Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Google Redirect Virus


  • This topic is locked This topic is locked
29 replies to this topic

#1 mcirami55

mcirami55

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:12:28 PM

Posted 18 March 2012 - 09:53 AM

I use a Windows XP Professional SP3 Laptop. I have some form of the Google Redirect Virus. When I search on Google from Mozilla I will click on a search result link and I've seen it get redirected to butterflysearch.net, happilee, or gimmeanswers. I've tried to remove it with Malwarebytes Anti-Malware, Kaspersky TDSSKiller, and HitmanPro. All of these found something to remove after the first scan but the redirects are still coming up. Please Help! :)



.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_24
Run by jenne at 22:51:17 on 2012-03-17
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3034.2409 [GMT -5:00]
.
AV: Trend Micro Titanium Internet Security *Disabled/Updated* {7D2296BC-32CC-4519-917E-52E652474AF5}
FW: Trend Micro Firewall Booster *Disabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\drivers\audio\r215959\STacSV.exe
svchost.exe
C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiWatchDog.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Program Files\Webroot\Washer\WasherSvc.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\IDT\WDM\sttray.exe
C:\WINDOWS\system32\AESTFltr.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.live.com
uInternet Connection Wizard,ShellNext = iexplore
uURLSearchHooks: H - No File
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: TmIEPlugInBHO Class: {1ca1377b-dc1d-4a52-9585-6e06050fac53} - c:\program files\trend micro\amsp\module\20004\1.5.1504\6.6.1088\TmIEPlg.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: TmBpIeBHO Class: {bbacbafd-fa5e-4079-8b33-00eb9f13d4ac} - c:\program files\trend micro\amsp\module\20002\6.6.1010\6.6.1010\TmBpIe32.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Network Drive Mapping Utility] "c:\program files\linksys\network storage\Network Drive Mapping Utility.exe"
uRun: [Shadow] c:\program files\newtech infosystems\nti shadow\Shadow.exe --minimize
mRun: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
mRun: [AESTFltr] %SystemRoot%\system32\AESTFltr.exe /NoDlg
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Trend Micro Titanium] "c:\program files\trend micro\titanium\uiframework\uiWinMgr.exe" -set Silent "1" SplashURL ""
mRun: [Trend Micro Client Framework] "c:\program files\trend micro\uniclient\uifrmwrk\UIWatchDog.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
dRun: [Update] rundll32.exe "c:\documents and settings\jenne\application data\cyberlink\cyberlink\nssqf.dll",DllRegisterServer
IE: &Search - ?p=ZUfox000
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: intuit.com\ttlc
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
TCP: DhcpNameServer = 172.16.0.1
TCP: Interfaces\{70EF2B7B-D09C-422B-8593-DF4189CA009B} : DhcpNameServer = 172.16.0.1
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - c:\program files\trend micro\amsp\module\20002\6.6.1010\6.6.1010\TmBpIe32.dll
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - c:\program files\trend micro\amsp\module\20004\1.5.1504\6.6.1088\TmIEPlg.dll
Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\jenne\application data\mozilla\firefox\profiles\a5df5res.default\
FF - component: c:\program files\mozilla firefox\extensions\{82af8dca-6de9-405d-bd5e-43525bdad38a}\components\SkypeFfComponent.dll
FF - component: c:\program files\trend micro\amsp\module\20004\1.5.1464\6.6.1081\firefoxextension\components\TmFFExt.dll
FF - plugin: c:\documents and settings\jenne\application data\mozilla\firefox\profiles\a5df5res.default\extensions\logmeinclient@logmein.com\plugins\npRACtrl.dll
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\photodex presenter\npPxPlay.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
.
============= SERVICES / DRIVERS ===============
.
R2 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [2011-4-5 64080]
R2 wwEngineSvc;Window Washer Engine;c:\program files\webroot\washer\WasherSvc.exe [2009-10-21 598856]
R2 yksvc;Marvell Yukon Service;RUNDLL32.EXE ykx32coinst,serviceStartProc --> RUNDLL32.EXE ykx32coinst,serviceStartProc [?]
R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [2009-7-17 113024]
R3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RTS5121.sys [2009-7-17 160256]
R3 tmcfw;Trend Micro Common Firewall Service;c:\windows\system32\drivers\TM_CFW.sys [2011-7-20 341072]
S2 Amsp;Trend Micro Solution Platform;c:\program files\trend micro\amsp\coreServiceShell.exe [2011-4-5 188272]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein\x86\LMIGuardianSvc.exe [2010-12-2 374152]
S3 AMBFilt;Creative AMB Service;c:\windows\system32\drivers\AMBFilt.sys [2009-7-17 1656960]
S3 bcm;WiMAX Network Adapter;c:\windows\system32\drivers\drxvi314.sys [2010-2-11 319488]
S3 bcmbusctr;WiMAX Bus Driver;c:\windows\system32\drivers\BcmBusCtr.sys [2010-2-11 51456]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\drivers\ew_hwusbdev.sys --> c:\windows\system32\drivers\ew_hwusbdev.sys [?]
S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys --> c:\windows\system32\drivers\ewusbnet.sys [?]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\drivers\ew_jubusenum.sys --> c:\windows\system32\drivers\ew_jubusenum.sys [?]
S3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\drivers\ewusbdev.sys --> c:\windows\system32\drivers\ewusbdev.sys [?]
S3 SWNC8U56;Sierra Wireless MUX NDIS Driver (UMTS56);c:\windows\system32\drivers\swnc8u56.sys [2009-7-25 197504]
S3 SWUMX56;Sierra Wireless USB MUX Driver (UMTS56);c:\windows\system32\drivers\swumx56.sys [2009-7-25 148992]
.
=============== Created Last 30 ================
.
2012-03-18 02:15:27 -------- d-----w- c:\program files\HitmanPro
2012-03-18 02:14:17 -------- d-----w- c:\documents and settings\all users\application data\HitmanPro
2012-03-15 01:28:43 -------- d-----w- c:\documents and settings\jenne\application data\Malwarebytes
2012-03-14 19:24:35 -------- d-----w- C:\TDSSKiller_Quarantine
2012-03-14 03:36:35 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2012-03-14 03:36:34 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-14 03:36:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
.
==================== Find3M ====================
.
2012-03-14 04:30:40 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-03 09:26:17 1869184 ----a-w- c:\windows\system32\win32k.sys
2012-01-11 19:06:47 3072 ------w- c:\windows\system32\iacenc.dll
2012-01-09 16:20:25 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
.
============= FINISH: 22:51:49.68 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:28 PM

Posted 18 March 2012 - 01:43 PM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

1.Do not run any other tool untill instructed to do so!
doing so will only at best cause you unneeded worry as it finds our backups and may even list our tools
and at worst can cause conficts with our tools and lead to unforseen things to happen2.Please Do not Attach logs or put in code boxes.
besides the time it takes me to open the reports it makes it harder to find something if I need to go back to do more research and putting them in code boxes just makes them so hard to read3. After each step give me a little feedback
It does not need to be long but just something so I know how things are going it can be something like
I am still getting redirected
The computer is running as it should
Don't put things like - it is the same as before or still the same this just makes me go back and look for you last feedback as to how things are4. read every post completely before doing anything
Pay special attention to the Notes** I have put in
These are things I have found that happen allot and can be taken care of easily just by reading the Notes**

Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.


Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Backup The Computer!!

If you have not done it yet spend a few minutes to backup the computer. Removing malware can be unpredictable and this may save you and me allot of grief later.

There is some good info in the Preparation Guide on how to make full backups and how to restore it back if something goes wrong. Read the tutorial and print it out so you will know what to do in case the unforeseen happens.

When you have the computer backed up you may do the following.


Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 mcirami55

mcirami55
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:12:28 PM

Posted 18 March 2012 - 10:14 PM

The first time I ran ComboFix I walked away for a minute and when I got back I had a blue screen with the message below on it:


A problem has been detected and windows has been shut down to prevent damage to your computer.

Plug and Play detected an error most likely caused by a faulty driver.

If this is the first time you've seen this Stop error screen, restart your computer. If this screen appears again, follow these steps:

Check to make sure any new hardware or software is properly installed. If this is a new installation, ask your hardware or software manufacturer for any windows updates you might need.

If problems continue, disable or remove any newly installed hardware of software. Disable BIOS memory options such as caching or shadowing. If you need to use Safe Mode to remove or disable components, restart you computer, press F8 to select Advanced Startup Options, and then select Safe Mode.

Technical information:

***STOP: 0x000000CA (0x00000004, 0x8579E7F0, 0x00000000, 0x00000000)

Beginning dump of physical memory
Physical memory dump complete.
Contact your system administrator or technical support group for further assistance.




After I shut down and restarted the computer I ran ComboFix again and got all the way through it but after searching on google again and testing it out I still got a redirect. Saw that butterflysearch.net a few times now, haven't seen the others I mentioned. Here is the ComboFix log:




ComboFix 12-03-18.01 - jenne 03/18/2012 21:47:21.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3034.2597 [GMT -5:00]
Running from: c:\documents and settings\jenne\Desktop\ComboFix.exe
AV: Trend Micro Titanium Internet Security *Disabled/Updated* {7D2296BC-32CC-4519-917E-52E652474AF5}
FW: Trend Micro Firewall Booster *Disabled* {3E790E9E-6A5D-4303-A7F9-185EC20F3EB6}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\jenne\Application Data\CyberLink\CyberLink\nssqf.dll
c:\windows\system32\service
c:\windows\system32\service\03012011_TIS17_SfFniAU.log
c:\windows\system32\service\04012011_TIS17_SfFniAU.log
c:\windows\system32\service\04072010_TIS17_SfFniAU.log
c:\windows\system32\SET17D.tmp
c:\windows\system32\SET182.tmp
c:\windows\system32\SET36D.tmp
c:\windows\system32\SET372.tmp
c:\windows\system32\SET379.tmp
c:\windows\system32\SET382.tmp
c:\windows\system32\SET383.tmp
c:\windows\system32\SET384.tmp
c:\windows\system32\SET387.tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-02-19 to 2012-03-19 )))))))))))))))))))))))))))))))
.
.
2012-03-18 02:15 . 2012-03-18 02:15 -------- d-----w- c:\program files\HitmanPro
2012-03-18 02:14 . 2012-03-18 02:19 -------- d-----w- c:\documents and settings\All Users\Application Data\HitmanPro
2012-03-15 01:28 . 2012-03-15 01:28 -------- d-----w- c:\documents and settings\jenne\Application Data\Malwarebytes
2012-03-14 19:24 . 2012-03-15 03:46 -------- d-----w- C:\TDSSKiller_Quarantine
2012-03-14 03:37 . 2012-03-14 03:37 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2012-03-14 03:36 . 2012-03-14 03:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-03-14 03:36 . 2012-03-14 03:36 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-03-14 03:36 . 2011-12-10 20:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-14 03:29 . 2012-03-14 03:29 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2012-03-14 03:29 . 2012-03-14 03:29 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2012-03-07 00:31 . 2012-03-09 00:11 -------- d-----w- c:\documents and settings\KarliQ
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-14 04:30 . 2011-11-15 23:56 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-03 09:26 . 2008-04-25 16:16 1869184 ----a-w- c:\windows\system32\win32k.sys
2012-01-11 19:06 . 2012-02-15 16:39 3072 ------w- c:\windows\system32\iacenc.dll
2012-01-09 16:20 . 2008-04-25 21:26 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-18 19:00 . 2012-02-12 16:04 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Network Drive Mapping Utility"="c:\program files\Linksys\Network Storage\Network Drive Mapping Utility.exe" [2007-06-08 278144]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-04-03 483420]
"AESTFltr"="c:\windows\system32\AESTFltr.exe" [2009-04-03 737280]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-12-08 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-12-08 178712]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-12-08 150040]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-05-07 178712]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"Trend Micro Titanium"="c:\program files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe" [2011-10-08 1111568]
"Trend Micro Client Framework"="c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2011-02-10 116752]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-04 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2009-07-17 02:29 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^jenne^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\documents and settings\jenne\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^jenne^Start Menu^Programs^Startup^OneNote Table Of Contents.onetoc2]
path=c:\documents and settings\jenne\Start Menu\Programs\Startup\OneNote Table Of Contents.onetoc2
backup=c:\windows\pss\OneNote Table Of Contents.onetoc2Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-02 16:07 843712 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
2009-03-31 22:18 217088 ----a-w- c:\program files\DellTPad\Apoint.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2009-08-13 21:51 177440 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet]
2009-01-09 17:31 1712128 ----a-w- c:\program files\Dell\QuickSet\quickset.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dellsupportcenter]
2009-01-30 05:50 206064 ----a-w- c:\program files\Dell Support Center\bin\sprtcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-11-12 22:33 141600 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 17:42 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Network Drive Mapping Utility]
2007-06-08 13:34 278144 ----a-w- c:\program files\Linksys\Network Storage\Network Drive Mapping Utility.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv]
2009-02-05 02:26 128232 ------w- c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-11 05:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-01-26 20:31 2144088 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Linksys\\Network Storage\\Network Drive Mapping Utility.exe"=
"c:\\Program Files\\NewTech Infosystems\\NTI Shadow\\Shadow.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Mozilla Firefox\\plugin-container.exe"=
.
R2 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [4/5/2011 3:34 PM 64080]
R2 wwEngineSvc;Window Washer Engine;c:\program files\Webroot\Washer\WasherSvc.exe [10/21/2009 6:23 PM 598856]
R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [7/17/2009 12:13 AM 113024]
R3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RTS5121.sys [7/17/2009 12:13 AM 160256]
R3 tmcfw;Trend Micro Common Firewall Service;c:\windows\system32\drivers\TM_CFW.sys [7/20/2011 4:08 PM 341072]
S2 Amsp;Trend Micro Solution Platform;c:\program files\Trend Micro\AMSP\coreServiceShell.exe [4/5/2011 3:28 PM 188272]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [12/2/2010 11:50 AM 374152]
S2 yksvc;Marvell Yukon Service;RUNDLL32.EXE ykx32coinst,serviceStartProc --> RUNDLL32.EXE ykx32coinst,serviceStartProc [?]
S3 AMBFilt;Creative AMB Service;c:\windows\system32\drivers\AMBFilt.sys [7/17/2009 12:13 AM 1656960]
S3 bcm;WiMAX Network Adapter;c:\windows\system32\drivers\drxvi314.sys [2/11/2010 10:03 PM 319488]
S3 bcmbusctr;WiMAX Bus Driver;c:\windows\system32\drivers\BcmBusCtr.sys [2/11/2010 10:02 PM 51456]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys --> c:\windows\system32\DRIVERS\ew_hwusbdev.sys [?]
S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys --> c:\windows\system32\DRIVERS\ewusbnet.sys [?]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys --> c:\windows\system32\DRIVERS\ew_jubusenum.sys [?]
S3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys --> c:\windows\system32\DRIVERS\ewusbdev.sys [?]
S3 SWNC8U56;Sierra Wireless MUX NDIS Driver (UMTS56);c:\windows\system32\drivers\swnc8u56.sys [7/25/2009 4:09 PM 197504]
S3 SWUMX56;Sierra Wireless USB MUX Driver (UMTS56);c:\windows\system32\drivers\swumx56.sys [7/25/2009 4:08 PM 148992]
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-12 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
Trusted Zone: intuit.com\ttlc
TCP: DhcpNameServer = 172.16.0.1
FF - ProfilePath - c:\documents and settings\jenne\Application Data\Mozilla\Firefox\Profiles\a5df5res.default\
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKU-Default-Run-Update - c:\documents and settings\jenne\Application Data\CyberLink\CyberLink\nssqf.dll
Notify-LMIinit - (no file)
MSConfigStartUp-AT&T Communication Manager - c:\program files\AT&T\Communication Manager\ATTCM.exe
MSConfigStartUp-HW_OPENEYE_OUC_Cricket Broadband EC1705 - c:\program files\Cricket Broadband EC1705\UpdateDog\ouc.exe
MSConfigStartUp-Internet Security - c:\documents and settings\All Users\Application Data\isecurity.exe
MSConfigStartUp-LogMeIn GUI - c:\program files\LogMeIn\x86\LogMeInSystray.exe
MSConfigStartUp-T-Mobile webConnect Manager - c:\program files\T-Mobile\webConnect Manager\TMobileCM.exe
MSConfigStartUp-Update - c:\documents and settings\jenne\Application Data\CyberLink\CyberLink\nssqf.dll
AddRemove-Amazon MP3 Downloader - c:\documents and settings\jenne\Desktop\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-03-18 21:52
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1172)
c:\program files\Citrix\GoToAssist\514\G2AWinLogon.dll
.
Completion time: 2012-03-18 21:54:39
ComboFix-quarantined-files.txt 2012-03-19 02:54
.
Pre-Run: 111,133,224,960 bytes free
Post-Run: 111,287,427,072 bytes free
.
- - End Of File - - EFDC18CD93BEA197272BB293F6267E2B

