:09:17.0805 4572 Current date / time: 2012/03/08 12:09:17.0805
12:09:17.0805 4572 SystemInfo:
12:09:17.0805 4572
12:09:17.0805 4572 OS Version: 6.1.7601 ServicePack: 1.0
12:09:17.0805 4572 Product type: Workstation
12:09:17.0805 4572 ComputerName: PETE-PC
12:09:17.0805 4572 UserName: Pete
12:09:17.0805 4572 Windows directory: E:\Windows
12:09:17.0806 4572 System windows directory: E:\Windows
12:09:17.0806 4572 Running under WOW64
12:09:17.0806 4572 Processor architecture: Intel x64
12:09:17.0806 4572 Number of processors: 2
12:09:17.0806 4572 Page size: 0x1000
12:09:17.0806 4572 Boot type: Normal boot
12:09:17.0806 4572 ============================================================
12:09:18.0715 4572 Drive \Device\Harddisk0\DR0 - Size: 0x7470AFDE00 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
12:09:18.0732 4572 Drive \Device\Harddisk1\DR1 - Size: 0x2E93D2DE00 (186.31 Gb), SectorSize: 0x200, Cylinders: 0x5F01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
12:09:18.0737 4572 Drive \Device\Harddisk2\DR2 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
12:09:18.0739 4572 \Device\Harddisk0\DR0:
12:09:18.0739 4572 MBR used
12:09:18.0739 4572 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x4E1EDEC
12:09:18.0748 4572 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x4E1EE6A, BlocksNum 0x4E1EDEC
12:09:18.0755 4572 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x9C3DC95, BlocksNum 0x2CA58B63
12:09:18.0755 4572 \Device\Harddisk1\DR1:
12:09:18.0755 4572 MBR used
12:09:18.0755 4572 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x17499EC1
12:09:18.0755 4572 \Device\Harddisk2\DR2:
12:09:18.0756 4572 MBR used
12:09:18.0756 4572 \Device\Harddisk2\DR2\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x27E8DFD0
12:09:18.0756 4572 \Device\Harddisk2\DR2\Partition1: MBR, Type 0xB, StartLBA 0x27E8E00F, BlocksNum 0x124F6C32
12:09:18.0863 4572 Initialize success
12:09:18.0863 4572 ============================================================
12:09:27.0438 2408 ============================================================
12:09:27.0438 2408 Scan started
12:09:27.0438 2408 Mode: Manual;
12:09:27.0438 2408 ============================================================
12:09:28.0634 2408 1394ohci (a87d604aea360176311474c87a63bb88) E:\Windows\system32\drivers\1394ohci.sys
12:09:28.0637 2408 1394ohci - ok
12:09:28.0685 2408 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) E:\Windows\system32\drivers\ACPI.sys
12:09:28.0689 2408 ACPI - ok
12:09:28.0709 2408 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) E:\Windows\system32\drivers\acpipmi.sys
12:09:28.0709 2408 AcpiPmi - ok
12:09:28.0754 2408 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) E:\Windows\system32\drivers\adp94xx.sys
12:09:28.0760 2408 adp94xx - ok
12:09:28.0785 2408 adpahci (597f78224ee9224ea1a13d6350ced962) E:\Windows\system32\drivers\adpahci.sys
12:09:28.0789 2408 adpahci - ok
12:09:28.0812 2408 adpu320 (e109549c90f62fb570b9540c4b148e54) E:\Windows\system32\drivers\adpu320.sys
12:09:28.0815 2408 adpu320 - ok
12:09:28.0881 2408 AFD (1c7857b62de5994a75b054a9fd4c3825) E:\Windows\system32\drivers\afd.sys
12:09:28.0886 2408 AFD - ok
12:09:28.0912 2408 agp440 (608c14dba7299d8cb6ed035a68a15799) E:\Windows\system32\drivers\agp440.sys
12:09:28.0913 2408 agp440 - ok
12:09:28.0944 2408 aliide (5812713a477a3ad7363c7438ca2ee038) E:\Windows\system32\drivers\aliide.sys
12:09:28.0945 2408 aliide - ok
12:09:28.0966 2408 amdide (1ff8b4431c353ce385c875f194924c0c) E:\Windows\system32\drivers\amdide.sys
12:09:28.0967 2408 amdide - ok
12:09:28.0992 2408 AmdK8 (7024f087cff1833a806193ef9d22cda9) E:\Windows\system32\drivers\amdk8.sys
12:09:28.0994 2408 AmdK8 - ok
12:09:29.0008 2408 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) E:\Windows\system32\drivers\amdppm.sys
12:09:29.0009 2408 AmdPPM - ok
12:09:29.0033 2408 amdsata (6ec6d772eae38dc17c14aed9b178d24b) E:\Windows\system32\drivers\amdsata.sys
12:09:29.0035 2408 amdsata - ok
12:09:29.0064 2408 amdsbs (f67f933e79241ed32ff46a4f29b5120b) E:\Windows\system32\drivers\amdsbs.sys
12:09:29.0066 2408 amdsbs - ok
12:09:29.0080 2408 amdxata (1142a21db581a84ea5597b03a26ebaa0) E:\Windows\system32\drivers\amdxata.sys
12:09:29.0081 2408 amdxata - ok
12:09:29.0110 2408 AppID (89a69c3f2f319b43379399547526d952) E:\Windows\system32\drivers\appid.sys
12:09:29.0111 2408 AppID - ok
12:09:29.0180 2408 arc (c484f8ceb1717c540242531db7845c4e) E:\Windows\system32\drivers\arc.sys
12:09:29.0182 2408 arc - ok
12:09:29.0199 2408 arcsas (019af6924aefe7839f61c830227fe79c) E:\Windows\system32\drivers\arcsas.sys
12:09:29.0201 2408 arcsas - ok
12:09:29.0260 2408 AsyncMac (769765ce2cc62867468cea93969b2242) E:\Windows\system32\DRIVERS\asyncmac.sys
12:09:29.0261 2408 AsyncMac - ok
12:09:29.0280 2408 atapi (02062c0b390b7729edc9e69c680a6f3c) E:\Windows\system32\drivers\atapi.sys
12:09:29.0281 2408 atapi - ok
12:09:29.0354 2408 b06bdrv (3e5b191307609f7514148c6832bb0842) E:\Windows\system32\drivers\bxvbda.sys
12:09:29.0360 2408 b06bdrv - ok
12:09:29.0397 2408 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) E:\Windows\system32\DRIVERS\b57nd60a.sys
12:09:29.0401 2408 b57nd60a - ok
12:09:29.0433 2408 Beep (16a47ce2decc9b099349a5f840654746) E:\Windows\system32\drivers\Beep.sys
12:09:29.0433 2408 Beep - ok
12:09:29.0474 2408 blbdrive (61583ee3c3a17003c4acd0475646b4d3) E:\Windows\system32\DRIVERS\blbdrive.sys
12:09:29.0475 2408 blbdrive - ok
12:09:29.0524 2408 bowser (6c02a83164f5cc0a262f4199f0871cf5) E:\Windows\system32\DRIVERS\bowser.sys
12:09:29.0526 2408 bowser - ok
12:09:29.0573 2408 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) E:\Windows\system32\drivers\BrFiltLo.sys
12:09:29.0574 2408 BrFiltLo - ok
12:09:29.0590 2408 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) E:\Windows\system32\drivers\BrFiltUp.sys
12:09:29.0591 2408 BrFiltUp - ok
12:09:29.0616 2408 Brserid (43bea8d483bf1870f018e2d02e06a5bd) E:\Windows\System32\Drivers\Brserid.sys
12:09:29.0620 2408 Brserid - ok
12:09:29.0639 2408 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) E:\Windows\System32\Drivers\BrSerWdm.sys
12:09:29.0640 2408 BrSerWdm - ok
12:09:29.0660 2408 BrUsbMdm (b79968002c277e869cf38bd22cd61524) E:\Windows\System32\Drivers\BrUsbMdm.sys
12:09:29.0662 2408 BrUsbMdm - ok
12:09:29.0681 2408 BrUsbSer (a87528880231c54e75ea7a44943b38bf) E:\Windows\System32\Drivers\BrUsbSer.sys
12:09:29.0682 2408 BrUsbSer - ok
12:09:29.0699 2408 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) E:\Windows\system32\drivers\bthmodem.sys
12:09:29.0701 2408 BTHMODEM - ok
12:09:29.0731 2408 cdfs (b8bd2bb284668c84865658c77574381a) E:\Windows\system32\DRIVERS\cdfs.sys
12:09:29.0733 2408 cdfs - ok
12:09:29.0764 2408 cdrom (f036ce71586e93d94dab220d7bdf4416) E:\Windows\system32\DRIVERS\cdrom.sys
12:09:29.0766 2408 cdrom - ok
12:09:29.0798 2408 circlass (d7cd5c4e1b71fa62050515314cfb52cf) E:\Windows\system32\drivers\circlass.sys
12:09:29.0799 2408 circlass - ok
12:09:29.0827 2408 CLFS (fe1ec06f2253f691fe36217c592a0206) E:\Windows\system32\CLFS.sys
12:09:29.0831 2408 CLFS - ok
12:09:29.0916 2408 CmBatt (0840155d0bddf1190f84a663c284bd33) E:\Windows\system32\drivers\CmBatt.sys
12:09:29.0917 2408 CmBatt - ok
12:09:29.0937 2408 cmdide (e19d3f095812725d88f9001985b94edd) E:\Windows\system32\drivers\cmdide.sys
12:09:29.0938 2408 cmdide - ok
12:09:29.0963 2408 CNG (c4943b6c962e4b82197542447ad599f4) E:\Windows\system32\Drivers\cng.sys
12:09:29.0968 2408 CNG - ok
12:09:29.0987 2408 Compbatt (102de219c3f61415f964c88e9085ad14) E:\Windows\system32\drivers\compbatt.sys
12:09:29.0988 2408 Compbatt - ok
12:09:30.0010 2408 CompositeBus (03edb043586cceba243d689bdda370a8) E:\Windows\system32\DRIVERS\CompositeBus.sys
12:09:30.0012 2408 CompositeBus - ok
12:09:30.0100 2408 cpuz135 (c08063f052308b6f5882482615387f30) E:\Windows\system32\drivers\cpuz135_x64.sys
12:09:30.0101 2408 cpuz135 - ok
12:09:30.0124 2408 crcdisk (1c827878a998c18847245fe1f34ee597) E:\Windows\system32\drivers\crcdisk.sys
12:09:30.0125 2408 crcdisk - ok
12:09:30.0189 2408 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) E:\Windows\system32\drivers\csc.sys
12:09:30.0195 2408 CSC - ok
