Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Happili* redirect, who knows what else


  • This topic is locked This topic is locked
19 replies to this topic

#1 NeedHelp6

NeedHelp6

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:15 AM

Posted 24 April 2012 - 10:00 AM

EDIT: I removed my instructional post and merged yours into one post~~ GM boopme

Hello,

A few days ago my machine was infected with the Happili redirect thing that seems to be going around. I spent most of yesterday looking through the forums and attempting fixes, but to no avail.

Symptoms are bogus notifications about i.e. not working (I use firefox not i.e.), bogus notifications asking if I "really want to navigate away from this page"? As well as the redirect to Happili when I click on the google search results that come from the search field next to the address bar.

Can anyone help me get rid of this thing? Please help!

Thanks.

I did steps 6-9, and here are the requested logs. Do you also want the attach log?

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 08:32 on 24/04/2012 (Will)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-



.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
Run by Will at 8:34:29 on 2012-04-24
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.2036.574 [GMT -7:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\Explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Adobe\Reader 9.0\Reader\AcroRd32.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Users\Will\Desktop\STATA\Stata.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
mStart Page = about:blank
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [SupportSoft] RUNDLL32.EXE c:\users\will\appdata\local\supportsoft\kkfzurxr.dll,CreateTzanShell
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [VMM Mode Selection] c:\program files\htc\modeselection\VMMModeSelection.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office10\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{778DF817-5D17-4A61-BE94-162017307D3C} : DhcpNameServer = 192.168.1.1
Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll
Notify: igfxcui - igfxdev.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\will\appdata\roaming\mozilla\firefox\profiles\m1igmqwx.default\
FF - plugin: c:\program files\common files\wolfram research\browser\8.0.3.2427702\npmathplugin.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\will\appdata\roaming\move networks\plugins\npqmp071706000001.dll
.
============= SERVICES / DRIVERS ===============
.
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165648]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 RtNdPt60;Realtek NDIS Protocol Driver;c:\windows\system32\drivers\RtNdPt60.sys [2009-2-6 27648]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2010-10-24 43392]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2010-10-24 65024]
S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2011-4-27 208944]
.
=============== Created Last 30 ================
.
2012-04-24 14:31:53 6734704 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{dd508631-019a-4d4a-851f-d17557482db4}\mpengine.dll
2012-04-24 14:28:29 -------- d-sh--w- C:\$RECYCLE.BIN
2012-04-24 07:15:20 -------- d-----w- c:\users\will\appdata\local\temp
2012-04-24 07:07:21 98816 ----a-w- c:\windows\sed.exe
2012-04-24 07:07:21 518144 ----a-w- c:\windows\SWREG.exe
2012-04-24 07:07:21 256000 ----a-w- c:\windows\PEV.exe
2012-04-24 07:07:21 208896 ----a-w- c:\windows\MBR.exe
2012-04-24 06:35:48 335504 ----a-w- c:\windows\system32\drivers\TrufosAlt.sys
2012-04-24 06:15:26 -------- d-----w- c:\windows\system32\DBBK
2012-04-24 05:57:07 -------- d-----w- C:\TDSSKiller_Quarantine
.
==================== Find3M ====================
.
2012-04-24 05:31:42 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-04-04 22:56:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-09 11:05:01 86528 ----a-w- c:\windows\system32\iesysprep.dll
2012-03-09 11:05:01 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-03-09 11:05:01 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-03-09 11:05:01 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-03-09 11:05:01 161792 ----a-w- c:\windows\system32\msls31.dll
2012-03-09 11:05:01 1127424 ----a-w- c:\windows\system32\wininet.dll
2012-03-09 11:05:00 74752 ----a-w- c:\windows\system32\iesetup.dll
2012-03-09 11:05:00 63488 ----a-w- c:\windows\system32\tdc.ocx
2012-03-09 11:05:00 367104 ----a-w- c:\windows\system32\html.iec
2012-03-09 11:05:00 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2012-03-09 11:02:17 4096 ----a-w- c:\windows\system32\drivers\en-us\dxgkrnl.sys.mui
2012-03-09 11:02:16 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
2012-03-09 11:02:16 519680 ----a-w- c:\windows\system32\d3d11.dll
2012-03-09 11:02:16 369664 ----a-w- c:\windows\system32\WMPhoto.dll
2012-03-09 11:02:16 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2012-03-09 11:02:16 252928 ----a-w- c:\windows\system32\dxdiag.exe
2012-03-09 11:02:16 195584 ----a-w- c:\windows\system32\dxdiagn.dll
2012-03-09 11:02:16 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2012-02-16 15:02:24 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-01-31 12:44:05 237072 ------w- c:\windows\system32\MpSigStub.exe
.
============= FINISH: 8:35:12.06 ===============


GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-04-24 09:45:08
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-1 SAMSUNG_HD251HJ rev.1AC01113
Running: gmer.exe; Driver: C:\Users\Will\AppData\Local\Temp\pxldqpod.sys