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:28 PM

Posted 19 March 2012 - 09:37 AM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 mcirami55

mcirami55
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:12:28 PM

Posted 19 March 2012 - 10:41 AM

No problems running either software


09:59:43.0890 1104 TDSS rootkit removing tool 2.7.20.0 Mar 9 2012 17:10:43
09:59:44.0453 1104 ============================================================
09:59:44.0453 1104 Current date / time: 2012/03/19 09:59:44.0453
09:59:44.0453 1104 SystemInfo:
09:59:44.0453 1104
09:59:44.0453 1104 OS Version: 5.1.2600 ServicePack: 3.0
09:59:44.0453 1104 Product type: Workstation
09:59:44.0453 1104 ComputerName: JENNENEWLAPTOP
09:59:44.0453 1104 UserName: jenne
09:59:44.0453 1104 Windows directory: C:\WINDOWS
09:59:44.0453 1104 System windows directory: C:\WINDOWS
09:59:44.0453 1104 Processor architecture: Intel x86
09:59:44.0453 1104 Number of processors: 2
09:59:44.0453 1104 Page size: 0x1000
09:59:44.0453 1104 Boot type: Normal boot
09:59:44.0453 1104 ============================================================
09:59:45.0296 1104 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
09:59:45.0296 1104 \Device\Harddisk0\DR0:
09:59:45.0296 1104 MBR used
09:59:45.0296 1104 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1167D6A8
09:59:45.0359 1104 Initialize success
09:59:45.0359 1104 ============================================================
09:59:47.0718 3876 ============================================================
09:59:47.0718 3876 Scan started
09:59:47.0718 3876 Mode: Manual;
09:59:47.0718 3876 ============================================================
09:59:50.0703 3876 Abiosdsk - ok
09:59:50.0953 3876 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
09:59:50.0953 3876 abp480n5 - ok
09:59:51.0000 3876 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
09:59:51.0000 3876 ACPI - ok
09:59:51.0031 3876 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
09:59:51.0046 3876 ACPIEC - ok
09:59:51.0125 3876 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
09:59:51.0125 3876 adpu160m - ok
09:59:51.0203 3876 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
09:59:51.0203 3876 aec - ok
09:59:51.0234 3876 AESTAud (5f980524742bbdefee4ac28c228b1b56) C:\WINDOWS\system32\drivers\AESTAud.sys
09:59:51.0234 3876 AESTAud - ok
09:59:51.0312 3876 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
09:59:51.0312 3876 AFD - ok
09:59:51.0359 3876 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
09:59:51.0359 3876 agp440 - ok
09:59:51.0390 3876 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
09:59:51.0390 3876 agpCPQ - ok
09:59:51.0406 3876 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
09:59:51.0406 3876 Aha154x - ok
09:59:51.0437 3876 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
09:59:51.0437 3876 aic78u2 - ok
09:59:51.0453 3876 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
09:59:51.0453 3876 aic78xx - ok
09:59:51.0468 3876 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
09:59:51.0484 3876 AliIde - ok
09:59:51.0500 3876 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
09:59:51.0500 3876 alim1541 - ok
09:59:51.0578 3876 AMBFilt (5b285895100d285a61285deefc124132) C:\WINDOWS\system32\drivers\AMBFilt.sys
09:59:51.0625 3876 AMBFilt - ok
09:59:51.0625 3876 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
09:59:51.0625 3876 amdagp - ok
09:59:51.0656 3876 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
09:59:51.0656 3876 amsint - ok
09:59:51.0718 3876 ApfiltrService (5bffa4db168d2d0f99c182732535e82f) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
09:59:51.0718 3876 ApfiltrService - ok
09:59:51.0812 3876 APPDRV (ec94e05b76d033b74394e7b2175103cf) C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS
09:59:51.0812 3876 APPDRV - ok
09:59:51.0890 3876 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
09:59:51.0890 3876 asc - ok
09:59:51.0906 3876 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
09:59:51.0921 3876 asc3350p - ok
09:59:51.0921 3876 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
09:59:51.0937 3876 asc3550 - ok
09:59:52.0078 3876 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
09:59:52.0078 3876 AsyncMac - ok
09:59:52.0078 3876 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
09:59:52.0093 3876 atapi - ok
09:59:52.0093 3876 Atdisk - ok
09:59:52.0156 3876 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
09:59:52.0156 3876 Atmarpc - ok
09:59:52.0171 3876 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
09:59:52.0171 3876 audstub - ok
09:59:52.0265 3876 bcm (14196079dddd871d8ba6c406c15c3f4a) C:\WINDOWS\system32\DRIVERS\drxvi314.sys
09:59:52.0281 3876 bcm - ok
09:59:52.0375 3876 bcmbusctr (360c731bd6537c635c8d15b2f0d49669) C:\WINDOWS\system32\DRIVERS\BcmBusCtr.sys
09:59:52.0375 3876 bcmbusctr - ok
09:59:52.0406 3876 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
09:59:52.0406 3876 Beep - ok
09:59:52.0593 3876 catchme - ok
09:59:52.0625 3876 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
09:59:52.0625 3876 cbidf - ok
09:59:52.0640 3876 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
09:59:52.0640 3876 cbidf2k - ok
09:59:52.0656 3876 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
09:59:52.0656 3876 cd20xrnt - ok
09:59:52.0703 3876 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
09:59:52.0703 3876 Cdaudio - ok
09:59:52.0718 3876 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
09:59:52.0718 3876 Cdfs - ok
09:59:52.0750 3876 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
09:59:52.0750 3876 Cdrom - ok
09:59:52.0765 3876 Changer - ok
09:59:52.0843 3876 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
09:59:52.0875 3876 CmBatt - ok
09:59:52.0875 3876 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
09:59:52.0890 3876 CmdIde - ok
09:59:52.0890 3876 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
