Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Rapport reports Zeus V2 trojan


  • This topic is locked This topic is locked
21 replies to this topic

#1 rednaxling

rednaxling

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:09:42 PM

Posted 10 March 2012 - 07:21 AM

Last night Rapport popped up and said it had removed something and had to restart, but I didn't see what it was.
When I looked at the log files it says it had been blocking various attempts by a 'Zeus V2'.

I have run a full scan of McAfee but it only removed 5 "Low risk" things.

I thought I would post here to see if I need to do anything else as I have a feeling my computer may still be infected.

Here is my DDS log:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_21
Run by Alex at 12:03:24 on 2012-03-10
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.3957.1992 [GMT 0:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe
c:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\msftesql.exe
c:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe
c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Intel\TurboBoost\TurboBoost.exe
C:\Windows\system32\mfevtps.exe
C:\Program Files (x86)\Common Files\Nokia\NoA\nokiaaserver.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\McAfee\MAT\McPvTray.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Windows\system32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\PC Connectivity Solution\Transports\NclUSBSrv64.exe
C:\Program Files (x86)\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE
C:\Windows\splwow64.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\rstrui.exe
C:\Windows\system32\wbengine.exe
C:\Windows\System32\vds.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\sysWOW64\wbem\wmiprvse.exe
C:\Windows\system32\wbem\WmiApSrv.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Alex\Downloads\Defogger.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120310031804.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~2\mcafee\sitead~1\mcieplg.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~2\mcafee\sitead~1\mcieplg.dll
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [<NO NAME>]
uRun: [NokiaOviSuite2] C:\Program Files (x86)\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe -tray
uRun: [TomTomHOME.exe] "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe"
uRun: [Google Update] "C:\Users\Alex\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Facebook Update] "C:\Users\Alex\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
mRun: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun: [Desktop Disc Tool] "c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [NokiaMServer] C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"
mRunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe
StartupFolder: C:\Users\Alex\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files (x86)\Dell\DellDock\DellDock.exe
StartupFolder: C:\Users\Alex\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Alex\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\Alex\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\JACQUI~1.LNK - C:\Program Files (x86)\Jacquie Lawson Advent Calendar\Jacquie Lawson Advent Calendar\Jacquie Lawson Advent Calendar.exe
StartupFolder: C:\Users\Alex\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MIF5BA~1\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 194.168.4.100 194.168.8.100
TCP: Interfaces\{5DDFFA1B-23F7-4CD9-AE53-7C966C75C65B} : DhcpNameServer = 194.168.4.100 194.168.8.100
TCP: Interfaces\{7A76E4ED-AF36-4D37-8C82-77387F6D66A6} : DhcpNameServer = 194.168.4.100 194.168.8.100
TCP: Interfaces\{7A76E4ED-AF36-4D37-8C82-77387F6D66A6}\05562796F646255646 : DhcpNameServer = 194.168.4.100 194.168.8.100
TCP: Interfaces\{7A76E4ED-AF36-4D37-8C82-77387F6D66A6}\140514 : DhcpNameServer = 212.159.13.49 212.159.13.50
TCP: Interfaces\{7A76E4ED-AF36-4D37-8C82-77387F6D66A6}\2427963747F6C6D275962756C6563737D28456C607 : DhcpNameServer = 137.222.253.65 137.222.253.66
TCP: Interfaces\{7A76E4ED-AF36-4D37-8C82-77387F6D66A6}\3456E64756270516273637 : DhcpNameServer = 4.2.2.1
TCP: Interfaces\{7A76E4ED-AF36-4D37-8C82-77387F6D66A6}\4514C4B44514C4B4D2732323132414 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{7A76E4ED-AF36-4D37-8C82-77387F6D66A6}\B4251455E4 : DhcpNameServer = 192.168.1.1
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\McAfee\MSC\McSnIePl.dll
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL
BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120310031804.dll
BHO-X64: scriptproxy - No File
BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\progra~2\mcafee\sitead~1\mcieplg.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: Windows Live Toolbar Helper: {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
TB-X64: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
TB-X64: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\progra~2\mcafee\sitead~1\mcieplg.dll
mRun-x64: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
mRun-x64: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun-x64: [Desktop Disc Tool] "c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
mRun-x64: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
mRun-x64: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [NokiaMServer] C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRunOnce-x64: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"
mRunOnce-x64: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\v0ahqveu.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/?ref=hp
FF - plugin: c:\progra~2\mcafee\msc\npMcSnFFPl.dll
FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\CambridgeSoft\ChemOffice2010\Chem3D\npChem3DPlugin.dll
FF - plugin: C:\Program Files (x86)\CambridgeSoft\ChemOffice2010\ChemDraw\NPCDP32.DLL
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Alex\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
FF - plugin: C:\Users\Alex\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: C:\Users\Alex\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Users\Alex\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
FF - plugin: C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\v0ahqveu.default\extensions\LogMeInClient@logmein.com\plugins\npRACtrl.dll
FF - plugin: C:\Users\Alex\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Alex\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 McPvDrv;McPvDrv Driver;C:\Windows\system32\drivers\McPvDrv.sys --> C:\Windows\system32\drivers\McPvDrv.sys [?]
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys --> C:\Windows\system32\drivers\mfewfpk.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R0 stdflt;Disk Filter Driver for Accelerometer;C:\Windows\system32\DRIVERS\stdflt.sys --> C:\Windows\system32\DRIVERS\stdflt.sys [?]
R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\system32\DRIVERS\mfenlfk.sys --> C:\Windows\system32\DRIVERS\mfenlfk.sys [?]
R1 RapportCerberus_34302;RapportCerberus_34302;C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus64_34302.sys [2011-12-16 397520]
R1 RapportEI64;RapportEI64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [2012-1-25 55056]
R1 RapportPG64;RapportPG64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [2012-1-25 61712]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 rimspci;rimspci;C:\Windows\system32\DRIVERS\rimspe64.sys --> C:\Windows\system32\DRIVERS\rimspe64.sys [?]
R2 risdpcie;risdpcie;C:\Windows\system32\DRIVERS\risdpe64.sys --> C:\Windows\system32\DRIVERS\risdpe64.sys [?]
R2 rixdpcie;rixdpcie;C:\Windows\system32\DRIVERS\rixdpe64.sys --> C:\Windows\system32\DRIVERS\rixdpe64.sys [?]
R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\system32\DRIVERS\TurboB.sys --> C:\Windows\system32\DRIVERS\TurboB.sys [?]
R3 Acceler;Accelerometer Service;C:\Windows\system32\DRIVERS\Acceler.sys --> C:\Windows\system32\DRIVERS\Acceler.sys [?]
R3 cfwids;McAfee Inc. cfwids;C:\Windows\system32\drivers\cfwids.sys --> C:\Windows\system32\drivers\cfwids.sys [?]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\system32\DRIVERS\CtClsFlt.sys --> C:\Windows\system32\DRIVERS\CtClsFlt.sys [?]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\system32\drivers\mfefirek.sys --> C:\Windows\system32\drivers\mfefirek.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S0 RapportKE64;RapportKE64;C:\Windows\system32\Drivers\RapportKE64.sys --> C:\Windows\system32\Drivers\RapportKE64.sys [?]
S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?]
.
=============== Created Last 30 ================
.
2012-03-10 03:19:20 71800 ----a-w- C:\Windows\System32\drivers\McPvDrv.sys
2012-03-10 03:19:19 -------- d-----w- C:\Users\Alex\AppData\Local\McAfee Anti-Theft
2012-03-10 03:18:27 -------- d-----w- C:\Program Files (x86)\McAfee.com
2012-03-10 03:18:04 28760 ----a-w- C:\Program Files (x86)\Mozilla Firefox\ScriptFF.dll
2012-03-10 03:18:02 10248 ----a-w- C:\Windows\System32\drivers\mfeclnk.sys
2012-03-10 03:18:02 -------- d-----w- C:\Program Files (x86)\Common Files\McAfee
2012-03-10 03:17:12 75808 ----a-w- C:\Windows\System32\drivers\mfenlfk.sys
2012-03-10 03:17:12 481768 ----a-w- C:\Windows\System32\drivers\mfefirek.sys
2012-03-10 03:17:12 284648 ----a-w- C:\Windows\System32\drivers\mfewfpk.sys
2012-03-10 03:17:12 229528 ----a-w- C:\Windows\System32\drivers\mfeavfk.sys
2012-03-10 03:17:12 100912 ----a-w- C:\Windows\System32\drivers\mferkdet.sys
2012-03-10 03:17:11 65264 ----a-w- C:\Windows\System32\drivers\cfwids.sys
2012-03-10 03:17:00 -------- d-----w- C:\Program Files\Common Files\McAfee
2012-03-10 03:16:59 -------- d-----w- C:\Program Files\McAfee.com
2012-03-10 03:16:59 -------- d-----w- C:\Program Files\McAfee
2012-03-10 03:11:01 161168 ----a-w- C:\Windows\System32\mfevtps.exe
2012-03-10 02:43:35 -------- d-----w- C:\Users\Alex\AppData\Roaming\Ilcywoo
2012-03-10 02:39:46 -------- d-----w- C:\Users\Alex\AppData\Roaming\Asiwi
2012-03-10 02:39:00 -------- d-----w- C:\Users\Alex\AppData\Roaming\Emdau
2012-03-10 02:38:54 -------- d-----w- C:\Users\Alex\AppData\Roaming\Fuewi
2012-03-10 02:38:53 -------- d-----w- C:\Users\Alex\AppData\Roaming\Bivaype
2012-03-10 02:38:52 -------- d-----w- C:\Users\Alex\AppData\Local\dbksfeeu
2012-03-09 21:35:48 8643640 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{FF8C91F8-8CBE-452B-A682-36B6A55513E8}\mpengine.dll
2012-03-08 21:46:12 -------- d-----w- C:\Users\Alex\AppData\Local\Facebook
2012-02-15 14:46:24 509952 ----a-w- C:\Windows\System32\ntshrui.dll
2012-02-15 14:46:24 442880 ----a-w- C:\Windows\SysWow64\ntshrui.dll
2012-02-15 14:40:26 515584 ----a-w- C:\Windows\System32\timedate.cpl
2012-02-15 14:40:26 478208 ----a-w- C:\Windows\SysWow64\timedate.cpl
2012-02-15 14:40:21 3143168 ----a-w- C:\Windows\System32\win32k.sys
2012-02-15 14:40:16 499200 ----a-w- C:\Windows\System32\drivers\afd.sys
2012-02-15 14:39:57 690688 ----a-w- C:\Windows\SysWow64\msvcrt.dll
2012-02-15 14:39:57 634368 ----a-w- C:\Windows\System32\msvcrt.dll
.
==================== Find3M ====================
.
2012-02-23 09:18:36 279656 ------w- C:\Windows\System32\MpSigStub.exe
2012-01-25 10:16:44 63760 ----a-w- C:\Windows\System32\drivers\RapportKE64.sys
2011-12-20 12:48:20 6656 ----a-w- C:\Windows\SysWow64\4chan.dll
2011-12-20 12:48:19 7168 ----a-w- C:\Windows\System32\4chan.dll
.
============= FINISH: 12:13:09.63 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:42 PM

Posted 13 March 2012 - 12:51 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.
  • Do not run any other tool untill instructed to do so!


Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 rednaxling

rednaxling
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:09:42 PM

Posted 13 March 2012 - 09:25 AM

Thanks for your help so far!

Here is the Combofix log:

ComboFix 12-03-12.03 - Alex 13/03/2012 13:49:08.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.3957.2481 [GMT 0:00]
Running from: c:\users\Alex\Desktop\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\LoJackNotifier.txt
c:\users\Alex\AppData\Local\Microsoft\Windows\Temporary Internet Files\{7E0063D6-0D77-4D01-BE41-56B2AB7008A3}.xps
c:\users\Alex\AppData\Local\mifaqgsh.log
c:\users\Alex\AppData\Local\nyjnmdah.log
c:\users\Alex\AppData\Local\oyydkkdx.log
c:\users\Alex\AppData\Local\rrausyjc.log
c:\users\Alex\AppData\Local\yxdbkvex.log
c:\users\Alex\javahelper.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-02-13 to 2012-03-13 )))))))))))))))))))))))))))))))
.
.
2012-03-13 13:58 . 2012-03-13 13:58 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-12 18:19 . 2012-03-12 18:19 -------- d-----w- c:\programdata\McAfee Anti-Theft
2012-03-10 03:19 . 2011-04-11 14:29 71800 ----a-w- c:\windows\system32\drivers\McPvDrv.sys
2012-03-10 03:11 . 2011-11-18 16:36 161168 ----a-w- c:\windows\system32\mfevtps.exe
2012-03-10 02:43 . 2012-03-10 02:43 -------- d-----w- c:\users\Alex\AppData\Roaming\Ilcywoo
2012-03-10 02:39 . 2012-03-10 02:39 -------- d-----w- c:\users\Alex\AppData\Roaming\Asiwi
2012-03-10 02:39 . 2012-03-10 02:39 -------- d-----w- c:\users\Alex\AppData\Roaming\Emdau
2012-03-10 02:38 . 2012-03-10 02:38 -------- d-----w- c:\users\Alex\AppData\Roaming\Fuewi
2012-03-10 02:38 . 2012-03-10 02:38 -------- d-----w- c:\users\Alex\AppData\Roaming\Bivaype
2012-03-10 02:38 . 2012-03-10 02:59 -------- d-----w- c:\users\Alex\AppData\Local\dbksfeeu
2012-03-09 21:35 . 2012-02-08 07:13 8643640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{FF8C91F8-8CBE-452B-A682-36B6A55513E8}\mpengine.dll
2012-03-08 21:46 . 2012-03-08 21:46 -------- d-----w- c:\users\Alex\AppData\Local\Facebook
2012-02-15 14:46 . 2012-01-04 09:58 509952 ----a-w- c:\windows\system32\ntshrui.dll
2012-02-15 14:46 . 2012-01-04 09:03 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
2012-02-15 14:40 . 2012-01-03 06:24 515584 ----a-w- c:\windows\system32\timedate.cpl
2012-02-15 14:40 . 2012-01-03 05:44 478208 ----a-w- c:\windows\SysWow64\timedate.cpl
2012-02-15 14:40 . 2012-01-14 04:02 3143168 ----a-w- c:\windows\system32\win32k.sys
2012-02-15 14:40 . 2011-12-28 03:59 499200 ----a-w- c:\windows\system32\drivers\afd.sys
2012-02-15 14:39 . 2011-12-16 08:42 634368 ----a-w- c:\windows\system32\msvcrt.dll
2012-02-15 14:39 . 2011-12-16 07:59 690688 ----a-w- c:\windows\SysWow64\msvcrt.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-23 09:18 . 2010-11-03 22:51 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-01-25 10:16 . 2011-03-02 10:06 63760 ----a-w- c:\windows\system32\drivers\RapportKE64.sys
2011-12-20 12:48 . 2011-12-20 12:48 6656 ----a-w- c:\windows\SysWow64\4chan.dll
2011-12-20 12:48 . 2011-12-20 12:48 7168 ----a-w- c:\windows\system32\4chan.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Alex\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Alex\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Alex\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
"NokiaOviSuite2"="c:\program files (x86)\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe" [2010-12-20 697856]
"TomTomHOME.exe"="c:\program files (x86)\TomTom HOME 2\TomTomHOMERunner.exe" [2011-04-22 247728]
"Facebook Update"="c:\users\Alex\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-03-08 137536]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files (x86)\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-11-18 98304]
"Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2009-11-13 1807600]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-10-15 498160]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-09-08 421888]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-12-08 421736]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-11-22 1675160]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"="c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [2011-10-27 559616]
.
c:\users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-15 1324384]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-15 1324384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
R2 0087101331572362mcinstcleanup;McAfee Application Installer Cleanup (0087101331572362);c:\windows\TEMP\008710~1.EXE [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-18 136176]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-18 136176]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S0 McPvDrv;McPvDrv Driver;c:\windows\system32\drivers\McPvDrv.sys [x]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S0 RapportKE64;RapportKE64;c:\windows\System32\Drivers\RapportKE64.sys [x]
S0 stdflt;Disk Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdflt.sys [x]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [x]
S1 RapportCerberus_34302;RapportCerberus_34302;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus64_34302.sys [2011-12-16 397520]
S1 RapportEI64;RapportEI64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [2012-01-25 55056]
S1 RapportPG64;RapportPG64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [2012-01-25 61712]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe [2009-03-02 89600]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]
S2 InstallFilterService;FF Install Filter Service;c:\program files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe [2009-06-23 60928]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2011-12-06 208536]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [x]
S2 msftesql$CSSQL05;SQL Server FullText Search (CSSQL05);c:\program files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\msftesql.exe [2010-03-26 91992]
S2 MSSQL$CSSQL05;SQL Server (CSSQL05);c:\program files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [2010-12-10 29293408]
S2 MSSQL$EONENERGYFIT;SQL Server (EONENERGYFIT);c:\program files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2010-12-10 29293408]
S2 RapportMgmtService;Rapport Management Service;c:\program files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2012-01-25 931640]
S2 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe64.sys [x]
S2 risdpcie;risdpcie;c:\windows\system32\DRIVERS\risdpe64.sys [x]
S2 rixdpcie;rixdpcie;c:\windows\system32\DRIVERS\rixdpe64.sys [x]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-01-13 705856]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2011-04-22 92592]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [x]
S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Acceler.sys [x]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe [2009-11-02 126352]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
*Deregistered* - mfeavfk01
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-12 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-573999197-1535870677-2617638408-1001Core.job
- c:\users\Alex\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-03-08 21:46]
.
2012-03-13 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-573999197-1535870677-2617638408-1001UA.job
- c:\users\Alex\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-03-08 21:46]
.
2012-03-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-18 15:11]
.
2012-03-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-18 15:11]
.
2012-03-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-573999197-1535870677-2617638408-1001Core.job
- c:\users\Alex\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-05 20:35]
.
2012-03-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-573999197-1535870677-2617638408-1001UA.job
- c:\users\Alex\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-05 20:35]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Alex\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Alex\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Alex\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Alex\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-01-20 487424]
"Broadcom Wireless Manager UI"="c:\program files\Dell\Dell Wireless WLAN Card\WLTRAY.exe" [2009-07-17 4968960]
"QuickSet"="c:\program files\Dell\QuickSet\QuickSet.exe" [2009-10-01 3189016]
"FreeFallProtection"="c:\program files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe" [2009-07-22 2384896]
"McPvTray_exe"="c:\program files\McAfee\MAT\McPvTray.exe" [2011-04-08 436384]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MIF5BA~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 194.168.4.100 194.168.8.100
FF - ProfilePath - c:\users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\v0ahqveu.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/?ref=hp
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-DellSupportCenter - c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe
SafeBoot-rpcnet
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-RealBackgammon_is1 - c:\program files (x86)\GameTop.com\Real Backgammon\unins000.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\msftesql$CSSQL05]
"ImagePath"="\"c:\program files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\msftesql.exe\" -s:MSSQL.2 -f:CSSQL05"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\SysWOW64\rundll32.exe
c:\program files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
c:\program files (x86)\Trusteer\Rapport\bin\RapportService.exe
c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
c:\program files (x86)\Dell DataSafe Local Backup\Toaster.exe
c:\program files (x86)\Common Files\Nokia\MPlatform\NokiaMServer.exe
c:\program files (x86)\PC Connectivity Solution\ServiceLayer.exe
c:\program files (x86)\PC Connectivity Solution\Transports\NclRSSrv.exe
c:\program files (x86)\Common Files\Nokia\NoA\nokiaaserver.exe
c:\program files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
.
**************************************************************************
.
Completion time: 2012-03-13 14:13:53 - machine was rebooted
ComboFix-quarantined-files.txt 2012-03-13 14:13
.
Pre-Run: 124,777,684,992 bytes free
Post-Run: 128,541,216,768 bytes free
.
- - End Of File - - 6EF05654D1850DFCACDC42F036906024


I think the computer is running okay now but want to be sure before I log onto any secure websites etc.

Thanks!

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:42 PM

Posted 13 March 2012 - 01:01 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 rednaxling

rednaxling
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:09:42 PM

Posted 13 March 2012 - 07:27 PM

Hi,

Here is the TDSSKILLER log:

23:51:15.0458 8780 TDSS rootkit removing tool 2.7.20.0 Mar 9 2012 17:10:43
23:51:17.0486 8780 ============================================================
23:51:17.0486 8780 Current date / time: 2012/03/13 23:51:17.0486
23:51:17.0486 8780 SystemInfo:
23:51:17.0486 8780
23:51:17.0486 8780 OS Version: 6.1.7600 ServicePack: 0.0
23:51:17.0486 8780 Product type: Workstation
23:51:17.0486 8780 ComputerName: KRILL
23:51:17.0486 8780 UserName: Alex
23:51:17.0486 8780 Windows directory: C:\Windows
23:51:17.0486 8780 System windows directory: C:\Windows
23:51:17.0486 8780 Running under WOW64
23:51:17.0486 8780 Processor architecture: Intel x64
23:51:17.0486 8780 Number of processors: 4
23:51:17.0486 8780 Page size: 0x1000
23:51:17.0486 8780 Boot type: Normal boot
23:51:17.0486 8780 ============================================================
23:51:19.0732 8780 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
23:51:19.0748 8780 \Device\Harddisk0\DR0:
23:51:19.0748 8780 MBR used
23:51:19.0748 8780 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x139C5, BlocksNum 0x1D4C000
23:51:19.0748 8780 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1D5F9C5, BlocksNum 0x236CE8EB
23:51:19.0904 8780 Initialize success
23:51:19.0904 8780 ============================================================
23:51:32.0806 6760 ============================================================
23:51:32.0806 6760 Scan started
23:51:32.0806 6760 Mode: Manual;
23:51:32.0806 6760 ============================================================
23:51:34.0381 6760 1394ohci (69aa89a20dee08bfa650aab6ce37bd10) C:\Windows\system32\DRIVERS\1394ohci.sys
23:51:34.0413 6760 1394ohci - ok
23:51:34.0491 6760 Acceler (c49c56b35bfc6cda8d1fdcad2885568f) C:\Windows\system32\DRIVERS\Acceler.sys
23:51:34.0537 6760 Acceler - ok
23:51:34.0678 6760 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
23:51:34.0678 6760 ACPI - ok
23:51:34.0740 6760 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
23:51:34.0740 6760 AcpiPmi - ok
23:51:34.0865 6760 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
23:51:34.0881 6760 adp94xx - ok
23:51:34.0990 6760 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
23:51:35.0005 6760 adpahci - ok
23:51:35.0115 6760 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
23:51:35.0130 6760 adpu320 - ok
23:51:35.0224 6760 AFD (db9d6c6b2cd95a9ca414d045b627422e) C:\Windows\system32\drivers\afd.sys
23:51:35.0317 6760 AFD - ok
23:51:35.0583 6760 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
23:51:35.0583 6760 agp440 - ok
23:51:35.0614 6760 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
23:51:35.0629 6760 aliide - ok
23:51:35.0739 6760 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
23:51:35.0739 6760 amdide - ok
23:51:35.0863 6760 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
23:51:35.0863 6760 AmdK8 - ok
23:51:35.0895 6760 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
23:51:35.0895 6760 AmdPPM - ok
23:51:36.0004 6760 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys
23:51:36.0097 6760 amdsata - ok
23:51:36.0113 6760 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
23:51:36.0129 6760 amdsbs - ok
23:51:36.0207 6760 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys
23:51:36.0207 6760 amdxata - ok
23:51:36.0331 6760 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
23:51:36.0331 6760 AppID - ok
23:51:36.0487 6760 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
23:51:36.0503 6760 arc - ok
23:51:36.0565 6760 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
23:51:36.0581 6760 arcsas - ok
23:51:36.0628 6760 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
23:51:36.0628 6760 AsyncMac - ok
23:51:36.0690 6760 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
23:51:36.0690 6760 atapi - ok
23:51:36.0846 6760 AtiHdmiService (fb7602c5c508be281368aae0b61b51c6) C:\Windows\system32\drivers\AtiHdmi.sys
23:51:36.0924 6760 AtiHdmiService - ok
23:51:37.0127 6760 atikmdag (b5fb227a09a9ec28163fa4b45487c3c7) C:\Windows\system32\DRIVERS\atikmdag.sys
23:51:37.0361 6760 atikmdag - ok
23:51:37.0595 6760 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
23:51:37.0595 6760 b06bdrv - ok
23:51:37.0642 6760 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
23:51:37.0657 6760 b57nd60a - ok
23:51:37.0829 6760 BCM42RLY (e001dd475a7c27ebe5a0db45c11bad71) C:\Windows\system32\drivers\BCM42RLY.sys
23:51:37.0860 6760 BCM42RLY - ok
23:51:37.0985 6760 BCM43XX (f4cd5f52850bf2c978de178f256ba372) C:\Windows\system32\DRIVERS\bcmwl664.sys
23:51:38.0047 6760 BCM43XX - ok
23:51:38.0266 6760 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
23:51:38.0266 6760 Beep - ok
23:51:38.0328 6760 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
23:51:38.0328 6760 blbdrive - ok
23:51:38.0531 6760 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
23:51:38.0562 6760 bowser - ok
23:51:38.0656 6760 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
23:51:38.0656 6760 BrFiltLo - ok
23:51:38.0718 6760 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
23:51:38.0718 6760 BrFiltUp - ok
23:51:38.0968 6760 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
23:51:38.0968 6760 BridgeMP - ok
23:51:39.0061 6760 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
23:51:39.0077 6760 Brserid - ok
23:51:39.0093 6760 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
23:51:39.0093 6760 BrSerWdm - ok
23:51:39.0108 6760 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
23:51:39.0108 6760 BrUsbMdm - ok
23:51:39.0280 6760 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
23:51:39.0295 6760 BrUsbSer - ok
23:51:39.0311 6760 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
23:51:39.0311 6760 BTHMODEM - ok
23:51:39.0358 6760 catchme - ok
23:51:39.0514 6760 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
23:51:39.0514 6760 cdfs - ok
23:51:39.0576 6760 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
23:51:39.0576 6760 cdrom - ok
23:51:39.0763 6760 cfwids (ed0263b2eb24f0f4e3898036fa1d28a1) C:\Windows\system32\drivers\cfwids.sys
23:51:39.0763 6760 cfwids - ok
23:51:39.0810 6760 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
23:51:39.0810 6760 circlass - ok
23:51:39.0888 6760 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
23:51:39.0904 6760 CLFS - ok
23:51:40.0138 6760 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
23:51:40.0153 6760 CmBatt - ok
23:51:40.0169 6760 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
23:51:40.0169 6760 cmdide - ok
23:51:40.0247 6760 CNG (937beb186a735aca91d717044a49d17e) C:\Windows\system32\Drivers\cng.sys
23:51:40.0309 6760 CNG - ok
23:51:40.0481 6760 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
23:51:40.0481 6760 Compbatt - ok
23:51:40.0559 6760 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
23:51:40.0637 6760 CompositeBus - ok
23:51:40.0684 6760 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
23:51:40.0684 6760 crcdisk - ok
23:51:40.0887 6760 CtClsFlt (ed5cf92396a62f4c15110dcdb5e854d9) C:\Windows\system32\DRIVERS\CtClsFlt.sys
23:51:40.0965 6760 CtClsFlt - ok
23:51:41.0058 6760 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
23:51:41.0152 6760 DfsC - ok
23:51:41.0308 6760 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
23:51:41.0308 6760 discache - ok
23:51:41.0355 6760 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
23:51:41.0370 6760 Disk - ok
23:51:41.0589 6760 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
23:51:41.0589 6760 drmkaud - ok
23:51:41.0667 6760 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
23:51:41.0745 6760 DXGKrnl - ok
23:51:41.0979 6760 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
23:51:42.0041 6760 ebdrv - ok
23:51:42.0244 6760 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
23:51:42.0259 6760 elxstor - ok
23:51:42.0291 6760 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
23:51:42.0291 6760 ErrDev - ok
23:51:42.0493 6760 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
23:51:42.0509 6760 exfat - ok
23:51:42.0571 6760 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
23:51:42.0571 6760 fastfat - ok
23:51:42.0603 6760 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
23:51:42.0618 6760 fdc - ok
23:51:42.0665 6760 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
23:51:42.0665 6760 FileInfo - ok
23:51:42.0821 6760 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
23:51:42.0837 6760 Filetrace - ok
23:51:42.0899 6760 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
23:51:42.0899 6760 flpydisk - ok
23:51:43.0149 6760 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
23:51:43.0149 6760 FltMgr - ok
23:51:43.0195 6760 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
23:51:43.0195 6760 FsDepends - ok
23:51:43.0227 6760 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
23:51:43.0227 6760 Fs_Rec - ok
23:51:43.0398 6760 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
23:51:43.0398 6760 fvevol - ok
23:51:43.0461 6760 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
23:51:43.0461 6760 gagp30kx - ok
23:51:43.0539 6760 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
23:51:43.0570 6760 GEARAspiWDM - ok
23:51:43.0773 6760 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
23:51:43.0788 6760 hcw85cir - ok
23:51:43.0804 6760 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
23:51:43.0804 6760 HDAudBus - ok
23:51:43.0882 6760 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
23:51:43.0929 6760 HECIx64 - ok
23:51:44.0100 6760 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
23:51:44.0100 6760 HidBatt - ok
23:51:44.0116 6760 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
23:51:44.0131 6760 HidBth - ok
23:51:44.0147 6760 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
23:51:44.0147 6760 HidIr - ok
23:51:44.0194 6760 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
23:51:44.0194 6760 HidUsb - ok
23:51:44.0381 6760 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
23:51:44.0381 6760 HpSAMD - ok
23:51:44.0428 6760 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
23:51:44.0443 6760 HTTP - ok
23:51:44.0615 6760 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
23:51:44.0615 6760 hwpolicy - ok
23:51:44.0677 6760 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
23:51:44.0693 6760 i8042prt - ok
23:51:44.0787 6760 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys
23:51:44.0865 6760 iaStorV - ok
23:51:45.0021 6760 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
23:51:45.0036 6760 iirsp - ok
23:51:45.0099 6760 Impcd (4ff8a2082d78255d2eb169f986bcc981) C:\Windows\system32\DRIVERS\Impcd.sys
23:51:45.0114 6760 Impcd - ok
23:51:45.0192 6760 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
23:51:45.0192 6760 intelide - ok
23:51:45.0379 6760 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
23:51:45.0379 6760 intelppm - ok
23:51:45.0411 6760 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
23:51:45.0426 6760 IpFilterDriver - ok
23:51:45.0442 6760 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
23:51:45.0442 6760 IPMIDRV - ok
23:51:45.0442 6760 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
23:51:45.0457 6760 IPNAT - ok
23:51:45.0660 6760 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
23:51:45.0660 6760 IRENUM - ok
23:51:45.0691 6760 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
23:51:45.0707 6760 isapnp - ok
23:51:45.0723 6760 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
23:51:45.0723 6760 iScsiPrt - ok
23:51:45.0754 6760 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
23:51:45.0754 6760 kbdclass - ok
23:51:45.0925 6760 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
23:51:45.0925 6760 kbdhid - ok
23:51:46.0003 6760 KSecDD (16c1b906fc5ead84769f90b736b6bf0e) C:\Windows\system32\Drivers\ksecdd.sys
23:51:46.0066 6760 KSecDD - ok
23:51:46.0081 6760 KSecPkg (0b711550c56444879d71c7daabda6c83) C:\Windows\system32\Drivers\ksecpkg.sys
23:51:46.0081 6760 KSecPkg - ok
23:51:46.0097 6760 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
23:51:46.0113 6760 ksthunk - ok
23:51:46.0300 6760 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
23:51:46.0315 6760 lltdio - ok
23:51:46.0347 6760 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
23:51:46.0362 6760 LSI_FC - ok
23:51:46.0393 6760 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
23:51:46.0393 6760 LSI_SAS - ok
23:51:46.0425 6760 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
23:51:46.0425 6760 LSI_SAS2 - ok
23:51:46.0581 6760 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
23:51:46.0596 6760 LSI_SCSI - ok
23:51:46.0627 6760 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
23:51:46.0627 6760 luafv - ok
23:51:46.0877 6760 McPvDrv (a0c364079e7ae6c3127bee8e196f00e5) C:\Windows\system32\drivers\McPvDrv.sys
23:51:46.0955 6760 McPvDrv - ok
23:51:47.0002 6760 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
23:51:47.0017 6760 megasas - ok
23:51:47.0049 6760 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
23:51:47.0049 6760 MegaSR - ok
23:51:47.0127 6760 mfeapfk (ef3acfb7e3f82d5f7cde9ef5f0a4e2e2) C:\Windows\system32\drivers\mfeapfk.sys
23:51:47.0127 6760 mfeapfk - ok
23:51:47.0314 6760 mfeavfk (e7a60bdb4365b561d896019b82fb7dd0) C:\Windows\system32\drivers\mfeavfk.sys
23:51:47.0361 6760 mfeavfk - ok
23:51:47.0392 6760 mfeavfk01 - ok
23:51:47.0454 6760 mfefirek (670dffe55e2f9ab99d9169c428bcece9) C:\Windows\system32\drivers\mfefirek.sys
23:51:47.0501 6760 mfefirek - ok
23:51:47.0657 6760 mfehidk (1892616b7f9291fd77c3fa0a5811fe9f) C:\Windows\system32\drivers\mfehidk.sys
23:51:47.0657 6760 mfehidk - ok
23:51:47.0860 6760 mfenlfk (1721261c77f6e7a9e0cb51b7d9f31b60) C:\Windows\system32\DRIVERS\mfenlfk.sys
23:51:47.0891 6760 mfenlfk - ok
23:51:48.0000 6760 mferkdet (65776bd8029e409935b90de30bf99526) C:\Windows\system32\drivers\mferkdet.sys
23:51:48.0000 6760 mferkdet - ok
23:51:48.0063 6760 mfewfpk (4f17d8b85b903d96ef7033bb6ef50516) C:\Windows\system32\drivers\mfewfpk.sys
23:51:48.0109 6760 mfewfpk - ok
23:51:48.0297 6760 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
23:51:48.0297 6760 Modem - ok
23:51:48.0328 6760 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
23:51:48.0343 6760 monitor - ok
23:51:48.0359 6760 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
23:51:48.0359 6760 mouclass - ok
23:51:48.0531 6760 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
23:51:48.0546 6760 mouhid - ok
23:51:48.0609 6760 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
23:51:48.0609 6760 mountmgr - ok
23:51:48.0640 6760 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
23:51:48.0640 6760 mpio - ok
23:51:48.0671 6760 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
23:51:48.0687 6760 mpsdrv - ok
23:51:48.0858 6760 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
23:51:48.0858 6760 MRxDAV - ok
23:51:48.0921 6760 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
23:51:48.0967 6760 mrxsmb - ok
23:51:49.0045 6760 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
23:51:49.0092 6760 mrxsmb10 - ok
23:51:49.0108 6760 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
23:51:49.0139 6760 mrxsmb20 - ok
23:51:49.0311 6760 msahci (bccf16d5fb1109162380e3e28dc9e4e5) C:\Windows\system32\DRIVERS\msahci.sys
23:51:49.0311 6760 msahci - ok
23:51:49.0373 6760 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
23:51:49.0373 6760 msdsm - ok
23:51:49.0420 6760 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
23:51:49.0420 6760 Msfs - ok
23:51:49.0638 6760 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
23:51:49.0654 6760 mshidkmdf - ok
23:51:49.0701 6760 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
23:51:49.0732 6760 msisadrv - ok
23:51:49.0779 6760 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
23:51:49.0794 6760 MSKSSRV - ok
23:51:49.0981 6760 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
23:51:49.0981 6760 MSPCLOCK - ok
23:51:50.0013 6760 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
23:51:50.0013 6760 MSPQM - ok
23:51:50.0044 6760 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
23:51:50.0059 6760 MsRPC - ok
23:51:50.0075 6760 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
23:51:50.0091 6760 mssmbios - ok
23:51:50.0293 6760 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
23:51:50.0293 6760 MSTEE - ok
