Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Vipsearchs Redirect


  • This topic is locked This topic is locked
11 replies to this topic

#1 mattcannon0

mattcannon0

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:11:41 PM

Posted 13 March 2012 - 11:22 PM

Whenever, I click any link within Google (or Yahoo, for that matter), I am redirected by something called "vipsearchs.net". I ran my anti-virus software and it didn't detect anything. Help please?

Thanks!

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:41 AM

Posted 13 March 2012 - 11:55 PM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • Please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

In order for me to see the status of the infection I will need a new set of logs to start with.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.

Download DDS:

  • Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

information and logs:

  • In your next post I need the following

  • .logs from DDS
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:41 AM

Posted 17 March 2012 - 12:45 AM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#4 mattcannon0

mattcannon0
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:11:41 PM

Posted 17 March 2012 - 08:47 PM

Hi, thanks for responding -- sorry it took me so long to get back to you.

Here are those logs:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26
Run by Matt at 18:41:28 on 2012-03-17
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3894.1453 [GMT -7:00]
.
AV: Norton AntiVirus Online *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton AntiVirus Online *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Norton AntiVirus\Engine\19.2.0.10\ccSvcHst.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Norton AntiVirus\Engine\19.2.0.10\ccSvcHst.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe
C:\Windows\system32\DllHost.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
-netsvcs
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Users\Matt\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
C:\Windows\sysWOW64\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\notepad.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\wbem\WmiApSrv.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local
uInternet Settings,ProxyServer = http=127.0.0.1:58202
mWinlogon: Userinit=userinit.exe
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Norton Vulnerability Protection: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton AntiVirus\Engine\19.2.0.10\IPS\IPSBHO.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn\yt.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
uRun: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe
uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [Google Update] "C:\Users\Matt\AppData\Local\Google\Update\GoogleUpdate.exe" /c
mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [QwestTouchPointAgent] "C:\Program Files (x86)\Qwest\Desktop\QwestTouchPointAgent.exe" /autostart
mRun: [CenturyLinkTouchPointAgent] "C:\Program Files (x86)\Qwest\Desktop\CenturyLinkTouchPointAgent.exe" /autostart
mRun: [Qwest Personal Digital Vault] "C:\Program Files (x86)\CenturyLink Personal Digital Vault\QwestPersonalDigitalVault.exe" /m
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [dplaysvr] C:\Windows\system32\config\systemprofile\AppData\Local\dplaysvr.exe
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
dRun: [dplaysvr] C:\Windows\system32\config\systemprofile\AppData\Local\dplaysvr.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: HideSCAHealth = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL
DPF: {1D082E71-DF20-4AAF-863B-596428C49874} - hxxp://www.worldwinner.com/games/v50/tpir/tpir.cab
DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - hxxp://www.worldwinner.com/games/shared/wwlaunch.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {8F6E7FB2-E56B-4F66-A4E1-9765D2565280} - hxxp://www.worldwinner.com/games/launcher/ie/v2.23.01.0/iewwload.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: DhcpNameServer = 192.168.0.1 205.171.2.25
TCP: Interfaces\{F056B620-B6F1-48F0-94A3-6A97912B3367} : DhcpNameServer = 192.168.0.1 205.171.2.25
TCP: Interfaces\{F056B620-B6F1-48F0-94A3-6A97912B3367}\24C65756023516E64677963686 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{F056B620-B6F1-48F0-94A3-6A97912B3367}\3416E6E6F6E6 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{F056B620-B6F1-48F0-94A3-6A97912B3367}\C696E6B6379737 : DhcpNameServer = 192.168.15.1
TCP: Interfaces\{F056B620-B6F1-48F0-94A3-6A97912B3367}\D6F6460796A7A7162427F616467716973484 : DhcpNameServer = 192.168.0.1 205.171.3.25
TCP: Interfaces\{F056B620-B6F1-48F0-94A3-6A97912B3367}\F4C696675683 : DhcpNameServer = 192.168.2.1 75.75.75.75 75.75.76.76
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
BHO-X64: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn\yt.dll
BHO-X64: 0x1 - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton AntiVirus\Engine\19.2.0.10\IPS\IPSBHO.DLL
BHO-X64: Norton Vulnerability Protection - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
TB-X64: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn\yt.dll
TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
mRun-x64: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun-x64: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun-x64: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [QwestTouchPointAgent] "C:\Program Files (x86)\Qwest\Desktop\QwestTouchPointAgent.exe" /autostart
mRun-x64: [CenturyLinkTouchPointAgent] "C:\Program Files (x86)\Qwest\Desktop\CenturyLinkTouchPointAgent.exe" /autostart
mRun-x64: [Qwest Personal Digital Vault] "C:\Program Files (x86)\CenturyLink Personal Digital Vault\QwestPersonalDigitalVault.exe" /m
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [dplaysvr] C:\Windows\system32\config\systemprofile\AppData\Local\dplaysvr.exe
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
Hosts: 94.63.147.16 www.google.com
Hosts: 94.63.147.17 www.bing.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\4lfe3w8w.default\
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Program Files (x86)\WorldWinner.com, Inc\WorldWinner Games\npwwload.dll
FF - plugin: C:\Users\Default\AppData\Local\HuluDesktop\instances\0.9.13.1\nphdplg.dll
FF - plugin: C:\Users\Matt\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: C:\Users\Matt\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Matt\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Windows\system32\TVUAx\npTVUAx.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(yahoo.ytff.general.dontshowhpoffer, true);user_pref(network.protocol-handler.warn-external.dnupdate, false
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\NAVx64\1302000.00A\SYMDS64.SYS --> C:\Windows\system32\drivers\NAVx64\1302000.00A\SYMDS64.SYS [?]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\NAVx64\1302000.00A\SYMEFA64.SYS --> C:\Windows\system32\drivers\NAVx64\1302000.00A\SYMEFA64.SYS [?]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\BASHDefs\20120302.001\BHDrvx64.sys [2012-3-2 1157240]
R1 ccSet_NAV;Norton AntiVirus Settings Manager;C:\Windows\system32\drivers\NAVx64\1302000.00A\ccSetx64.sys --> C:\Windows\system32\drivers\NAVx64\1302000.00A\ccSetx64.sys [?]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\IPSDefs\20120316.005\IDSviA64.sys [2012-3-16 488568]
R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\NAVx64\1302000.00A\Ironx64.SYS --> C:\Windows\system32\drivers\NAVx64\1302000.00A\Ironx64.SYS [?]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\system32\Drivers\NAVx64\1302000.00A\SYMNETS.SYS --> C:\Windows\system32\Drivers\NAVx64\1302000.00A\SYMNETS.SYS [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 NAV;Norton AntiVirus;C:\Program Files (x86)\Norton AntiVirus\Engine\19.2.0.10\ccsvchst.exe [2011-12-2 138760]
R3 clwvd;HP Webcam Splitter;C:\Windows\system32\DRIVERS\clwvd.sys --> C:\Windows\system32\DRIVERS\clwvd.sys [?]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-2-17 138360]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?]
R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-2-28 183560]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
S4 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2010-8-19 89600]
S4 CinemaNow Service;CinemaNow Service;C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe [2010-6-12 400368]
S4 HP Wireless Assistant Service;HP Wireless Assistant Service;C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-6-18 103992]
S4 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-10-14 92216]
S4 hpsrv;HP Service;C:\Windows\system32\Hpservice.exe --> C:\Windows\system32\Hpservice.exe [?]
S4 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-6-29 27192]
S4 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-6-1 2804568]
S4 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-8-19 2533400]
.
=============== Created Last 30 ================
.
2012-03-16 02:03:58 3145728 ----a-w- C:\Windows\System32\win32k.sys
2012-03-16 02:03:57 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-03-16 02:03:50 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-03-16 02:03:50 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-03-16 02:03:42 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-03-16 02:03:42 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-03-16 02:03:42 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-03-16 02:03:42 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-03-15 19:00:05 -------- d-----w- C:\Users\Matt\AppData\Local\{C0982DCA-FE4D-4684-9DFF-3DBD897DF1FD}
2012-03-15 18:59:55 -------- d-----w- C:\Users\Matt\AppData\Local\{FA753942-0118-42BC-A660-4F5FBB10BD4D}
2012-03-14 20:01:16 1544192 ----a-w- C:\Windows\System32\DWrite.dll
2012-03-14 20:01:10 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-03-13 00:32:53 -------- d-----w- C:\Program Files\iPod
2012-03-13 00:32:52 -------- d-----w- C:\Program Files\iTunes
2012-03-13 00:32:52 -------- d-----w- C:\Program Files (x86)\iTunes
2012-03-08 23:21:51 -------- d-----w- C:\Users\Matt\AppData\Local\{2272318D-0718-4C7D-B183-66342F9D2203}
2012-03-08 23:21:41 -------- d-----w- C:\Users\Matt\AppData\Local\{689CEFD3-3AAC-4049-89AB-D43FEE398AC3}
2012-03-06 22:01:14 626688 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcr80.dll
2012-03-06 22:01:14 548864 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcp80.dll
2012-03-06 22:01:14 479232 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcm80.dll
2012-03-06 22:01:14 45016 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozutils.dll
2012-03-04 21:00:00 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
2012-03-04 21:00:00 1328128 ----a-w- C:\Windows\SysWow64\quartz.dll
2012-03-04 20:59:51 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2012-03-04 20:59:51 28160 ----a-w- C:\Windows\System32\secur32.dll
2012-03-04 20:59:51 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2012-03-04 20:59:51 1447936 ----a-w- C:\Windows\System32\lsasrv.dll
2012-03-04 20:59:50 395776 ----a-w- C:\Windows\System32\webio.dll
2012-03-03 19:08:33 498688 ----a-w- C:\Windows\System32\drivers\afd.sys
2012-03-02 22:34:36 -------- d-----w- C:\Users\Matt\AppData\Local\{43BD167D-E47A-4D9D-AB2B-DC009F8FD3AE}
2012-03-02 22:34:26 -------- d-----w- C:\Users\Matt\AppData\Local\{346B7A44-8E50-4399-A719-6732EE4F7262}
2012-03-01 21:33:28 -------- d-----w- C:\Users\Matt\AppData\Local\{427F8425-02D1-4478-9FF7-D315C9680FDD}
2012-03-01 21:33:18 -------- d-----w- C:\Users\Matt\AppData\Local\{49B8426B-A899-40F2-B839-027A2E301320}
2012-03-01 07:59:24 -------- d-----w- C:\Users\Matt\AppData\Roaming\Python-Eggs
2012-03-01 07:59:21 -------- d-----w- C:\Users\Matt\AppData\Roaming\BitLord
2012-03-01 07:58:03 -------- d-----w- C:\Program Files (x86)\BitLord 2
2012-02-23 22:23:33 -------- d-----w- C:\Users\Matt\AppData\Local\{1B334472-BDA2-4553-979D-C7F5B26578F2}
2012-02-23 22:23:23 -------- d-----w- C:\Users\Matt\AppData\Local\{6355EF84-0DC2-4148-9DE6-4620B1D8F1D0}
2012-02-23 00:33:42 -------- d-----w- C:\Users\Matt\AppData\Local\{30B4AB16-54A9-435B-B8B9-FB5EBEBA8614}
2012-02-23 00:33:31 -------- d-----w- C:\Users\Matt\AppData\Local\{5D013A3A-CFC2-4625-A0E8-0B38FFAA2FDD}
2012-02-22 10:04:16 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2012-02-22 10:04:16 314880 ----a-w- C:\Windows\SysWow64\webio.dll
2012-02-22 10:04:16 224768 ----a-w- C:\Windows\SysWow64\schannel.dll
2012-02-22 10:04:16 136192 ----a-w- C:\Windows\System32\sspicli.dll
2012-02-22 10:02:56 690688 ----a-w- C:\Windows\SysWow64\msvcrt.dll
2012-02-22 10:02:56 634880 ----a-w- C:\Windows\System32\msvcrt.dll
2012-02-22 04:26:46 -------- d-----w- C:\ProgramData\Recovery
2012-02-18 03:55:50 -------- d-----w- C:\Users\Matt\AppData\Local\{8CEDB2CD-CEF7-482A-8E6F-C8D3A4615296}
2012-02-18 03:55:40 -------- d-----w- C:\Users\Matt\AppData\Local\{C32CC048-4D8B-4D17-9499-4AD3E35632A9}
.
==================== Find3M ====================
.
2012-01-26 23:16:53 175616 ----a-w- C:\Windows\System32\msclmd.dll
2012-01-26 23:16:53 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
.
============= FINISH: 18:43:19.13 ===============