09:59:52.0890 3876 Compbatt - ok
09:59:52.0906 3876 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
09:59:52.0921 3876 Cpqarray - ok
09:59:52.0937 3876 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
09:59:52.0953 3876 dac2w2k - ok
09:59:52.0953 3876 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
09:59:52.0953 3876 dac960nt - ok
09:59:53.0015 3876 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
09:59:53.0015 3876 Disk - ok
09:59:53.0078 3876 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
09:59:53.0109 3876 dmboot - ok
09:59:53.0156 3876 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
09:59:53.0171 3876 dmio - ok
09:59:53.0171 3876 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
09:59:53.0171 3876 dmload - ok
09:59:53.0250 3876 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
09:59:53.0250 3876 DMusic - ok
09:59:53.0312 3876 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
09:59:53.0328 3876 dpti2o - ok
09:59:53.0375 3876 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
09:59:53.0375 3876 drmkaud - ok
09:59:53.0390 3876 ewusbnet - ok
09:59:53.0421 3876 ew_hwusbdev - ok
09:59:53.0453 3876 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
09:59:53.0453 3876 Fastfat - ok
09:59:53.0484 3876 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
09:59:53.0484 3876 Fdc - ok
09:59:53.0515 3876 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
09:59:53.0515 3876 Fips - ok
09:59:53.0515 3876 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
09:59:53.0531 3876 Flpydisk - ok
09:59:53.0546 3876 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
09:59:53.0546 3876 FltMgr - ok
09:59:53.0578 3876 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
09:59:53.0578 3876 Fs_Rec - ok
09:59:53.0671 3876 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
09:59:53.0671 3876 Ftdisk - ok
09:59:53.0750 3876 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
09:59:53.0750 3876 GEARAspiWDM - ok
09:59:53.0781 3876 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
09:59:53.0781 3876 Gpc - ok
09:59:53.0812 3876 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
09:59:53.0812 3876 HDAudBus - ok
09:59:53.0843 3876 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
09:59:53.0953 3876 hidusb - ok
09:59:54.0015 3876 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
09:59:54.0031 3876 hpn - ok
09:59:54.0109 3876 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
09:59:54.0125 3876 HTTP - ok
09:59:54.0125 3876 huawei_enumerator - ok
09:59:54.0140 3876 hwdatacard - ok
09:59:54.0156 3876 hwusbdev - ok
09:59:54.0234 3876 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
09:59:54.0234 3876 i2omgmt - ok
09:59:54.0281 3876 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
09:59:54.0281 3876 i2omp - ok
09:59:54.0343 3876 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
09:59:54.0343 3876 i8042prt - ok
09:59:54.0578 3876 ialm (d1359e54d9755d28e56b17a352ab8aae) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
09:59:54.0781 3876 ialm - ok
09:59:54.0859 3876 iaStor (80c633722da72e97f3f5b3b11325696d) C:\WINDOWS\system32\drivers\iaStor.sys
09:59:54.0875 3876 iaStor - ok
09:59:54.0968 3876 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
09:59:54.0968 3876 Imapi - ok
09:59:55.0031 3876 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
09:59:55.0031 3876 ini910u - ok
09:59:55.0031 3876 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
09:59:55.0046 3876 IntelIde - ok
09:59:55.0046 3876 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
09:59:55.0046 3876 intelppm - ok
09:59:55.0078 3876 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
09:59:55.0078 3876 Ip6Fw - ok
09:59:55.0093 3876 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
09:59:55.0093 3876 IpFilterDriver - ok
09:59:55.0109 3876 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
09:59:55.0109 3876 IpInIp - ok
09:59:55.0171 3876 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
09:59:55.0171 3876 IpNat - ok
09:59:55.0203 3876 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
09:59:55.0203 3876 IPSec - ok
09:59:55.0250 3876 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
09:59:55.0250 3876 IRENUM - ok
09:59:55.0312 3876 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
09:59:55.0312 3876 isapnp - ok
09:59:55.0328 3876 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
09:59:55.0328 3876 Kbdclass - ok
09:59:55.0343 3876 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
09:59:55.0343 3876 kbdhid - ok
09:59:55.0375 3876 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
09:59:55.0375 3876 kmixer - ok
09:59:55.0453 3876 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
09:59:55.0453 3876 KSecDD - ok
09:59:55.0468 3876 lbrtfdc - ok
09:59:55.0500 3876 lmimirr - ok
09:59:55.0515 3876 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
09:59:55.0531 3876 mnmdd - ok
09:59:55.0546 3876 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
09:59:55.0546 3876 Modem - ok
09:59:55.0656 3876 MonFilt (9fa7207d1b1adead88ae8eed9cdbbaa5) C:\WINDOWS\system32\drivers\MonFilt.sys
09:59:55.0703 3876 MonFilt - ok
09:59:55.0750 3876 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
09:59:55.0750 3876 Mouclass - ok
09:59:55.0781 3876 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
09:59:55.0781 3876 mouhid - ok
09:59:55.0796 3876 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
09:59:55.0796 3876 MountMgr - ok
09:59:55.0890 3876 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
09:59:55.0890 3876 mraid35x - ok
09:59:55.0937 3876 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
09:59:55.0937 3876 MRxDAV - ok
09:59:56.0031 3876 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
09:59:56.0078 3876 MRxSmb - ok
09:59:56.0093 3876 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
09:59:56.0093 3876 Msfs - ok
09:59:56.0156 3876 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