23:51:50.0325 6760 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
23:51:50.0325 6760 MTConfig - ok
23:51:50.0356 6760 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
23:51:50.0371 6760 Mup - ok
23:51:50.0559 6760 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
23:51:50.0559 6760 NativeWifiP - ok
23:51:50.0652 6760 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
23:51:50.0668 6760 NDIS - ok
23:51:50.0855 6760 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
23:51:50.0855 6760 NdisCap - ok
23:51:50.0902 6760 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
23:51:50.0917 6760 NdisTapi - ok
23:51:50.0949 6760 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
23:51:50.0949 6760 Ndisuio - ok
23:51:50.0964 6760 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
23:51:50.0980 6760 NdisWan - ok
23:51:51.0136 6760 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
23:51:51.0151 6760 NDProxy - ok
23:51:51.0183 6760 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
23:51:51.0198 6760 NetBIOS - ok
23:51:51.0214 6760 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
23:51:51.0229 6760 NetBT - ok
23:51:51.0432 6760 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
23:51:51.0448 6760 nfrd960 - ok
23:51:51.0573 6760 nmwcd (985a3f046dfcd58e26d3a95283bb8f1d) C:\Windows\system32\drivers\ccdcmbx64.sys
23:51:51.0619 6760 nmwcd - ok
23:51:51.0666 6760 nmwcdc (5eb41a9656388dc21119ccc33f0ee22a) C:\Windows\system32\drivers\ccdcmbox64.sys
23:51:51.0713 6760 nmwcdc - ok
23:51:51.0869 6760 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
23:51:51.0885 6760 Npfs - ok
23:51:51.0900 6760 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
23:51:51.0900 6760 nsiproxy - ok
23:51:52.0009 6760 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
23:51:52.0009 6760 Ntfs - ok
23:51:52.0197 6760 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
23:51:52.0197 6760 Null - ok
23:51:52.0259 6760 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys
23:51:52.0306 6760 nvraid - ok
23:51:52.0337 6760 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys
23:51:52.0337 6760 nvstor - ok
23:51:52.0353 6760 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
23:51:52.0368 6760 nv_agp - ok
23:51:52.0727 6760 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
23:51:52.0727 6760 ohci1394 - ok
23:51:53.0117 6760 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
23:51:53.0133 6760 Parport - ok
23:51:53.0413 6760 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
23:51:53.0445 6760 partmgr - ok
23:51:53.0788 6760 pccsmcfd (bc0018c2d29f655188a0ed3fa94fdb24) C:\Windows\system32\DRIVERS\pccsmcfdx64.sys
23:51:53.0866 6760 pccsmcfd - ok
23:51:54.0225 6760 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
23:51:54.0240 6760 pci - ok
23:51:54.0630 6760 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
23:51:54.0646 6760 pciide - ok
23:51:55.0301 6760 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
23:51:55.0317 6760 pcmcia - ok
23:51:55.0363 6760 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
23:51:55.0379 6760 pcw - ok
23:51:55.0441 6760 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
23:51:55.0457 6760 PEAUTH - ok
23:51:55.0863 6760 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
23:51:55.0878 6760 PptpMiniport - ok
23:51:56.0175 6760 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
23:51:56.0190 6760 Processor - ok
23:51:56.0705 6760 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
23:51:56.0721 6760 Psched - ok
23:51:57.0267 6760 PxHlpa64 (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys
23:51:57.0329 6760 PxHlpa64 - ok
23:51:57.0547 6760 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
23:51:57.0579 6760 ql2300 - ok
23:51:57.0766 6760 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
23:51:57.0781 6760 ql40xx - ok
23:51:57.0828 6760 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
23:51:57.0828 6760 QWAVEdrv - ok
23:51:58.0062 6760 RapportCerberus_34302 (5e0459ed0a8f540d2f7b6e52da12c9d4) C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus64_34302.sys
23:51:58.0109 6760 RapportCerberus_34302 - ok
23:51:58.0281 6760 RapportEI64 (345caf7431b5e8d889e7f6fd15efae60) C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys
23:51:58.0281 6760 RapportEI64 - ok
23:51:58.0499 6760 RapportKE64 (639e619348bb5184dcfa37b9ca6597c7) C:\Windows\system32\Drivers\RapportKE64.sys
23:51:58.0561 6760 RapportKE64 - ok
23:51:58.0780 6760 RapportPG64 (9bc1c7c30198d36f84a58018ce21fbda) C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys
23:51:58.0780 6760 RapportPG64 - ok
23:51:58.0951 6760 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
23:51:58.0951 6760 RasAcd - ok
23:51:59.0045 6760 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
23:51:59.0045 6760 RasAgileVpn - ok
23:51:59.0061 6760 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
23:51:59.0076 6760 Rasl2tp - ok
23:51:59.0263 6760 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
23:51:59.0263 6760 RasPppoe - ok
23:51:59.0310 6760 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
23:51:59.0310 6760 RasSstp - ok
23:51:59.0341 6760 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
23:51:59.0341 6760 rdbss - ok
23:51:59.0373 6760 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
23:51:59.0373 6760 rdpbus - ok
23:51:59.0544 6760 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
23:51:59.0544 6760 RDPCDD - ok
23:51:59.0575 6760 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
23:51:59.0591 6760 RDPENCDD - ok
23:51:59.0607 6760 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
23:51:59.0622 6760 RDPREFMP - ok
23:51:59.0653 6760 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
23:51:59.0653 6760 RDPWD - ok
23:51:59.0841 6760 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
23:51:59.0856 6760 rdyboost - ok
23:51:59.0919 6760 rimmptsk (6faf5b04bedc66d300d9d233b2d222f0) C:\Windows\system32\DRIVERS\rimmpx64.sys
23:51:59.0997 6760 rimmptsk - ok
23:52:00.0012 6760 rimspci (e20b1907fc72a3664ece21e3c20fc63d) C:\Windows\system32\DRIVERS\rimspe64.sys
23:52:00.0043 6760 rimspci - ok
23:52:00.0075 6760 rimsptsk (67f50c31713106fd1b0f286f86aa2b2e) C:\Windows\system32\DRIVERS\rimspx64.sys
23:52:00.0075 6760 rimsptsk - ok
23:52:00.0231 6760 risdpcie (a6da2b0c8f5bb3f9f5423cff8d6a02d9) C:\Windows\system32\DRIVERS\risdpe64.sys
23:52:00.0277 6760 risdpcie - ok
23:52:00.0293 6760 rismxdp (4d7ef3d46346ec4c58784db964b365de) C:\Windows\system32\DRIVERS\rixdpx64.sys
23:52:00.0293 6760 rismxdp - ok
23:52:00.0324 6760 rixdpcie (6a1cd4674505e6791390a1ab71da1fbe) C:\Windows\system32\DRIVERS\rixdpe64.sys
23:52:00.0355 6760 rixdpcie - ok
23:52:00.0433 6760 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
23:52:00.0433 6760 rspndr - ok
23:52:00.0605 6760 RTL8167 (3b01789ee4eaee97f5eb46b711387d5e) C:\Windows\system32\DRIVERS\Rt64win7.sys
23:52:00.0652 6760 RTL8167 - ok
23:52:00.0683 6760 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
23:52:00.0683 6760 sbp2port - ok
23:52:00.0699 6760 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
23:52:00.0714 6760 scfilter - ok
23:52:00.0792 6760 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
23:52:00.0792 6760 secdrv - ok
23:52:00.0979 6760 Ser2pl (b45b49c37b7faf3b60e3dd30d7b6faf3) C:\Windows\system32\DRIVERS\ser2pl64.sys
23:52:01.0026 6760 Ser2pl - ok
23:52:01.0089 6760 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
23:52:01.0089 6760 Serenum - ok
23:52:01.0104 6760 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
23:52:01.0104 6760 Serial - ok
23:52:01.0135 6760 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
23:52:01.0151 6760 sermouse - ok
23:52:01.0323 6760 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
23:52:01.0338 6760 sffdisk - ok
23:52:01.0354 6760 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
23:52:01.0354 6760 sffp_mmc - ok
23:52:01.0369 6760 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
23:52:01.0369 6760 sffp_sd - ok
23:52:01.0369 6760 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
23:52:01.0385 6760 sfloppy - ok
23:52:01.0432 6760 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
23:52:01.0432 6760 SiSRaid2 - ok
23:52:01.0588 6760 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
23:52:01.0588 6760 SiSRaid4 - ok
23:52:01.0619 6760 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
23:52:01.0619 6760 Smb - ok
23:52:01.0650 6760 speedfan - ok
23:52:01.0666 6760 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
23:52:01.0666 6760 spldr - ok
23:52:01.0869 6760 sptd (602884696850c86434530790b110e8eb) C:\Windows\System32\Drivers\sptd.sys
23:52:01.0931 6760 sptd - ok
23:52:02.0134 6760 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
23:52:02.0165 6760 srv - ok
23:52:02.0243 6760 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
23:52:02.0290 6760 srv2 - ok
23:52:02.0477 6760 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
23:52:02.0555 6760 srvnet - ok
23:52:02.0649 6760 stdflt (c48e0745d33897c7a73394214f2b9b4f) C:\Windows\system32\DRIVERS\stdflt.sys
23:52:02.0742 6760 stdflt - ok
23:52:02.0789 6760 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
23:52:02.0789 6760 stexstor - ok
23:52:02.0992 6760 STHDA (caf5a9708671b14b9670260735b22c4e) C:\Windows\system32\DRIVERS\stwrt64.sys
23:52:03.0054 6760 STHDA - ok
23:52:03.0117 6760 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
23:52:03.0132 6760 swenum - ok
23:52:03.0335 6760 SynTP (639b57dc871be4b86283027faf1f4e30) C:\Windows\system32\DRIVERS\SynTP.sys
23:52:03.0413 6760 SynTP - ok
23:52:03.0507 6760 Tcpip (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\drivers\tcpip.sys
23:52:03.0600 6760 Tcpip - ok
23:52:03.0819 6760 TCPIP6 (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\DRIVERS\tcpip.sys
23:52:03.0897 6760 TCPIP6 - ok
23:52:04.0068 6760 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
23:52:04.0084 6760 tcpipreg - ok
23:52:04.0099 6760 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
23:52:04.0115 6760 TDPIPE - ok
23:52:04.0115 6760 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
23:52:04.0115 6760 TDTCP - ok
23:52:04.0146 6760 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
23:52:04.0146 6760 tdx - ok
23:52:04.0162 6760 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
23:52:04.0177 6760 TermDD - ok
23:52:04.0380 6760 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
23:52:04.0380 6760 tssecsrv - ok
23:52:04.0396 6760 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
23:52:04.0396 6760 tunnel - ok
23:52:04.0443 6760 TurboB (825e7a1f48fb8bcfba27c178aab4e275) C:\Windows\system32\DRIVERS\TurboB.sys
23:52:04.0458 6760 TurboB - ok
23:52:04.0489 6760 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
23:52:04.0489 6760 uagp35 - ok
23:52:04.0692 6760 udfs (31ba4a33afab6a69ea092b18017f737f) C:\Windows\system32\DRIVERS\udfs.sys
23:52:04.0692 6760 udfs - ok
23:52:04.0817 6760 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
23:52:04.0817 6760 uliagpkx - ok
23:52:04.0848 6760 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
23:52:04.0848 6760 umbus - ok
23:52:04.0879 6760 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
23:52:04.0879 6760 UmPass - ok
23:52:05.0051 6760 upperdev (afa3a0937b7044a8322d8bc91722c53b) C:\Windows\system32\DRIVERS\usbser_lowerfltx64.sys
23:52:05.0129 6760 upperdev - ok
23:52:05.0223 6760 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
23:52:05.0254 6760 USBAAPL64 - ok
23:52:05.0316 6760 usbccgp (537a4e03d7103c12d42dfd8ffdb5bdc9) C:\Windows\system32\DRIVERS\usbccgp.sys
23:52:05.0316 6760 usbccgp - ok
23:52:05.0488 6760 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
23:52:05.0488 6760 usbcir - ok
23:52:05.0519 6760 usbehci (fbb21ebe49f6d560db37ac25fbc68e66) C:\Windows\system32\drivers\usbehci.sys
23:52:05.0519 6760 usbehci - ok
23:52:05.0550 6760 usbhub (6b7a8a99c4a459e73c286a6763ea24cc) C:\Windows\system32\DRIVERS\usbhub.sys
23:52:05.0550 6760 usbhub - ok
23:52:05.0613 6760 usbohci (8c88aa7617b4cbc2e4bed61d26b33a27) C:\Windows\system32\drivers\usbohci.sys
23:52:05.0613 6760 usbohci - ok
23:52:05.0769 6760 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
23:52:05.0769 6760 usbprint - ok
23:52:05.0847 6760 usbser (0f0c72a657c622286013788b886968ad) C:\Windows\system32\drivers\usbser.sys
23:52:05.0847 6760 usbser - ok
23:52:05.0893 6760 UsbserFilt (b826f3ff5a1975cc9096b4caadde77b6) C:\Windows\system32\DRIVERS\usbser_lowerfltjx64.sys
23:52:05.0925 6760 UsbserFilt - ok
23:52:05.0987 6760 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\DRIVERS\USBSTOR.SYS
23:52:06.0018 6760 USBSTOR - ok
23:52:06.0190 6760 usbuhci (0b5b3b2df3fd1709618acfa50b8392b0) C:\Windows\system32\drivers\usbuhci.sys
23:52:06.0221 6760 usbuhci - ok
23:52:06.0299 6760 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\system32\Drivers\usbvideo.sys
23:52:06.0330 6760 usbvideo - ok
23:52:06.0408 6760 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
23:52:06.0408 6760 vdrvroot - ok
23:52:06.0533 6760 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
23:52:06.0549 6760 vga - ok
23:52:06.0595 6760 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
23:52:06.0595 6760 VgaSave - ok
23:52:06.0642 6760 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
23:52:06.0658 6760 vhdmp - ok
23:52:06.0705 6760 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
23:52:06.0705 6760 viaide - ok
23:52:06.0767 6760 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
23:52:06.0767 6760 volmgr - ok
23:52:06.0892 6760 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
23:52:06.0892 6760 volmgrx - ok
23:52:06.0923 6760 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
23:52:06.0939 6760 volsnap - ok
23:52:06.0970 6760 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
23:52:06.0985 6760 vsmraid - ok
23:52:07.0048 6760 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
23:52:07.0048 6760 vwifibus - ok
23:52:07.0188 6760 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
23:52:07.0204 6760 vwififlt - ok
23:52:07.0251 6760 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
23:52:07.0251 6760 WacomPen - ok
23:52:07.0329 6760 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
23:52:07.0329 6760 WANARP - ok
23:52:07.0344 6760 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
23:52:07.0360 6760 Wanarpv6 - ok
23:52:07.0532 6760 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
23:52:07.0547 6760 Wd - ok
23:52:07.0578 6760 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
23:52:07.0610 6760 Wdf01000 - ok
23:52:07.0797 6760 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
23:52:07.0797 6760 WfpLwf - ok
23:52:07.0875 6760 WimFltr (b14ef15bd757fa488f9c970eee9c0d35) C:\Windows\system32\DRIVERS\wimfltr.sys
23:52:07.0922 6760 WimFltr - ok
23:52:07.0937 6760 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
23:52:07.0937 6760 WIMMount - ok
23:52:08.0140 6760 WinUsb (4d52c872018af7e18d078978dcc3f6f2) C:\Windows\system32\DRIVERS\WinUsb.sys
23:52:08.0171 6760 WinUsb - ok
23:52:08.0265 6760 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
23:52:08.0265 6760 WmiAcpi - ok
23:52:08.0296 6760 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
23:52:08.0312 6760 ws2ifsl - ok
23:52:08.0374 6760 WSDPrintDevice (8d918b1db190a4d9b1753a66fa8c96e8) C:\Windows\system32\DRIVERS\WSDPrint.sys
23:52:08.0374 6760 WSDPrintDevice - ok
23:52:08.0514 6760 WudfPf (c63907207b837a5c05cf6d1606aa0008) C:\Windows\system32\drivers\WudfPf.sys
23:52:08.0561 6760 WudfPf - ok
23:52:08.0764 6760 WUDFRd (d885a873d733020f8b9b9ff4b1666158) C:\Windows\system32\DRIVERS\WUDFRd.sys
23:52:08.0764 6760 WUDFRd - ok
23:52:08.0826 6760 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
23:52:08.0889 6760 \Device\Harddisk0\DR0 - ok
23:52:08.0889 6760 Boot (0x1200) (4e15e815dc2d7cc784d010950c63714b) \Device\Harddisk0\DR0\Partition0
23:52:08.0889 6760 \Device\Harddisk0\DR0\Partition0 - ok
23:52:08.0920 6760 Boot (0x1200) (4e64c92ba3edf29443017f41150b0cac) \Device\Harddisk0\DR0\Partition1
23:52:08.0920 6760 \Device\Harddisk0\DR0\Partition1 - ok
23:52:08.0920 6760 ============================================================
23:52:08.0920 6760 Scan finished
23:52:08.0920 6760 ============================================================
23:52:08.0936 8772 Detected object count: 0
23:52:08.0936 8772 Actual detected object count: 0