And the other one:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 12/1/2010 4:43:53 PM
System Uptime: 3/17/2012 4:28:26 PM (2 hours ago)
.
Motherboard: Hewlett-Packard | | 144C
Processor: Intel® Core™ i3 CPU M 350 @ 2.27GHz | CPU | 1858/1066mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 446 GiB total, 318.229 GiB free.
D: is FIXED (NTFS) - 19 GiB total, 2.797 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP125: 3/4/2012 4:04:17 PM - Windows Update
RP126: 3/15/2012 9:16:18 AM - Windows Update
RP127: 3/17/2012 9:18:36 AM - Windows Update
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
Acrobat.com
ActiveCheck component for HP Active Support Library
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.3 MUI
Adobe Shockwave Player 11.5
AIM 7
Apple Application Support
Apple Software Update
Atheros Driver Installation Program
Avidemux 2.5 (32-bit)
Bejeweled 2 Deluxe
Bing Bar
BitLord 2.0
Blackhawk Striker 2
Build-a-lot 2
CDisplay 1.8
CenturyLink Installer
CenturyLink Personal Digital Vault™
Chuzzle Deluxe
CinemaNow Media Manager
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
CyberLink DVD Suite
D3DX10
Diner Dash 2 Restaurant Rescue
DivX Setup
Dora's Carnival Adventure
Download Updater (AOL LLC)
Dr. Who - Adventures 1 and 2
DVD Menu Pack for HP MediaSmart Video
Energy Star Digital Logo
Escape Rosecliff Island
ESU for Microsoft Windows 7
FATE
Final Draft
Final Drive Nitro
FrostWire 4.21.8
Google Chrome
Google Talk Plugin
Heroes of Hellas 2 - Olympia
HP Advisor
HP Customer Experience Enhancements
HP Documentation
HP DVB-T TV Tuner 8.0.64.43
HP Game Console
HP Games
HP MediaSmart CinemaNow 2.0
HP MediaSmart DVD
HP MediaSmart Music
HP MediaSmart Photo
HP MediaSmart Video
HP MediaSmart Webcam
HP MediaSmart/TouchSmart Netflix
HP Photo Creations
HP Power Manager
HP Quick Launch
HP Setup
HP Software Framework
HP Support Assistant
HPAsset component for HP Active Support Library
Hulu Desktop
IDT Audio
Intel® Control Center
Intel® Graphics Media Accelerator Driver
Intel® Management Engine Components
Intel® Rapid Storage Technology
iRip
Java Auto Updater
Java™ 6 Update 26
Jewel Quest 3
Jewel Quest Solitaire 2
Junk Mail filter update
LabelPrint
LightScribe System Software
Microsoft Default Manager
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2010
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft WSE 3.0 Runtime
Movie Theme Pack for HP MediaSmart Video
Mozilla Firefox 10.0.2 (x86 en-US)
Mozilla Firefox 9.0 (x86 en-US)
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Norton AntiVirus
Norton Online Backup
Penguins!
PhotoNow!
Plants vs. Zombies
Poker Superstars III
Polar Bowler
Polar Golfer
Power2Go
PowerDirector
QuickTime
Realtek Ethernet Controller Driver For Windows 7
Realtek USB 2.0 Card Reader
Recovery Manager
Roxio CinemaNow 2.0
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2553089)
Security Update for 2007 Microsoft Office System (KB2553090)
Security Update for 2007 Microsoft Office System (KB2584063)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Skype Click to Call
Skype™ 5.5
SMC Karaoke Manager
SoulSeek 157 NS 13e
Times Reader
Update for 2007 Microsoft Office System (KB2284654)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Microsoft Office OneNote 2007 (KB980729)
VC80CRTRedist - 8.0.50727.4053
Virtual Families
Virtual Villagers - The Secret City
Wheel of Fortune 2
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinRAR archiver
WorldWinner Games
Yahoo! Messenger
Yahoo! Software Update
Yahoo! Toolbar
Zuma Deluxe
.
==== Event Viewer Messages From Past Week ========
.
3/15/2012 6:58:17 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SRTSP
3/15/2012 6:58:10 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000050 (0xfffff8a005a82000, 0x0000000000000000, 0xfffff80002d2938e, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 031512-49935-01.
3/15/2012 6:57:38 PM, Error: SRTSP [5] - Error loading Symantec real time Anti-Virus driver.
3/15/2012 6:57:38 PM, Error: SRTSP [4] - Error loading virus definitions.
3/14/2012 11:38:37 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer MEGGEH that believes that it is the master browser for the domain on transport NetBT_Tcpip_{F056B620-B6F1-48F0-94A3-6A97912B3367}. The master browser is stopping or an election is being forced.
3/12/2012 7:50:00 PM, Error: NetBT [4321] - The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.0.6. The computer with the IP address 192.168.0.9 did not allow the name to be claimed by this computer.
3/12/2012 5:29:59 PM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
.
==== End Of File ===========================