12:09:30.0231 2408 dalwdmservice (ec4dc5382f53386002f9b74587321ead) E:\Windows\system32\drivers\dalwdm.sys
12:09:30.0233 2408 dalwdmservice - ok
12:09:30.0291 2408 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) E:\Windows\system32\Drivers\dfsc.sys
12:09:30.0293 2408 DfsC - ok
12:09:30.0332 2408 DGUSBAP (18fe76610c8ab90340d3bddb4f48bd49) E:\Windows\system32\DRIVERS\dgmbx2.sys
12:09:30.0335 2408 DGUSBAP - ok
12:09:30.0381 2408 DigiNet (cc3b49b032527c7e7dfdab8946e80e9c) E:\Windows\system32\DRIVERS\diginet.sys
12:09:30.0382 2408 DigiNet - ok
12:09:30.0433 2408 discache (13096b05847ec78f0977f2c0f79e9ab3) E:\Windows\system32\drivers\discache.sys
12:09:30.0434 2408 discache - ok
12:09:30.0472 2408 Disk (9819eee8b5ea3784ec4af3b137a5244c) E:\Windows\system32\drivers\disk.sys
12:09:30.0474 2408 Disk - ok
12:09:30.0512 2408 dmvsc (5db085a8a6600be6401f2b24eecb5415) E:\Windows\system32\drivers\dmvsc.sys
12:09:30.0513 2408 dmvsc - ok
12:09:30.0558 2408 drmkaud (9b19f34400d24df84c858a421c205754) E:\Windows\system32\drivers\drmkaud.sys
12:09:30.0559 2408 drmkaud - ok
12:09:30.0589 2408 dtsoftbus01 (9f98d7afa293947a0dfc6ffd4671fe70) E:\Windows\system32\DRIVERS\dtsoftbus01.sys
12:09:30.0592 2408 dtsoftbus01 - ok
12:09:30.0631 2408 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) E:\Windows\System32\drivers\dxgkrnl.sys
12:09:30.0653 2408 DXGKrnl - ok
12:09:30.0730 2408 ebdrv (dc5d737f51be844d8c82c695eb17372f) E:\Windows\system32\drivers\evbda.sys
12:09:30.0798 2408 ebdrv - ok
12:09:30.0843 2408 elxstor (0e5da5369a0fcaea12456dd852545184) E:\Windows\system32\drivers\elxstor.sys
12:09:30.0849 2408 elxstor - ok
12:09:30.0862 2408 ErrDev (34a3c54752046e79a126e15c51db409b) E:\Windows\system32\drivers\errdev.sys
12:09:30.0863 2408 ErrDev - ok
12:09:30.0896 2408 exfat (a510c654ec00c1e9bdd91eeb3a59823b) E:\Windows\system32\drivers\exfat.sys
12:09:30.0899 2408 exfat - ok
12:09:30.0946 2408 fastfat (0adc83218b66a6db380c330836f3e36d) E:\Windows\system32\drivers\fastfat.sys
12:09:30.0949 2408 fastfat - ok
12:09:30.0967 2408 fdc (d765d19cd8ef61f650c384f62fac00ab) E:\Windows\system32\DRIVERS\fdc.sys
12:09:30.0968 2408 fdc - ok
12:09:30.0988 2408 FileInfo (655661be46b5f5f3fd454e2c3095b930) E:\Windows\system32\drivers\fileinfo.sys
12:09:30.0990 2408 FileInfo - ok
12:09:31.0002 2408 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) E:\Windows\system32\drivers\filetrace.sys
12:09:31.0003 2408 Filetrace - ok
12:09:31.0015 2408 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) E:\Windows\system32\DRIVERS\flpydisk.sys
12:09:31.0016 2408 flpydisk - ok
12:09:31.0045 2408 FltMgr (da6b67270fd9db3697b20fce94950741) E:\Windows\system32\drivers\fltmgr.sys
12:09:31.0048 2408 FltMgr - ok
12:09:31.0067 2408 FsDepends (d43703496149971890703b4b1b723eac) E:\Windows\system32\drivers\FsDepends.sys
12:09:31.0068 2408 FsDepends - ok
12:09:31.0094 2408 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) E:\Windows\system32\drivers\Fs_Rec.sys
12:09:31.0095 2408 Fs_Rec - ok
12:09:31.0124 2408 fvevol (1f7b25b858fa27015169fe95e54108ed) E:\Windows\system32\DRIVERS\fvevol.sys
12:09:31.0127 2408 fvevol - ok
12:09:31.0153 2408 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) E:\Windows\system32\drivers\gagp30kx.sys
12:09:31.0156 2408 gagp30kx - ok
12:09:31.0206 2408 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) E:\Windows\system32\DRIVERS\GEARAspiWDM.sys
12:09:31.0207 2408 GEARAspiWDM - ok
12:09:31.0240 2408 ggflt (a4198f2bd8aa592cb90476277a81b5e1) E:\Windows\system32\DRIVERS\ggflt.sys
12:09:31.0241 2408 ggflt - ok
12:09:31.0259 2408 ggsemc (d266350bdaab9eb6c1aec370eeaaff3a) E:\Windows\system32\DRIVERS\ggsemc.sys
12:09:31.0260 2408 ggsemc - ok
12:09:31.0328 2408 hcw85cir (f2523ef6460fc42405b12248338ab2f0) E:\Windows\system32\drivers\hcw85cir.sys
12:09:31.0329 2408 hcw85cir - ok
12:09:31.0361 2408 HdAudAddService (975761c778e33cd22498059b91e7373a) E:\Windows\system32\drivers\HdAudio.sys
12:09:31.0365 2408 HdAudAddService - ok
12:09:31.0393 2408 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) E:\Windows\system32\DRIVERS\HDAudBus.sys
12:09:31.0395 2408 HDAudBus - ok
12:09:31.0415 2408 HidBatt (78e86380454a7b10a5eb255dc44a355f) E:\Windows\system32\drivers\HidBatt.sys
12:09:31.0416 2408 HidBatt - ok
12:09:31.0438 2408 HidBth (7fd2a313f7afe5c4dab14798c48dd104) E:\Windows\system32\drivers\hidbth.sys
12:09:31.0440 2408 HidBth - ok
12:09:31.0460 2408 HidIr (0a77d29f311b88cfae3b13f9c1a73825) E:\Windows\system32\drivers\hidir.sys
12:09:31.0462 2408 HidIr - ok
12:09:31.0492 2408 HidUsb (9592090a7e2b61cd582b612b6df70536) E:\Windows\system32\DRIVERS\hidusb.sys
12:09:31.0493 2408 HidUsb - ok
12:09:31.0521 2408 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) E:\Windows\system32\drivers\HpSAMD.sys
12:09:31.0523 2408 HpSAMD - ok
12:09:31.0583 2408 HTTP (0ea7de1acb728dd5a369fd742d6eee28) E:\Windows\system32\drivers\HTTP.sys
12:09:31.0604 2408 HTTP - ok
12:09:31.0631 2408 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) E:\Windows\system32\drivers\hwpolicy.sys
12:09:31.0632 2408 hwpolicy - ok
12:09:31.0661 2408 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) E:\Windows\system32\drivers\i8042prt.sys
12:09:31.0663 2408 i8042prt - ok
12:09:31.0689 2408 iaStorV (3df4395a7cf8b7a72a5f4606366b8c2d) E:\Windows\system32\drivers\iaStorV.sys
12:09:31.0695 2408 iaStorV - ok
12:09:31.0714 2408 iirsp (5c18831c61933628f5bb0ea2675b9d21) E:\Windows\system32\drivers\iirsp.sys
12:09:31.0715 2408 iirsp - ok
12:09:31.0731 2408 intelide (f00f20e70c6ec3aa366910083a0518aa) E:\Windows\system32\drivers\intelide.sys
12:09:31.0732 2408 intelide - ok
12:09:31.0753 2408 intelppm (ada036632c664caa754079041cf1f8c1) E:\Windows\system32\DRIVERS\intelppm.sys
12:09:31.0754 2408 intelppm - ok
12:09:31.0776 2408 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) E:\Windows\system32\DRIVERS\ipfltdrv.sys
12:09:31.0778 2408 IpFilterDriver - ok
12:09:31.0791 2408 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) E:\Windows\system32\drivers\IPMIDrv.sys
12:09:31.0793 2408 IPMIDRV - ok
12:09:31.0819 2408 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) E:\Windows\system32\drivers\ipnat.sys
12:09:31.0821 2408 IPNAT - ok
12:09:31.0870 2408 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) E:\Windows\system32\drivers\irenum.sys
12:09:31.0871 2408 IRENUM - ok
12:09:31.0892 2408 isapnp (2f7b28dc3e1183e5eb418df55c204f38) E:\Windows\system32\drivers\isapnp.sys
12:09:31.0893 2408 isapnp - ok
12:09:31.0910 2408 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) E:\Windows\system32\drivers\msiscsi.sys
12:09:31.0914 2408 iScsiPrt - ok
12:09:31.0940 2408 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) E:\Windows\system32\DRIVERS\kbdclass.sys
12:09:31.0941 2408 kbdclass - ok
12:09:31.0966 2408 kbdhid (0705eff5b42a9db58548eec3b26bb484) E:\Windows\system32\DRIVERS\kbdhid.sys
12:09:31.0967 2408 kbdhid - ok
12:09:31.0993 2408 KSecDD (da1e991a61cfdd755a589e206b97644b) E:\Windows\system32\Drivers\ksecdd.sys
12:09:31.0995 2408 KSecDD - ok
12:09:32.0014 2408 KSecPkg (7e33198d956943a4f11a5474c1e9106f) E:\Windows\system32\Drivers\ksecpkg.sys
12:09:32.0016 2408 KSecPkg - ok
12:09:32.0041 2408 ksthunk (6869281e78cb31a43e969f06b57347c4) E:\Windows\system32\drivers\ksthunk.sys
12:09:32.0042 2408 ksthunk - ok
12:09:32.0108 2408 LHidFilt (b6552d382ff070b4ed34cbd6737277c0) E:\Windows\system32\DRIVERS\LHidFilt.Sys
12:09:32.0109 2408 LHidFilt - ok
12:09:32.0165 2408 lltdio (1538831cf8ad2979a04c423779465827) E:\Windows\system32\DRIVERS\lltdio.sys
12:09:32.0166 2408 lltdio - ok
12:09:32.0199 2408 LMouFilt (73c1f563ab73d459dffe682d66476558) E:\Windows\system32\DRIVERS\LMouFilt.Sys
12:09:32.0200 2408 LMouFilt - ok
12:09:32.0238 2408 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) E:\Windows\system32\drivers\lsi_fc.sys
12:09:32.0239 2408 LSI_FC - ok
12:09:32.0258 2408 LSI_SAS (1047184a9fdc8bdbff857175875ee810) E:\Windows\system32\drivers\lsi_sas.sys
12:09:32.0260 2408 LSI_SAS - ok
12:09:32.0281 2408 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) E:\Windows\system32\drivers\lsi_sas2.sys
12:09:32.0282 2408 LSI_SAS2 - ok
12:09:32.0303 2408 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) E:\Windows\system32\drivers\lsi_scsi.sys