---- Kernel code sections - GMER 1.0.15 ----

? C:\ComboFix\catchme.sys The system cannot find the path specified. !
? C:\Windows\system32\Drivers\PROCEXP113.SYS The system cannot find the file specified. !
? C:\Users\Will\AppData\Local\Temp\aswMBR.sys The system cannot find the file specified. !
? C:\Users\Will\AppData\Local\Temp\mbr.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Internet Explorer\iexplore.exe[1528] USER32.dll!EnableWindow 757BCD8B 5 Bytes JMP 6F229A14 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1528] USER32.dll!DialogBoxParamW 757E10B0 5 Bytes JMP 6F18170B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1528] USER32.dll!DialogBoxIndirectParamW 757E2EF5 5 Bytes JMP 6F376336 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1528] USER32.dll!DialogBoxParamA 757F8152 5 Bytes JMP 6F3762D1 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1528] USER32.dll!DialogBoxIndirectParamA 757F847D 5 Bytes JMP 6F37639B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1528] USER32.dll!MessageBoxIndirectA 7580D4D9 5 Bytes JMP 6F376258 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1528] USER32.dll!MessageBoxIndirectW 7580D5D3 5 Bytes JMP 6F3761DF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1528] USER32.dll!MessageBoxExA 7580D639 5 Bytes JMP 6F37617B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1528] USER32.dll!MessageBoxExW 7580D65D 5 Bytes JMP 6F376117 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2304] ntdll.dll!LdrLoadDll 77119378 5 Bytes JMP 63549720 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2304] kernel32.dll!MapViewOfFile 768D68F0 1 Byte [E9]
.text C:\Program Files\Mozilla Firefox\firefox.exe[2304] kernel32.dll!MapViewOfFile 768D68F0 4 Bytes JMP 6377E1F4 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2304] kernel32.dll!VirtualAlloc 768DAD55 4 Bytes JMP 6377E21B C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2304] USER32.dll!CreateWindowExW 757C1305 5 Bytes JMP 02A07A80
.text C:\Program Files\Mozilla Firefox\firefox.exe[2304] GDI32.dll!CreateDIBSection 76FF7461 4 Bytes JMP 6377E17E C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2304] WS2_32.dll!WSASend 77044496 5 Bytes JMP 02A06CA8
.text C:\Program Files\Mozilla Firefox\firefox.exe[2304] WS2_32.dll!send 7704659B 5 Bytes JMP 02A06160
.text C:\Program Files\Internet Explorer\iexplore.exe[2388] kernel32.dll!CreateThread 768DC90E 5 Bytes JMP 6F1E7303 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2388] USER32.dll!CreateDialogParamW 757B72A2 5 Bytes JMP 6F3766A0 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2388] USER32.dll!GetAsyncKeyState 757B863C 5 Bytes JMP 6F1CDD8D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2388] USER32.dll!SetWindowsHookExW 757B87AD 5 Bytes JMP 6F222194 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2388] USER32.dll!CallNextHookEx 757B8E3B 5 Bytes JMP 6F247BAF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2388] USER32.dll!UnhookWindowsHookEx 757B98DB 5 Bytes JMP 6F26EB00 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2388] USER32.dll!EnableWindow 757BCD8B 5 Bytes JMP 6F229A14 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2388] USER32.dll!DefWindowProcA 757BDB88 7 Bytes JMP 6F1E952D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2388] USER32.dll!CreateWindowExA 757BDC2A 5 Bytes JMP 6F1F3363 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2388] USER32.dll!CreateWindowExW 757C1305 5 Bytes JMP 025926B8
.text C:\Program Files\Internet Explorer\iexplore.exe[2388] USER32.dll!GetKeyState 757C8CB1 5 Bytes JMP 6F1CDC67 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2388] USER32.dll!DefWindowProcW 757D03B4 7 Bytes JMP 6F247C12 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2388] USER32.dll!IsDialogMessageW 757D0745 5 Bytes JMP 6F376E05 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2388] USER32.dll!CreateDialogParamA 757D17AA 5 Bytes JMP 6F376668 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2388] USER32.dll!IsDialogMessage 757D1847 2 Bytes JMP 6F376DDD C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2388] USER32.dll!IsDialogMessage + 3 757D184A 2 Bytes [BA, F9]
.text C:\Program Files\Internet Explorer\iexplore.exe[2388] USER32.dll!CreateDialogIndirectParamA 757D26F1 5 Bytes JMP 6F3766D8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2388] USER32.dll!CreateDialogIndirectParamW 757D9A62 5 Bytes JMP 6F376710 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2388] USER32.dll!SetKeyboardState 757E0987 5 Bytes JMP 6F3776D1 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2388] USER32.dll!DialogBoxParamW 757E10B0 5 Bytes JMP 6F18170B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2388] USER32.dll!DialogBoxIndirectParamW 757E2EF5 5 Bytes JMP 6F376336 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2388] USER32.dll!SendInput 757E2F75 5 Bytes JMP 6F377679 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2388] USER32.dll!EndDialog 757E326E 5 Bytes JMP 6F3770B4 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2388] USER32.dll!SetCursorPos 757F6FB2 5 Bytes JMP 6F377752 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2388] USER32.dll!DialogBoxParamA 757F8152 5 Bytes JMP 6F3762D1 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2388] USER32.dll!DialogBoxIndirectParamA 757F847D 5 Bytes JMP 6F37639B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2388] USER32.dll!MessageBoxIndirectA 7580D4D9 5 Bytes JMP 6F376258 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2388] USER32.dll!MessageBoxIndirectW 7580D5D3 5 Bytes JMP 6F3761DF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2388] USER32.dll!MessageBoxExA 7580D639 5 Bytes JMP 6F37617B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2388] USER32.dll!MessageBoxExW 7580D65D 5 Bytes JMP 6F376117 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2388] USER32.dll!keybd_event 7580D972 5 Bytes JMP 6F377636 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2388] SHELL32.dll!SHRestricted + D95 75CF89A8 4 Bytes [CF, 01, 7C, 73]
.text C:\Program Files\Internet Explorer\iexplore.exe[2388] SHELL32.dll!SHRestricted + D9D 75CF89B0 8 Bytes [E0, 61, 7B, 73, 79, F7, 7B, ...] {LOOPNZ 0x63; JNP 0x77; JNS 0xfffffffffffffffd; JNP 0x7b}
.text C:\Program Files\Internet Explorer\iexplore.exe[2388] ole32.dll!OleLoadFromStream 76B81E80 5 Bytes JMP 6F376B0F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2388] WININET.dll!HttpAddRequestHeadersA 76982ADC 5 Bytes JMP 02591B70
.text C:\Program Files\Internet Explorer\iexplore.exe[2388] ws2_32.dll!WSASend 77044496 5 Bytes JMP 02586DB8
.text C:\Program Files\Internet Explorer\iexplore.exe[2388] ws2_32.dll!send 7704659B 5 Bytes JMP 02586270
.text C:\Program Files\Internet Explorer\iexplore.exe[2608] kernel32.dll!CreateThread 768DC90E 5 Bytes JMP 6F1E7303 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2608] USER32.dll!CreateDialogParamW 757B72A2 5 Bytes JMP 6F3766A0 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2608] USER32.dll!GetAsyncKeyState 757B863C 5 Bytes JMP 6F1CDD8D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2608] USER32.dll!SetWindowsHookExW 757B87AD 5 Bytes JMP 6F222194 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2608] USER32.dll!CallNextHookEx 757B8E3B 5 Bytes JMP 6F247BAF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2608] USER32.dll!UnhookWindowsHookEx 757B98DB 5 Bytes JMP 6F26EB00 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2608] USER32.dll!EnableWindow 757BCD8B 5 Bytes JMP 6F229A14 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2608] USER32.dll!DefWindowProcA 757BDB88 7 Bytes JMP 6F1E952D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2608] USER32.dll!CreateWindowExA 757BDC2A 5 Bytes JMP 6F1F3363 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2608] USER32.dll!CreateWindowExW 757C1305 5 Bytes JMP 024AAF10
.text C:\Program Files\Internet Explorer\iexplore.exe[2608] USER32.dll!GetKeyState 757C8CB1 5 Bytes JMP 6F1CDC67 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2608] USER32.dll!DefWindowProcW 757D03B4 7 Bytes JMP 6F247C12 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2608] USER32.dll!IsDialogMessageW 757D0745 5 Bytes JMP 6F376E05 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2608] USER32.dll!CreateDialogParamA 757D17AA 5 Bytes JMP 6F376668 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2608] USER32.dll!IsDialogMessage 757D1847 2 Bytes JMP 6F376DDD C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2608] USER32.dll!IsDialogMessage + 3 757D184A 2 Bytes [BA, F9]
.text C:\Program Files\Internet Explorer\iexplore.exe[2608] USER32.dll!CreateDialogIndirectParamA 757D26F1 5 Bytes JMP 6F3766D8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2608] USER32.dll!CreateDialogIndirectParamW 757D9A62 5 Bytes JMP 6F376710 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2608] USER32.dll!SetKeyboardState 757E0987 5 Bytes JMP 6F3776D1 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2608] USER32.dll!DialogBoxParamW 757E10B0 5 Bytes JMP 6F18170B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2608] USER32.dll!DialogBoxIndirectParamW 757E2EF5 5 Bytes JMP 6F376336 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2608] USER32.dll!SendInput 757E2F75 5 Bytes JMP 6F377679 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2608] USER32.dll!EndDialog 757E326E 5 Bytes JMP 6F3770B4 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2608] USER32.dll!SetCursorPos 757F6FB2 5 Bytes JMP 6F377752 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2608] USER32.dll!DialogBoxParamA 757F8152 5 Bytes JMP 6F3762D1 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2608] USER32.dll!DialogBoxIndirectParamA 757F847D 5 Bytes JMP 6F37639B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2608] USER32.dll!MessageBoxIndirectA 7580D4D9 5 Bytes JMP 6F376258 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2608] USER32.dll!MessageBoxIndirectW 7580D5D3 5 Bytes JMP 6F3761DF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2608] USER32.dll!MessageBoxExA 7580D639 5 Bytes JMP 6F37617B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2608] USER32.dll!MessageBoxExW 7580D65D 5 Bytes JMP 6F376117 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2608] USER32.dll!keybd_event 7580D972 5 Bytes JMP 6F377636 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2608] SHELL32.dll!SHRestricted + D95 75CF89A8 4 Bytes [CF, 01, 7C, 73]
.text C:\Program Files\Internet Explorer\iexplore.exe[2608] SHELL32.dll!SHRestricted + D9D 75CF89B0 8 Bytes [E0, 61, 7B, 73, 79, F7, 7B, ...] {LOOPNZ 0x63; JNP 0x77; JNS 0xfffffffffffffffd; JNP 0x7b}
.text C:\Program Files\Internet Explorer\iexplore.exe[2608] ole32.dll!OleLoadFromStream 76B81E80 5 Bytes JMP 6F376B0F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2608] WININET.dll!HttpAddRequestHeadersA 76982ADC 5 Bytes JMP 024AA3C8
.text C:\Program Files\Internet Explorer\iexplore.exe[2608] ws2_32.dll!WSASend 77044496 5 Bytes JMP 024A6DB8
.text C:\Program Files\Internet Explorer\iexplore.exe[2608] ws2_32.dll!send 7704659B 5 Bytes JMP 024A6270
.text C:\Program Files\Internet Explorer\iexplore.exe[5500] kernel32.dll!CreateThread 768DC90E 5 Bytes JMP 6F1E7303 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5500] USER32.dll!CreateDialogParamW 757B72A2 5 Bytes JMP 6F3766A0 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5500] USER32.dll!GetAsyncKeyState 757B863C 5 Bytes JMP 6F1CDD8D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5500] USER32.dll!SetWindowsHookExW 757B87AD 5 Bytes JMP 6F222194 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5500] USER32.dll!CallNextHookEx 757B8E3B 5 Bytes JMP 6F247BAF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5500] USER32.dll!UnhookWindowsHookEx 757B98DB 5 Bytes JMP 6F26EB00 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5500] USER32.dll!EnableWindow 757BCD8B 5 Bytes JMP 6F229A14 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5500] USER32.dll!DefWindowProcA 757BDB88 7 Bytes JMP 6F1E952D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5500] USER32.dll!CreateWindowExA 757BDC2A 5 Bytes JMP 6F1F3363 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5500] USER32.dll!CreateWindowExW 757C1305 5 Bytes JMP 025AA600
.text C:\Program Files\Internet Explorer\iexplore.exe[5500] USER32.dll!GetKeyState 757C8CB1 5 Bytes JMP 6F1CDC67 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5500] USER32.dll!DefWindowProcW 757D03B4 7 Bytes JMP 6F247C12 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5500] USER32.dll!IsDialogMessageW 757D0745 5 Bytes JMP 6F376E05 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5500] USER32.dll!CreateDialogParamA 757D17AA 5 Bytes JMP 6F376668 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5500] USER32.dll!IsDialogMessage 757D1847 2 Bytes JMP 6F376DDD C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5500] USER32.dll!IsDialogMessage + 3 757D184A 2 Bytes [BA, F9]
.text C:\Program Files\Internet Explorer\iexplore.exe[5500] USER32.dll!CreateDialogIndirectParamA 757D26F1 5 Bytes JMP 6F3766D8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5500] USER32.dll!CreateDialogIndirectParamW 757D9A62 5 Bytes JMP 6F376710 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5500] USER32.dll!SetKeyboardState 757E0987 5 Bytes JMP 6F3776D1 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5500] USER32.dll!DialogBoxParamW 757E10B0 5 Bytes JMP 6F18170B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5500] USER32.dll!DialogBoxIndirectParamW 757E2EF5 5 Bytes JMP 6F376336 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5500] USER32.dll!SendInput 757E2F75 5 Bytes JMP 6F377679 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5500] USER32.dll!EndDialog 757E326E 5 Bytes JMP 6F3770B4 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5500] USER32.dll!SetCursorPos 757F6FB2 5 Bytes JMP 6F377752 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5500] USER32.dll!DialogBoxParamA 757F8152 5 Bytes JMP 6F3762D1 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5500] USER32.dll!DialogBoxIndirectParamA 757F847D 5 Bytes JMP 6F37639B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5500] USER32.dll!MessageBoxIndirectA 7580D4D9 5 Bytes JMP 6F376258 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5500] USER32.dll!MessageBoxIndirectW 7580D5D3 5 Bytes JMP 6F3761DF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5500] USER32.dll!MessageBoxExA 7580D639 5 Bytes JMP 6F37617B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5500] USER32.dll!MessageBoxExW 7580D65D 5 Bytes JMP 6F376117 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5500] USER32.dll!keybd_event 7580D972 5 Bytes JMP 6F377636 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5500] SHELL32.dll!SHRestricted + D95 75CF89A8 4 Bytes [CF, 01, 7C, 73]
.text C:\Program Files\Internet Explorer\iexplore.exe[5500] SHELL32.dll!SHRestricted + D9D 75CF89B0 8 Bytes [E0, 61, 7B, 73, 79, F7, 7B, ...] {LOOPNZ 0x63; JNP 0x77; JNS 0xfffffffffffffffd; JNP 0x7b}
.text C:\Program Files\Internet Explorer\iexplore.exe[5500] ole32.dll!OleLoadFromStream 76B81E80 5 Bytes JMP 6F376B0F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5500] WININET.dll!HttpAddRequestHeadersA 76982ADC 5 Bytes JMP 025A9AB8
.text C:\Program Files\Internet Explorer\iexplore.exe[5500] ws2_32.dll!WSASend 77044496 5 Bytes JMP 025A6DB8
.text C:\Program Files\Internet Explorer\iexplore.exe[5500] ws2_32.dll!send 7704659B 5 Bytes JMP 025A6270
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[6088] USER32.dll!SetWindowLongA 757BE7CD 5 Bytes JMP 638E75F7 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[6088] USER32.dll!SetWindowLongW 757C13B4 5 Bytes JMP 638E7589 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[6088] USER32.dll!GetWindowInfo 757C428E 5 Bytes JMP 636BFE0A C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[6088] USER32.dll!TrackPopupMenu 757D14F3 5 Bytes JMP 636C03C5 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

Edited by boopme, 24 April 2012 - 08:44 PM.


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:15 AM

Posted 25 April 2012 - 01:49 AM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

:multiple Anti Virus programs:

It looks like you are operating your computer with multiple Anti Virus programs running in memory at once:

<insert av's>

Anti-virus programs take up an enormous amount of your computer's resources when they are actively scanning your computer. Having two anti-virus programs running at the same time can cause your computer to run very slow, become unstable and even, in rare cases, crash.