Thanks again!

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:41 AM

Posted 17 March 2012 - 08:49 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 mattcannon0

mattcannon0
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:11:41 PM

Posted 19 March 2012 - 06:36 PM

Here's the log:

ComboFix 12-03-18.04 - Matt 03/19/2012 9:35.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3894.2329 [GMT -7:00]
Running from: c:\users\Matt\Desktop\ComboFix.exe
AV: Norton AntiVirus Online *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Norton AntiVirus Online *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\program files (x86)\LP
c:\windows\svchost.exe
c:\windows\system32\config\systemprofile\AppData\Roaming\Apple Computer\Apple Computer\dkgjonab.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-02-19 to 2012-03-19 )))))))))))))))))))))))))))))))
.
.
2012-03-19 16:42 . 2012-03-19 16:42 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-13 00:32 . 2012-03-13 00:32 -------- d-----w- c:\program files\iPod
2012-03-13 00:32 . 2012-03-13 00:33 -------- d-----w- c:\program files\iTunes
2012-03-13 00:32 . 2012-03-13 00:33 -------- d-----w- c:\program files (x86)\iTunes
2012-03-06 22:01 . 2012-03-06 22:01 626688 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr80.dll
2012-03-06 22:01 . 2012-03-06 22:01 548864 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp80.dll
2012-03-06 22:01 . 2012-03-06 22:01 479232 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcm80.dll
2012-03-06 22:01 . 2012-03-06 22:01 45016 ----a-w- c:\program files (x86)\Mozilla Firefox\mozutils.dll
2012-03-06 11:20 . 2012-03-06 11:20 -------- d-----w- c:\users\Default\AppData\Roaming\Apple Computer
2012-03-06 11:20 . 2012-03-06 11:20 -------- d-----w- c:\users\Default\AppData\Local\Apple Computer
2012-03-04 21:00 . 2011-10-26 04:32 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-03-04 21:00 . 2011-10-26 04:32 1328128 ----a-w- c:\windows\SysWow64\quartz.dll
2012-03-04 20:59 . 2011-11-17 06:49 95600 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-03-04 20:59 . 2011-11-17 06:35 28160 ----a-w- c:\windows\system32\secur32.dll
2012-03-04 20:59 . 2011-11-17 06:35 1447936 ----a-w- c:\windows\system32\lsasrv.dll
2012-03-04 20:59 . 2011-11-17 05:34 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2012-03-04 20:59 . 2011-11-17 06:35 395776 ----a-w- c:\windows\system32\webio.dll
2012-03-03 19:08 . 2012-01-14 04:06 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-03-03 19:08 . 2011-12-28 03:59 498688 ----a-w- c:\windows\system32\drivers\afd.sys
2012-03-01 07:59 . 2012-03-01 07:59 -------- d-----w- c:\users\Matt\AppData\Roaming\Python-Eggs
2012-03-01 07:59 . 2012-03-01 08:02 -------- d-----w- c:\users\Matt\AppData\Roaming\BitLord
2012-03-01 07:58 . 2012-03-01 07:59 -------- d-----w- c:\program files (x86)\BitLord 2
2012-02-26 00:02 . 2012-02-26 00:02 -------- d-----w- c:\users\Administrator
2012-02-22 10:04 . 2011-11-17 06:35 136192 ----a-w- c:\windows\system32\sspicli.dll
2012-02-22 10:04 . 2011-11-17 05:35 314880 ----a-w- c:\windows\SysWow64\webio.dll
2012-02-22 10:04 . 2011-11-17 05:34 224768 ----a-w- c:\windows\SysWow64\schannel.dll
2012-02-22 10:04 . 2011-11-17 05:28 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2012-02-22 10:02 . 2011-12-16 08:46 634880 ----a-w- c:\windows\system32\msvcrt.dll
2012-02-22 10:02 . 2011-12-16 07:52 690688 ----a-w- c:\windows\SysWow64\msvcrt.dll
2012-02-22 04:26 . 2012-03-19 09:04 -------- d-----w- c:\programdata\Recovery
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-03 22:00 . 2012-02-03 22:00 6656 ----a-w- c:\programdata\Microsoft\Windows\DRM\F141.tmp
2012-02-03 22:00 . 2012-02-03 22:00 6656 ----a-w- c:\programdata\Microsoft\Windows\DRM\F121.tmp
2012-01-26 23:16 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2012-01-26 23:16 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPAdvisorDock"="c:\program files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe" [2010-02-10 1712184]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-06-16 2736128]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-11-12 288088]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-06-30 602168]
"Norton Online Backup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-06-01 1155928]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-01-10 1230704]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-07 421736]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Update"="c:\windows\system32\config\systemprofile\AppData\Roaming\Apple Computer\Apple Computer\dkgjonab.dll" [2012-03-04 327680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-01 183560]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
R4 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-03 89600]
R4 CinemaNow Service;CinemaNow Service;c:\program files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe [2010-06-13 400368]
R4 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-06-18 103992]
R4 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-10-15 92216]
R4 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x]
R4 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-06-30 27192]
R4 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
R4 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-05-01 2533400]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NAVx64\1302000.00A\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAVx64\1302000.00A\SYMEFA64.SYS [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\BASHDefs\20120302.001\BHDrvx64.sys [2012-03-02 1157240]
S1 ccSet_NAV;Norton AntiVirus Settings Manager;c:\windows\system32\drivers\NAVx64\1302000.00A\ccSetx64.sys [x]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\IPSDefs\20120316.005\IDSvia64.sys [2012-03-07 488568]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NAVx64\1302000.00A\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NAVx64\1302000.00A\SYMNETS.SYS [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 NAV;Norton AntiVirus;c:\program files (x86)\Norton AntiVirus\Engine\19.2.0.10\ccSvcHst.exe [2011-08-10 138760]
S3 clwvd;HP Webcam Splitter;c:\windows\system32\DRIVERS\clwvd.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-02-18 138360]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-06-16 20:38 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3952561868-1859252879-3624796495-1001Core.job
- c:\users\Matt\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-05 22:46]
.
2012-03-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3952561868-1859252879-3624796495-1001UA.job
- c:\users\Matt\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-05 22:46]
.
2012-02-29 c:\windows\Tasks\HPCeeScheduleForMatt.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-01-05 10:53]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-06-18 487424]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2010-01-20 611896]
"HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-06-18 8192]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 415256]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
uInternet Settings,ProxyServer = http=127.0.0.1:58202
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1 205.171.2.25
FF - ProfilePath - c:\users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\4lfe3w8w.default\
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(yahoo.ytff.general.dontshowhpoffer, true);user_pref(network.protocol-handler.warn-external.dnupdate, false
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-QwestTouchPointAgent - c:\program files (x86)\Qwest\Desktop\QwestTouchPointAgent.exe
Wow6432Node-HKLM-Run-CenturyLinkTouchPointAgent - c:\program files (x86)\Qwest\Desktop\CenturyLinkTouchPointAgent.exe
Wow6432Node-HKLM-Run-Qwest Personal Digital Vault - c:\program files (x86)\CenturyLink Personal Digital Vault\QwestPersonalDigitalVault.exe
Wow6432Node-HKLM-Run-dplaysvr - c:\windows\system32\config\systemprofile\AppData\Local\dplaysvr.exe
Wow6432Node-HKU-Default-Run-dplaysvr - c:\windows\system32\config\systemprofile\AppData\Local\dplaysvr.exe
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-{08DB3902-2CE0-474D-BCE3-0177766CE9F1} - c:\program files (x86)\InstallShield Installation Information\{08DB3902-2CE0-474D-BCE3-0177766CE9F1}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NAV]
"ImagePath"="\"c:\program files (x86)\Norton AntiVirus\Engine\19.2.0.10\ccSvcHst.exe\" /s \"NAV\" /m \"c:\program files (x86)\Norton AntiVirus\Engine\19.2.0.10\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3952561868-1859252879-3624796495-1001\Software\SecuROM\License information*]
"datasecu"=hex:e0,a3,07,ba,e6,c0,5f,aa,52,fb,7b,7e,7c,98,a9,f3,89,cd,03,90,0f,
43,c6,54,d0,a3,c1,37,3d,05,b0,58,67,f9,9d,48,6f,99,49,ff,84,06,10,db,bc,63,\
"rkeysecu"=hex:20,e9,32,9d,f7,c6,b2,19,d1,90,8a,29,18,9b,14,d2
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
c:\\.\globalroot\systemroot\svchost.exe
.
**************************************************************************
.
Completion time: 2012-03-19 16:29:44 - machine was rebooted
ComboFix-quarantined-files.txt 2012-03-19 23:29
.
Pre-Run: 353,468,866,560 bytes free
Post-Run: 352,574,992,384 bytes free
.
- - End Of File - - 2FE26249316DDE12A83538AD00D1969F