12:09:32.0305 2408 LSI_SCSI - ok
12:09:32.0329 2408 luafv (43d0f98e1d56ccddb0d5254cff7b356e) E:\Windows\system32\drivers\luafv.sys
12:09:32.0331 2408 luafv - ok
12:09:32.0396 2408 MBX2DFU (ab817ddc828ce19a7114383b5f28f4cc) E:\Windows\system32\DRIVERS\dgmbx2fu.sys
12:09:32.0397 2408 MBX2DFU - ok
12:09:32.0436 2408 MBX2MIDK (dac8c2266bcf42e5ed41673d96f4fe4b) E:\Windows\system32\drivers\mbx2midk.sys
12:09:32.0437 2408 MBX2MIDK - ok
12:09:32.0471 2408 megasas (a55805f747c6edb6a9080d7c633bd0f4) E:\Windows\system32\drivers\megasas.sys
12:09:32.0472 2408 megasas - ok
12:09:32.0492 2408 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) E:\Windows\system32\drivers\MegaSR.sys
12:09:32.0496 2408 MegaSR - ok
12:09:32.0523 2408 Modem (800ba92f7010378b09f9ed9270f07137) E:\Windows\system32\drivers\modem.sys
12:09:32.0524 2408 Modem - ok
12:09:32.0556 2408 monitor (b03d591dc7da45ece20b3b467e6aadaa) E:\Windows\system32\DRIVERS\monitor.sys
12:09:32.0557 2408 monitor - ok
12:09:32.0589 2408 mouclass (7d27ea49f3c1f687d357e77a470aea99) E:\Windows\system32\DRIVERS\mouclass.sys
12:09:32.0590 2408 mouclass - ok
12:09:32.0627 2408 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) E:\Windows\system32\DRIVERS\mouhid.sys
12:09:32.0628 2408 mouhid - ok
12:09:32.0686 2408 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) E:\Windows\system32\drivers\mountmgr.sys
12:09:32.0687 2408 mountmgr - ok
12:09:32.0705 2408 mpio (a44b420d30bd56e145d6a2bc8768ec58) E:\Windows\system32\drivers\mpio.sys
12:09:32.0708 2408 mpio - ok
12:09:32.0723 2408 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) E:\Windows\system32\drivers\mpsdrv.sys
12:09:32.0725 2408 mpsdrv - ok
12:09:32.0745 2408 MRxDAV (dc722758b8261e1abafd31a3c0a66380) E:\Windows\system32\drivers\mrxdav.sys
12:09:32.0747 2408 MRxDAV - ok
12:09:32.0770 2408 mrxsmb (a5d9106a73dc88564c825d317cac68ac) E:\Windows\system32\DRIVERS\mrxsmb.sys
12:09:32.0772 2408 mrxsmb - ok
12:09:32.0796 2408 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) E:\Windows\system32\DRIVERS\mrxsmb10.sys
12:09:32.0799 2408 mrxsmb10 - ok
12:09:32.0832 2408 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) E:\Windows\system32\DRIVERS\mrxsmb20.sys
12:09:32.0833 2408 mrxsmb20 - ok
12:09:32.0853 2408 msahci (c25f0bafa182cbca2dd3c851c2e75796) E:\Windows\system32\drivers\msahci.sys
12:09:32.0854 2408 msahci - ok
12:09:32.0877 2408 msdsm (db801a638d011b9633829eb6f663c900) E:\Windows\system32\drivers\msdsm.sys
12:09:32.0879 2408 msdsm - ok
12:09:32.0902 2408 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) E:\Windows\system32\drivers\Msfs.sys
12:09:32.0903 2408 Msfs - ok
12:09:32.0922 2408 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) E:\Windows\System32\drivers\mshidkmdf.sys
12:09:32.0923 2408 mshidkmdf - ok
12:09:32.0942 2408 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) E:\Windows\system32\drivers\msisadrv.sys
12:09:32.0943 2408 msisadrv - ok
12:09:32.0977 2408 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) E:\Windows\system32\drivers\MSKSSRV.sys
12:09:32.0978 2408 MSKSSRV - ok
12:09:32.0996 2408 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) E:\Windows\system32\drivers\MSPCLOCK.sys
12:09:32.0997 2408 MSPCLOCK - ok
12:09:33.0011 2408 MSPQM (4ed981241db27c3383d72092b618a1d0) E:\Windows\system32\drivers\MSPQM.sys
12:09:33.0012 2408 MSPQM - ok
12:09:33.0035 2408 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) E:\Windows\system32\drivers\MsRPC.sys
12:09:33.0040 2408 MsRPC - ok
12:09:33.0053 2408 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) E:\Windows\system32\DRIVERS\mssmbios.sys
12:09:33.0054 2408 mssmbios - ok
12:09:33.0088 2408 MSTEE (2e66f9ecb30b4221a318c92ac2250779) E:\Windows\system32\drivers\MSTEE.sys
12:09:33.0089 2408 MSTEE - ok
12:09:33.0111 2408 MTConfig (7ea404308934e675bffde8edf0757bcd) E:\Windows\system32\drivers\MTConfig.sys
12:09:33.0112 2408 MTConfig - ok
12:09:33.0133 2408 Mup (f9a18612fd3526fe473c1bda678d61c8) E:\Windows\system32\Drivers\mup.sys
12:09:33.0135 2408 Mup - ok
12:09:33.0166 2408 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) E:\Windows\system32\DRIVERS\nwifi.sys
12:09:33.0170 2408 NativeWifiP - ok
12:09:33.0207 2408 NDIS (79b47fd40d9a817e932f9d26fac0a81c) E:\Windows\system32\drivers\ndis.sys
12:09:33.0230 2408 NDIS - ok
12:09:33.0242 2408 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) E:\Windows\system32\DRIVERS\ndiscap.sys
12:09:33.0243 2408 NdisCap - ok
12:09:33.0276 2408 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) E:\Windows\system32\DRIVERS\ndistapi.sys
12:09:33.0277 2408 NdisTapi - ok
12:09:33.0304 2408 Ndisuio (136185f9fb2cc61e573e676aa5402356) E:\Windows\system32\DRIVERS\ndisuio.sys
12:09:33.0305 2408 Ndisuio - ok
12:09:33.0321 2408 NdisWan (53f7305169863f0a2bddc49e116c2e11) E:\Windows\system32\DRIVERS\ndiswan.sys
12:09:33.0324 2408 NdisWan - ok
12:09:33.0344 2408 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) E:\Windows\system32\drivers\NDProxy.sys
12:09:33.0345 2408 NDProxy - ok
12:09:33.0366 2408 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) E:\Windows\system32\DRIVERS\netbios.sys
12:09:33.0367 2408 NetBIOS - ok
12:09:33.0394 2408 NetBT (09594d1089c523423b32a4229263f068) E:\Windows\system32\DRIVERS\netbt.sys
12:09:33.0397 2408 NetBT - ok
12:09:33.0503 2408 nfrd960 (77889813be4d166cdab78ddba990da92) E:\Windows\system32\drivers\nfrd960.sys
12:09:33.0504 2408 nfrd960 - ok
12:09:33.0523 2408 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) E:\Windows\system32\drivers\Npfs.sys
12:09:33.0524 2408 Npfs - ok
12:09:33.0565 2408 nsiproxy (e7f5ae18af4168178a642a9247c63001) E:\Windows\system32\drivers\nsiproxy.sys
12:09:33.0566 2408 nsiproxy - ok
12:09:33.0608 2408 Ntfs (05d78aa5cb5f3f5c31160bdb955d0b7c) E:\Windows\system32\drivers\Ntfs.sys
12:09:33.0643 2408 Ntfs - ok
12:09:33.0659 2408 Null (9899284589f75fa8724ff3d16aed75c1) E:\Windows\system32\drivers\Null.sys
12:09:33.0660 2408 Null - ok
12:09:33.0927 2408 nvlddmkm (aa043614b7f65eaf7fa83068286d5981) E:\Windows\system32\DRIVERS\nvlddmkm.sys
12:09:34.0166 2408 nvlddmkm - ok
12:09:34.0210 2408 nvraid (5d9fd91f3d38dc9da01e3cb5fa89cd48) E:\Windows\system32\drivers\nvraid.sys
12:09:34.0213 2408 nvraid - ok
12:09:34.0230 2408 nvstor (f7cd50fe7139f07e77da8ac8033d1832) E:\Windows\system32\drivers\nvstor.sys
12:09:34.0232 2408 nvstor - ok
12:09:34.0269 2408 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) E:\Windows\system32\drivers\nv_agp.sys
12:09:34.0270 2408 nv_agp - ok
12:09:34.0287 2408 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) E:\Windows\system32\drivers\ohci1394.sys
12:09:34.0289 2408 ohci1394 - ok
12:09:34.0354 2408 OXYGEN (360cc26d92d05f2e174e8bb2e62e7ff6) E:\Windows\system32\DRIVERS\MAudioOxygen.sys
12:09:34.0356 2408 OXYGEN - ok
12:09:34.0418 2408 P17 (634347adebc790b8f07654a3ea8034fd) E:\Windows\system32\drivers\P17.sys
12:09:34.0453 2408 P17 - ok
12:09:34.0499 2408 Parport (0086431c29c35be1dbc43f52cc273887) E:\Windows\system32\DRIVERS\parport.sys
12:09:34.0500 2408 Parport - ok
12:09:34.0521 2408 partmgr (871eadac56b0a4c6512bbe32753ccf79) E:\Windows\system32\drivers\partmgr.sys
12:09:34.0523 2408 partmgr - ok
12:09:34.0549 2408 pci (94575c0571d1462a0f70bde6bd6ee6b3) E:\Windows\system32\drivers\pci.sys
12:09:34.0554 2408 pci - ok
12:09:34.0576 2408 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) E:\Windows\system32\drivers\pciide.sys
12:09:34.0577 2408 pciide - ok
12:09:34.0594 2408 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) E:\Windows\system32\drivers\pcmcia.sys
12:09:34.0597 2408 pcmcia - ok
12:09:34.0618 2408 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) E:\Windows\system32\drivers\pcw.sys
12:09:34.0619 2408 pcw - ok
12:09:34.0645 2408 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) E:\Windows\system32\drivers\peauth.sys
12:09:34.0653 2408 PEAUTH - ok
12:09:34.0713 2408 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) E:\Windows\system32\DRIVERS\raspptp.sys
12:09:34.0714 2408 PptpMiniport - ok
12:09:34.0734 2408 Processor (0d922e23c041efb1c3fac2a6f943c9bf) E:\Windows\system32\drivers\processr.sys
12:09:34.0736 2408 Processor - ok