Please remove all but one of them.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 NeedHelp6

NeedHelp6
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:15 AM

Posted 25 April 2012 - 09:57 AM

Hi Gringo, thanks for your help.

I was not aware that I am running multiple anti-virus programs at once, I thought all I was running was Security Essentials. Can you tell me what others are running, and how to turn them off?

I ran security check and ComboFix, and here are those logs:

Results of screen317's Security Check version 0.99.32
Windows Vista Service Pack 2 x86 (UAC is enabled)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
Microsoft Security Essentials
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Java™ 6 Update 31
Adobe Flash Player 11.1.102.62
Adobe Reader 9 Adobe Reader out of date!
Mozilla Firefox (11.0.)
````````````````````````````````
Process Check:
objlist.exe by Laurent

Windows Defender MSMpEng.exe
Microsoft Security Essentials msseces.exe
Will Desktop Virus BS SecurityCheck(1).exe
Microsoft Security Client Antimalware MsMpEng.exe
Microsoft Security Client Antimalware NisSrv.exe
``````````End of Log````````````



ComboFix 12-04-23.03 - Will 04/25/2012 7:49.3.2 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.2036.1261 [GMT -7:00]
Running from: c:\users\Will\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-03-25 to 2012-04-25 )))))))))))))))))))))))))))))))
.
.
2012-04-25 14:54 . 2012-04-25 14:54 -------- d-----w- c:\users\Will\AppData\Local\temp
2012-04-25 14:54 . 2012-04-25 14:54 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-25 14:14 . 2012-04-25 14:14 56200 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{DDF93D03-6460-4635-BFCA-A4A707B1833F}\offreg.dll
2012-04-25 07:32 . 2012-04-13 07:36 6734704 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{DDF93D03-6460-4635-BFCA-A4A707B1833F}\mpengine.dll
2012-04-24 06:35 . 2012-04-24 06:35 335504 ----a-w- c:\windows\system32\drivers\TrufosAlt.sys
2012-04-24 06:15 . 2012-04-24 06:54 -------- d-----w- c:\windows\system32\DBBK
2012-04-24 05:57 . 2012-04-24 05:57 -------- d-----w- C:\TDSSKiller_Quarantine
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-24 05:31 . 2012-03-17 02:39 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-04-13 07:36 . 2011-06-05 03:48 6734704 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-04-04 22:56 . 2011-06-04 00:33 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-09 11:05 . 2012-03-09 11:05 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-03-09 11:05 . 2012-03-09 11:05 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-03-09 11:05 . 2012-03-09 11:05 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-03-09 11:05 . 2012-03-09 11:05 161792 ----a-w- c:\windows\system32\msls31.dll
2012-03-09 11:05 . 2012-03-09 11:05 1127424 ----a-w- c:\windows\system32\wininet.dll
2012-03-09 11:05 . 2012-03-09 11:05 86528 ----a-w- c:\windows\system32\iesysprep.dll
2012-03-09 11:05 . 2012-03-09 11:05 74752 ----a-w- c:\windows\system32\iesetup.dll
2012-03-09 11:05 . 2012-03-09 11:05 63488 ----a-w- c:\windows\system32\tdc.ocx
2012-03-09 11:05 . 2012-03-09 11:05 367104 ----a-w- c:\windows\system32\html.iec
2012-03-09 11:05 . 2012-03-09 11:04 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2012-03-09 11:04 . 2012-03-09 11:04 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-03-09 11:04 . 2012-03-09 11:04 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-03-09 11:04 . 2012-03-09 11:04 23552 ----a-w- c:\windows\system32\licmgr10.dll
2012-03-09 11:04 . 2012-03-09 11:04 152064 ----a-w- c:\windows\system32\wextract.exe
2012-03-09 11:04 . 2012-03-09 11:04 150528 ----a-w- c:\windows\system32\iexpress.exe
2012-03-09 11:04 . 2012-03-09 11:04 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-03-09 11:04 . 2012-03-09 11:04 11776 ----a-w- c:\windows\system32\mshta.exe
2012-03-09 11:04 . 2012-03-09 11:04 101888 ----a-w- c:\windows\system32\admparse.dll
2012-03-09 11:04 . 2012-03-09 11:04 1798656 ----a-w- c:\windows\system32\jscript9.dll
2012-03-09 11:04 . 2012-03-09 11:04 35840 ----a-w- c:\windows\system32\imgutil.dll
2012-03-09 11:04 . 2012-03-09 11:04 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-03-09 11:04 . 2012-03-09 11:04 979456 ----a-w- c:\windows\system32\MFH264Dec.dll
2012-03-09 11:04 . 2012-03-09 11:04 98816 ----a-w- c:\windows\system32\mfps.dll
2012-03-09 11:04 . 2012-03-09 11:04 586240 ----a-w- c:\windows\system32\stobject.dll
2012-03-09 11:04 . 2012-03-09 11:04 357376 ----a-w- c:\windows\system32\MFHEAACdec.dll
2012-03-09 11:04 . 2012-03-09 11:04 302592 ----a-w- c:\windows\system32\mfmp4src.dll
2012-03-09 11:04 . 2012-03-09 11:04 2873344 ----a-w- c:\windows\system32\mf.dll
2012-03-09 11:04 . 2012-03-09 11:04 261632 ----a-w- c:\windows\system32\mfreadwrite.dll
2012-03-09 11:04 . 2012-03-09 11:04 209920 ----a-w- c:\windows\system32\mfplat.dll
2012-03-09 11:04 . 2012-03-09 11:04 797184 ----a-w- c:\windows\system32\FntCache.dll
2012-03-09 11:04 . 2012-03-09 11:04 683008 ----a-w- c:\windows\system32\d2d1.dll
2012-03-09 11:04 . 2012-03-09 11:04 486400 ----a-w- c:\windows\system32\d3d10level9.dll
2012-03-09 11:04 . 2012-03-09 11:04 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2012-03-09 11:04 . 2012-03-09 11:04 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
2012-03-09 11:04 . 2012-03-09 11:04 1068544 ----a-w- c:\windows\system32\DWrite.dll
2012-03-09 11:04 . 2012-03-09 11:04 847360 ----a-w- c:\windows\system32\OpcServices.dll
2012-03-09 11:04 . 2012-03-09 11:04 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2012-03-09 11:04 . 2012-03-09 11:04 638336 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2012-03-09 11:04 . 2012-03-09 11:04 478720 ----a-w- c:\windows\system32\dxgi.dll
2012-03-09 11:04 . 2012-03-09 11:04 37376 ----a-w- c:\windows\system32\cdd.dll
2012-03-09 11:04 . 2012-03-09 11:04 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2012-03-09 11:04 . 2012-03-09 11:04 258048 ----a-w- c:\windows\system32\winspool.drv
2012-03-09 11:04 . 2012-03-09 11:04 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-03-09 11:04 . 2012-03-09 11:04 189952 ----a-w- c:\windows\system32\d3d10core.dll
2012-03-09 11:04 . 2012-03-09 11:04 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2012-03-09 11:04 . 2012-03-09 11:04 1554432 ----a-w- c:\windows\system32\xpsservices.dll
2012-03-09 11:04 . 2012-03-09 11:04 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2012-03-09 11:04 . 2012-03-09 11:04 1029120 ----a-w- c:\windows\system32\d3d10.dll
2012-03-09 11:04 . 2012-03-09 11:04 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2012-03-09 11:02 . 2012-03-09 11:02 4096 ----a-w- c:\windows\system32\drivers\en-US\dxgkrnl.sys.mui
2012-03-09 11:02 . 2012-03-09 11:02 519680 ----a-w- c:\windows\system32\d3d11.dll
2012-03-09 11:02 . 2012-03-09 11:02 369664 ----a-w- c:\windows\system32\WMPhoto.dll
2012-03-09 11:02 . 2012-03-09 11:02 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2012-03-09 11:02 . 2012-03-09 11:02 252928 ----a-w- c:\windows\system32\dxdiag.exe
2012-03-09 11:02 . 2012-03-09 11:02 195584 ----a-w- c:\windows\system32\dxdiagn.dll
2012-03-09 11:02 . 2012-03-09 11:02 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2012-03-09 11:02 . 2012-03-09 11:02 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
2012-02-16 15:02 . 2011-06-26 19:33 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-11 05:31 . 2012-02-11 05:32 713784 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{93ABA617-22BC-4BA4-8738-7D607FBFCCD7}\gapaengine.dll
2012-01-31 12:44 . 2011-03-22 22:41 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-03-13 04:39 . 2012-04-24 05:46 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2008-03-06 4706304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-03-06 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-03-06 133656]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"VMM Mode Selection"="c:\program files\HTC\ModeSelection\VMMModeSelection.exe" [2011-02-14 43520]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2009-02-06 17:24 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dellsupportcenter]
2008-10-04 19:58 206064 ----a-w- c:\program files\Dell Support Center\bin\sprtcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware (reboot)]
2012-04-04 22:56 981680 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-10-24 22:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-25 c:\windows\Tasks\RtlNICDiagVistaStart.job
- c:\program files\Realtek\RTNICDiag\RTNICDiag.exe [2009-02-06 11:44]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
mStart Page = about:blank
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Will\AppData\Roaming\Mozilla\Firefox\Profiles\m1igmqwx.default\
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-04-25 07:54
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Completion time: 2012-04-25 07:55:30
ComboFix-quarantined-files.txt 2012-04-25 14:55
ComboFix2.txt 2012-04-24 14:28
ComboFix3.txt 2012-04-24 07:29
.
Pre-Run: 115,098,714,112 bytes free
Post-Run: 115,071,823,872 bytes free
.
- - End Of File - - 7709F8B60C04A5CA9E91D400BE7DC32E

#4 NeedHelp6

NeedHelp6
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:15 AM

Posted 25 April 2012 - 09:58 AM

Oh, and my computer was running very slow this morning before I ran security check and combofix. Now that I have run those programs, my computer seems to be running faster. Also, so far today I have not had any redirects to happili.

Edited by NeedHelp6, 25 April 2012 - 10:02 AM.


#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:15 AM

Posted 25 April 2012 - 12:29 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 NeedHelp6

NeedHelp6
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:15 AM

Posted 25 April 2012 - 06:01 PM

Hi Gringo,

Since I last posted, a mysterious new icon has appeared on my desktop. It looks like a bogus version of the I.E. logo, but is just labeled simply as "The Internet", just thought you might like to know.