As far as I can tell, the problem seems to have stopped! Thank you so much!

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:41 AM

Posted 19 March 2012 - 08:36 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 mattcannon0

mattcannon0
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:11:41 PM

Posted 21 March 2012 - 02:22 AM

23:57:49.0816 4176 TDSS rootkit removing tool 2.7.20.0 Mar 9 2012 17:10:43
23:57:50.0865 4176 ============================================================
23:57:50.0866 4176 Current date / time: 2012/03/20 23:57:50.0865
23:57:50.0866 4176 SystemInfo:
23:57:50.0866 4176
23:57:50.0866 4176 OS Version: 6.1.7601 ServicePack: 1.0
23:57:50.0866 4176 Product type: Workstation
23:57:50.0866 4176 ComputerName: BOB
23:57:50.0866 4176 UserName: Matt
23:57:50.0866 4176 Windows directory: C:\Windows
23:57:50.0866 4176 System windows directory: C:\Windows
23:57:50.0866 4176 Running under WOW64
23:57:50.0866 4176 Processor architecture: Intel x64
23:57:50.0866 4176 Number of processors: 4
23:57:50.0866 4176 Page size: 0x1000
23:57:50.0866 4176 Boot type: Normal boot
23:57:50.0866 4176 ============================================================
23:57:52.0251 4176 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
23:57:52.0255 4176 \Device\Harddisk0\DR0:
23:57:52.0256 4176 MBR used
23:57:52.0256 4176 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
23:57:52.0256 4176 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x37C68800
23:57:52.0256 4176 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x37CCC800, BlocksNum 0x2685800
23:57:52.0256 4176 \Device\Harddisk0\DR0\Partition3: MBR, Type 0xC, StartLBA 0x3A352000, BlocksNum 0x33830
23:57:52.0339 4176 Initialize success
23:57:52.0339 4176 ============================================================
23:57:54.0422 2304 ============================================================
23:57:54.0422 2304 Scan started
23:57:54.0422 2304 Mode: Manual;
23:57:54.0422 2304 ============================================================
23:57:57.0356 2304 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
23:57:57.0360 2304 1394ohci - ok
23:57:57.0427 2304 Accelerometer (1cffe9c06e66a57dae1452e449a58240) C:\Windows\system32\DRIVERS\Accelerometer.sys
23:57:57.0428 2304 Accelerometer - ok
23:57:57.0482 2304 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
23:57:57.0486 2304 ACPI - ok
23:57:57.0509 2304 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
23:57:57.0510 2304 AcpiPmi - ok
23:57:57.0590 2304 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
23:57:57.0595 2304 adp94xx - ok
23:57:57.0727 2304 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
23:57:57.0731 2304 adpahci - ok
23:57:57.0758 2304 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
23:57:57.0762 2304 adpu320 - ok
23:57:57.0845 2304 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
23:57:57.0852 2304 AFD - ok
23:57:57.0910 2304 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
23:57:57.0912 2304 agp440 - ok
23:57:57.0985 2304 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
23:57:57.0986 2304 aliide - ok
23:57:58.0081 2304 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
23:57:58.0082 2304 amdide - ok
23:57:58.0127 2304 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
23:57:58.0129 2304 AmdK8 - ok
23:57:58.0148 2304 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
23:57:58.0150 2304 AmdPPM - ok
23:57:58.0204 2304 amdsata (6ec6d772eae38dc17c14aed9b178d24b) C:\Windows\system32\drivers\amdsata.sys
23:57:58.0206 2304 amdsata - ok
23:57:58.0242 2304 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
23:57:58.0246 2304 amdsbs - ok
23:57:58.0271 2304 amdxata (1142a21db581a84ea5597b03a26ebaa0) C:\Windows\system32\drivers\amdxata.sys
23:57:58.0272 2304 amdxata - ok
23:57:58.0338 2304 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
23:57:58.0341 2304 AppID - ok
23:57:58.0537 2304 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
23:57:58.0542 2304 arc - ok
23:57:58.0588 2304 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
23:57:58.0591 2304 arcsas - ok
23:57:58.0631 2304 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
23:57:58.0632 2304 AsyncMac - ok
23:57:58.0684 2304 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
23:57:58.0685 2304 atapi - ok
23:57:58.0763 2304 athr (f8633cdd09647a64ee8db550630427ff) C:\Windows\system32\DRIVERS\athrx.sys
23:57:58.0783 2304 athr - ok
23:57:58.0965 2304 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
23:57:58.0971 2304 b06bdrv - ok
23:57:59.0017 2304 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
23:57:59.0022 2304 b57nd60a - ok
23:57:59.0083 2304 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
23:57:59.0084 2304 Beep - ok
23:57:59.0290 2304 BHDrvx64 (6c64fa457c200874faa87d74152e0d84) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\BASHDefs\20120317.002\BHDrvx64.sys
23:57:59.0302 2304 BHDrvx64 - ok
23:57:59.0420 2304 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
23:57:59.0422 2304 blbdrive - ok
23:57:59.0504 2304 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
23:57:59.0506 2304 bowser - ok
23:57:59.0546 2304 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
23:57:59.0547 2304 BrFiltLo - ok
23:57:59.0566 2304 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
23:57:59.0567 2304 BrFiltUp - ok
23:57:59.0607 2304 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
23:57:59.0608 2304 BridgeMP - ok
23:57:59.0637 2304 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
23:57:59.0642 2304 Brserid - ok
23:57:59.0732 2304 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
23:57:59.0733 2304 BrSerWdm - ok
23:57:59.0756 2304 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
23:57:59.0757 2304 BrUsbMdm - ok
23:57:59.0777 2304 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
23:57:59.0778 2304 BrUsbSer - ok
23:57:59.0829 2304 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
23:57:59.0831 2304 BTHMODEM - ok
23:57:59.0875 2304 catchme - ok
23:57:59.0980 2304 ccSet_NAV (a8ad33c9dd88c810cac00acc7f4329fb) C:\Windows\system32\drivers\NAVx64\1302000.00A\ccSetx64.sys
23:57:59.0987 2304 ccSet_NAV - ok
23:58:00.0063 2304 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
23:58:00.0066 2304 cdfs - ok
23:58:00.0145 2304 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
23:58:00.0148 2304 cdrom - ok
23:58:00.0225 2304 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
23:58:00.0227 2304 circlass - ok
23:58:00.0254 2304 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
23:58:00.0260 2304 CLFS - ok
23:58:00.0362 2304 clwvd (9573e8c7c3b3d1625fd941841fd0859c) C:\Windows\system32\DRIVERS\clwvd.sys
23:58:00.0363 2304 clwvd - ok
23:58:00.0413 2304 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
23:58:00.0414 2304 CmBatt - ok
23:58:00.0456 2304 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
23:58:00.0457 2304 cmdide - ok
23:58:00.0502 2304 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
23:58:00.0508 2304 CNG - ok
23:58:00.0557 2304 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
23:58:00.0558 2304 Compbatt - ok
23:58:00.0608 2304 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
23:58:00.0609 2304 CompositeBus - ok
23:58:00.0715 2304 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
23:58:00.0716 2304 crcdisk - ok
23:58:00.0791 2304 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
23:58:00.0793 2304 DfsC - ok
23:58:00.0826 2304 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
23:58:00.0827 2304 discache - ok
23:58:00.0893 2304 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
23:58:00.0895 2304 Disk - ok
23:58:00.0947 2304 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
23:58:00.0948 2304 drmkaud - ok
23:58:01.0014 2304 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
23:58:01.0026 2304 DXGKrnl - ok
23:58:01.0146 2304 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
23:58:01.0187 2304 ebdrv - ok
23:58:01.0291 2304 eeCtrl (0c3f9eff8ddd9f9eb56d754b4620155f) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
23:58:01.0298 2304 eeCtrl - ok
23:58:01.0457 2304 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
23:58:01.0465 2304 elxstor - ok
23:58:01.0582 2304 EraserUtilRebootDrv (8c0f9b877bc0b7ffd327ef55f9efb642) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
23:58:01.0585 2304 EraserUtilRebootDrv - ok
23:58:01.0630 2304 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