12:09:34.0773 2408 Psched (0557cf5a2556bd58e26384169d72438d) E:\Windows\system32\DRIVERS\pacer.sys
12:09:34.0774 2408 Psched - ok
12:09:34.0816 2408 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) E:\Windows\system32\drivers\ql2300.sys
12:09:34.0850 2408 ql2300 - ok
12:09:34.0871 2408 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) E:\Windows\system32\drivers\ql40xx.sys
12:09:34.0873 2408 ql40xx - ok
12:09:34.0893 2408 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) E:\Windows\system32\drivers\qwavedrv.sys
12:09:34.0894 2408 QWAVEdrv - ok
12:09:34.0982 2408 RapportCerberus_34302 (5e0459ed0a8f540d2f7b6e52da12c9d4) E:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus64_34302.sys
12:09:34.0986 2408 RapportCerberus_34302 - ok
12:09:35.0042 2408 RapportEI64 (345caf7431b5e8d889e7f6fd15efae60) E:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys
12:09:35.0044 2408 RapportEI64 - ok
12:09:35.0106 2408 RapportKE64 (639e619348bb5184dcfa37b9ca6597c7) E:\Windows\system32\Drivers\RapportKE64.sys
12:09:35.0108 2408 RapportKE64 - ok
12:09:35.0194 2408 RapportPG64 (9bc1c7c30198d36f84a58018ce21fbda) E:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys
12:09:35.0195 2408 RapportPG64 - ok
12:09:35.0278 2408 RasAcd (5a0da8ad5762fa2d91678a8a01311704) E:\Windows\system32\DRIVERS\rasacd.sys
12:09:35.0279 2408 RasAcd - ok
12:09:35.0322 2408 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) E:\Windows\system32\DRIVERS\AgileVpn.sys
12:09:35.0323 2408 RasAgileVpn - ok
12:09:35.0341 2408 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) E:\Windows\system32\DRIVERS\rasl2tp.sys
12:09:35.0343 2408 Rasl2tp - ok
12:09:35.0360 2408 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) E:\Windows\system32\DRIVERS\raspppoe.sys
12:09:35.0362 2408 RasPppoe - ok
12:09:35.0386 2408 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) E:\Windows\system32\DRIVERS\rassstp.sys
12:09:35.0388 2408 RasSstp - ok
12:09:35.0404 2408 rdbss (77f665941019a1594d887a74f301fa2f) E:\Windows\system32\DRIVERS\rdbss.sys
12:09:35.0408 2408 rdbss - ok
12:09:35.0422 2408 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) E:\Windows\system32\DRIVERS\rdpbus.sys
12:09:35.0423 2408 rdpbus - ok
12:09:35.0441 2408 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) E:\Windows\system32\DRIVERS\RDPCDD.sys
12:09:35.0442 2408 RDPCDD - ok
12:09:35.0467 2408 RDPDR (1b6163c503398b23ff8b939c67747683) E:\Windows\system32\drivers\rdpdr.sys
12:09:35.0470 2408 RDPDR - ok
12:09:35.0490 2408 RDPENCDD (bb5971a4f00659529a5c44831af22365) E:\Windows\system32\drivers\rdpencdd.sys
12:09:35.0491 2408 RDPENCDD - ok
12:09:35.0509 2408 RDPREFMP (216f3fa57533d98e1f74ded70113177a) E:\Windows\system32\drivers\rdprefmp.sys
12:09:35.0510 2408 RDPREFMP - ok
12:09:35.0530 2408 RDPWD (15b66c206b5cb095bab980553f38ed23) E:\Windows\system32\drivers\RDPWD.sys
12:09:35.0533 2408 RDPWD - ok
12:09:35.0565 2408 rdyboost (34ed295fa0121c241bfef24764fc4520) E:\Windows\system32\drivers\rdyboost.sys
12:09:35.0568 2408 rdyboost - ok
12:09:35.0645 2408 RsFx0103 (cd553b8633466a6d1c115812f2619f1f) E:\Windows\system32\DRIVERS\RsFx0103.sys
12:09:35.0649 2408 RsFx0103 - ok
12:09:35.0687 2408 rspndr (ddc86e4f8e7456261e637e3552e804ff) E:\Windows\system32\DRIVERS\rspndr.sys
12:09:35.0689 2408 rspndr - ok
12:09:35.0732 2408 RTL8167 (4b42bc58294e83a6a92ec8b88c14c4a3) E:\Windows\system32\DRIVERS\Rt64win7.sys
12:09:35.0736 2408 RTL8167 - ok
12:09:35.0759 2408 s3cap (e60c0a09f997826c7627b244195ab581) E:\Windows\system32\drivers\vms3cap.sys
12:09:35.0761 2408 s3cap - ok
12:09:35.0850 2408 SASDIFSV (3289766038db2cb14d07dc84392138d5) E:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
12:09:35.0851 2408 SASDIFSV - ok
12:09:35.0874 2408 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) E:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
12:09:35.0875 2408 SASKUTIL - ok
12:09:35.0947 2408 sbp2port (ac03af3329579fffb455aa2daabbe22b) E:\Windows\system32\drivers\sbp2port.sys
12:09:35.0949 2408 sbp2port - ok
12:09:35.0978 2408 scfilter (253f38d0d7074c02ff8deb9836c97d2b) E:\Windows\system32\DRIVERS\scfilter.sys
12:09:35.0980 2408 scfilter - ok
12:09:36.0022 2408 secdrv (3ea8a16169c26afbeb544e0e48421186) E:\Windows\system32\drivers\secdrv.sys
12:09:36.0023 2408 secdrv - ok
12:09:36.0059 2408 Serenum (cb624c0035412af0debec78c41f5ca1b) E:\Windows\system32\DRIVERS\serenum.sys
12:09:36.0060 2408 Serenum - ok
12:09:36.0092 2408 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) E:\Windows\system32\DRIVERS\serial.sys
12:09:36.0094 2408 Serial - ok
12:09:36.0111 2408 sermouse (1c545a7d0691cc4a027396535691c3e3) E:\Windows\system32\drivers\sermouse.sys
12:09:36.0112 2408 sermouse - ok
12:09:36.0136 2408 sffdisk (a554811bcd09279536440c964ae35bbf) E:\Windows\system32\drivers\sffdisk.sys
12:09:36.0138 2408 sffdisk - ok
12:09:36.0152 2408 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) E:\Windows\system32\drivers\sffp_mmc.sys
12:09:36.0153 2408 sffp_mmc - ok
12:09:36.0169 2408 sffp_sd (dd85b78243a19b59f0637dcf284da63c) E:\Windows\system32\drivers\sffp_sd.sys
12:09:36.0170 2408 sffp_sd - ok
12:09:36.0183 2408 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) E:\Windows\system32\drivers\sfloppy.sys
12:09:36.0184 2408 sfloppy - ok
12:09:36.0209 2408 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) E:\Windows\system32\drivers\SiSRaid2.sys
12:09:36.0210 2408 SiSRaid2 - ok
12:09:36.0227 2408 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) E:\Windows\system32\drivers\sisraid4.sys
12:09:36.0229 2408 SiSRaid4 - ok
12:09:36.0250 2408 Smb (548260a7b8654e024dc30bf8a7c5baa4) E:\Windows\system32\DRIVERS\smb.sys
12:09:36.0252 2408 Smb - ok
12:09:36.0347 2408 spldr (b9e31e5cacdfe584f34f730a677803f9) E:\Windows\system32\drivers\spldr.sys
12:09:36.0348 2408 spldr - ok
12:09:36.0434 2408 srv (441fba48bff01fdb9d5969ebc1838f0b) E:\Windows\system32\DRIVERS\srv.sys
12:09:36.0439 2408 srv - ok
12:09:36.0474 2408 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) E:\Windows\system32\DRIVERS\srv2.sys
12:09:36.0479 2408 srv2 - ok
12:09:36.0494 2408 srvnet (27e461f0be5bff5fc737328f749538c3) E:\Windows\system32\DRIVERS\srvnet.sys
12:09:36.0497 2408 srvnet - ok
12:09:36.0562 2408 stexstor (f3817967ed533d08327dc73bc4d5542a) E:\Windows\system32\drivers\stexstor.sys
12:09:36.0563 2408 stexstor - ok
12:09:36.0606 2408 storflt (7785dc213270d2fc066538daf94087e7) E:\Windows\system32\drivers\vmstorfl.sys
12:09:36.0608 2408 storflt - ok
12:09:36.0640 2408 storvsc (d34e4943d5ac096c8edeebfd80d76e23) E:\Windows\system32\drivers\storvsc.sys
12:09:36.0642 2408 storvsc - ok
12:09:36.0686 2408 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) E:\Windows\system32\DRIVERS\swenum.sys
12:09:36.0687 2408 swenum - ok
12:09:36.0760 2408 Tcpip (fc62769e7bff2896035aeed399108162) E:\Windows\system32\drivers\tcpip.sys
12:09:36.0805 2408 Tcpip - ok
12:09:36.0853 2408 TCPIP6 (fc62769e7bff2896035aeed399108162) E:\Windows\system32\DRIVERS\tcpip.sys
12:09:36.0862 2408 TCPIP6 - ok
12:09:36.0897 2408 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) E:\Windows\system32\drivers\tcpipreg.sys
12:09:36.0898 2408 tcpipreg - ok
12:09:36.0915 2408 TDPIPE (3371d21011695b16333a3934340c4e7c) E:\Windows\system32\drivers\tdpipe.sys
12:09:36.0916 2408 TDPIPE - ok
12:09:36.0931 2408 TDTCP (e4245bda3190a582d55ed09e137401a9) E:\Windows\system32\drivers\tdtcp.sys
12:09:36.0933 2408 TDTCP - ok
12:09:36.0964 2408 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) E:\Windows\system32\DRIVERS\tdx.sys
12:09:36.0966 2408 tdx - ok
12:09:36.0976 2408 TermDD (561e7e1f06895d78de991e01dd0fb6e5) E:\Windows\system32\DRIVERS\termdd.sys
12:09:36.0977 2408 TermDD - ok
12:09:37.0026 2408 Tpkd (bd672184765a3e3ee117105632472920) E:\Windows\system32\drivers\Tpkd.sys
12:09:37.0027 2408 Tpkd - ok
12:09:37.0065 2408 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) E:\Windows\system32\DRIVERS\tssecsrv.sys
12:09:37.0067 2408 tssecsrv - ok
12:09:37.0084 2408 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) E:\Windows\system32\drivers\tsusbflt.sys
12:09:37.0085 2408 TsUsbFlt - ok