I ran the programs you requested, I don't think either one found anything, here are the logs:

15:07:59.0920 3788 TDSS rootkit removing tool 2.7.33.0 Apr 24 2012 18:43:43
15:08:00.0386 3788 ============================================================
15:08:00.0386 3788 Current date / time: 2012/04/25 15:08:00.0386
15:08:00.0386 3788 SystemInfo:
15:08:00.0386 3788
15:08:00.0386 3788 OS Version: 6.0.6002 ServicePack: 2.0
15:08:00.0386 3788 Product type: Workstation
15:08:00.0386 3788 ComputerName: WILL-PC
15:08:00.0387 3788 UserName: Will
15:08:00.0387 3788 Windows directory: C:\Windows
15:08:00.0387 3788 System windows directory: C:\Windows
15:08:00.0387 3788 Processor architecture: Intel x86
15:08:00.0387 3788 Number of processors: 2
15:08:00.0387 3788 Page size: 0x1000
15:08:00.0387 3788 Boot type: Normal boot
15:08:00.0387 3788 ============================================================
15:08:01.0976 3788 Drive \Device\Harddisk0\DR0 - Size: 0x3A35294400 (232.83 Gb), SectorSize: 0x200, Cylinders: 0x76BA, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
15:08:02.0069 3788 ============================================================
15:08:02.0069 3788 \Device\Harddisk0\DR0:
15:08:02.0070 3788 MBR partitions:
15:08:02.0070 3788 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1D4C000
15:08:02.0070 3788 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1D60000, BlocksNum 0x1B448CA2
15:08:02.0070 3788 ============================================================
15:08:02.0113 3788 C: <-> \Device\Harddisk0\DR0\Partition1
15:08:02.0143 3788 D: <-> \Device\Harddisk0\DR0\Partition0
15:08:02.0143 3788 ============================================================
15:08:02.0143 3788 Initialize success
15:08:02.0143 3788 ============================================================
15:08:08.0947 3244 ============================================================
15:08:08.0947 3244 Scan started
15:08:08.0947 3244 Mode: Manual;
15:08:08.0947 3244 ============================================================
15:08:09.0463 3244 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
15:08:09.0466 3244 ACPI - ok
15:08:09.0507 3244 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
15:08:09.0509 3244 adp94xx - ok
15:08:09.0571 3244 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
15:08:09.0573 3244 adpahci - ok
15:08:09.0587 3244 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
15:08:09.0588 3244 adpu160m - ok
15:08:09.0602 3244 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
15:08:09.0603 3244 adpu320 - ok
15:08:09.0637 3244 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
15:08:09.0638 3244 AeLookupSvc - ok
15:08:09.0710 3244 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
15:08:09.0713 3244 AFD - ok
15:08:09.0732 3244 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
15:08:09.0733 3244 agp440 - ok
15:08:09.0761 3244 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
15:08:09.0762 3244 aic78xx - ok
15:08:09.0776 3244 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
15:08:09.0777 3244 ALG - ok
15:08:09.0786 3244 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
15:08:09.0787 3244 aliide - ok
15:08:09.0800 3244 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
15:08:09.0800 3244 amdagp - ok
15:08:09.0805 3244 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
15:08:09.0806 3244 amdide - ok
15:08:09.0819 3244 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
15:08:09.0820 3244 AmdK7 - ok
15:08:09.0830 3244 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
15:08:09.0830 3244 AmdK8 - ok
15:08:09.0869 3244 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
15:08:09.0870 3244 Appinfo - ok
15:08:09.0907 3244 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
15:08:09.0908 3244 arc - ok
15:08:09.0934 3244 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
15:08:09.0935 3244 arcsas - ok
15:08:09.0951 3244 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
15:08:09.0952 3244 AsyncMac - ok
15:08:09.0987 3244 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
15:08:09.0987 3244 atapi - ok
15:08:10.0027 3244 AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
15:08:10.0029 3244 AudioEndpointBuilder - ok
15:08:10.0034 3244 Audiosrv (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
15:08:10.0036 3244 Audiosrv - ok
15:08:10.0063 3244 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
15:08:10.0064 3244 Beep - ok
15:08:10.0102 3244 BFE (c789af0f724fda5852fb9a7d3a432381) C:\Windows\System32\bfe.dll
15:08:10.0105 3244 BFE - ok
15:08:10.0171 3244 BITS (93952506c6d67330367f7e7934b6a02f) C:\Windows\system32\qmgr.dll
15:08:10.0179 3244 BITS - ok
15:08:10.0194 3244 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
15:08:10.0195 3244 blbdrive - ok
15:08:10.0225 3244 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
15:08:10.0227 3244 bowser - ok
15:08:10.0247 3244 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
15:08:10.0247 3244 BrFiltLo - ok
15:08:10.0254 3244 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
15:08:10.0255 3244 BrFiltUp - ok
15:08:10.0276 3244 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
15:08:10.0277 3244 Browser - ok
15:08:10.0304 3244 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
15:08:10.0305 3244 Brserid - ok
15:08:10.0318 3244 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
15:08:10.0319 3244 BrSerWdm - ok
15:08:10.0333 3244 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
15:08:10.0333 3244 BrUsbMdm - ok
15:08:10.0338 3244 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
15:08:10.0339 3244 BrUsbSer - ok
15:08:10.0351 3244 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
15:08:10.0352 3244 BTHMODEM - ok
15:08:10.0436 3244 catchme - ok
15:08:10.0468 3244 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
15:08:10.0469 3244 cdfs - ok
15:08:10.0506 3244 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
15:08:10.0507 3244 cdrom - ok
15:08:10.0548 3244 CertPropSvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
15:08:10.0549 3244 CertPropSvc - ok
15:08:10.0563 3244 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
15:08:10.0564 3244 circlass - ok
15:08:10.0601 3244 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
15:08:10.0604 3244 CLFS - ok
15:08:10.0662 3244 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:08:10.0663 3244 clr_optimization_v2.0.50727_32 - ok
15:08:10.0669 3244 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
15:08:10.0670 3244 cmdide - ok
15:08:10.0690 3244 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\drivers\compbatt.sys
15:08:10.0690 3244 Compbatt - ok
15:08:10.0694 3244 COMSysApp - ok
15:08:10.0700 3244 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
15:08:10.0702 3244 crcdisk - ok
15:08:10.0718 3244 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
15:08:10.0719 3244 Crusoe - ok
15:08:10.0780 3244 CryptSvc (fb27772beaf8e1d28ccd825c09da939b) C:\Windows\system32\cryptsvc.dll
15:08:10.0781 3244 CryptSvc - ok
15:08:10.0836 3244 DcomLaunch (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
15:08:10.0844 3244 DcomLaunch - ok
15:08:10.0874 3244 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
15:08:10.0875 3244 DfsC - ok
15:08:11.0017 3244 DFSR (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe
15:08:11.0040 3244 DFSR - ok
15:08:11.0171 3244 Dhcp (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll
15:08:11.0173 3244 Dhcp - ok
15:08:11.0237 3244 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
15:08:11.0238 3244 disk - ok
15:08:11.0279 3244 Dnscache (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll
15:08:11.0280 3244 Dnscache - ok
15:08:11.0313 3244 dot3svc (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll
15:08:11.0315 3244 dot3svc - ok
15:08:11.0356 3244 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
15:08:11.0357 3244 DPS - ok
15:08:11.0389 3244 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
15:08:11.0389 3244 drmkaud - ok
15:08:11.0437 3244 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
15:08:11.0444 3244 DXGKrnl - ok
15:08:11.0486 3244 e1express (908ed85b7806e8af3af5e9b74f7809d4) C:\Windows\system32\DRIVERS\e1e6032.sys
15:08:11.0488 3244 e1express - ok
15:08:11.0513 3244 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
15:08:11.0514 3244 E1G60 - ok
15:08:11.0537 3244 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
15:08:11.0538 3244 EapHost - ok
15:08:11.0593 3244 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
15:08:11.0594 3244 Ecache - ok
15:08:11.0635 3244 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
15:08:11.0637 3244 elxstor - ok
15:08:11.0691 3244 EMDMgmt (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll
15:08:11.0697 3244 EMDMgmt - ok
15:08:11.0731 3244 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
15:08:11.0732 3244 ErrDev - ok
15:08:11.0787 3244 EventSystem (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll
15:08:11.0789 3244 EventSystem - ok
15:08:11.0821 3244 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
15:08:11.0822 3244 exfat - ok
15:08:11.0856 3244 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
15:08:11.0858 3244 fastfat - ok
15:08:11.0898 3244 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
15:08:11.0899 3244 fdc - ok
15:08:11.0923 3244 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
15:08:11.0924 3244 fdPHost - ok
15:08:11.0929 3244 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
15:08:11.0931 3244 FDResPub - ok
15:08:11.0946 3244 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
15:08:11.0946 3244 FileInfo - ok
15:08:11.0953 3244 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
15:08:11.0954 3244 Filetrace - ok
15:08:11.0961 3244 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
15:08:11.0961 3244 flpydisk - ok
15:08:11.0993 3244 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
15:08:11.0994 3244 FltMgr - ok
15:08:12.0072 3244 FontCache (452feaab2a8dbb42ed751754cb2594f5) C:\Windows\system32\FntCache.dll
15:08:12.0079 3244 FontCache - ok
15:08:12.0143 3244 FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
15:08:12.0144 3244 FontCache3.0.0.0 - ok
15:08:12.0167 3244 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
15:08:12.0167 3244 Fs_Rec - ok
15:08:12.0184 3244 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
15:08:12.0185 3244 gagp30kx - ok
15:08:12.0251 3244 GoToAssist (d3316f6e3c011435f36e3d6e49b3196c) C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
15:08:12.0251 3244 GoToAssist - ok
15:08:12.0298 3244 gpsvc (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll
15:08:12.0307 3244 gpsvc - ok
15:08:12.0368 3244 gusvc (c1b577b2169900f4cf7190c39f085794) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
15:08:12.0370 3244 gusvc - ok
15:08:12.0419 3244 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
15:08:12.0424 3244 HDAudBus - ok
15:08:12.0445 3244 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
15:08:12.0446 3244 HidBth - ok
15:08:12.0461 3244 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
15:08:12.0461 3244 HidIr - ok
15:08:12.0490 3244 hidserv (84067081f3318162797385e11a8f0582) C:\Windows\System32\hidserv.dll
15:08:12.0491 3244 hidserv - ok
15:08:12.0544 3244 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
15:08:12.0545 3244 HidUsb - ok
15:08:12.0565 3244 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
15:08:12.0567 3244 hkmsvc - ok
15:08:12.0574 3244 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
15:08:12.0575 3244 HpCISSs - ok
15:08:12.0625 3244 HTTP (0eeeca26c8d4bde2a4664db058a81937) C:\Windows\system32\drivers\HTTP.sys
15:08:12.0628 3244 HTTP - ok
15:08:12.0644 3244 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
15:08:12.0645 3244 i2omp - ok
15:08:12.0676 3244 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
15:08:12.0677 3244 i8042prt - ok
15:08:12.0712 3244 iaStor (e5a0034847537eaee3c00349d5c34c5f) C:\Windows\system32\drivers\iastor.sys
15:08:12.0714 3244 iaStor - ok
15:08:12.0731 3244 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
15:08:12.0733 3244 iaStorV - ok
15:08:12.0838 3244 idsvc (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
15:08:12.0848 3244 idsvc - ok
15:08:12.0964 3244 igfx (c134e69ce901422d1f2d7ea8d69098fe) C:\Windows\system32\DRIVERS\igdkmd32.sys
15:08:12.0975 3244 igfx - ok
15:08:13.0083 3244 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
15:08:13.0083 3244 iirsp - ok
15:08:13.0128 3244 IKEEXT (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll
15:08:13.0133 3244 IKEEXT - ok
15:08:13.0253 3244 IntcAzAudAddService (edc37b918e583a5a813c53d4f5588255) C:\Windows\system32\drivers\RTKVHDA.sys
15:08:13.0268 3244 IntcAzAudAddService - ok
15:08:13.0389 3244 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
15:08:13.0389 3244 intelide - ok
15:08:13.0401 3244 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
15:08:13.0402 3244 intelppm - ok
15:08:13.0430 3244 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
15:08:13.0431 3244 IPBusEnum - ok
15:08:13.0449 3244 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:08:13.0453 3244 IpFilterDriver - ok
15:08:13.0487 3244 iphlpsvc (1998bd97f950680bb55f55a7244679c2) C:\Windows\System32\iphlpsvc.dll
15:08:13.0489 3244 iphlpsvc - ok
15:08:13.0492 3244 IpInIp - ok
15:08:13.0540 3244 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
15:08:13.0541 3244 IPMIDRV - ok
15:08:13.0558 3244 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
15:08:13.0559 3244 IPNAT - ok
15:08:13.0569 3244 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
15:08:13.0570 3244 IRENUM - ok
15:08:13.0586 3244 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
15:08:13.0587 3244 isapnp - ok
15:08:13.0626 3244 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
15:08:13.0628 3244 iScsiPrt - ok
15:08:13.0638 3244 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
15:08:13.0639 3244 iteatapi - ok