23:58:01.0631 2304 ErrDev - ok
23:58:01.0741 2304 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
23:58:01.0745 2304 exfat - ok
23:58:01.0776 2304 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
23:58:01.0780 2304 fastfat - ok
23:58:01.0831 2304 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
23:58:01.0832 2304 fdc - ok
23:58:01.0891 2304 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
23:58:01.0893 2304 FileInfo - ok
23:58:01.0913 2304 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
23:58:01.0914 2304 Filetrace - ok
23:58:01.0946 2304 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
23:58:01.0947 2304 flpydisk - ok
23:58:01.0995 2304 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
23:58:02.0001 2304 FltMgr - ok
23:58:02.0107 2304 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
23:58:02.0108 2304 FsDepends - ok
23:58:02.0124 2304 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
23:58:02.0125 2304 Fs_Rec - ok
23:58:02.0189 2304 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
23:58:02.0193 2304 fvevol - ok
23:58:02.0236 2304 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
23:58:02.0238 2304 gagp30kx - ok
23:58:02.0295 2304 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
23:58:02.0296 2304 GEARAspiWDM - ok
23:58:02.0336 2304 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
23:58:02.0337 2304 hcw85cir - ok
23:58:02.0398 2304 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
23:58:02.0404 2304 HdAudAddService - ok
23:58:02.0489 2304 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
23:58:02.0491 2304 HDAudBus - ok
23:58:02.0543 2304 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
23:58:02.0545 2304 HECIx64 - ok
23:58:02.0568 2304 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
23:58:02.0569 2304 HidBatt - ok
23:58:02.0594 2304 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
23:58:02.0597 2304 HidBth - ok
23:58:02.0640 2304 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
23:58:02.0642 2304 HidIr - ok
23:58:02.0691 2304 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
23:58:02.0692 2304 HidUsb - ok
23:58:02.0779 2304 hpdskflt (05712fddbd45a5864eb326faabc6a4e3) C:\Windows\system32\DRIVERS\hpdskflt.sys
23:58:02.0780 2304 hpdskflt - ok
23:58:02.0923 2304 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
23:58:02.0927 2304 HpSAMD - ok
23:58:03.0027 2304 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
23:58:03.0038 2304 HTTP - ok
23:58:03.0075 2304 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
23:58:03.0076 2304 hwpolicy - ok
23:58:03.0135 2304 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
23:58:03.0138 2304 i8042prt - ok
23:58:03.0198 2304 iaStor (1384872112e8e7fd5786eceb8bddf4c9) C:\Windows\system32\DRIVERS\iaStor.sys
23:58:03.0203 2304 iaStor - ok
23:58:03.0333 2304 iaStorV (3df4395a7cf8b7a72a5f4606366b8c2d) C:\Windows\system32\drivers\iaStorV.sys
23:58:03.0339 2304 iaStorV - ok
23:58:03.0538 2304 IDSVia64 (18c40c3f368323b203ace403cb430db1) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\IPSDefs\20120320.002\IDSvia64.sys
23:58:03.0544 2304 IDSVia64 - ok
23:58:03.0819 2304 igfx (677aa5991026a65ada128c4b59cf2bad) C:\Windows\system32\DRIVERS\igdkmd64.sys
23:58:04.0018 2304 igfx - ok
23:58:04.0136 2304 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
23:58:04.0138 2304 iirsp - ok
23:58:04.0194 2304 Impcd (dd587a55390ed2295bce6d36ad567da9) C:\Windows\system32\DRIVERS\Impcd.sys
23:58:04.0197 2304 Impcd - ok
23:58:04.0261 2304 IntcDAud (58cf58dee26c909bd6f977b61d246295) C:\Windows\system32\DRIVERS\IntcDAud.sys
23:58:04.0265 2304 IntcDAud - ok
23:58:04.0309 2304 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
23:58:04.0310 2304 intelide - ok
23:58:04.0356 2304 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
23:58:04.0357 2304 intelppm - ok
23:58:04.0494 2304 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
23:58:04.0496 2304 IpFilterDriver - ok
23:58:04.0530 2304 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
23:58:04.0532 2304 IPMIDRV - ok
23:58:04.0569 2304 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
23:58:04.0572 2304 IPNAT - ok
23:58:04.0645 2304 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
23:58:04.0645 2304 IRENUM - ok
23:58:04.0674 2304 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
23:58:04.0674 2304 isapnp - ok
23:58:04.0719 2304 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
23:58:04.0723 2304 iScsiPrt - ok
23:58:04.0767 2304 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
23:58:04.0768 2304 kbdclass - ok
23:58:04.0896 2304 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
23:58:04.0897 2304 kbdhid - ok
23:58:04.0942 2304 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
23:58:04.0944 2304 KSecDD - ok
23:58:04.0978 2304 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
23:58:04.0980 2304 KSecPkg - ok
23:58:05.0021 2304 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
23:58:05.0022 2304 ksthunk - ok
23:58:05.0137 2304 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
23:58:05.0139 2304 lltdio - ok
23:58:05.0240 2304 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
23:58:05.0243 2304 LSI_FC - ok
23:58:05.0273 2304 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
23:58:05.0275 2304 LSI_SAS - ok
23:58:05.0293 2304 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
23:58:05.0295 2304 LSI_SAS2 - ok
23:58:05.0317 2304 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
23:58:05.0319 2304 LSI_SCSI - ok
23:58:05.0348 2304 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
23:58:05.0350 2304 luafv - ok
23:58:05.0383 2304 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
23:58:05.0384 2304 megasas - ok
23:58:05.0408 2304 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
23:58:05.0412 2304 MegaSR - ok
23:58:05.0432 2304 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
23:58:05.0433 2304 Modem - ok
23:58:05.0491 2304 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
23:58:05.0492 2304 monitor - ok
23:58:05.0596 2304 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
23:58:05.0598 2304 mouclass - ok
23:58:05.0633 2304 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
23:58:05.0634 2304 mouhid - ok
23:58:05.0667 2304 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
23:58:05.0669 2304 mountmgr - ok
23:58:05.0707 2304 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
23:58:05.0710 2304 mpio - ok
23:58:05.0740 2304 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
23:58:05.0742 2304 mpsdrv - ok
23:58:05.0775 2304 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
23:58:05.0778 2304 MRxDAV - ok
23:58:05.0828 2304 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
23:58:05.0831 2304 mrxsmb - ok
23:58:05.0914 2304 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
23:58:05.0919 2304 mrxsmb10 - ok
23:58:05.0939 2304 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
23:58:05.0942 2304 mrxsmb20 - ok
23:58:05.0961 2304 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
23:58:05.0963 2304 msahci - ok
23:58:06.0000 2304 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
23:58:06.0003 2304 msdsm - ok
23:58:06.0050 2304 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
23:58:06.0051 2304 Msfs - ok
23:58:06.0069 2304 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
23:58:06.0070 2304 mshidkmdf - ok
23:58:06.0095 2304 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
23:58:06.0096 2304 msisadrv - ok
23:58:06.0215 2304 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
23:58:06.0216 2304 MSKSSRV - ok
23:58:06.0244 2304 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
23:58:06.0245 2304 MSPCLOCK - ok
23:58:06.0263 2304 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
23:58:06.0264 2304 MSPQM - ok
23:58:06.0305 2304 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
23:58:06.0311 2304 MsRPC - ok
23:58:06.0346 2304 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
23:58:06.0347 2304 mssmbios - ok
23:58:06.0367 2304 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
23:58:06.0367 2304 MSTEE - ok
23:58:06.0402 2304 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
23:58:06.0403 2304 MTConfig - ok
23:58:06.0424 2304 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
23:58:06.0426 2304 Mup - ok
23:58:06.0567 2304 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