12:09:37.0106 2408 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) E:\Windows\system32\drivers\TsUsbGD.sys
12:09:37.0107 2408 TsUsbGD - ok
12:09:37.0131 2408 tunnel (3566a8daafa27af944f5d705eaa64894) E:\Windows\system32\DRIVERS\tunnel.sys
12:09:37.0133 2408 tunnel - ok
12:09:37.0148 2408 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) E:\Windows\system32\drivers\uagp35.sys
12:09:37.0150 2408 uagp35 - ok
12:09:37.0175 2408 udfs (ff4232a1a64012baa1fd97c7b67df593) E:\Windows\system32\DRIVERS\udfs.sys
12:09:37.0179 2408 udfs - ok
12:09:37.0203 2408 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) E:\Windows\system32\drivers\uliagpkx.sys
12:09:37.0204 2408 uliagpkx - ok
12:09:37.0230 2408 umbus (dc54a574663a895c8763af0fa1ff7561) E:\Windows\system32\DRIVERS\umbus.sys
12:09:37.0232 2408 umbus - ok
12:09:37.0245 2408 UmPass (b2e8e8cb557b156da5493bbddcc1474d) E:\Windows\system32\drivers\umpass.sys
12:09:37.0246 2408 UmPass - ok
12:09:37.0285 2408 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) E:\Windows\system32\Drivers\usbaapl64.sys
12:09:37.0286 2408 USBAAPL64 - ok
12:09:37.0317 2408 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) E:\Windows\system32\drivers\usbaudio.sys
12:09:37.0319 2408 usbaudio - ok
12:09:37.0352 2408 usbccgp (481dff26b4dca8f4cbac1f7dce1d6829) E:\Windows\system32\DRIVERS\usbccgp.sys
12:09:37.0353 2408 usbccgp - ok
12:09:37.0390 2408 usbcir (af0892a803fdda7492f595368e3b68e7) E:\Windows\system32\drivers\usbcir.sys
12:09:37.0392 2408 usbcir - ok
12:09:37.0410 2408 usbehci (74ee782b1d9c241efe425565854c661c) E:\Windows\system32\DRIVERS\usbehci.sys
12:09:37.0412 2408 usbehci - ok
12:09:37.0441 2408 usbhub (dc96bd9ccb8403251bcf25047573558e) E:\Windows\system32\DRIVERS\usbhub.sys
12:09:37.0445 2408 usbhub - ok
12:09:37.0465 2408 usbohci (58e546bbaf87664fc57e0f6081e4f609) E:\Windows\system32\drivers\usbohci.sys
12:09:37.0466 2408 usbohci - ok
12:09:37.0488 2408 usbprint (73188f58fb384e75c4063d29413cee3d) E:\Windows\system32\DRIVERS\usbprint.sys
12:09:37.0489 2408 usbprint - ok
12:09:37.0509 2408 USBSTOR (d76510cfa0fc09023077f22c2f979d86) E:\Windows\system32\DRIVERS\USBSTOR.SYS
12:09:37.0511 2408 USBSTOR - ok
12:09:37.0528 2408 usbuhci (81fb2216d3a60d1284455d511797db3d) E:\Windows\system32\DRIVERS\usbuhci.sys
12:09:37.0529 2408 usbuhci - ok
12:09:37.0579 2408 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) E:\Windows\system32\drivers\vdrvroot.sys
12:09:37.0581 2408 vdrvroot - ok
12:09:37.0601 2408 vga (da4da3f5e02943c2dc8c6ed875de68dd) E:\Windows\system32\DRIVERS\vgapnp.sys
12:09:37.0602 2408 vga - ok
12:09:37.0614 2408 VgaSave (53e92a310193cb3c03bea963de7d9cfc) E:\Windows\System32\drivers\vga.sys
12:09:37.0615 2408 VgaSave - ok
12:09:37.0641 2408 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) E:\Windows\system32\drivers\vhdmp.sys
12:09:37.0644 2408 vhdmp - ok
12:09:37.0664 2408 viaide (e5689d93ffe4e5d66c0178761240dd54) E:\Windows\system32\drivers\viaide.sys
12:09:37.0666 2408 viaide - ok
12:09:37.0693 2408 vmbus (86ea3e79ae350fea5331a1303054005f) E:\Windows\system32\drivers\vmbus.sys
12:09:37.0696 2408 vmbus - ok
12:09:37.0713 2408 VMBusHID (7de90b48f210d29649380545db45a187) E:\Windows\system32\drivers\VMBusHID.sys
12:09:37.0715 2408 VMBusHID - ok
12:09:37.0729 2408 volmgr (d2aafd421940f640b407aefaaebd91b0) E:\Windows\system32\drivers\volmgr.sys
12:09:37.0730 2408 volmgr - ok
12:09:37.0772 2408 volmgrx (a255814907c89be58b79ef2f189b843b) E:\Windows\system32\drivers\volmgrx.sys
12:09:37.0776 2408 volmgrx - ok
12:09:37.0800 2408 volsnap (0d08d2f3b3ff84e433346669b5e0f639) E:\Windows\system32\drivers\volsnap.sys
12:09:37.0804 2408 volsnap - ok
12:09:37.0828 2408 vsmraid (5e2016ea6ebaca03c04feac5f330d997) E:\Windows\system32\drivers\vsmraid.sys
12:09:37.0831 2408 vsmraid - ok
12:09:37.0848 2408 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) E:\Windows\System32\drivers\vwifibus.sys
12:09:37.0849 2408 vwifibus - ok
12:09:37.0870 2408 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) E:\Windows\system32\drivers\wacompen.sys
12:09:37.0872 2408 WacomPen - ok
12:09:37.0911 2408 WANARP (356afd78a6ed4457169241ac3965230c) E:\Windows\system32\DRIVERS\wanarp.sys
12:09:37.0912 2408 WANARP - ok
12:09:37.0929 2408 Wanarpv6 (356afd78a6ed4457169241ac3965230c) E:\Windows\system32\DRIVERS\wanarp.sys
12:09:37.0930 2408 Wanarpv6 - ok
12:09:37.0982 2408 Wd (72889e16ff12ba0f235467d6091b17dc) E:\Windows\system32\drivers\wd.sys
12:09:37.0983 2408 Wd - ok
12:09:38.0009 2408 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) E:\Windows\system32\drivers\Wdf01000.sys
12:09:38.0027 2408 Wdf01000 - ok
12:09:38.0068 2408 WfpLwf (611b23304bf067451a9fdee01fbdd725) E:\Windows\system32\DRIVERS\wfplwf.sys
12:09:38.0069 2408 WfpLwf - ok
12:09:38.0089 2408 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) E:\Windows\system32\drivers\wimmount.sys
12:09:38.0090 2408 WIMMount - ok
12:09:38.0140 2408 WinUsb (fe88b288356e7b47b74b13372add906d) E:\Windows\system32\DRIVERS\WinUsb.sys
12:09:38.0141 2408 WinUsb - ok
12:09:38.0162 2408 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) E:\Windows\system32\drivers\wmiacpi.sys
12:09:38.0163 2408 WmiAcpi - ok
12:09:38.0204 2408 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) E:\Windows\system32\drivers\ws2ifsl.sys
12:09:38.0206 2408 ws2ifsl - ok
12:09:38.0226 2408 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) E:\Windows\system32\drivers\WudfPf.sys
12:09:38.0228 2408 WudfPf - ok
12:09:38.0264 2408 WUDFRd (cf8d590be3373029d57af80914190682) E:\Windows\system32\DRIVERS\WUDFRd.sys
12:09:38.0266 2408 WUDFRd - ok
12:09:38.0296 2408 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
12:09:38.0323 2408 \Device\Harddisk0\DR0 ( Backdoor.Win32.Sinowal.knf ) - infected
12:09:38.0323 2408 \Device\Harddisk0\DR0 - detected Backdoor.Win32.Sinowal.knf (0)
12:09:38.0326 2408 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
12:09:38.0345 2408 \Device\Harddisk1\DR1 ( Backdoor.Win32.Sinowal.knf ) - infected
12:09:38.0345 2408 \Device\Harddisk1\DR1 - detected Backdoor.Win32.Sinowal.knf (0)
12:09:38.0349 2408 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk2\DR2
12:09:38.0353 2408 \Device\Harddisk2\DR2 - ok
12:09:38.0356 2408 Boot (0x1200) (72462ed34bb8e817697cfe32c0abbb37) \Device\Harddisk0\DR0\Partition0
12:09:38.0357 2408 \Device\Harddisk0\DR0\Partition0 - ok
12:09:38.0385 2408 Boot (0x1200) (2209fde4b0c9bdd9fe9f0848f53ba155) \Device\Harddisk0\DR0\Partition1
12:09:38.0386 2408 \Device\Harddisk0\DR0\Partition1 - ok
12:09:38.0403 2408 Boot (0x1200) (958084c2a1e0e291e425f2fe84d6526e) \Device\Harddisk0\DR0\Partition2
12:09:38.0404 2408 \Device\Harddisk0\DR0\Partition2 - ok
12:09:38.0406 2408 Boot (0x1200) (e8bf8bbaca9c67f2bf6c741156f9784d) \Device\Harddisk1\DR1\Partition0
12:09:38.0407 2408 \Device\Harddisk1\DR1\Partition0 - ok
12:09:38.0410 2408 Boot (0x1200) (92658f9757638827b3ed008dcf976c03) \Device\Harddisk2\DR2\Partition0
12:09:38.0413 2408 \Device\Harddisk2\DR2\Partition0 - ok
12:09:38.0415 2408 Boot (0x1200) (0ef34534723ee1db735863a08ede951a) \Device\Harddisk2\DR2\Partition1
12:09:38.0416 2408 \Device\Harddisk2\DR2\Partition1 - ok
12:09:38.0417 2408 ============================================================
12:09:38.0417 2408 Scan finished
12:09:38.0417 2408 ============================================================
12:09:38.0426 1988 Detected object count: 2
12:09:38.0426 1988 Actual detected object count: 2
12:10:27.0694 1988 \Device\Harddisk0\DR0\# - copied to quarantine
12:10:27.0694 1988 \Device\Harddisk0\DR0 - copied to quarantine
12:10:27.0724 1988 \Device\Harddisk0\DR0 ( Backdoor.Win32.Sinowal.knf ) - will be cured on reboot
12:10:27.0726 1988 \Device\Harddisk0\DR0 - ok
12:10:27.0726 1988 \Device\Harddisk0\DR0 ( Backdoor.Win32.Sinowal.knf ) - User select action: Cure
12:10:27.0912 1988 \Device\Harddisk1\DR1\# - copied to quarantine
12:10:27.0913 1988 \Device\Harddisk1\DR1 - copied to quarantine
12:10:27.0939 1988 \Device\Harddisk1\DR1 ( Backdoor.Win32.Sinowal.knf ) - will be cured on reboot
12:10:27.0964 1988 \Device\Harddisk1\DR1 - ok
12:10:27.0964 1988 \Device\Harddisk1\DR1 ( Backdoor.Win32.Sinowal.knf ) - User select action: Cure
12:10:34.0432 5384 Deinitialize success