15:08:13.0650 3244 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
15:08:13.0651 3244 iteraid - ok
15:08:13.0664 3244 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
15:08:13.0665 3244 kbdclass - ok
15:08:13.0705 3244 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
15:08:13.0706 3244 kbdhid - ok
15:08:13.0741 3244 KeyIso (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
15:08:13.0743 3244 KeyIso - ok
15:08:13.0767 3244 KSecDD (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
15:08:13.0771 3244 KSecDD - ok
15:08:13.0824 3244 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
15:08:13.0827 3244 KtmRm - ok
15:08:13.0866 3244 LanmanServer (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\System32\srvsvc.dll
15:08:13.0869 3244 LanmanServer - ok
15:08:13.0916 3244 LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll
15:08:13.0920 3244 LanmanWorkstation - ok
15:08:13.0937 3244 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
15:08:13.0938 3244 lltdio - ok
15:08:13.0968 3244 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
15:08:13.0970 3244 lltdsvc - ok
15:08:13.0995 3244 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
15:08:13.0997 3244 lmhosts - ok
15:08:14.0017 3244 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
15:08:14.0018 3244 LSI_FC - ok
15:08:14.0031 3244 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
15:08:14.0032 3244 LSI_SAS - ok
15:08:14.0054 3244 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
15:08:14.0055 3244 LSI_SCSI - ok
15:08:14.0072 3244 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
15:08:14.0074 3244 luafv - ok
15:08:14.0083 3244 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
15:08:14.0084 3244 megasas - ok
15:08:14.0112 3244 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
15:08:14.0115 3244 MegaSR - ok
15:08:14.0138 3244 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
15:08:14.0140 3244 MMCSS - ok
15:08:14.0156 3244 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
15:08:14.0156 3244 Modem - ok
15:08:14.0186 3244 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
15:08:14.0187 3244 monitor - ok
15:08:14.0195 3244 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
15:08:14.0196 3244 mouclass - ok
15:08:14.0206 3244 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
15:08:14.0206 3244 mouhid - ok
15:08:14.0223 3244 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
15:08:14.0224 3244 MountMgr - ok
15:08:14.0258 3244 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\Windows\system32\DRIVERS\MpFilter.sys
15:08:14.0259 3244 MpFilter - ok
15:08:14.0288 3244 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
15:08:14.0289 3244 mpio - ok
15:08:14.0396 3244 MpKslcb70e7cf (a69630d039c38018689190234f866d77) c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{65365CFA-596A-4ADB-93EE-D739DA7E9391}\MpKslcb70e7cf.sys
15:08:14.0397 3244 MpKslcb70e7cf - ok
15:08:14.0414 3244 MpNWMon (2c3489660d4a8d514c123c3f0d67df46) C:\Windows\system32\DRIVERS\MpNWMon.sys
15:08:14.0415 3244 MpNWMon - ok
15:08:14.0423 3244 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
15:08:14.0424 3244 mpsdrv - ok
15:08:14.0465 3244 MpsSvc (5de62c6e9108f14f6794060a9bdecaec) C:\Windows\system32\mpssvc.dll
15:08:14.0470 3244 MpsSvc - ok
15:08:14.0498 3244 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
15:08:14.0499 3244 Mraid35x - ok
15:08:14.0530 3244 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
15:08:14.0531 3244 MRxDAV - ok
15:08:14.0568 3244 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
15:08:14.0569 3244 mrxsmb - ok
15:08:14.0604 3244 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:08:14.0606 3244 mrxsmb10 - ok
15:08:14.0617 3244 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:08:14.0618 3244 mrxsmb20 - ok
15:08:14.0633 3244 msahci (f70590424eefbf5c27a40c67afdb8383) C:\Windows\system32\drivers\msahci.sys
15:08:14.0634 3244 msahci - ok
15:08:14.0646 3244 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
15:08:14.0647 3244 msdsm - ok
15:08:14.0669 3244 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
15:08:14.0671 3244 MSDTC - ok
15:08:14.0690 3244 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
15:08:14.0691 3244 Msfs - ok
15:08:14.0714 3244 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
15:08:14.0714 3244 msisadrv - ok
15:08:14.0751 3244 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
15:08:14.0753 3244 MSiSCSI - ok
15:08:14.0770 3244 msiserver - ok
15:08:14.0803 3244 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
15:08:14.0803 3244 MSKSSRV - ok
15:08:14.0848 3244 MsMpSvc (cfce43b70ca0cc4dcc8adb62b792b173) c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
15:08:14.0849 3244 MsMpSvc - ok
15:08:14.0853 3244 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
15:08:14.0853 3244 MSPCLOCK - ok
15:08:14.0860 3244 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
15:08:14.0861 3244 MSPQM - ok
15:08:14.0893 3244 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
15:08:14.0894 3244 MsRPC - ok
15:08:14.0911 3244 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
15:08:14.0911 3244 mssmbios - ok
15:08:14.0915 3244 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
15:08:14.0915 3244 MSTEE - ok
15:08:14.0948 3244 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
15:08:14.0949 3244 Mup - ok
15:08:14.0990 3244 napagent (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll
15:08:14.0994 3244 napagent - ok
15:08:15.0030 3244 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
15:08:15.0032 3244 NativeWifiP - ok
15:08:15.0093 3244 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
15:08:15.0098 3244 NDIS - ok
15:08:15.0122 3244 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
15:08:15.0123 3244 NdisTapi - ok
15:08:15.0131 3244 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
15:08:15.0132 3244 Ndisuio - ok
15:08:15.0163 3244 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
15:08:15.0164 3244 NdisWan - ok
15:08:15.0176 3244 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
15:08:15.0177 3244 NDProxy - ok
15:08:15.0183 3244 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
15:08:15.0184 3244 NetBIOS - ok
15:08:15.0222 3244 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
15:08:15.0223 3244 netbt - ok
15:08:15.0259 3244 Netlogon (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
15:08:15.0260 3244 Netlogon - ok
15:08:15.0289 3244 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
15:08:15.0293 3244 Netman - ok
15:08:15.0311 3244 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
15:08:15.0315 3244 netprofm - ok
15:08:15.0367 3244 NetTcpPortSharing (d6c4e4a39a36029ac0813d476fbd0248) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:08:15.0369 3244 NetTcpPortSharing - ok
15:08:15.0401 3244 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
15:08:15.0402 3244 nfrd960 - ok
15:08:15.0427 3244 NisDrv (7b01c6172cfd0b10116175e09200d4b4) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
15:08:15.0428 3244 NisDrv - ok
15:08:15.0509 3244 NisSrv (a5cb074f34bbd89948e34a630d459c0c) c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
15:08:15.0512 3244 NisSrv - ok
15:08:15.0538 3244 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
15:08:15.0542 3244 NlaSvc - ok
15:08:15.0575 3244 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
15:08:15.0576 3244 Npfs - ok
15:08:15.0596 3244 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
15:08:15.0598 3244 nsi - ok
15:08:15.0636 3244 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
15:08:15.0637 3244 nsiproxy - ok
15:08:15.0725 3244 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
15:08:15.0740 3244 Ntfs - ok
15:08:15.0762 3244 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
15:08:15.0762 3244 ntrigdigi - ok
15:08:15.0766 3244 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
15:08:15.0766 3244 Null - ok
15:08:15.0810 3244 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
15:08:15.0812 3244 nvraid - ok
15:08:15.0821 3244 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
15:08:15.0822 3244 nvstor - ok
15:08:15.0834 3244 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
15:08:15.0835 3244 nv_agp - ok
15:08:15.0840 3244 NwlnkFlt - ok
15:08:15.0846 3244 NwlnkFwd - ok
15:08:15.0887 3244 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
15:08:15.0889 3244 ohci1394 - ok
15:08:15.0945 3244 p2pimsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
15:08:15.0954 3244 p2pimsvc - ok
15:08:15.0962 3244 p2psvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
15:08:15.0967 3244 p2psvc - ok
15:08:15.0981 3244 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
15:08:15.0982 3244 Parport - ok
15:08:16.0012 3244 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
15:08:16.0014 3244 partmgr - ok
15:08:16.0018 3244 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
15:08:16.0018 3244 Parvdm - ok
15:08:16.0037 3244 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
15:08:16.0039 3244 PcaSvc - ok
15:08:16.0073 3244 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
15:08:16.0074 3244 pci - ok
15:08:16.0095 3244 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
15:08:16.0096 3244 pciide - ok
15:08:16.0109 3244 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
15:08:16.0111 3244 pcmcia - ok
15:08:16.0170 3244 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
15:08:16.0176 3244 PEAUTH - ok
15:08:16.0262 3244 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
15:08:16.0276 3244 pla - ok
15:08:16.0387 3244 PlugPlay (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll
15:08:16.0391 3244 PlugPlay - ok
15:08:16.0444 3244 PNRPAutoReg (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
15:08:16.0449 3244 PNRPAutoReg - ok
15:08:16.0458 3244 PNRPsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
15:08:16.0464 3244 PNRPsvc - ok
15:08:16.0491 3244 PolicyAgent (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll
15:08:16.0495 3244 PolicyAgent - ok
15:08:16.0563 3244 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
15:08:16.0564 3244 PptpMiniport - ok
15:08:16.0588 3244 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
15:08:16.0589 3244 Processor - ok
15:08:16.0626 3244 ProfSvc (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll
15:08:16.0629 3244 ProfSvc - ok
15:08:16.0660 3244 ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
15:08:16.0662 3244 ProtectedStorage - ok
15:08:16.0672 3244 psa500 - ok
15:08:16.0706 3244 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
15:08:16.0707 3244 PSched - ok
15:08:16.0740 3244 PxHelp20 (03e0fe281823ba64b3782f5b38950e73) C:\Windows\system32\Drivers\PxHelp20.sys
15:08:16.0741 3244 PxHelp20 - ok
15:08:16.0809 3244 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
15:08:16.0818 3244 ql2300 - ok
15:08:16.0835 3244 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
15:08:16.0838 3244 ql40xx - ok
15:08:16.0842 3244 QsndEnum - ok
15:08:16.0879 3244 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
15:08:16.0882 3244 QWAVE - ok
15:08:16.0905 3244 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
15:08:16.0906 3244 QWAVEdrv - ok
15:08:17.0016 3244 R300 (e642b131fb74caf4bb8a014f31113142) C:\Windows\system32\DRIVERS\atikmdag.sys
15:08:17.0030 3244 R300 - ok
15:08:17.0141 3244 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
15:08:17.0141 3244 RasAcd - ok
15:08:17.0160 3244 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
15:08:17.0163 3244 RasAuto - ok
15:08:17.0183 3244 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
15:08:17.0185 3244 Rasl2tp - ok
15:08:17.0222 3244 RasMan (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll
15:08:17.0226 3244 RasMan - ok
15:08:17.0253 3244 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
15:08:17.0255 3244 RasPppoe - ok
15:08:17.0286 3244 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
15:08:17.0287 3244 RasSstp - ok
15:08:17.0323 3244 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
15:08:17.0325 3244 rdbss - ok
15:08:17.0353 3244 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
15:08:17.0353 3244 RDPCDD - ok
15:08:17.0381 3244 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
15:08:17.0383 3244 rdpdr - ok
15:08:17.0387 3244 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
15:08:17.0388 3244 RDPENCDD - ok
15:08:17.0422 3244 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
15:08:17.0425 3244 RDPWD - ok
15:08:17.0454 3244 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
15:08:17.0456 3244 RemoteAccess - ok
15:08:17.0488 3244 RemoteRegistry (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll
15:08:17.0491 3244 RemoteRegistry - ok
15:08:17.0505 3244 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
15:08:17.0506 3244 RpcLocator - ok
15:08:17.0553 3244 RpcSs (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
15:08:17.0558 3244 RpcSs - ok
15:08:17.0599 3244 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
15:08:17.0600 3244 rspndr - ok
15:08:17.0638 3244 RTL8169 (cb0bd9e10e3e244d312c106dee1bbb93) C:\Windows\system32\DRIVERS\Rtlh86.sys
15:08:17.0639 3244 RTL8169 - ok
15:08:17.0661 3244 RtNdPt60 (7f8d15ee000577be703537849d4f9397) C:\Windows\system32\DRIVERS\RtNdPt60.sys
15:08:17.0662 3244 RtNdPt60 - ok
15:08:17.0680 3244 SamSs (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
15:08:17.0682 3244 SamSs - ok
15:08:17.0705 3244 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
15:08:17.0706 3244 sbp2port - ok
15:08:17.0748 3244 SCardSvr (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll
15:08:17.0751 3244 SCardSvr - ok
15:08:17.0807 3244 Schedule (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll
15:08:17.0813 3244 Schedule - ok
15:08:17.0829 3244 SCPolicySvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
15:08:17.0830 3244 SCPolicySvc - ok
15:08:17.0852 3244 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