23:58:06.0573 2304 NativeWifiP - ok
23:58:06.0761 2304 NAVENG (2dbe90210de76be6e1653bb20ec70ec2) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\VirusDefs\20120320.034\ENG64.SYS
23:58:06.0764 2304 NAVENG - ok
23:58:06.0873 2304 NAVEX15 (346da70e203b8e2c850277713de8f71b) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\VirusDefs\20120320.034\EX64.SYS
23:58:06.0893 2304 NAVEX15 - ok
23:58:07.0039 2304 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
23:58:07.0053 2304 NDIS - ok
23:58:07.0127 2304 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
23:58:07.0129 2304 NdisCap - ok
23:58:07.0175 2304 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
23:58:07.0176 2304 NdisTapi - ok
23:58:07.0232 2304 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
23:58:07.0234 2304 Ndisuio - ok
23:58:07.0278 2304 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
23:58:07.0281 2304 NdisWan - ok
23:58:07.0409 2304 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
23:58:07.0411 2304 NDProxy - ok
23:58:07.0448 2304 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
23:58:07.0449 2304 NetBIOS - ok
23:58:07.0500 2304 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
23:58:07.0506 2304 NetBT - ok
23:58:07.0683 2304 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys
23:58:07.0736 2304 netw5v64 - ok
23:58:07.0851 2304 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
23:58:07.0852 2304 nfrd960 - ok
23:58:07.0916 2304 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
23:58:07.0918 2304 Npfs - ok
23:58:07.0941 2304 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
23:58:07.0942 2304 nsiproxy - ok
23:58:08.0015 2304 Ntfs (05d78aa5cb5f3f5c31160bdb955d0b7c) C:\Windows\system32\drivers\Ntfs.sys
23:58:08.0038 2304 Ntfs - ok
23:58:08.0059 2304 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
23:58:08.0060 2304 Null - ok
23:58:08.0177 2304 nvraid (5d9fd91f3d38dc9da01e3cb5fa89cd48) C:\Windows\system32\drivers\nvraid.sys
23:58:08.0180 2304 nvraid - ok
23:58:08.0216 2304 nvstor (f7cd50fe7139f07e77da8ac8033d1832) C:\Windows\system32\drivers\nvstor.sys
23:58:08.0219 2304 nvstor - ok
23:58:08.0277 2304 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
23:58:08.0280 2304 nv_agp - ok
23:58:08.0316 2304 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
23:58:08.0318 2304 ohci1394 - ok
23:58:08.0379 2304 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
23:58:08.0381 2304 Parport - ok
23:58:08.0420 2304 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
23:58:08.0422 2304 partmgr - ok
23:58:08.0451 2304 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
23:58:08.0454 2304 pci - ok
23:58:08.0527 2304 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
23:58:08.0528 2304 pciide - ok
23:58:08.0573 2304 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
23:58:08.0577 2304 pcmcia - ok
23:58:08.0616 2304 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
23:58:08.0618 2304 pcw - ok
23:58:08.0654 2304 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
23:58:08.0663 2304 PEAUTH - ok
23:58:08.0748 2304 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
23:58:08.0750 2304 PptpMiniport - ok
23:58:08.0778 2304 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
23:58:08.0779 2304 Processor - ok
23:58:08.0843 2304 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
23:58:08.0845 2304 Psched - ok
23:58:08.0955 2304 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
23:58:08.0975 2304 ql2300 - ok
23:58:09.0010 2304 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
23:58:09.0013 2304 ql40xx - ok
23:58:09.0044 2304 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
23:58:09.0045 2304 QWAVEdrv - ok
23:58:09.0068 2304 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
23:58:09.0069 2304 RasAcd - ok
23:58:09.0111 2304 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
23:58:09.0113 2304 RasAgileVpn - ok
23:58:09.0157 2304 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
23:58:09.0160 2304 Rasl2tp - ok
23:58:09.0271 2304 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
23:58:09.0273 2304 RasPppoe - ok
23:58:09.0288 2304 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
23:58:09.0291 2304 RasSstp - ok
23:58:09.0314 2304 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
23:58:09.0318 2304 rdbss - ok
23:58:09.0344 2304 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
23:58:09.0345 2304 rdpbus - ok
23:58:09.0394 2304 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
23:58:09.0395 2304 RDPCDD - ok
23:58:09.0414 2304 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
23:58:09.0415 2304 RDPENCDD - ok
23:58:09.0435 2304 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
23:58:09.0436 2304 RDPREFMP - ok
23:58:09.0473 2304 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
23:58:09.0477 2304 RDPWD - ok
23:58:09.0538 2304 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
23:58:09.0542 2304 rdyboost - ok
23:58:09.0654 2304 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
23:58:09.0656 2304 rspndr - ok
23:58:09.0688 2304 RSUSBSTOR (907c4464381b5ebdfdc60f6c7d0dedfc) C:\Windows\system32\Drivers\RtsUStor.sys
23:58:09.0692 2304 RSUSBSTOR - ok
23:58:09.0733 2304 RTL8167 (7ea8d2eb9bbfd2ab8a3117a1e96d3b3a) C:\Windows\system32\DRIVERS\Rt64win7.sys
23:58:09.0736 2304 RTL8167 - ok
23:58:09.0797 2304 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
23:58:09.0800 2304 sbp2port - ok
23:58:09.0840 2304 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
23:58:09.0841 2304 scfilter - ok
23:58:09.0920 2304 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\drivers\sdbus.sys
23:58:09.0922 2304 sdbus - ok
23:58:10.0040 2304 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
23:58:10.0040 2304 secdrv - ok
23:58:10.0085 2304 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
23:58:10.0086 2304 Serenum - ok
23:58:10.0113 2304 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
23:58:10.0115 2304 Serial - ok
23:58:10.0138 2304 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
23:58:10.0139 2304 sermouse - ok
23:58:10.0173 2304 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
23:58:10.0174 2304 sffdisk - ok
23:58:10.0195 2304 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
23:58:10.0196 2304 sffp_mmc - ok
23:58:10.0234 2304 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
23:58:10.0235 2304 sffp_sd - ok
23:58:10.0254 2304 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
23:58:10.0255 2304 sfloppy - ok
23:58:10.0375 2304 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
23:58:10.0376 2304 SiSRaid2 - ok
23:58:10.0416 2304 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
23:58:10.0418 2304 SiSRaid4 - ok
23:58:10.0465 2304 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
23:58:10.0467 2304 Smb - ok
23:58:10.0517 2304 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
23:58:10.0518 2304 spldr - ok
23:58:10.0620 2304 SRTSP (1321a6c3c92bbd3f3bbe1292cff8e91a) C:\Windows\System32\Drivers\NAVx64\1302000.00A\SRTSP64.SYS
23:58:10.0633 2304 SRTSP - ok
23:58:10.0764 2304 SRTSPX (bd129c22c3b8c2e584227269dfa77b09) C:\Windows\system32\drivers\NAVx64\1302000.00A\SRTSPX64.SYS
23:58:10.0765 2304 SRTSPX - ok
23:58:10.0855 2304 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
23:58:10.0862 2304 srv - ok
23:58:10.0902 2304 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
23:58:10.0908 2304 srv2 - ok
23:58:10.0964 2304 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
23:58:10.0970 2304 SrvHsfHDA - ok
23:58:11.0031 2304 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
23:58:11.0051 2304 SrvHsfV92 - ok
23:58:11.0086 2304 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
23:58:11.0096 2304 SrvHsfWinac - ok
23:58:11.0165 2304 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
23:58:11.0169 2304 srvnet - ok
23:58:11.0241 2304 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
23:58:11.0242 2304 stexstor - ok
23:58:11.0308 2304 STHDA (4304b75094e106fb5423a290c95841e5) C:\Windows\system32\DRIVERS\stwrt64.sys
23:58:11.0315 2304 STHDA - ok
23:58:11.0380 2304 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
23:58:11.0381 2304 swenum - ok
23:58:11.0479 2304 SymDS (8b2430762099598da40686f754632efd) C:\Windows\system32\drivers\NAVx64\1302000.00A\SYMDS64.SYS
23:58:11.0486 2304 SymDS - ok
23:58:11.0608 2304 SymEFA (d89a88ad71e12f963b1f436a0e91dcbf) C:\Windows\system32\drivers\NAVx64\1302000.00A\SYMEFA64.SYS