Here is the aswMBR log, I don't think it completed properly but just kind of 'hung up' after it detected Ramnit. Shall I re-run it?

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-03-13 23:56:25
-----------------------------
23:56:25.231 OS Version: Windows x64 6.1.7600
23:56:25.231 Number of processors: 4 586 0x2502
23:56:25.231 ComputerName: KRILL UserName: Alex
23:56:33.875 Initialize success
23:59:39.225 AVAST engine defs: 12031301
00:02:12.497 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
00:02:12.501 Disk 0 Vendor: Hitachi_HTS545032B9A300 PB3OC60S Size: 305245MB BusType: 11
00:02:12.528 Disk 0 MBR read successfully
00:02:12.533 Disk 0 MBR scan
00:02:12.543 Disk 0 Windows VISTA default MBR code
00:02:12.548 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
00:02:12.576 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 15000 MB offset 80325
00:02:12.614 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 290205 MB offset 30800325
00:02:12.652 Disk 0 scanning C:\Windows\system32\drivers
00:02:29.773 Service scanning
00:03:21.787 Modules scanning
00:03:21.800 Disk 0 trace - called modules:
00:03:21.830 ntoskrnl.exe CLASSPNP.SYS disk.sys stdflt.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
00:03:22.167 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004c39060]
00:03:22.175 3 CLASSPNP.SYS[fffff8800180143f] -> nt!IofCallDriver -> [0xfffffa8004ab3ce0]
00:03:22.183 5 stdflt.sys[fffff88001919a4a] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa800494c060]
00:03:23.882 AVAST engine scan C:\Windows
00:03:29.850 AVAST engine scan C:\Windows\system32
00:11:12.818 AVAST engine scan C:\Windows\system32\drivers
00:11:37.883 AVAST engine scan C:\Users\Alex
00:12:06.362 File: C:\Users\Alex\AppData\Local\jagexlauncher\bin\awt.dll **INFECTED** Win32:Ramnit-AC [Drp]
00:12:06.668 File: C:\Users\Alex\AppData\Local\jagexlauncher\bin\fontmanager.dll **INFECTED** Win32:Ramnit-AC [Drp]
00:12:07.770 File: C:\Users\Alex\AppData\Local\jagexlauncher\bin\JagexLauncher.exe **INFECTED** Win32:Ramnit-AC [Drp]
00:12:08.153 File: C:\Users\Alex\AppData\Local\jagexlauncher\bin\java.dll **INFECTED** Win32:Ramnit-AC [Drp]
00:12:08.559 File: C:\Users\Alex\AppData\Local\jagexlauncher\bin\jpeg.dll **INFECTED** Win32:Ramnit-AC [Drp]
00:12:10.410 File: C:\Users\Alex\AppData\Local\jagexlauncher\bin\jvm.dll **INFECTED** Win32:Ramnit-AC [Drp]
00:12:10.987 File: C:\Users\Alex\AppData\Local\jagexlauncher\bin\msvcm90.dll **INFECTED** Win32:Ramnit-AC [Drp]
00:23:20.283 Disk 0 MBR has been saved successfully to "C:\Users\Alex\Desktop\MBR.dat"
00:23:20.296 The log file has been saved successfully to "C:\Users\Alex\Desktop\aswMBR.txt"