#4 pete301

pete301
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:03:26 PM

Posted 08 March 2012 - 08:14 AM

Hi, I don't think that all of that fixed the initial problem that I had. However it did seem to delete some malicious software. I think I am going to reformat my hard drives and put a clean install of windows on because I would like to make sure that what ever is infecting my computer is dealt with and I need to free up some space on my hard drives anyway.

Thank you again for your help, I will definitely use these programs again and I will do more routine scans to stop the viruses early.

#5 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,040 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:26 AM

Posted 08 March 2012 - 12:14 PM

Hello,that's a good choice as One or more of the identified infections is a backdoor trojan.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#6 pete301

pete301
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:03:26 PM

Posted 08 March 2012 - 06:24 PM

Thank you very much for the help Boopme, I have now reformatted my hard drives and reinstalled windows. I think that has fixed it. I have ran anti-virus software several times since I have reformatted. A few tracker cookies and a couple of files that were showing up as trojans on SAS, however I know that I downloaded them from a safe source and I don't think that they are malicious - I have deleted them anyway.

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 03/08/2012 at 10:18 PM

Application Version : 5.0.1146

Core Rules Database Version : 8315
Trace Rules Database Version: 6127

Scan type : Complete Scan
Total Scan Time : 03:19:34

Operating System Information
Windows 7 Ultimate 64-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Limited User

Memory items scanned : 469
Memory threats detected : 0
Registry items scanned : 62385
Registry threats detected : 0
File items scanned : 498568
File threats detected : 116

Trojan.Agent/Gen-KillFiles
ZIP ARCHIVE( D:\UTORRENT\HOW I MET YOUR MOTHER S2\PROJECTZOMBOID_PUBLICTECHDEMO_0_1_4C_PLUSBATCHFIX.ZIP )/PROJECTZOMBOID.EXE
D:\UTORRENT\HOW I MET YOUR MOTHER S2\PROJECTZOMBOID_PUBLICTECHDEMO_0_1_4C_PLUSBATCHFIX.ZIP

I did back up some files and applications before reformatting and have since put them on to my computer. I hope that wouldn't transfer any virus or trojan across.

Thanks again for the help.

p.s. I did contact my bank as soon as and cancelled my card, so that is also sorted.

#7 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,040 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:26 AM

Posted 08 March 2012 - 08:18 PM

Hello, this is where you are getting infected,UTORRENT.. it's quite notorious for that.
Lets look a bit farther,if you don't mind. It appears you may have re installed some malware. Perhaps from a backed up file.


Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.



Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
Click the "Scan" button to start scan:
Posted Image

On completion of the scan click "Save log", save it to your desktop and post in your next reply:
Posted Image

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.


Next run MBAM (MalwareBytes):

Please download Malwarebytes Anti-Malware Posted Image and save it to your desktop.
  • Important!! When you save the mbam-setup file, rename it to something random (such as 123abc.exe) before beginning the download.
Malwarebytes may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

  • Make sure you are connected to the Internet and double-click on the renamed file to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • Malwarebytes will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button and continue.
  • If you cannot update Malwarebytes or use the Internet to download any files to the infected computer, manually update the database by following the instructions in FAQ Section A: 4. Issues.
  • Under the Scanner tab, make sure the "Perform Quick Scan" option is selected.
  • Click on the Scan button.
  • When finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box, then click the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked and then click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
  • Exit Malwarebytes when done.
Note: If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.

-- Some types of malware will target Malwarebytes and other security tools to keep them from running properly. If that's the case, go to Start > All Programs > Malwarebytes Anti-Malware folder > Tools > click on Malwarebytes Chameleon and follow the onscreen instructions. The Chameleon folder can be accessed by opening the program folder for Malwarebytes Anti-Malware (normally C:\Program Files\Malwarebytes' Anti-Malware or C:\Program Files (x86)\Malwarebytes' Anti-Malware).