15:08:17.0854 3244 SDRSVC - ok
15:08:17.0873 3244 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
15:08:17.0874 3244 secdrv - ok
15:08:17.0881 3244 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
15:08:17.0883 3244 seclogon - ok
15:08:17.0897 3244 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\system32\sens.dll
15:08:17.0899 3244 SENS - ok
15:08:17.0904 3244 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
15:08:17.0905 3244 Serenum - ok
15:08:17.0919 3244 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
15:08:17.0920 3244 Serial - ok
15:08:17.0924 3244 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
15:08:17.0925 3244 sermouse - ok
15:08:17.0949 3244 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
15:08:17.0952 3244 SessionEnv - ok
15:08:17.0963 3244 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
15:08:17.0963 3244 sffdisk - ok
15:08:17.0975 3244 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
15:08:17.0976 3244 sffp_mmc - ok
15:08:17.0980 3244 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
15:08:17.0980 3244 sffp_sd - ok
15:08:17.0987 3244 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
15:08:17.0988 3244 sfloppy - ok
15:08:18.0022 3244 SharedAccess (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll
15:08:18.0025 3244 SharedAccess - ok
15:08:18.0057 3244 ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll
15:08:18.0061 3244 ShellHWDetection - ok
15:08:18.0076 3244 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
15:08:18.0077 3244 sisagp - ok
15:08:18.0090 3244 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
15:08:18.0090 3244 SiSRaid2 - ok
15:08:18.0103 3244 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
15:08:18.0104 3244 SiSRaid4 - ok
15:08:18.0281 3244 slsvc (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe
15:08:18.0310 3244 slsvc - ok
15:08:18.0404 3244 SLUINotify (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll
15:08:18.0406 3244 SLUINotify - ok
15:08:18.0468 3244 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
15:08:18.0469 3244 Smb - ok
15:08:18.0481 3244 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
15:08:18.0483 3244 SNMPTRAP - ok
15:08:18.0530 3244 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
15:08:18.0531 3244 spldr - ok
15:08:18.0567 3244 Spooler (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe
15:08:18.0569 3244 Spooler - ok
15:08:18.0647 3244 sprtsvc_DellSupportCenter (777115c9cc675bd98127660712d2f784) C:\Program Files\Dell Support Center\bin\sprtsvc.exe
15:08:18.0649 3244 sprtsvc_DellSupportCenter - ok
15:08:18.0690 3244 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
15:08:18.0692 3244 srv - ok
15:08:18.0726 3244 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
15:08:18.0727 3244 srv2 - ok
15:08:18.0756 3244 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
15:08:18.0757 3244 srvnet - ok
15:08:18.0788 3244 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
15:08:18.0791 3244 SSDPSRV - ok
15:08:18.0819 3244 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
15:08:18.0822 3244 SstpSvc - ok
15:08:18.0869 3244 stisvc (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll
15:08:18.0873 3244 stisvc - ok
15:08:18.0926 3244 stllssvr (1d0063597c3666404fcf97698abeb019) C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
15:08:18.0958 3244 stllssvr - ok
15:08:19.0084 3244 Stuffit Archive Name Service (1db60cb3e53e2491d5d6c43c06676ca2) C:\Program Files\Smith Micro\ArcNameService.exe
15:08:19.0105 3244 Stuffit Archive Name Service - ok
15:08:19.0215 3244 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
15:08:19.0215 3244 swenum - ok
15:08:19.0259 3244 swprv (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll
15:08:19.0263 3244 swprv - ok
15:08:19.0276 3244 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
15:08:19.0277 3244 Symc8xx - ok
15:08:19.0291 3244 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
15:08:19.0292 3244 Sym_hi - ok
15:08:19.0304 3244 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
15:08:19.0305 3244 Sym_u3 - ok
15:08:19.0359 3244 SysMain (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll
15:08:19.0370 3244 SysMain - ok
15:08:19.0394 3244 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
15:08:19.0397 3244 TabletInputService - ok
15:08:19.0437 3244 TapiSrv (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll
15:08:19.0441 3244 TapiSrv - ok
15:08:19.0458 3244 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
15:08:19.0460 3244 TBS - ok
15:08:19.0530 3244 Tcpip (16731b631f28f63cd9f4cb60940e7ddd) C:\Windows\system32\drivers\tcpip.sys
15:08:19.0543 3244 Tcpip - ok
15:08:19.0553 3244 Tcpip6 (16731b631f28f63cd9f4cb60940e7ddd) C:\Windows\system32\DRIVERS\tcpip.sys
15:08:19.0559 3244 Tcpip6 - ok
15:08:19.0574 3244 tcpipreg (3fc13f09af9be487c7b4fac4070a036c) C:\Windows\system32\drivers\tcpipreg.sys
15:08:19.0575 3244 tcpipreg - ok
15:08:19.0599 3244 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
15:08:19.0600 3244 TDPIPE - ok
15:08:19.0613 3244 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
15:08:19.0614 3244 TDTCP - ok
15:08:19.0649 3244 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
15:08:19.0650 3244 tdx - ok
15:08:19.0685 3244 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
15:08:19.0686 3244 TermDD - ok
15:08:19.0737 3244 TermService (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll
15:08:19.0741 3244 TermService - ok
15:08:19.0807 3244 Themes (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll
15:08:19.0810 3244 Themes - ok
15:08:19.0835 3244 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
15:08:19.0836 3244 THREADORDER - ok
15:08:19.0858 3244 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
15:08:19.0861 3244 TrkWks - ok
15:08:19.0903 3244 TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe
15:08:19.0904 3244 TrustedInstaller - ok
15:08:19.0928 3244 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
15:08:19.0929 3244 tssecsrv - ok
15:08:19.0943 3244 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
15:08:19.0944 3244 tunmp - ok
15:08:19.0986 3244 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
15:08:19.0987 3244 tunnel - ok
15:08:20.0008 3244 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
15:08:20.0009 3244 uagp35 - ok
15:08:20.0050 3244 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
15:08:20.0052 3244 udfs - ok
15:08:20.0086 3244 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
15:08:20.0089 3244 UI0Detect - ok
15:08:20.0109 3244 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
15:08:20.0110 3244 uliagpkx - ok
15:08:20.0131 3244 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
15:08:20.0134 3244 uliahci - ok
15:08:20.0153 3244 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
15:08:20.0155 3244 UlSata - ok
15:08:20.0171 3244 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
15:08:20.0173 3244 ulsata2 - ok
15:08:20.0200 3244 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
15:08:20.0201 3244 umbus - ok
15:08:20.0218 3244 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
15:08:20.0221 3244 upnphost - ok
15:08:20.0264 3244 usbaudio (292a25bb75a568ae2c67169ba2c6365a) C:\Windows\system32\drivers\usbaudio.sys
15:08:20.0266 3244 usbaudio - ok
15:08:20.0269 3244 usbbus - ok
15:08:20.0322 3244 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
15:08:20.0323 3244 usbccgp - ok
15:08:20.0340 3244 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
15:08:20.0341 3244 usbcir - ok
15:08:20.0357 3244 UsbDiag - ok
15:08:20.0389 3244 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
15:08:20.0390 3244 usbehci - ok
15:08:20.0420 3244 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
15:08:20.0422 3244 usbhub - ok
15:08:20.0426 3244 USBModem - ok
15:08:20.0439 3244 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
15:08:20.0440 3244 usbohci - ok
15:08:20.0473 3244 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
15:08:20.0474 3244 usbprint - ok
15:08:20.0517 3244 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
15:08:20.0518 3244 usbscan - ok
15:08:20.0534 3244 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:08:20.0535 3244 USBSTOR - ok
15:08:20.0568 3244 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
15:08:20.0569 3244 usbuhci - ok
15:08:20.0596 3244 UxSms (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll
15:08:20.0599 3244 UxSms - ok
15:08:20.0650 3244 vds (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe
15:08:20.0656 3244 vds - ok
15:08:20.0690 3244 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
15:08:20.0691 3244 vga - ok
15:08:20.0702 3244 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
15:08:20.0703 3244 VgaSave - ok
15:08:20.0730 3244 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
15:08:20.0731 3244 viaagp - ok
15:08:20.0750 3244 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
15:08:20.0751 3244 ViaC7 - ok
15:08:20.0771 3244 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
15:08:20.0771 3244 viaide - ok
15:08:20.0776 3244 vjlrrrub - ok
15:08:20.0795 3244 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
15:08:20.0796 3244 volmgr - ok
15:08:20.0840 3244 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
15:08:20.0842 3244 volmgrx - ok
15:08:20.0879 3244 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
15:08:20.0881 3244 volsnap - ok
15:08:20.0902 3244 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
15:08:20.0903 3244 vsmraid - ok
15:08:20.0981 3244 VSS (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe
15:08:20.0995 3244 VSS - ok
15:08:21.0036 3244 W32Time (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll
15:08:21.0039 3244 W32Time - ok
15:08:21.0084 3244 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
15:08:21.0085 3244 WacomPen - ok
15:08:21.0096 3244 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
15:08:21.0098 3244 Wanarp - ok
15:08:21.0101 3244 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
15:08:21.0102 3244 Wanarpv6 - ok
15:08:21.0136 3244 wcncsvc (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll
15:08:21.0142 3244 wcncsvc - ok
15:08:21.0162 3244 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
15:08:21.0165 3244 WcsPlugInService - ok
15:08:21.0182 3244 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
15:08:21.0182 3244 Wd - ok
15:08:21.0222 3244 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
15:08:21.0226 3244 Wdf01000 - ok
15:08:21.0239 3244 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
15:08:21.0242 3244 WdiServiceHost - ok
15:08:21.0245 3244 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
15:08:21.0248 3244 WdiSystemHost - ok
15:08:21.0283 3244 WebClient (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll
15:08:21.0287 3244 WebClient - ok
15:08:21.0314 3244 Wecsvc (905214925a88311fce52f66153de7610) C:\Windows\system32\wecsvc.dll
15:08:21.0317 3244 Wecsvc - ok
15:08:21.0334 3244 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
15:08:21.0337 3244 wercplsupport - ok
15:08:21.0370 3244 WerSvc (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll
15:08:21.0373 3244 WerSvc - ok
15:08:21.0437 3244 WinDefend (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll
15:08:21.0440 3244 WinDefend - ok
15:08:21.0445 3244 WinHttpAutoProxySvc - ok
15:08:21.0501 3244 Winmgmt (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll
15:08:21.0502 3244 Winmgmt - ok
15:08:21.0570 3244 WinRM (01874d4689c212460fbabf0ecd7cb7f7) C:\Windows\system32\WsmSvc.dll
15:08:21.0592 3244 WinRM - ok
15:08:21.0654 3244 Wlansvc (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll
15:08:21.0661 3244 Wlansvc - ok
15:08:21.0824 3244 wlidsvc (5144ae67d60ec653f97ddf3feed29e77) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
15:08:21.0839 3244 wlidsvc - ok
15:08:21.0956 3244 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys
15:08:21.0957 3244 WmiAcpi - ok
15:08:22.0010 3244 wmiApSrv (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe
15:08:22.0012 3244 wmiApSrv - ok
15:08:22.0102 3244 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
15:08:22.0109 3244 WMPNetworkSvc - ok
15:08:22.0128 3244 WPCSvc (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll
15:08:22.0131 3244 WPCSvc - ok
15:08:22.0159 3244 WPDBusEnum (396d406292b0cd26e3504ffe82784702) C:\Windows\system32\wpdbusenum.dll
15:08:22.0162 3244 WPDBusEnum - ok
15:08:22.0216 3244 WpdUsb (0cec23084b51b8288099eb710224e955) C:\Windows\system32\DRIVERS\wpdusb.sys
15:08:22.0217 3244 WpdUsb - ok
15:08:22.0236 3244 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
15:08:22.0237 3244 ws2ifsl - ok
15:08:22.0276 3244 wscsvc (1ca6c40261ddc0425987980d0cd2aaab) C:\Windows\system32\wscsvc.dll
15:08:22.0278 3244 wscsvc - ok
15:08:22.0282 3244 WSearch - ok
15:08:22.0396 3244 wuauserv (6298277b73c77fa99106b271a7525163) C:\Windows\system32\wuaueng.dll
15:08:22.0415 3244 wuauserv - ok
15:08:22.0537 3244 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
15:08:22.0539 3244 WUDFRd - ok
15:08:22.0559 3244 wudfsvc (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll
15:08:22.0561 3244 wudfsvc - ok
15:08:22.0584 3244 MBR (0x1B8) (cdb4de4bbd714f152979da2dcbef57eb) \Device\Harddisk0\DR0
15:08:22.0644 3244 \Device\Harddisk0\DR0 - ok
15:08:22.0686 3244 Boot (0x1200) (de4418b7c7697e1fca9b8e2979c1914a) \Device\Harddisk0\DR0\Partition0
15:08:22.0688 3244 \Device\Harddisk0\DR0\Partition0 - ok
15:08:22.0691 3244 Boot (0x1200) (90da778ece3e4fea2c8c599123be0f3e) \Device\Harddisk0\DR0\Partition1
15:08:22.0692 3244 \Device\Harddisk0\DR0\Partition1 - ok
15:08:22.0693 3244 ============================================================
15:08:22.0693 3244 Scan finished
15:08:22.0693 3244 ============================================================
15:08:22.0703 3684 Detected object count: 0
15:08:22.0703 3684 Actual detected object count: 0