Thanks.

#6 rednaxling

rednaxling
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:09:42 PM

Posted 13 March 2012 - 08:36 PM

Please accept my apologies - Looks like I terminated the scan early...
I ran it again and here is the actual aswMBR log:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-03-14 00:24:25
-----------------------------
00:24:25.542 OS Version: Windows x64 6.1.7600
00:24:25.542 Number of processors: 4 586 0x2502
00:24:25.543 ComputerName: KRILL UserName: Alex
00:24:59.832 Initialize success
00:25:08.291 AVAST engine defs: 12031301
00:27:34.449 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
00:27:34.450 Disk 0 Vendor: Hitachi_HTS545032B9A300 PB3OC60S Size: 305245MB BusType: 11
00:27:34.473 Disk 0 MBR read successfully
00:27:34.474 Disk 0 MBR scan
00:27:34.480 Disk 0 Windows VISTA default MBR code
00:27:34.482 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
00:27:34.543 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 15000 MB offset 80325
00:27:34.558 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 290205 MB offset 30800325
00:27:34.595 Disk 0 scanning C:\Windows\system32\drivers
00:27:51.317 Service scanning
00:29:09.646 Modules scanning
00:29:09.659 Disk 0 trace - called modules:
00:29:09.687 ntoskrnl.exe CLASSPNP.SYS disk.sys stdflt.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
00:29:10.023 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004c39060]
00:29:10.032 3 CLASSPNP.SYS[fffff8800180143f] -> nt!IofCallDriver -> [0xfffffa8004ab3ce0]
00:29:10.040 5 stdflt.sys[fffff88001919a4a] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa800494c060]
00:29:11.550 AVAST engine scan C:\Windows
00:29:16.683 AVAST engine scan C:\Windows\system32
00:35:19.032 AVAST engine scan C:\Windows\system32\drivers
00:35:42.052 AVAST engine scan C:\Users\Alex
00:35:55.909 File: C:\Users\Alex\AppData\Local\jagexlauncher\bin\awt.dll **INFECTED** Win32:Ramnit-AC [Drp]
00:35:56.123 File: C:\Users\Alex\AppData\Local\jagexlauncher\bin\fontmanager.dll **INFECTED** Win32:Ramnit-AC [Drp]
00:35:56.559 File: C:\Users\Alex\AppData\Local\jagexlauncher\bin\JagexLauncher.exe **INFECTED** Win32:Ramnit-AC [Drp]
00:35:56.781 File: C:\Users\Alex\AppData\Local\jagexlauncher\bin\java.dll **INFECTED** Win32:Ramnit-AC [Drp]
00:35:56.991 File: C:\Users\Alex\AppData\Local\jagexlauncher\bin\jpeg.dll **INFECTED** Win32:Ramnit-AC [Drp]
00:35:57.637 File: C:\Users\Alex\AppData\Local\jagexlauncher\bin\jvm.dll **INFECTED** Win32:Ramnit-AC [Drp]
00:35:57.814 File: C:\Users\Alex\AppData\Local\jagexlauncher\bin\msvcm90.dll **INFECTED** Win32:Ramnit-AC [Drp]
00:51:14.067 File: C:\Users\Alex\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-421cabec-n\jmc.dll **INFECTED** Win32:Ramnit-AC [Drp]
00:51:14.693 File: C:\Users\Alex\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-421cabec-n\msvcp71.dll **INFECTED** Win32:Ramnit-AC [Drp]
00:51:19.047 File: C:\Users\Alex\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-22fddc46-n\jmc.dll **INFECTED** Win32:Ramnit-AC [Drp]
00:51:19.371 File: C:\Users\Alex\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-22fddc46-n\msvcp71.dll **INFECTED** Win32:Ramnit-AC [Drp]
00:51:23.579 File: C:\Users\Alex\AppData\LocalLow\Unity\WebPlayer\mono\3.x.x\mono-1-vc.dll **INFECTED** Win32:Ramnit-AC [Drp]
00:52:27.379 File: C:\Users\Alex\AppData\Roaming\Microsoft\Installer\{A8E7BE25-785A-45A6-ADA5-E263B6A3358E}\hpjsi.exe_A8E7BE25785A45A6ADA5E263B6A3358E.exe **INFECTED** Win32:Ramnit-AC [Drp]
01:22:05.073 AVAST engine scan C:\ProgramData
01:33:51.023 Scan finished successfully
01:35:46.335 Disk 0 MBR has been saved successfully to "C:\Users\Alex\Desktop\MBR.dat"
01:35:46.376 The log file has been saved successfully to "C:\Users\Alex\Desktop\aswMBR_completed.txt"

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:42 PM

Posted 13 March 2012 - 08:56 PM

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the activex control to install
    • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • Use notepad to open the logfile located at C:\Program Files\Eset\Eset Online Scanner\log.txt
Copy and paste that log as a reply to this topic
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 rednaxling

rednaxling
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:09:42 PM

Posted 14 March 2012 - 02:35 AM

ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=86da56700e004346a00f5d75c41d3f61
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-03-14 05:21:55
# local_time=2012-03-14 05:21:55 (+0000, GMT Standard Time)
# country="United Kingdom"
# lang=1033
# osver=6.1.7600 NT
# compatibility_mode=5121 16777213 100 75 344915 32175099 0 0
# compatibility_mode=5893 16776574 100 94 365506 84155905 0 0
# compatibility_mode=8192 67108863 100 0 3960 3960 0 0
# scanned=307244
# found=48
# cleaned=0
# scan_time=11660
C:\CStemp\Cambridgesoft\Activation\MFC71.dll Win32/Ramnit.R virus (unable to clean) 00000000000000000000000000000000 I
C:\CStemp\Cambridgesoft\Activation\msvcp71.dll Win32/Ramnit.R virus (unable to clean) 00000000000000000000000000000000 I
C:\CStemp\Cambridgesoft\Activation\msvcr71.dll Win32/Ramnit.R virus (unable to clean) 00000000000000000000000000000000 I
C:\CStemp\Cambridgesoft\SharedAddIn\setup.exe Win32/Ramnit.R virus (unable to clean) 00000000000000000000000000000000 I
C:\dell\drivers\R271030\1558_A06.exe Win32/Ramnit.R virus (unable to clean) 00000000000000000000000000000000 I
C:\dell\drivers\R271030\Win_1194.exe Win32/Ramnit.R virus (unable to clean) 00000000000000000000000000000000 I
C:\dell\drivers\R301434\1558_A12.exe Win32/Ramnit.R virus (unable to clean) 00000000000000000000000000000000 I
C:\dell\drivers\R301434\Win_1194.exe Win32/Ramnit.R virus (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Alex\AppData\Local\jagexlauncher\bin\awt.dll Win32/Ramnit.R virus (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Alex\AppData\Local\jagexlauncher\bin\fontmanager.dll Win32/Ramnit.R virus (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Alex\AppData\Local\jagexlauncher\bin\JagexLauncher.exe Win32/Ramnit.R virus (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Alex\AppData\Local\jagexlauncher\bin\java.dll Win32/Ramnit.R virus (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Alex\AppData\Local\jagexlauncher\bin\jpeg.dll Win32/Ramnit.R virus (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Alex\AppData\Local\jagexlauncher\bin\jvm.dll Win32/Ramnit.R virus (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Alex\AppData\Local\jagexlauncher\bin\msvcm90.dll Win32/Ramnit.R virus (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Alex\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-421cabec-n\jmc.dll Win32/Ramnit.R virus (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Alex\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-421cabec-n\msvcp71.dll Win32/Ramnit.R virus (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Alex\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-22fddc46-n\jmc.dll Win32/Ramnit.R virus (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Alex\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-22fddc46-n\msvcp71.dll Win32/Ramnit.R virus (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Alex\AppData\LocalLow\Unity\WebPlayer\mono\3.x.x\mono-1-vc.dll Win32/Ramnit.R virus (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Alex\AppData\LocalLow\Unity\WebPlayer\player\3.x.x\webplayer_win.dll Win32/Ramnit.R virus (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Alex\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll Win32/Ramnit.R virus (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Alex\AppData\Roaming\Microsoft\Installer\{A8E7BE25-785A-45A6-ADA5-E263B6A3358E}\hpjsi.exe_A8E7BE25785A45A6ADA5E263B6A3358E.exe Win32/Ramnit.R virus (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Alex\Downloads\CheatEngine60(2).exe multiple threats (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Alex\Downloads\CheatEngine60.exe multiple threats (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Alex\Downloads\winamp5581_full_emusic-7plus_en-us.exe Win32/OpenCandy application (unable to clean) 00000000000000000000000000000000 I
C:\Program Files (x86)\Dell DataSafe Local Backup\hstart.exe a variant of Win32/HiddenStart.A application (unable to clean) 00000000000000000000000000000000 I
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe a variant of Win32/HiddenStart.A application (unable to clean) 00000000000000000000000000000000 I
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\UpdateWorkingDirectory\DSL\hstart.exe a variant of Win32/HiddenStart.A application (unable to clean) 00000000000000000000000000000000 I
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\UpdateWorkingDirectory\DSL\Components\DSUpdate\hstart.exe a variant of Win32/HiddenStart.A application (unable to clean) 00000000000000000000000000000000 I
C:\Users\Alex\AppData\Local\jagexlauncher\bin\awt.dll Win32/Ramnit.R virus (unable to clean) 00000000000000000000000000000000 I
C:\Users\Alex\AppData\Local\jagexlauncher\bin\fontmanager.dll Win32/Ramnit.R virus (unable to clean) 00000000000000000000000000000000 I
C:\Users\Alex\AppData\Local\jagexlauncher\bin\JagexLauncher.exe Win32/Ramnit.R virus (unable to clean) 00000000000000000000000000000000 I
C:\Users\Alex\AppData\Local\jagexlauncher\bin\java.dll Win32/Ramnit.R virus (unable to clean) 00000000000000000000000000000000 I
C:\Users\Alex\AppData\Local\jagexlauncher\bin\jpeg.dll Win32/Ramnit.R virus (unable to clean) 00000000000000000000000000000000 I
C:\Users\Alex\AppData\Local\jagexlauncher\bin\jvm.dll Win32/Ramnit.R virus (unable to clean) 00000000000000000000000000000000 I
C:\Users\Alex\AppData\Local\jagexlauncher\bin\msvcm90.dll Win32/Ramnit.R virus (unable to clean) 00000000000000000000000000000000 I
C:\Users\Alex\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-421cabec-n\jmc.dll Win32/Ramnit.R virus (unable to clean) 00000000000000000000000000000000 I
C:\Users\Alex\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-421cabec-n\msvcp71.dll Win32/Ramnit.R virus (unable to clean) 00000000000000000000000000000000 I
C:\Users\Alex\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-22fddc46-n\jmc.dll Win32/Ramnit.R virus (unable to clean) 00000000000000000000000000000000 I
C:\Users\Alex\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-22fddc46-n\msvcp71.dll Win32/Ramnit.R virus (unable to clean) 00000000000000000000000000000000 I
C:\Users\Alex\AppData\LocalLow\Unity\WebPlayer\mono\3.x.x\mono-1-vc.dll Win32/Ramnit.R virus (unable to clean) 00000000000000000000000000000000 I
C:\Users\Alex\AppData\LocalLow\Unity\WebPlayer\player\3.x.x\webplayer_win.dll Win32/Ramnit.R virus (unable to clean) 00000000000000000000000000000000 I
C:\Users\Alex\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll Win32/Ramnit.R virus (unable to clean) 00000000000000000000000000000000 I
C:\Users\Alex\AppData\Roaming\Microsoft\Installer\{A8E7BE25-785A-45A6-ADA5-E263B6A3358E}\hpjsi.exe_A8E7BE25785A45A6ADA5E263B6A3358E.exe Win32/Ramnit.R virus (unable to clean) 00000000000000000000000000000000 I
C:\Users\Alex\Downloads\CheatEngine60(2).exe multiple threats (unable to clean) 00000000000000000000000000000000 I
C:\Users\Alex\Downloads\CheatEngine60.exe multiple threats (unable to clean) 00000000000000000000000000000000 I
C:\Users\Alex\Downloads\winamp5581_full_emusic-7plus_en-us.exe Win32/OpenCandy application (unable to clean) 00000000000000000000000000000000 I