Our quietmqn7 had written an excellent explanation on "cookies" here in post 5
http://www.bleepingcomputer.com/forums/topic370970.html/page__pid__2078246#entry2078246

Edited by boopme, 08 March 2012 - 08:19 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#8 pete301

pete301
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:03:26 PM

Posted 09 March 2012 - 02:23 AM

Hi, here are the logs that you have requested. I don't think any threats have popped up.

Minitoolbox:

MiniToolBox by Farbar Version: 18-01-2012
Ran by Pete (administrator) on 09-03-2012 at 07:05:41
Microsoft Windows 7 Ultimate Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================


127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com

There are 15175 more lines starting with "127.0.0.1"

========================= IP Configuration: ================================

Realtek RTL8168B/8111B Family PCI-E Gigabit Ethernet NIC (NDIS 6.20) = Local Area Connection (Connected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Pete-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : lan

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . : lan
Description . . . . . . . . . . . : Realtek RTL8168B/8111B Family PCI-E Gigabit Ethernet NIC (NDIS 6.20)
Physical Address. . . . . . . . . : 00-1F-D0-91-79-06
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::7dc8:5268:6b9c:72d9%11(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.73(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : 09 March 2012 07:03:52
Lease Expires . . . . . . . . . . : 10 March 2012 07:03:52
Default Gateway . . . . . . . . . : 192.168.1.254
DHCP Server . . . . . . . . . . . : 192.168.1.254
DHCPv6 IAID . . . . . . . . . . . : 234889168
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-16-EA-F0-66-00-1F-D0-91-79-06
DNS Servers . . . . . . . . . . . : 192.168.1.254
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.lan:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : lan
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 11:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:5ef5:79fd:2870:29af:a13c:1288(Preferred)
Link-local IPv6 Address . . . . . : fe80::2870:29af:a13c:1288%13(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled
Server: O2wirelessbox.lan
Address: 192.168.1.254

Name: google.com
Addresses: 173.194.34.71
173.194.34.73
173.194.34.78
173.194.34.70
173.194.34.66
173.194.34.67
173.194.34.65
173.194.34.64
173.194.34.68
173.194.34.72
173.194.34.69


Pinging google.com [173.194.34.161] with 32 bytes of data:
Reply from 173.194.34.161: bytes=32 time=21ms TTL=56
Reply from 173.194.34.161: bytes=32 time=19ms TTL=56

Ping statistics for 173.194.34.161:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 19ms, Maximum = 21ms, Average = 20ms
Server: O2wirelessbox.lan
Address: 192.168.1.254

Name: yahoo.com
Addresses: 98.139.127.62
98.139.183.24
209.191.122.70


Pinging yahoo.com [209.191.122.70] with 32 bytes of data:
Reply from 209.191.122.70: bytes=32 time=141ms TTL=53
Reply from 209.191.122.70: bytes=32 time=140ms TTL=53

Ping statistics for 209.191.122.70:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 140ms, Maximum = 141ms, Average = 140ms
Server: O2wirelessbox.lan
Address: 192.168.1.254

Name: bleepingcomputer.com
Address: 208.43.87.2


Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:
Reply from 208.43.87.2: Destination host unreachable.
Request timed out.

Ping statistics for 208.43.87.2:
Packets: Sent = 2, Received = 1, Lost = 1 (50% loss),

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
11...00 1f d0 91 79 06 ......Realtek RTL8168B/8111B Family PCI-E Gigabit Ethernet NIC (NDIS 6.20)
1...........................Software Loopback Interface 1
12...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
13...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.254 192.168.1.73 20
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.73 276
192.168.1.73 255.255.255.255 On-link 192.168.1.73 276
192.168.1.255 255.255.255.255 On-link 192.168.1.73 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.73 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.73 276
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
13 58 ::/0 On-link
1 306 ::1/128 On-link
13 58 2001::/32 On-link
13 306 2001:0:5ef5:79fd:2870:29af:a13c:1288/128
On-link
11 276 fe80::/64 On-link
13 306 fe80::/64 On-link
13 306 fe80::2870:29af:a13c:1288/128
On-link
11 276 fe80::7dc8:5268:6b9c:72d9/128
On-link
1 306 ff00::/8 On-link
13 306 ff00::/8 On-link
11 276 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 E:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 E:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 E:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 E:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 E:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 06 E:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog9 01 E:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 E:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 E:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 E:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 E:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 E:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 E:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 E:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 E:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 E:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 E:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 E:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 E:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 E:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 E:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog5 06 E:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog9 01 E:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 02 E:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 03 E:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 04 E:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 05 E:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 06 E:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 07 E:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 08 E:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 09 E:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 10 E:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (03/09/2012 07:05:00 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/08/2012 11:09:04 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/08/2012 09:44:06 PM) (Source: MSSQL$SQLEXPRESS) (User: )
Description: Cannot find the object 'all_objects', because it does not exist or you do not have permission.

Error: (03/08/2012 09:44:06 PM) (Source: MSSQL$SQLEXPRESS) (User: )
Description: Cannot find the object 'all_views', because it does not exist or you do not have permission.

Error: (03/08/2012 09:44:06 PM) (Source: MSSQL$SQLEXPRESS) (User: )
Description: Cannot find the object 'all_columns', because it does not exist or you do not have permission.

Error: (03/08/2012 09:44:06 PM) (Source: MSSQL$SQLEXPRESS) (User: )
Description: Cannot find the object 'all_parameters', because it does not exist or you do not have permission.

Error: (03/08/2012 09:44:06 PM) (Source: MSSQL$SQLEXPRESS) (User: )
Description: Cannot find the object 'all_sql_modules', because it does not exist or you do not have permission.

Error: (03/08/2012 09:44:06 PM) (Source: MSSQL$SQLEXPRESS) (User: )
Description: Cannot find the object 'objects', because it does not exist or you do not have permission.

Error: (03/08/2012 09:44:06 PM) (Source: MSSQL$SQLEXPRESS) (User: )
Description: Cannot find the object 'tables', because it does not exist or you do not have permission.

Error: (03/08/2012 09:44:06 PM) (Source: MSSQL$SQLEXPRESS) (User: )
Description: Cannot find the object 'views', because it does not exist or you do not have permission.


System errors:
=============
Error: (03/09/2012 07:03:40 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
SASDIFSV
SASKUTIL

Error: (03/09/2012 07:03:28 AM) (Source: Service Control Manager) (User: )
Description: The SAS Core Service service failed to start due to the following error:
%%2

Error: (03/08/2012 11:22:28 PM) (Source: Service Control Manager) (User: )
Description: The SASKUTIL service failed to start due to the following error:
%%3

Error: (03/08/2012 11:22:24 PM) (Source: Service Control Manager) (User: )
Description: The SASDIFSV service failed to start due to the following error:
%%3

Error: (03/08/2012 11:22:23 PM) (Source: Service Control Manager) (User: )
Description: The SASKUTIL service failed to start due to the following error:
%%3

Error: (03/08/2012 11:07:58 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
SASDIFSV
SASKUTIL

Error: (03/08/2012 11:07:41 PM) (Source: Service Control Manager) (User: )
Description: The SAS Core Service service failed to start due to the following error:
%%2

Error: (03/08/2012 03:08:42 PM) (Source: Service Control Manager) (User: )
Description: The Windows Update service hung on starting.


Microsoft Office Sessions:
=========================
Error: (03/09/2012 07:05:00 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/08/2012 11:09:04 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/08/2012 09:44:06 PM) (Source: MSSQL$SQLEXPRESS)(User: )
Description: findobjectall_objects

Error: (03/08/2012 09:44:06 PM) (Source: MSSQL$SQLEXPRESS)(User: )
Description: findobjectall_views

Error: (03/08/2012 09:44:06 PM) (Source: MSSQL$SQLEXPRESS)(User: )
Description: findobjectall_columns

Error: (03/08/2012 09:44:06 PM) (Source: MSSQL$SQLEXPRESS)(User: )
Description: findobjectall_parameters

Error: (03/08/2012 09:44:06 PM) (Source: MSSQL$SQLEXPRESS)(User: )
Description: findobjectall_sql_modules

Error: (03/08/2012 09:44:06 PM) (Source: MSSQL$SQLEXPRESS)(User: )
Description: findobjectobjects

Error: (03/08/2012 09:44:06 PM) (Source: MSSQL$SQLEXPRESS)(User: )
Description: findobjecttables

Error: (03/08/2012 09:44:06 PM) (Source: MSSQL$SQLEXPRESS)(User: )
Description: findobjectviews