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-25 15:13:27
-----------------------------
15:13:27.594 OS Version: Windows 6.0.6002 Service Pack 2
15:13:27.594 Number of processors: 2 586 0x1706
15:13:27.594 ComputerName: WILL-PC UserName: Will
15:13:28.703 Initialize success
15:14:17.541 AVAST engine defs: 12042501
15:14:24.906 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
15:14:24.907 Disk 0 Vendor: SAMSUNG_HD251HJ 1AC01113 Size: 238418MB BusType: 3
15:14:24.934 Disk 0 MBR read successfully
15:14:24.936 Disk 0 MBR scan
15:14:24.942 Disk 0 Windows VISTA default MBR code
15:14:24.944 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
15:14:24.995 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 15000 MB offset 81920
15:14:25.019 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 223377 MB offset 30801920
15:14:25.033 Disk 0 scanning sectors +488279202
15:14:25.111 Disk 0 scanning C:\Windows\system32\drivers
15:14:38.200 Service scanning
15:14:46.264 Service MpKslcb70e7cf c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{65365CFA-596A-4ADB-93EE-D739DA7E9391}\MpKslcb70e7cf.sys **LOCKED** 32
15:14:46.306 Service MpNWMon C:\Windows\system32\DRIVERS\MpNWMon.sys **LOCKED** 32
15:15:01.187 Modules scanning
15:15:05.716 Disk 0 trace - called modules:
15:15:05.759 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS pciide.sys
15:15:05.763 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x849fb320]
15:15:05.767 3 CLASSPNP.SYS[87da38b3] -> nt!IofCallDriver -> [0x83e76918]
15:15:05.770 5 acpi.sys[806936bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x8480ab98]
15:15:06.648 AVAST engine scan C:\Windows
15:15:12.303 AVAST engine scan C:\Windows\system32
15:18:41.752 AVAST engine scan C:\Windows\system32\drivers
15:19:06.448 AVAST engine scan C:\Users\Will
15:48:30.335 AVAST engine scan C:\ProgramData
15:50:52.383 Scan finished successfully
15:59:46.196 Disk 0 MBR has been saved successfully to "C:\Users\Will\Desktop\MBR.dat"
15:59:46.207 The log file has been saved successfully to "C:\Users\Will\Desktop\aswMBR.txt"