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:42 PM

Posted 14 March 2012 - 02:38 AM

Hello


you have a very bad file infector on this computer and it may not be able to be cleaned I would backup anything that can not be replaced it case these fixes break the Operating system


Please download Kaspersky Virus Removal Tool and SAVE it to your desktop

  • Right click and run as admin (xp please double click to run)
  • select lang
  • accept the license aggreement
  • click on settings (gear looking thing on the right)
  • put check mark in
    • system memory
      hidden objects
      disk boot sectors
      computer
      os
  • go back to automatic scan
  • click on start scan
  • For this scan select skip for anything found
  • when the scan is complete click on the report button (looks like a peace of paper on the right of the gear looking thing)
  • on the left you will see
    status
    Detected threats<-- click on this one
    automatic Scan report
    Manual disinfection report
  • click on the save button
    save to a location that you can find it ( default is in the document folder)
  • copy and paste this report in your next post

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 rednaxling

rednaxling
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:09:42 PM

Posted 14 March 2012 - 02:15 PM

Kaspersky Virus Removal

Status: Detected (events: 56)
14/03/2012 14:49:08 Detected virus Virus.Win32.Nimnul.e C:\CStemp\Cambridgesoft\Activation\msvcp71.dll High
14/03/2012 14:49:09 Detected virus Virus.Win32.Nimnul.e C:\CStemp\Cambridgesoft\Activation\msvcr71.dll High
14/03/2012 14:49:10 Detected virus Virus.Win32.Nimnul.e C:\CStemp\Cambridgesoft\Activation\MFC71.dll High
14/03/2012 14:49:18 Detected virus Virus.Win32.Nimnul.e C:\CStemp\Cambridgesoft\SharedAddIn\setup.exe High
14/03/2012 14:50:37 Detected virus Virus.Win32.Nimnul.e C:\dell\drivers\R271030\Win_1194.exe High
14/03/2012 14:50:39 Detected virus Virus.Win32.Nimnul.e C:\dell\drivers\R271030\1558_A06.exe High
14/03/2012 14:50:39 Detected virus Virus.Win32.Nimnul.e C:\dell\drivers\R301434\1558_A12.exe High
14/03/2012 14:50:56 Detected virus Virus.Win32.Nimnul.e C:\Documents and Settings\Alex\AppData\Local\jagexlauncher\bin\awt.dll High
14/03/2012 14:50:57 Detected virus Virus.Win32.Nimnul.e C:\dell\drivers\R301434\Win_1194.exe High
14/03/2012 14:50:59 Detected virus Virus.Win32.Nimnul.e C:\Documents and Settings\Alex\AppData\Local\jagexlauncher\bin\fontmanager.dll High
14/03/2012 14:50:59 Detected virus Virus.Win32.Nimnul.e C:\Documents and Settings\Alex\AppData\Local\jagexlauncher\bin\java.dll High
14/03/2012 14:51:00 Detected virus Virus.Win32.Nimnul.e C:\Documents and Settings\Alex\AppData\Local\jagexlauncher\bin\JagexLauncher.exe High
14/03/2012 14:51:00 Detected virus Virus.Win32.Nimnul.e C:\Documents and Settings\Alex\AppData\Local\jagexlauncher\bin\jpeg.dll High
14/03/2012 14:51:01 Detected virus Virus.Win32.Nimnul.e C:\Documents and Settings\Alex\AppData\Local\jagexlauncher\bin\msvcm90.dll High
14/03/2012 14:51:11 Detected virus Virus.Win32.Nimnul.e C:\Documents and Settings\Alex\AppData\Local\jagexlauncher\bin\jvm.dll High
14/03/2012 15:01:07 Detected virus Virus.Win32.Nimnul.e C:\Documents and Settings\Alex\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-421cabec-n\jmc.dll High
14/03/2012 15:01:08 Detected virus Virus.Win32.Nimnul.e C:\Documents and Settings\Alex\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-421cabec-n\msvcp71.dll High
14/03/2012 15:01:08 Detected virus Virus.Win32.Nimnul.e C:\Documents and Settings\Alex\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-22fddc46-n\jmc.dll High
14/03/2012 15:01:09 Detected virus Virus.Win32.Nimnul.e C:\Documents and Settings\Alex\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-22fddc46-n\msvcp71.dll High
14/03/2012 15:01:11 Detected virus Virus.Win32.Nimnul.e C:\Documents and Settings\Alex\AppData\LocalLow\Unity\WebPlayer\mono\3.x.x\mono-1-vc.dll High
14/03/2012 15:01:16 Detected virus Virus.Win32.Nimnul.e C:\Documents and Settings\Alex\AppData\LocalLow\Unity\WebPlayer\player\3.x.x\webplayer_win.dll High
14/03/2012 15:01:22 Detected virus Virus.Win32.Nimnul.e C:\Documents and Settings\Alex\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll High
14/03/2012 15:01:35 Detected virus Virus.Win32.Nimnul.e C:\Documents and Settings\Alex\AppData\Roaming\Microsoft\Installer\{A8E7BE25-785A-45A6-ADA5-E263B6A3358E}\hpjsi.exe_A8E7BE25785A45A6ADA5E263B6A3358E.exe High
14/03/2012 15:02:31 Detected virus Virus.Win32.Nimnul.e C:\Documents and Settings\Alex\Application Data\Facebook\npfbplugin_1_0_3.dll High
14/03/2012 15:02:47 Detected virus Virus.Win32.Nimnul.e C:\Documents and Settings\Alex\Application Data\Microsoft\Installer\{A8E7BE25-785A-45A6-ADA5-E263B6A3358E}\hpjsi.exe_A8E7BE25785A45A6ADA5E263B6A3358E.exe High
14/03/2012 15:29:37 Detected virus Virus.Win32.Nimnul.e C:\Documents and Settings\Alex\Local Settings\jagexlauncher\bin\fontmanager.dll High
14/03/2012 15:29:38 Detected virus Virus.Win32.Nimnul.e C:\Documents and Settings\Alex\Local Settings\jagexlauncher\bin\JagexLauncher.exe High
14/03/2012 15:29:41 Detected virus Virus.Win32.Nimnul.e C:\Documents and Settings\Alex\Local Settings\jagexlauncher\bin\java.dll High
14/03/2012 15:29:42 Detected virus Virus.Win32.Nimnul.e C:\Documents and Settings\Alex\Local Settings\jagexlauncher\bin\awt.dll High
14/03/2012 15:29:43 Detected virus Virus.Win32.Nimnul.e C:\Documents and Settings\Alex\Local Settings\jagexlauncher\bin\jpeg.dll High
14/03/2012 15:29:47 Detected virus Virus.Win32.Nimnul.e C:\Documents and Settings\Alex\Local Settings\jagexlauncher\bin\msvcm90.dll High
14/03/2012 15:29:51 Detected virus Virus.Win32.Nimnul.e C:\Documents and Settings\Alex\Local Settings\jagexlauncher\bin\jvm.dll High
14/03/2012 16:08:13 Detected virus Virus.Win32.Nimnul.e C:\Users\Alex\AppData\Local\jagexlauncher\bin\fontmanager.dll High
14/03/2012 16:08:15 Detected virus Virus.Win32.Nimnul.e C:\Users\Alex\AppData\Local\jagexlauncher\bin\JagexLauncher.exe High
14/03/2012 16:08:15 Detected virus Virus.Win32.Nimnul.e C:\Users\Alex\AppData\Local\jagexlauncher\bin\awt.dll High
14/03/2012 16:08:15 Detected virus Virus.Win32.Nimnul.e C:\Users\Alex\AppData\Local\jagexlauncher\bin\java.dll High
14/03/2012 16:08:16 Detected virus Virus.Win32.Nimnul.e C:\Users\Alex\AppData\Local\jagexlauncher\bin\jpeg.dll High
14/03/2012 16:08:18 Detected virus Virus.Win32.Nimnul.e C:\Users\Alex\AppData\Local\jagexlauncher\bin\jvm.dll High
14/03/2012 16:08:19 Detected virus Virus.Win32.Nimnul.e C:\Users\Alex\AppData\Local\jagexlauncher\bin\msvcm90.dll High
14/03/2012 16:14:19 Detected virus Virus.Win32.Nimnul.e C:\Users\Alex\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-421cabec-n\msvcp71.dll High
14/03/2012 16:14:19 Detected virus Virus.Win32.Nimnul.e C:\Users\Alex\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-421cabec-n\jmc.dll High
14/03/2012 16:14:21 Detected virus Virus.Win32.Nimnul.e C:\Users\Alex\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-22fddc46-n\jmc.dll High
14/03/2012 16:14:22 Detected virus Virus.Win32.Nimnul.e C:\Users\Alex\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-22fddc46-n\msvcp71.dll High
14/03/2012 16:14:26 Detected virus Virus.Win32.Nimnul.e C:\Users\Alex\AppData\LocalLow\Unity\WebPlayer\mono\3.x.x\mono-1-vc.dll High
14/03/2012 16:14:32 Detected virus Virus.Win32.Nimnul.e C:\Users\Alex\AppData\LocalLow\Unity\WebPlayer\player\3.x.x\webplayer_win.dll High
14/03/2012 16:14:34 Detected virus Virus.Win32.Nimnul.e C:\Users\Alex\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll High
14/03/2012 16:14:46 Detected virus Virus.Win32.Nimnul.e C:\Users\Alex\AppData\Roaming\Microsoft\Installer\{A8E7BE25-785A-45A6-ADA5-E263B6A3358E}\hpjsi.exe_A8E7BE25785A45A6ADA5E263B6A3358E.exe High
14/03/2012 16:15:18 Detected virus Virus.Win32.Nimnul.e C:\Users\Alex\Application Data\Facebook\npfbplugin_1_0_3.dll High
14/03/2012 16:15:32 Detected virus Virus.Win32.Nimnul.e C:\Users\Alex\Application Data\Microsoft\Installer\{A8E7BE25-785A-45A6-ADA5-E263B6A3358E}\hpjsi.exe_A8E7BE25785A45A6ADA5E263B6A3358E.exe High
14/03/2012 16:23:57 Detected virus Virus.Win32.Nimnul.e C:\Users\Alex\Local Settings\jagexlauncher\bin\fontmanager.dll High
14/03/2012 16:24:00 Detected virus Virus.Win32.Nimnul.e C:\Users\Alex\Local Settings\jagexlauncher\bin\JagexLauncher.exe High
14/03/2012 16:24:02 Detected virus Virus.Win32.Nimnul.e C:\Users\Alex\Local Settings\jagexlauncher\bin\awt.dll High
14/03/2012 16:24:07 Detected virus Virus.Win32.Nimnul.e C:\Users\Alex\Local Settings\jagexlauncher\bin\java.dll High
14/03/2012 16:24:07 Detected virus Virus.Win32.Nimnul.e C:\Users\Alex\Local Settings\jagexlauncher\bin\jpeg.dll High
14/03/2012 16:24:09 Detected virus Virus.Win32.Nimnul.e C:\Users\Alex\Local Settings\jagexlauncher\bin\msvcm90.dll High
14/03/2012 16:24:16 Detected virus Virus.Win32.Nimnul.e C:\Users\Alex\Local Settings\jagexlauncher\bin\jvm.dll High