=========================== Installed Programs ============================

Adobe Flash Player 11 Plugin 64-bit (Version: 11.1.102.63)
Avid Mbox 2 USB Drivers (x64) (Version: 9.0.2)
Creative Audio Control Panel (Version: 2.56)
Creative Software AutoUpdate (Version: 1.40)
Creative Sound Blaster Properties x64 Edition
Crystal Reports for Visual Studio (Version: 12.51.0.240)
Dotfuscator Software Services - Community Edition (Version: 5.0.2300.0)
Interlok driver setup x64 (Version: 5.9.0)
Malwarebytes Anti-Malware version 1.60.1.1000 (Version: 1.60.1.1000)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft .NET Framework 4 Multi-Targeting Pack (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools (Version: 2.0.50217.0)
Microsoft ASP.NET MVC 2 (Version: 2.0.50217.0)
Microsoft Help Viewer 1.0 (Version: 1.0.30319)
Microsoft Silverlight (Version: 3.0.40818.0)
Microsoft Silverlight 3 SDK (Version: 3.0.40818.0)
Microsoft SQL Server 2008 (64-bit)
Microsoft SQL Server 2008 Browser (Version: 10.1.2531.0)
Microsoft SQL Server 2008 Common Files (Version: 10.0.1600.22)
Microsoft SQL Server 2008 Common Files (Version: 10.1.2531.0)
Microsoft SQL Server 2008 Database Engine Services (Version: 10.1.2531.0)
Microsoft SQL Server 2008 Database Engine Shared (Version: 10.1.2531.0)
Microsoft SQL Server 2008 Native Client (Version: 10.1.2531.0)
Microsoft SQL Server 2008 R2 Data-Tier Application Framework (Version: 10.50.1447.4)
Microsoft SQL Server 2008 R2 Data-Tier Application Project (Version: 10.50.1447.4)
Microsoft SQL Server 2008 R2 Management Objects (Version: 10.50.1447.4)
Microsoft SQL Server 2008 R2 Management Objects (x64) (Version: 10.50.1447.4)
Microsoft SQL Server 2008 R2 Transact-SQL Language Service (Version: 10.50.1447.4)
Microsoft SQL Server 2008 RsFx Driver (Version: 10.1.2531.0)
Microsoft SQL Server 2008 Setup Support Files (Version: 10.1.2731.0)
Microsoft SQL Server Compact 3.5 SP2 ENU (Version: 3.5.8080.0)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (Version: 3.5.8080.0)
Microsoft SQL Server Database Publishing Wizard 1.4 (Version: 10.1.2512.8)
Microsoft SQL Server System CLR Types (Version: 10.50.1447.4)
Microsoft SQL Server System CLR Types (x64) (Version: 10.50.1447.4)
Microsoft SQL Server VSS Writer (Version: 10.1.2531.0)
Microsoft Sync Framework Runtime v1.0 SP1 (x64) (Version: 1.0.3010.0)
Microsoft Sync Framework SDK v1.0 SP1 (Version: 1.0.3010.0)
Microsoft Sync Framework Services v1.0 SP1 (x64) (Version: 1.0.3010.0)
Microsoft Sync Services for ADO.NET v2.0 SP1 (x64) (Version: 2.0.3010.0)
Microsoft Team Foundation Server 2010 Object Model - ENU (Version: 10.0.30319)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974 (Version: 9.0.30729.4974)
Microsoft Visual C++ 2010 x64 Designtime - 10.0.30319 (Version: 10.0.30319)
Microsoft Visual C++ 2010 x64 Runtime - 10.0.30319 (Version: 10.0.30319)
Microsoft Visual C++ 2010 x86 Runtime - 10.0.30319 (Version: 10.0.30319)
Microsoft Visual F# 2.0 Runtime (Version: 10.0.30319)
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools (Version: 10.0.30319)
Microsoft Visual Studio 2010 Office Developer Tools (x64) (Version: 10.0.30319)
Microsoft Visual Studio 2010 Professional - ENU (Version: 10.0.30319)
Microsoft Visual Studio 2010 SharePoint Developer Tools (Version: 10.0.30319)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (Version: 10.0.30319)
Microsoft Visual Studio Macro Tools (Version: 9.0.30729)
Mozilla Firefox 10.0.2 (x86 en-GB) (Version: 10.0.2)
Rapport (Version: 3.5.1108.70)
Service Pack 1 for SQL Server 2008 (KB968369) (64-bit) (Version: 10.1.2531.0)
Spybot - Search & Destroy (Version: 1.6.2)
Sql Server Customer Experience Improvement Program (Version: 10.1.2531.0)
SUPERAntiSpyware (Version: 5.0.1146)
TeamSpeak 3 Client
Visual Studio 2010 Prerequisites - English (Version: 10.0.30319)
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU (Version: 4.0.8080.0)
Web Deployment Tool (Version: 1.1.0618)
World of Tanks v.0.7.0

========================= Memory info: ===================================

Percentage of memory in use: 32%
Total physical RAM: 4094.49 MB
Available physical RAM: 2774.05 MB
Total Pagefile: 8187.18 MB
Available Pagefile: 6802.31 MB
Total Virtual: 4095.88 MB
Available Virtual: 3970.53 MB

========================= Partitions: =====================================

2 Drive c: (XP1) (Fixed) (Total:39.06 GB) (Free:14.75 GB) NTFS
3 Drive d: (IDE HD Apps and Utils) (Fixed) (Total:186.3 GB) (Free:107.02 GB) NTFS
4 Drive e: (Win7) (Fixed) (Total:39.06 GB) (Free:18.38 GB) NTFS
5 Drive f: (Sata HD Games and Uni) (Fixed) (Total:357.17 GB) (Free:188.53 GB) NTFS
6 Drive g: (7SP1_AIO) (CDROM) (Total:3.82 GB) (Free:0 GB) UDF
8 Drive i: (General) (Fixed) (Total:319.28 GB) (Free:27.43 GB) NTFS
9 Drive k: (MUSIC TECH) (Fixed) (Total:146.46 GB) (Free:12.37 GB) FAT32

========================= Users: ========================================

User accounts for \\PETE-PC

Administrator Guest Pete


**** End of log ****


aswMBR:

aswMBR version 0.9.9.1649 Copyright© 2011 AVAST Software
Run date: 2012-03-09 07:12:43
-----------------------------
07:12:43.017 OS Version: Windows x64 6.1.7601 Service Pack 1
07:12:43.017 Number of processors: 2 586 0x170A
07:12:43.017 ComputerName: PETE-PC UserName: Pete
07:12:45.653 Initialize success
07:13:13.020 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
07:13:13.022 Disk 0 Vendor: WDC_WD5000AAVS-00ZTB0 01.01B01 Size: 476938MB BusType: 3
07:13:13.023 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T0L0-2
07:13:13.025 Disk 1 Vendor: ST3200822A 3.01 Size: 190781MB BusType: 3
07:13:13.035 Disk 0 MBR read successfully
07:13:13.037 Disk 0 MBR scan
07:13:13.039 Disk 0 Windows 7 default MBR code
07:13:13.042 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 39997 MB offset 63
07:13:13.044 Disk 0 Partition - 00 0F Extended LBA 405743 MB offset 81915435
07:13:13.058 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 39997 MB offset 81915498
07:13:13.060 Disk 0 Partition - 00 05 Extended 365745 MB offset 163830870
07:13:13.076 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 365745 MB offset 163830933
07:13:13.106 Disk 0 scanning E:\Windows\system32\drivers
07:13:15.538 Service scanning
07:13:26.596 Modules scanning
07:13:26.603 Disk 0 trace - called modules:
07:13:26.624 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS intelide.sys
07:13:26.628 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80045e43c0]
07:13:26.631 3 CLASSPNP.SYS[fffff880019a443f] -> nt!IofCallDriver -> [0xfffffa8004085580]
07:13:26.635 5 ACPI.sys[fffff88000f9f7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8004080680]
07:13:26.639 Scan finished successfully
07:13:50.150 Disk 0 MBR has been saved successfully to "E:\Users\Pete\Desktop\MBR.dat"
07:13:50.156 The log file has been saved successfully to "E:\Users\Pete\Desktop\aswMBR.txt"

MalwareBytes:

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.03.09.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Pete :: PETE-PC [administrator]

09/03/2012 07:15:55
mbam-log-2012-03-09 (07-15-55).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 182979
Time elapsed: 2 minute(s), 3 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#9 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,040 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:26 AM

Posted 09 March 2012 - 11:48 AM

Ok, two last scans. We need to re run MBAm as you have seceral drives,so a Full scan is needed to look at all drives.


Rerun MBAM (MalwareBytes) like this:

Open MBAM in normal mode and click Update tab, select Check for Updates,when done
click Scanner tab,select FULL scan and scan (normal mode).
After scan click Remove Selected, Post new scan log and Reboot into normal mode.



I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Under scan settings, check Posted Image and check Remove found threats
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


NOTE: In some instances if no malware is found there will be no log produced.


Please ask any needed questions,post logs and Let us know how the PC is running now.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#10 pete301

pete301
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:03:26 PM

Posted 09 March 2012 - 07:06 PM

Hi, those scans took a while, but they're all done now. Only a few files were found with the ESET scanner and none by MBAM. Here are the logs:

MBAM:

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.03.09.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Pete :: PETE-PC [administrator]

09/03/2012 17:28:05
mbam-log-2012-03-09 (17-28-05).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 600826
Time elapsed: 1 hour(s), 13 minute(s), 11 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

ESET:

C:\Documents and Settings\Pete\My Documents\Downloads\winamp5601_full_emusic-7plus_en-us.exe Win32/OpenCandy application deleted - quarantined
D:\Downloads\flstudio_9.1_online.exe Win32/OpenCandy application deleted - quarantined
D:\Downloads\RegistryEasy.exe a variant of Win32/Adware.RegistryEasy application deleted - quarantined

The computer appears to be running perfectly fine now. Thank you very much for the help and giving such thorough advice.

pete301.

#11 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,040 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:26 AM

Posted 09 March 2012 - 11:52 PM

You're welcome. it looks good to me.

If there are no more problems or signs of infection, you should Create a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been backed up, renamed and saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can reinfect your system if you accidentally use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Posted Image > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then use Disk Cleanup to remove all but the most recently created Restore Point.
  • Go to Posted Image > Run... and type: Cleanmgr
  • Click "Ok". Disk Cleanup will scan your files for several minutes, then open.
  • Click the "More Options" tab, then click the "Clean up" button under System Restore.
  • Click Ok. You will be prompted with "Are you sure you want to delete all but the most recent restore point?"
  • Click Yes, then click Ok.
  • Click Yes again when prompted with "Are you sure you want to perform these actions?"
  • Disk Cleanup will remove the files and close automatically.
Vista and Windows 7 users can refer to these links:
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users