09:59:56.0156 3876 MSKSSRV - ok
09:59:56.0171 3876 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
09:59:56.0171 3876 MSPCLOCK - ok
09:59:56.0187 3876 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
09:59:56.0187 3876 MSPQM - ok
09:59:56.0234 3876 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
09:59:56.0234 3876 mssmbios - ok
09:59:56.0296 3876 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
09:59:56.0296 3876 Mup - ok
09:59:56.0359 3876 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
09:59:56.0359 3876 NDIS - ok
09:59:56.0437 3876 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
09:59:56.0437 3876 NdisTapi - ok
09:59:56.0468 3876 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
09:59:56.0468 3876 Ndisuio - ok
09:59:56.0484 3876 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
09:59:56.0500 3876 NdisWan - ok
09:59:56.0562 3876 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
09:59:56.0562 3876 NDProxy - ok
09:59:56.0578 3876 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
09:59:56.0578 3876 NetBIOS - ok
09:59:56.0609 3876 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
09:59:56.0609 3876 NetBT - ok
09:59:56.0828 3876 NETw5x32 (cfe1981a47a2f7650a1ef8917dc4d1c3) C:\WINDOWS\system32\DRIVERS\NETw5x32.sys
09:59:56.0968 3876 NETw5x32 - ok
09:59:56.0984 3876 Nmea - ok
09:59:57.0093 3876 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
09:59:57.0093 3876 Npfs - ok
09:59:57.0187 3876 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
09:59:57.0187 3876 Ntfs - ok
09:59:57.0218 3876 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
09:59:57.0218 3876 Null - ok
09:59:57.0312 3876 NWADI (93213c7ec08e01e37a935bf144e75df6) C:\WINDOWS\system32\DRIVERS\NWADIenum.sys
09:59:57.0312 3876 NWADI - ok
09:59:57.0359 3876 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
09:59:57.0359 3876 NwlnkFlt - ok
09:59:57.0375 3876 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
09:59:57.0375 3876 NwlnkFwd - ok
09:59:57.0437 3876 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
09:59:57.0437 3876 Parport - ok
09:59:57.0453 3876 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
09:59:57.0453 3876 PartMgr - ok
09:59:57.0468 3876 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
09:59:57.0468 3876 ParVdm - ok
09:59:57.0484 3876 PCASp50 - ok
09:59:57.0500 3876 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
09:59:57.0500 3876 PCI - ok
09:59:57.0515 3876 PCIDump - ok
09:59:57.0531 3876 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
09:59:57.0546 3876 PCIIde - ok
09:59:57.0578 3876 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
09:59:57.0578 3876 Pcmcia - ok
09:59:57.0593 3876 PCTINDIS5 - ok
09:59:57.0593 3876 PDCOMP - ok
09:59:57.0609 3876 PDFRAME - ok
09:59:57.0625 3876 PDRELI - ok
09:59:57.0625 3876 PDRFRAME - ok
09:59:57.0656 3876 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
09:59:57.0671 3876 perc2 - ok
09:59:57.0671 3876 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
09:59:57.0671 3876 perc2hib - ok
09:59:57.0734 3876 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
09:59:57.0734 3876 PptpMiniport - ok
09:59:57.0765 3876 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
09:59:57.0765 3876 PSched - ok
09:59:57.0796 3876 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
09:59:57.0796 3876 Ptilink - ok
09:59:57.0890 3876 PxHelp20 (03e0fe281823ba64b3782f5b38950e73) C:\WINDOWS\system32\Drivers\PxHelp20.sys
09:59:57.0890 3876 PxHelp20 - ok
09:59:57.0921 3876 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
09:59:57.0921 3876 ql1080 - ok
09:59:57.0937 3876 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
09:59:57.0937 3876 Ql10wnt - ok
09:59:57.0953 3876 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
09:59:57.0953 3876 ql12160 - ok
09:59:57.0953 3876 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
09:59:57.0953 3876 ql1240 - ok
09:59:57.0984 3876 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
09:59:57.0984 3876 ql1280 - ok
09:59:58.0031 3876 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
09:59:58.0031 3876 RasAcd - ok
09:59:58.0062 3876 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
09:59:58.0062 3876 Rasl2tp - ok
09:59:58.0078 3876 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
09:59:58.0078 3876 RasPppoe - ok
09:59:58.0093 3876 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
09:59:58.0093 3876 Raspti - ok
09:59:58.0125 3876 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
09:59:58.0125 3876 Rdbss - ok
09:59:58.0140 3876 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
09:59:58.0140 3876 RDPCDD - ok
09:59:58.0171 3876 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
09:59:58.0171 3876 rdpdr - ok
09:59:58.0234 3876 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
09:59:58.0234 3876 RDPWD - ok
09:59:58.0296 3876 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
09:59:58.0312 3876 redbook - ok
09:59:58.0375 3876 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\WINDOWS\system32\DRIVERS\RimSerial.sys
09:59:58.0375 3876 RimVSerPort - ok
09:59:58.0421 3876 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
09:59:58.0421 3876 ROOTMODEM - ok
09:59:58.0500 3876 RSUSBSTOR (030442f08aec1a5d7cf035cc514374b9) C:\WINDOWS\system32\Drivers\RTS5121.sys
09:59:58.0500 3876 RSUSBSTOR - ok
09:59:58.0562 3876 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
09:59:58.0578 3876 Secdrv - ok
09:59:58.0625 3876 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
09:59:58.0625 3876 Serial - ok
09:59:58.0656 3876 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
09:59:58.0656 3876 Sfloppy - ok
09:59:58.0671 3876 Simbad - ok
09:59:58.0734 3876 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
09:59:58.0734 3876 sisagp - ok
09:59:58.0781 3876 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
09:59:58.0781 3876 Sparrow - ok