23:58:11.0622 2304 SymEFA - ok
23:58:11.0703 2304 SymEvent (36b77f5c9e21f88a8c8ec67ad5415819) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
23:58:11.0706 2304 SymEvent - ok
23:58:11.0775 2304 SymIRON (dd70da422460fded831d211df151d560) C:\Windows\system32\drivers\NAVx64\1302000.00A\Ironx64.SYS
23:58:11.0779 2304 SymIRON - ok
23:58:11.0894 2304 SymNetS (bce4eb2eef05e388959b46fd21388c2d) C:\Windows\System32\Drivers\NAVx64\1302000.00A\SYMNETS.SYS
23:58:11.0901 2304 SymNetS - ok
23:58:11.0971 2304 SynTP (3a706a967295e16511e40842b1a2761d) C:\Windows\system32\DRIVERS\SynTP.sys
23:58:11.0976 2304 SynTP - ok
23:58:12.0110 2304 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
23:58:12.0135 2304 Tcpip - ok
23:58:12.0250 2304 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
23:58:12.0266 2304 TCPIP6 - ok
23:58:12.0306 2304 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
23:58:12.0307 2304 tcpipreg - ok
23:58:12.0344 2304 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
23:58:12.0345 2304 TDPIPE - ok
23:58:12.0384 2304 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
23:58:12.0385 2304 TDTCP - ok
23:58:12.0418 2304 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
23:58:12.0421 2304 tdx - ok
23:58:12.0498 2304 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
23:58:12.0499 2304 TermDD - ok
23:58:12.0554 2304 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
23:58:12.0555 2304 tssecsrv - ok
23:58:12.0689 2304 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
23:58:12.0691 2304 TsUsbFlt - ok
23:58:12.0754 2304 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
23:58:12.0757 2304 tunnel - ok
23:58:12.0795 2304 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
23:58:12.0797 2304 uagp35 - ok
23:58:12.0853 2304 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
23:58:12.0860 2304 udfs - ok
23:58:12.0955 2304 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
23:58:12.0957 2304 uliagpkx - ok
23:58:13.0005 2304 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
23:58:13.0007 2304 umbus - ok
23:58:13.0126 2304 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
23:58:13.0127 2304 UmPass - ok
23:58:13.0210 2304 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
23:58:13.0212 2304 USBAAPL64 - ok
23:58:13.0279 2304 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
23:58:13.0282 2304 usbaudio - ok
23:58:13.0348 2304 usbccgp (481dff26b4dca8f4cbac1f7dce1d6829) C:\Windows\system32\drivers\usbccgp.sys
23:58:13.0351 2304 usbccgp - ok
23:58:13.0399 2304 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
23:58:13.0401 2304 usbcir - ok
23:58:13.0469 2304 usbehci (74ee782b1d9c241efe425565854c661c) C:\Windows\system32\drivers\usbehci.sys
23:58:13.0471 2304 usbehci - ok
23:58:13.0494 2304 usbhub (dc96bd9ccb8403251bcf25047573558e) C:\Windows\system32\drivers\usbhub.sys
23:58:13.0499 2304 usbhub - ok
23:58:13.0521 2304 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\drivers\usbohci.sys
23:58:13.0522 2304 usbohci - ok
23:58:13.0574 2304 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
23:58:13.0575 2304 usbprint - ok
23:58:13.0620 2304 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
23:58:13.0622 2304 usbscan - ok
23:58:13.0655 2304 USBSTOR (d76510cfa0fc09023077f22c2f979d86) C:\Windows\system32\drivers\USBSTOR.SYS
23:58:13.0657 2304 USBSTOR - ok
23:58:13.0700 2304 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\drivers\usbuhci.sys
23:58:13.0701 2304 usbuhci - ok
23:58:13.0832 2304 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
23:58:13.0836 2304 usbvideo - ok
23:58:13.0878 2304 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
23:58:13.0879 2304 vdrvroot - ok
23:58:13.0913 2304 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
23:58:13.0914 2304 vga - ok
23:58:13.0941 2304 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
23:58:13.0942 2304 VgaSave - ok
23:58:13.0964 2304 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
23:58:13.0968 2304 vhdmp - ok
23:58:13.0991 2304 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
23:58:13.0992 2304 viaide - ok
23:58:14.0018 2304 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
23:58:14.0020 2304 volmgr - ok
23:58:14.0057 2304 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
23:58:14.0063 2304 volmgrx - ok
23:58:14.0173 2304 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
23:58:14.0177 2304 volsnap - ok
23:58:14.0231 2304 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
23:58:14.0235 2304 vsmraid - ok
23:58:14.0263 2304 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
23:58:14.0264 2304 vwifibus - ok
23:58:14.0301 2304 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
23:58:14.0303 2304 vwififlt - ok
23:58:14.0345 2304 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
23:58:14.0346 2304 WacomPen - ok
23:58:14.0406 2304 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
23:58:14.0409 2304 WANARP - ok
23:58:14.0413 2304 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
23:58:14.0415 2304 Wanarpv6 - ok
23:58:14.0546 2304 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
23:58:14.0547 2304 Wd - ok
23:58:14.0579 2304 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
23:58:14.0588 2304 Wdf01000 - ok
23:58:14.0648 2304 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
23:58:14.0649 2304 WfpLwf - ok
23:58:14.0674 2304 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
23:58:14.0674 2304 WIMMount - ok
23:58:14.0768 2304 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
23:58:14.0770 2304 WinUsb - ok
23:58:14.0796 2304 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
23:58:14.0797 2304 WmiAcpi - ok
23:58:14.0856 2304 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
23:58:14.0857 2304 ws2ifsl - ok
23:58:14.0922 2304 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
23:58:14.0925 2304 WudfPf - ok
23:58:15.0050 2304 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
23:58:15.0054 2304 WUDFRd - ok
23:58:15.0119 2304 yukonw7 (b3eeacf62445e24fbb2cd4b0fb4db026) C:\Windows\system32\DRIVERS\yk62x64.sys
23:58:15.0125 2304 yukonw7 - ok
23:58:15.0135 2304 MBR (0x1B8) (35a4fa451025305a24e864aaa8e364c9) \Device\Harddisk0\DR0
23:58:15.0163 2304 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
23:58:15.0163 2304 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
23:58:15.0194 2304 Boot (0x1200) (7914a64d77d1402bc9421323842576bc) \Device\Harddisk0\DR0\Partition0
23:58:15.0196 2304 \Device\Harddisk0\DR0\Partition0 - ok
23:58:15.0208 2304 Boot (0x1200) (bdf0ee619803563ed647de996f98fdbd) \Device\Harddisk0\DR0\Partition1
23:58:15.0209 2304 \Device\Harddisk0\DR0\Partition1 - ok
23:58:15.0238 2304 Boot (0x1200) (dab40b7bb45813b488dca906af58fe8b) \Device\Harddisk0\DR0\Partition2
23:58:15.0239 2304 \Device\Harddisk0\DR0\Partition2 - ok
23:58:15.0258 2304 Boot (0x1200) (79497ba0faea151c2fec0e2729648f8c) \Device\Harddisk0\DR0\Partition3
23:58:15.0259 2304 \Device\Harddisk0\DR0\Partition3 - ok
23:58:15.0260 2304 ============================================================
23:58:15.0260 2304 Scan finished
23:58:15.0260 2304 ============================================================
23:58:15.0272 7500 Detected object count: 1
23:58:15.0272 7500 Actual detected object count: 1
23:58:20.0325 7500 \Device\Harddisk0\DR0\# - copied to quarantine
23:58:20.0326 7500 \Device\Harddisk0\DR0 - copied to quarantine
23:58:21.0032 7500 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
23:58:21.0036 7500 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine
23:58:21.0058 7500 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine
23:58:21.0071 7500 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine
23:58:21.0075 7500 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine
23:58:21.0077 7500 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine
23:58:21.0080 7500 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine
23:58:21.0083 7500 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine
23:58:21.0087 7500 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine
23:58:21.0090 7500 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine
23:58:21.0139 7500 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
23:58:21.0168 7500 \Device\Harddisk0\DR0 - ok
23:58:21.0935 7500 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure
23:58:26.0368 6728 Deinitialize success