I have backed up everything I can as well. Thanks for all your help so far, hopefully I won't have to do a format!

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:42 PM

Posted 14 March 2012 - 04:40 PM

it is going to take a few runs from each of these but so far things look ok

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the activex control to install
    • Click Start
  • Make sure that the option Remove found threats is ticked and the Scan Archives option is unticked.
  • Click on Advanced Settings, ensure the options
    • Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
    • current scan targets change to Operating memory and C:/ drive only
  • Click Scan
  • Wait for the scan to finish
  • Use notepad to open the logfile located at C:\Program Files\Eset\Eset Online Scanner\log.txt
Copy and paste that log as a reply to this topic
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 rednaxling

rednaxling
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:09:42 PM

Posted 15 March 2012 - 12:55 PM

Here's the ESET log, the first half of the log file was last time's so I have omitted that.

# version=7
# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=86da56700e004346a00f5d75c41d3f61
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-03-14 11:31:04
# local_time=2012-03-14 11:31:04 (+0000, GMT Standard Time)
# country="United Kingdom"
# lang=1033
# osver=6.1.7600 NT
# compatibility_mode=5121 16777213 100 75 415750 32245934 0 0
# compatibility_mode=5893 16776574 100 94 436341 84226740 0 0
# compatibility_mode=8192 67108863 100 0 74795 74795 0 0
# scanned=309557
# found=30
# cleaned=30
# scan_time=6174
C:\CStemp\Cambridgesoft\Activation\MFC71.dll Win32/Ramnit.R virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\CStemp\Cambridgesoft\Activation\msvcp71.dll Win32/Ramnit.R virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\CStemp\Cambridgesoft\Activation\msvcr71.dll Win32/Ramnit.R virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\CStemp\Cambridgesoft\SharedAddIn\setup.exe Win32/Ramnit.R virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\dell\drivers\R271030\1558_A06.exe Win32/Ramnit.R virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\dell\drivers\R271030\Win_1194.exe Win32/Ramnit.R virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\dell\drivers\R301434\1558_A12.exe Win32/Ramnit.R virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\dell\drivers\R301434\Win_1194.exe Win32/Ramnit.R virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Alex\AppData\Local\jagexlauncher\bin\awt.dll Win32/Ramnit.R virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Alex\AppData\Local\jagexlauncher\bin\fontmanager.dll Win32/Ramnit.R virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Alex\AppData\Local\jagexlauncher\bin\JagexLauncher.exe Win32/Ramnit.R virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Alex\AppData\Local\jagexlauncher\bin\java.dll Win32/Ramnit.R virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Alex\AppData\Local\jagexlauncher\bin\jpeg.dll Win32/Ramnit.R virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Alex\AppData\Local\jagexlauncher\bin\jvm.dll Win32/Ramnit.R virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Alex\AppData\Local\jagexlauncher\bin\msvcm90.dll Win32/Ramnit.R virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Alex\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-421cabec-n\jmc.dll Win32/Ramnit.R virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Alex\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-421cabec-n\msvcp71.dll Win32/Ramnit.R virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Alex\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-22fddc46-n\jmc.dll Win32/Ramnit.R virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Alex\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-22fddc46-n\msvcp71.dll Win32/Ramnit.R virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Alex\AppData\LocalLow\Unity\WebPlayer\mono\3.x.x\mono-1-vc.dll Win32/Ramnit.R virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Alex\AppData\LocalLow\Unity\WebPlayer\player\3.x.x\webplayer_win.dll Win32/Ramnit.R virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Alex\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll Win32/Ramnit.R virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Alex\AppData\Roaming\Microsoft\Installer\{A8E7BE25-785A-45A6-ADA5-E263B6A3358E}\hpjsi.exe_A8E7BE25785A45A6ADA5E263B6A3358E.exe Win32/Ramnit.R virus (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Alex\Downloads\CheatEngine60(2).exe multiple threats (deleted - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Alex\Downloads\CheatEngine60.exe multiple threats (deleted - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Alex\Downloads\winamp5581_full_emusic-7plus_en-us.exe Win32/OpenCandy application (deleted - quarantined) 00000000000000000000000000000000 C
C:\Program Files (x86)\Dell DataSafe Local Backup\hstart.exe a variant of Win32/HiddenStart.A application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe a variant of Win32/HiddenStart.A application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\UpdateWorkingDirectory\DSL\hstart.exe a variant of Win32/HiddenStart.A application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\UpdateWorkingDirectory\DSL\Components\DSUpdate\hstart.exe a variant of Win32/HiddenStart.A application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C


Last time it found 48, only 30 this time - should I be worried about that?

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:42 PM

Posted 15 March 2012 - 03:15 PM

Hello


Last time we had it only check for but not remove anything so it is getting better.


I want you to run this now - I know these scans are very long to run but this is a very bad virus and we will be running one more then we will double check with them again to make sure



Dr.Web CureIt

Download to the desktop: Dr.Web CureIt

  • Doubleclick the drweb-cureit.exe file and Allow to run the express scan
  • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
  • Once the short scan has finished, Click Options > Change settings
  • Choose the "Scan"-tab, remove the mark at "Heuristic analysis".
  • Back at the main window, mark the drives that you want to scan.
  • Select all drives. A red dot shows which drives have been chosen.
  • Click the green arrow at the right, and the scan will start.
  • Click 'Yes to all' if it asks if you want to cure/move the file.
  • When the scan has finished, look if you can click next icon next to the files found:
    Posted Image
    If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:
    Posted Image
    This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
  • After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
  • Save the report to your desktop. The report will be called DrWeb.csv
  • Close Dr.Web Cureit.
  • Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.
  • After reboot, post the contents of the log from Dr.Web you saved previously in your next reply with a new hijackthis log.

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 rednaxling

rednaxling
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:09:42 PM

Posted 18 March 2012 - 08:02 AM

Here is the DrWeb log file, it only found one thing.

PNGLib.dll;C:\Program Files (x86)\Propellerhead\Reason;Trojan.Rmnet.1;Deleted.;

Here's a HiJackThis:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:00:12, on 18/03/2012
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe
C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Users\Alex\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Users\Alex\Downloads\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.uk.msn.com/USCON/2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120310031804.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
O4 - HKLM\..\Run: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
O4 - HKLM\..\Run: [Desktop Disc Tool] "c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [NokiaMServer] C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"
O4 - HKLM\..\RunOnce: [GrpConv] grpconv -o
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [NokiaOviSuite2] C:\Program Files (x86)\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe -tray
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe"
O4 - HKCU\..\Run: [Facebook Update] "C:\Users\Alex\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10t_Plugin.exe -update plugin
O4 - .DEFAULT User Startup: Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User 'Default user')
O4 - Startup: Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe
O4 - Startup: Dropbox.lnk = Alex\AppData\Roaming\Dropbox\bin\Dropbox.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MIF5BA~1\Office14\ONBttnIE.dll/105
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~2\mcafee\msc\mcsniepl.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: McAfee Application Installer Cleanup (0087101331572362) (0087101331572362mcinstcleanup) - Unknown owner - C:\Windows\TEMP\008710~1.EXE (file missing)
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: FF Install Filter Service (InstallFilterService) - Unknown owner - C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - Unknown owner - C:\Windows\system32\mfevtps.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Rapport Management Service (RapportMgmtService) - Trusteer Ltd. - C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: ServiceLayer - Nokia - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SoftThinks Agent Service (SftService) - SoftThinks SAS - C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\STacSV64.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: TurboBoost - Intel® Corporation - C:\Program Files\Intel\TurboBoost\TurboBoost.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 14810 bytes

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:42 PM

Posted 18 March 2012 - 08:15 AM

looking better -lets start double checking now - I want you to rerun Kaspersky now



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users