09:59:58.0828 3876 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
09:59:58.0828 3876 splitter - ok
09:59:58.0859 3876 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
09:59:58.0875 3876 sr - ok
09:59:58.0921 3876 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
09:59:58.0937 3876 Srv - ok
09:59:59.0140 3876 STHDA (3ba7a1cdd535af51dad742236aea0741) C:\WINDOWS\system32\drivers\sthda.sys
09:59:59.0156 3876 STHDA - ok
09:59:59.0171 3876 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
09:59:59.0171 3876 swenum - ok
09:59:59.0265 3876 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
09:59:59.0265 3876 swmidi - ok
09:59:59.0281 3876 swmsflt - ok
09:59:59.0375 3876 swmx00 (af88ae62b84d016eb5bdc12ddf1005a3) C:\WINDOWS\system32\DRIVERS\swmx00.sys
09:59:59.0390 3876 swmx00 - ok
09:59:59.0421 3876 SWNC5E00 (24bce62e4da07c6488e3a7ff37a6b6ae) C:\WINDOWS\system32\DRIVERS\SWNC5E00.sys
09:59:59.0421 3876 SWNC5E00 - ok
09:59:59.0515 3876 SWNC8U56 (90fed2b18e0a8284b8be6b9a4ff10dc0) C:\WINDOWS\system32\DRIVERS\swnc8u56.sys
09:59:59.0562 3876 SWNC8U56 - ok
09:59:59.0656 3876 SWUMX56 (8d4ee23f4f326d246fa988a9d891d9f1) C:\WINDOWS\system32\DRIVERS\swumx56.sys
09:59:59.0656 3876 SWUMX56 - ok
09:59:59.0718 3876 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
09:59:59.0718 3876 symc810 - ok
09:59:59.0750 3876 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
09:59:59.0765 3876 symc8xx - ok
09:59:59.0765 3876 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
09:59:59.0765 3876 sym_hi - ok
09:59:59.0781 3876 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
09:59:59.0781 3876 sym_u3 - ok
09:59:59.0843 3876 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
10:00:00.0140 3876 sysaudio - ok
10:00:00.0250 3876 tap0901 (11d34fc869f5bda29949fe3858380894) C:\WINDOWS\system32\DRIVERS\tap0901.sys
10:00:00.0250 3876 tap0901 - ok
10:00:00.0359 3876 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
10:00:00.0359 3876 Tcpip - ok
10:00:00.0421 3876 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
10:00:00.0421 3876 TDPIPE - ok
10:00:00.0437 3876 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
10:00:00.0437 3876 TDTCP - ok
10:00:00.0500 3876 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
10:00:00.0500 3876 TermDD - ok
10:00:00.0578 3876 tmactmon (de87a23d2ddc7378d1c7ab681e20de47) C:\WINDOWS\system32\DRIVERS\tmactmon.sys
10:00:00.0578 3876 tmactmon - ok
10:00:00.0671 3876 tmcfw (7c5ca15a4993e101bf3cc521984c885a) C:\WINDOWS\system32\DRIVERS\TM_CFW.sys
10:00:00.0671 3876 tmcfw - ok
10:00:00.0687 3876 tmcomm (540c2b5dc47651c572c2804dc72fdda8) C:\WINDOWS\system32\DRIVERS\tmcomm.sys
10:00:00.0687 3876 tmcomm - ok
10:00:00.0718 3876 tmevtmgr (2de1fa64ebaff376f2c038f64492f62c) C:\WINDOWS\system32\DRIVERS\tmevtmgr.sys
10:00:00.0718 3876 tmevtmgr - ok
10:00:00.0765 3876 tmtdi (5a61679b2277b9ad550e30479a69503b) C:\WINDOWS\system32\DRIVERS\tmtdi.sys
10:00:00.0781 3876 tmtdi - ok
10:00:00.0828 3876 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
10:00:00.0828 3876 TosIde - ok
10:00:00.0859 3876 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
10:00:00.0859 3876 Udfs - ok
10:00:00.0906 3876 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
10:00:00.0921 3876 ultra - ok
10:00:00.0968 3876 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
10:00:00.0984 3876 Update - ok
10:00:01.0000 3876 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
10:00:01.0000 3876 usbccgp - ok
10:00:01.0015 3876 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
10:00:01.0015 3876 usbehci - ok
10:00:01.0093 3876 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
10:00:01.0093 3876 usbhub - ok
10:00:01.0156 3876 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
10:00:01.0171 3876 USBSTOR - ok
10:00:01.0218 3876 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
10:00:01.0218 3876 usbuhci - ok
10:00:01.0234 3876 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
10:00:01.0250 3876 VgaSave - ok
10:00:01.0250 3876 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
10:00:01.0250 3876 viaagp - ok
10:00:01.0265 3876 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
10:00:01.0265 3876 ViaIde - ok
10:00:01.0359 3876 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
10:00:01.0359 3876 VolSnap - ok
10:00:01.0375 3876 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
10:00:01.0375 3876 Wanarp - ok
10:00:01.0468 3876 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
10:00:01.0484 3876 Wdf01000 - ok
10:00:01.0484 3876 WDICA - ok
10:00:01.0515 3876 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
10:00:01.0515 3876 wdmaud - ok
10:00:01.0593 3876 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
10:00:01.0593 3876 WmiAcpi - ok
10:00:01.0656 3876 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\Drivers\wpdusb.sys
10:00:01.0656 3876 WpdUsb - ok
10:00:01.0687 3876 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
10:00:01.0687 3876 WS2IFSL - ok
10:00:01.0781 3876 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
10:00:01.0828 3876 WudfPf - ok
10:00:01.0843 3876 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
10:00:01.0875 3876 WudfRd - ok
10:00:01.0984 3876 yukonwxp (109b497d481490be0a31c390fce9bffe) C:\WINDOWS\system32\DRIVERS\yk51x86.sys
10:00:02.0000 3876 yukonwxp - ok
10:00:02.0093 3876 MBR (0x1B8) (401cb7b4221ae855e16ae547c5e575ab) \Device\Harddisk0\DR0
10:00:02.0140 3876 \Device\Harddisk0\DR0 - ok
10:00:02.0203 3876 Boot (0x1200) (9db66a1ee0a74f9305d91902b44981f3) \Device\Harddisk0\DR0\Partition0
10:00:02.0203 3876 \Device\Harddisk0\DR0\Partition0 - ok
10:00:02.0203 3876 ============================================================
10:00:02.0203 3876 Scan finished
10:00:02.0203 3876 ============================================================
10:00:02.0218 2060 Detected object count: 0
10:00:02.0218 2060 Actual detected object count: 0
10:01:11.0140 1628 Deinitialize success





aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-03-19 10:01:19
-----------------------------
10:01:19.390 OS Version: Windows 5.1.2600 Service Pack 3
10:01:19.390 Number of processors: 2 586 0x170A
10:01:19.390 ComputerName: JENNENEWLAPTOP UserName: jenne
10:01:20.296 Initialize success
10:06:24.328 AVAST engine defs: 12031700
10:08:08.609 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
10:08:08.625 Disk 0 Vendor: ST916031 DE06 Size: 152627MB BusType: 3
10:08:08.843 Disk 0 MBR read successfully
10:08:08.843 Disk 0 MBR scan
10:08:08.890 Disk 0 unknown MBR code
10:08:08.906 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
10:08:08.921 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 142586 MB offset 81920
10:08:08.968 Disk 0 Partition 3 00 DB CP/M / CTOS Dell 8.0 9993 MB offset 292109895
10:08:09.015 Disk 0 scanning sectors +312576705
10:08:09.171 Disk 0 scanning C:\WINDOWS\system32\drivers
10:08:23.125 Service scanning
10:08:52.234 Modules scanning
10:09:14.640 Disk 0 trace - called modules:
10:09:14.656 ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
10:09:14.656 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8ad1a6c8]
10:09:14.656 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x8ad69028]
10:09:15.296 AVAST engine scan C:\WINDOWS
10:09:22.515 AVAST engine scan C:\WINDOWS\system32
10:12:37.375 AVAST engine scan C:\WINDOWS\system32\drivers
10:12:55.890 AVAST engine scan C:\Documents and Settings\jenne
10:13:00.812 File: C:\Documents and Settings\jenne\Application Data\CyberLink\CyberLink\odgjbui.dll **INFECTED** Win32:Malware-gen
10:17:20.328 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\jenne\Desktop\MBR.dat"
10:17:20.328 The log file has been saved successfully to "C:\Documents and Settings\jenne\Desktop\aswMBR.txt"
10:29:29.078 AVAST engine scan C:\Documents and Settings\All Users
10:34:48.312 Scan finished successfully
10:36:48.968 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\jenne\Desktop\MBR.dat"
10:36:48.984 The log file has been saved successfully to "C:\Documents and Settings\jenne\Desktop\aswMBR.txt"