--------------------------------------------------------------------

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-03-21 00:19:57
-----------------------------
00:19:57.600 OS Version: Windows x64 6.1.7601 Service Pack 1
00:19:57.600 Number of processors: 4 586 0x2505
00:19:57.600 ComputerName: BOB UserName:
00:20:00.392 Initialize success
00:20:15.017 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
00:20:15.017 Disk 0 Vendor: TOSHIBA_ LH00 Size: 476940MB BusType: 3
00:20:15.032 Disk 0 MBR read successfully
00:20:15.048 Disk 0 MBR scan
00:20:15.048 Disk 0 unknown MBR code
00:20:15.064 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048
00:20:15.079 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 456913 MB offset 409600
00:20:15.110 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 19723 MB offset 936167424
00:20:15.157 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 103 MB offset 976560128
00:20:15.235 Disk 0 scanning C:\Windows\system32\drivers
00:20:27.345 Service scanning
00:20:53.601 Modules scanning
00:20:53.601 Disk 0 trace - called modules:
00:20:53.632 ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys iaStor.sys
00:20:54.147 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006f61060]
00:20:54.147 3 CLASSPNP.SYS[fffff88001d6c43f] -> nt!IofCallDriver -> [0xfffffa800508ba50]
00:20:54.147 5 hpdskflt.sys[fffff88001d13289] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004f1b050]
00:20:54.147 Scan finished successfully
00:21:15.254 Disk 0 MBR has been saved successfully to "C:\Users\Matt\Desktop\MBR.dat"
00:21:15.254 The log file has been saved successfully to "C:\Users\Matt\Desktop\aswMBR.txt"

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:41 AM

Posted 21 March 2012 - 02:32 AM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::
KillAll::
Folder::
c:\programdata\Microsoft\Windows\DRM

DDS::
uInternet Settings,ProxyServer = http=127.0.0.1:58202

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:41 AM

Posted 23 March 2012 - 11:40 PM

Hello


Just checking in on you as it has been a couple of days since I have heard from you.

Are you having any troubles or just need more time?




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:41 AM

Posted 27 March 2012 - 12:05 AM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:41 AM

Posted 29 March 2012 - 11:12 PM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users