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:28 PM

Posted 19 March 2012 - 12:57 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::
KillAll::

File::
C:\Documents and Settings\jenne\Application Data\CyberLink\CyberLink\odgjbui.dll

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 mcirami55

mcirami55
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:12:28 PM

Posted 19 March 2012 - 09:21 PM

ComboFix 12-03-18.01 - jenne 03/19/2012 20:46:58.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3034.2322 [GMT -5:00]
Running from: c:\documents and settings\jenne\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\jenne\Desktop\CFScript.txt
AV: Trend Micro Titanium Internet Security *Disabled/Updated* {7D2296BC-32CC-4519-917E-52E652474AF5}
FW: Trend Micro Firewall Booster *Disabled* {3E790E9E-6A5D-4303-A7F9-185EC20F3EB6}
.
FILE ::
"c:\documents and settings\jenne\Application Data\CyberLink\CyberLink\odgjbui.dll"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\jenne\Application Data\CyberLink\CyberLink\odgjbui.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-02-20 to 2012-03-20 )))))))))))))))))))))))))))))))
.
.
2012-03-18 02:15 . 2012-03-18 02:15 -------- d-----w- c:\program files\HitmanPro
2012-03-18 02:14 . 2012-03-18 02:19 -------- d-----w- c:\documents and settings\All Users\Application Data\HitmanPro
2012-03-15 01:28 . 2012-03-15 01:28 -------- d-----w- c:\documents and settings\jenne\Application Data\Malwarebytes
2012-03-14 19:24 . 2012-03-15 03:46 -------- d-----w- C:\TDSSKiller_Quarantine
2012-03-14 03:37 . 2012-03-14 03:37 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2012-03-14 03:36 . 2012-03-14 03:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-03-14 03:36 . 2012-03-14 03:36 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-03-14 03:36 . 2011-12-10 20:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-14 03:29 . 2012-03-14 03:29 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2012-03-14 03:29 . 2012-03-14 03:29 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2012-03-07 00:31 . 2012-03-09 00:11 -------- d-----w- c:\documents and settings\KarliQ
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-14 04:30 . 2011-11-15 23:56 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-03 09:26 . 2008-04-25 16:16 1869184 ----a-w- c:\windows\system32\win32k.sys
2012-01-11 19:06 . 2012-02-15 16:39 3072 ------w- c:\windows\system32\iacenc.dll
2012-01-09 16:20 . 2008-04-25 21:26 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-19 18:37 . 2012-02-12 16:04 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-03-19_02.52.15 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-03-20 01:54 . 2012-03-20 01:54 16384 c:\windows\temp\Perflib_Perfdata_78c.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Network Drive Mapping Utility"="c:\program files\Linksys\Network Storage\Network Drive Mapping Utility.exe" [2007-06-08 278144]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-04-03 483420]
"AESTFltr"="c:\windows\system32\AESTFltr.exe" [2009-04-03 737280]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-12-08 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-12-08 178712]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-12-08 150040]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-05-07 178712]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"Trend Micro Titanium"="c:\program files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe" [2011-10-08 1111568]
"Trend Micro Client Framework"="c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2011-02-10 116752]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-04 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2009-07-17 02:29 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^jenne^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\documents and settings\jenne\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^jenne^Start Menu^Programs^Startup^OneNote Table Of Contents.onetoc2]
path=c:\documents and settings\jenne\Start Menu\Programs\Startup\OneNote Table Of Contents.onetoc2
backup=c:\windows\pss\OneNote Table Of Contents.onetoc2Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-02 16:07 843712 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
2009-03-31 22:18 217088 ----a-w- c:\program files\DellTPad\Apoint.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2009-08-13 21:51 177440 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet]
2009-01-09 17:31 1712128 ----a-w- c:\program files\Dell\QuickSet\quickset.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dellsupportcenter]
2009-01-30 05:50 206064 ----a-w- c:\program files\Dell Support Center\bin\sprtcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-11-12 22:33 141600 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 17:42 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Network Drive Mapping Utility]
2007-06-08 13:34 278144 ----a-w- c:\program files\Linksys\Network Storage\Network Drive Mapping Utility.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv]
2009-02-05 02:26 128232 ------w- c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-11 05:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-01-26 20:31 2144088 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Linksys\\Network Storage\\Network Drive Mapping Utility.exe"=
"c:\\Program Files\\NewTech Infosystems\\NTI Shadow\\Shadow.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Mozilla Firefox\\plugin-container.exe"=
.
R2 Amsp;Trend Micro Solution Platform;c:\program files\Trend Micro\AMSP\coreServiceShell.exe [4/5/2011 3:28 PM 188272]
R2 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [4/5/2011 3:34 PM 64080]
R2 wwEngineSvc;Window Washer Engine;c:\program files\Webroot\Washer\WasherSvc.exe [10/21/2009 6:23 PM 598856]
R2 yksvc;Marvell Yukon Service;RUNDLL32.EXE ykx32coinst,serviceStartProc --> RUNDLL32.EXE ykx32coinst,serviceStartProc [?]
R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [7/17/2009 12:13 AM 113024]
R3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RTS5121.sys [7/17/2009 12:13 AM 160256]
R3 tmcfw;Trend Micro Common Firewall Service;c:\windows\system32\drivers\TM_CFW.sys [7/20/2011 4:08 PM 341072]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [12/2/2010 11:50 AM 374152]
S3 AMBFilt;Creative AMB Service;c:\windows\system32\drivers\AMBFilt.sys [7/17/2009 12:13 AM 1656960]
S3 bcm;WiMAX Network Adapter;c:\windows\system32\drivers\drxvi314.sys [2/11/2010 10:03 PM 319488]
S3 bcmbusctr;WiMAX Bus Driver;c:\windows\system32\drivers\BcmBusCtr.sys [2/11/2010 10:02 PM 51456]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys --> c:\windows\system32\DRIVERS\ew_hwusbdev.sys [?]
S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys --> c:\windows\system32\DRIVERS\ewusbnet.sys [?]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys --> c:\windows\system32\DRIVERS\ew_jubusenum.sys [?]
S3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys --> c:\windows\system32\DRIVERS\ewusbdev.sys [?]
S3 SWNC8U56;Sierra Wireless MUX NDIS Driver (UMTS56);c:\windows\system32\drivers\swnc8u56.sys [7/25/2009 4:09 PM 197504]
S3 SWUMX56;Sierra Wireless USB MUX Driver (UMTS56);c:\windows\system32\drivers\swumx56.sys [7/25/2009 4:08 PM 148992]
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-12 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
Trusted Zone: intuit.com\ttlc
TCP: DhcpNameServer = 172.16.0.1
FF - ProfilePath - c:\documents and settings\jenne\Application Data\Mozilla\Firefox\Profiles\a5df5res.default\
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-03-19 20:55
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1176)
c:\program files\Citrix\GoToAssist\514\G2AWinLogon.dll
.
- - - - - - - > 'explorer.exe'(2852)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\drivers\audio\r215959\STacSV.exe
c:\program files\Trend Micro\AMSP\coreFrameworkHost.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\windows\system32\SearchIndexer.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\windows\system32\RUNDLL32.EXE
c:\windows\system32\igfxsrvc.exe
c:\program files\Trend Micro\UniClient\UiFrmWrk\uiSeAgnt.exe
.
**************************************************************************
.
Completion time: 2012-03-19 21:01:29 - machine was rebooted
ComboFix-quarantined-files.txt 2012-03-20 02:01
ComboFix2.txt 2012-03-19 02:54
.
Pre-Run: 111,133,716,480 bytes free
Post-Run: 111,169,789,952 bytes free
.
- - End Of File - - 2A338FD60001F9F440F3E18B0D5AF9EA



Now it seems I keep getting redirected to something like this...

http://63.209.69.107/search/web/mcdonalds/a10/46355-8909_1340/v5
http://63.209.69.107/search/web/dlisted/a10/46355-8909_1340/v5

Which is a page that has some kind of search results or ads on it. Won't even let me go back a page.


Thank you very much for your help so far by the way.

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:28 PM

Posted 19 March 2012 - 09:22 PM

Hello

Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTL.txt in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 mcirami55

mcirami55
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:12:28 PM

Posted 20 March 2012 - 09:38 AM

I've tried running OTL 4 times. Each times it seems to get stuck when it reads 'scanning firefox settings'. Just sits there for a very long time and if I look in task manager it reads 'not responding' and if I click anywhere on it, I get the hourglass and then OTL reads 'not responding' up on the title bar.

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:28 PM

Posted 20 March 2012 - 01:05 PM

Is firefox open when you run the scan if so make sure it is closed


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 mcirami55

mcirami55
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:12:28 PM

Posted 20 March 2012 - 02:50 PM

No I'm positive it wasn't running. Even restarted the computer before I ran OTL again.

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:28 PM

Posted 20 March 2012 - 04:50 PM

Try running it in safe mode


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 mcirami55

mcirami55
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:12:28 PM

Posted 21 March 2012 - 10:06 AM

It just doesn't want to work for me. Did the same thing in safe mode. Always gets stuck on scanning Firefox settings.

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:28 PM

Posted 21 March 2012 - 03:13 PM

do you have the paid Malwarebytes or the free one?


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 mcirami55

mcirami55
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:12:28 PM

Posted 21 March 2012 - 03:42 PM

it's the free one.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users