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:15 AM

Posted 25 April 2012 - 09:47 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 NeedHelp6

NeedHelp6
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:15 AM

Posted 25 April 2012 - 10:11 PM

Ok, here is the report from Combofix:

ComboFix 12-04-23.03 - Will 04/25/2012 19:57:15.4.2 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.2036.1034 [GMT -7:00]
Running from: c:\users\Will\Desktop\ComboFix.exe
Command switches used :: c:\users\Will\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-03-26 to 2012-04-26 )))))))))))))))))))))))))))))))
.
.
2012-04-26 03:01 . 2012-04-26 03:01 -------- d-----w- c:\users\Will\AppData\Local\temp
2012-04-26 03:01 . 2012-04-26 03:01 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-25 22:40 . 2012-04-25 22:40 56200 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{65365CFA-596A-4ADB-93EE-D739DA7E9391}\offreg.dll
2012-04-25 22:08 . 2012-04-25 22:08 29904 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{65365CFA-596A-4ADB-93EE-D739DA7E9391}\MpKslcb70e7cf.sys
2012-04-25 14:56 . 2012-04-13 07:36 6734704 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{65365CFA-596A-4ADB-93EE-D739DA7E9391}\mpengine.dll
2012-04-24 06:35 . 2012-04-24 06:35 335504 ----a-w- c:\windows\system32\drivers\TrufosAlt.sys
2012-04-24 06:15 . 2012-04-24 06:54 -------- d-----w- c:\windows\system32\DBBK
2012-04-24 05:57 . 2012-04-24 05:57 -------- d-----w- C:\TDSSKiller_Quarantine
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-24 05:31 . 2012-03-17 02:39 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-04-13 07:36 . 2011-06-05 03:48 6734704 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-04-04 22:56 . 2011-06-04 00:33 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-09 11:05 . 2012-03-09 11:05 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-03-09 11:05 . 2012-03-09 11:05 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-03-09 11:05 . 2012-03-09 11:05 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-03-09 11:05 . 2012-03-09 11:05 161792 ----a-w- c:\windows\system32\msls31.dll
2012-03-09 11:05 . 2012-03-09 11:05 1127424 ----a-w- c:\windows\system32\wininet.dll
2012-03-09 11:05 . 2012-03-09 11:05 86528 ----a-w- c:\windows\system32\iesysprep.dll
2012-03-09 11:05 . 2012-03-09 11:05 74752 ----a-w- c:\windows\system32\iesetup.dll
2012-03-09 11:05 . 2012-03-09 11:05 63488 ----a-w- c:\windows\system32\tdc.ocx
2012-03-09 11:05 . 2012-03-09 11:05 367104 ----a-w- c:\windows\system32\html.iec
2012-03-09 11:05 . 2012-03-09 11:04 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2012-03-09 11:04 . 2012-03-09 11:04 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-03-09 11:04 . 2012-03-09 11:04 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-03-09 11:04 . 2012-03-09 11:04 23552 ----a-w- c:\windows\system32\licmgr10.dll
2012-03-09 11:04 . 2012-03-09 11:04 152064 ----a-w- c:\windows\system32\wextract.exe
2012-03-09 11:04 . 2012-03-09 11:04 150528 ----a-w- c:\windows\system32\iexpress.exe
2012-03-09 11:04 . 2012-03-09 11:04 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-03-09 11:04 . 2012-03-09 11:04 11776 ----a-w- c:\windows\system32\mshta.exe
2012-03-09 11:04 . 2012-03-09 11:04 101888 ----a-w- c:\windows\system32\admparse.dll
2012-03-09 11:04 . 2012-03-09 11:04 1798656 ----a-w- c:\windows\system32\jscript9.dll
2012-03-09 11:04 . 2012-03-09 11:04 35840 ----a-w- c:\windows\system32\imgutil.dll
2012-03-09 11:04 . 2012-03-09 11:04 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-03-09 11:04 . 2012-03-09 11:04 979456 ----a-w- c:\windows\system32\MFH264Dec.dll
2012-03-09 11:04 . 2012-03-09 11:04 98816 ----a-w- c:\windows\system32\mfps.dll
2012-03-09 11:04 . 2012-03-09 11:04 586240 ----a-w- c:\windows\system32\stobject.dll
2012-03-09 11:04 . 2012-03-09 11:04 357376 ----a-w- c:\windows\system32\MFHEAACdec.dll
2012-03-09 11:04 . 2012-03-09 11:04 302592 ----a-w- c:\windows\system32\mfmp4src.dll
2012-03-09 11:04 . 2012-03-09 11:04 2873344 ----a-w- c:\windows\system32\mf.dll
2012-03-09 11:04 . 2012-03-09 11:04 261632 ----a-w- c:\windows\system32\mfreadwrite.dll
2012-03-09 11:04 . 2012-03-09 11:04 209920 ----a-w- c:\windows\system32\mfplat.dll
2012-03-09 11:04 . 2012-03-09 11:04 797184 ----a-w- c:\windows\system32\FntCache.dll
2012-03-09 11:04 . 2012-03-09 11:04 683008 ----a-w- c:\windows\system32\d2d1.dll
2012-03-09 11:04 . 2012-03-09 11:04 486400 ----a-w- c:\windows\system32\d3d10level9.dll
2012-03-09 11:04 . 2012-03-09 11:04 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2012-03-09 11:04 . 2012-03-09 11:04 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
2012-03-09 11:04 . 2012-03-09 11:04 1068544 ----a-w- c:\windows\system32\DWrite.dll
2012-03-09 11:04 . 2012-03-09 11:04 847360 ----a-w- c:\windows\system32\OpcServices.dll
2012-03-09 11:04 . 2012-03-09 11:04 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2012-03-09 11:04 . 2012-03-09 11:04 638336 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2012-03-09 11:04 . 2012-03-09 11:04 478720 ----a-w- c:\windows\system32\dxgi.dll
2012-03-09 11:04 . 2012-03-09 11:04 37376 ----a-w- c:\windows\system32\cdd.dll
2012-03-09 11:04 . 2012-03-09 11:04 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2012-03-09 11:04 . 2012-03-09 11:04 258048 ----a-w- c:\windows\system32\winspool.drv
2012-03-09 11:04 . 2012-03-09 11:04 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-03-09 11:04 . 2012-03-09 11:04 189952 ----a-w- c:\windows\system32\d3d10core.dll
2012-03-09 11:04 . 2012-03-09 11:04 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2012-03-09 11:04 . 2012-03-09 11:04 1554432 ----a-w- c:\windows\system32\xpsservices.dll
2012-03-09 11:04 . 2012-03-09 11:04 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2012-03-09 11:04 . 2012-03-09 11:04 1029120 ----a-w- c:\windows\system32\d3d10.dll
2012-03-09 11:04 . 2012-03-09 11:04 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2012-03-09 11:02 . 2012-03-09 11:02 4096 ----a-w- c:\windows\system32\drivers\en-US\dxgkrnl.sys.mui
2012-03-09 11:02 . 2012-03-09 11:02 519680 ----a-w- c:\windows\system32\d3d11.dll
2012-03-09 11:02 . 2012-03-09 11:02 369664 ----a-w- c:\windows\system32\WMPhoto.dll
2012-03-09 11:02 . 2012-03-09 11:02 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2012-03-09 11:02 . 2012-03-09 11:02 252928 ----a-w- c:\windows\system32\dxdiag.exe
2012-03-09 11:02 . 2012-03-09 11:02 195584 ----a-w- c:\windows\system32\dxdiagn.dll
2012-03-09 11:02 . 2012-03-09 11:02 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2012-03-09 11:02 . 2012-03-09 11:02 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
2012-02-16 15:02 . 2011-06-26 19:33 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-11 05:31 . 2012-02-11 05:32 713784 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{93ABA617-22BC-4BA4-8738-7D607FBFCCD7}\gapaengine.dll
2012-01-31 12:44 . 2011-03-22 22:41 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-03-13 04:39 . 2012-04-24 05:46 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2008-03-06 4706304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-03-06 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-03-06 133656]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"VMM Mode Selection"="c:\program files\HTC\ModeSelection\VMMModeSelection.exe" [2011-02-14 43520]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2009-02-06 17:24 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dellsupportcenter]
2008-10-04 19:58 206064 ----a-w- c:\program files\Dell Support Center\bin\sprtcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware (reboot)]
2012-04-04 22:56 981680 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-10-24 22:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 76205709
*NewlyCreated* - MPKSLCB70E7CF
*Deregistered* - 76205709
*Deregistered* - aswMBR
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-25 c:\windows\Tasks\RtlNICDiagVistaStart.job
- c:\program files\Realtek\RTNICDiag\RTNICDiag.exe [2009-02-06 11:44]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
mStart Page = about:blank
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Will\AppData\Roaming\Mozilla\Firefox\Profiles\m1igmqwx.default\
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-04-25 20:01
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Completion time: 2012-04-25 20:02:55
ComboFix-quarantined-files.txt 2012-04-26 03:02
ComboFix2.txt 2012-04-25 14:55
ComboFix3.txt 2012-04-24 14:28
ComboFix4.txt 2012-04-24 07:29
.
Pre-Run: 114,859,888,640 bytes free
Post-Run: 114,946,265,088 bytes free
.
- - End Of File - - FE76DE0D2C759E68CA3884A69AC124A4


Seems like everything went well, I didn't have any problems running this. I have not had any redirect problems all day, so that problem seems to have been fixed. I still have this fishy looking icon on my desktop called "The Internet". What should I do about that?

Thanks again for your help.


#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:15 AM

Posted 25 April 2012 - 10:30 PM

Hello

I think that icon was put back by combofix as it resets allot of things back to default - go ahead and delete it

I would like to see a report that combofix makes.

extra combofix report

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\Add-Remove Programs.txt
  • click ok

copy and paste the report into this topic for me to review

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 NeedHelp6

NeedHelp6
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:15 AM

Posted 25 April 2012 - 11:00 PM

Ok, I deleted the icon off of my desktop.

Here is that log you requested:

Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 9
Adobe Shockwave Player 11.5
Apple Software Update
BitPim 1.0.6
BitTorrent
Choice Guard
Comcast High-Speed Internet Install Wizard
Compatibility Pack for the 2007 Office system
Dell Support Center (Support Software)
EDocs
Free 3GP Video Converter version 5.0.4.1228
Free WMA to MP3 Converter 1.16
GoToAssist 8.0.0.514
gretl version 1.9.5cvs
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Deskjet 1050 J410 series Basic Device Software
HP Deskjet 1050 J410 series Help
Java Auto Updater
Java™ 6 Update 31
Junk Mail filter update
Malwarebytes Anti-Malware version 1.61.0.1400
Mathematica Extras 8.0 (2427702)
MediaDirect
Microsoft .NET Framework 3.5 SP1
Microsoft Antimalware
Microsoft Application Error Reporting
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office XP Professional with FrontPage
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
Move Media Player
Mozilla Firefox 11.0 (x86 en-US)
MSVCRT
Opera 11.60
Picasa 3
QuickTime
Realtek Ethernet Network Card Diagnostic tool for Windows Vista
Realtek High Definition Audio Driver
RedMon - Redirection Port Monitor
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Express Labeler 3
Roxio Update Manager
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
StuffIt 2010
Switch Sound File Converter
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Winamp (remove only)
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
Windows Media Player Firefox Plugin
Wolfram CDF Player (M-WIN-D 8.0.3 2427703)

So does it look like the problem is taken care of?

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:15 AM

Posted 26 April 2012 - 12:05 AM

Hello

:P2P Warning!:

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
Once upon a time, P2P file sharing was fairly safe. That is no longer true. P2P programs form a direct conduit on to your computer, their security measures are easily circumvented and malware writers are increasingly exploiting them to spread their wares on to your computer. Further to that, if your P2P program is not configured correctly, your computer may be sharing more files than you realise. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.

FBI Cyber Education Letter
File sharing infects 500,000 computers
USAToday
infoworld


These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

Adobe Reader 9
BitTorrent
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.

Update Adobe Reader

Recently there have been vulnerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

If you don't like Adobe Reader (53 MB), you can download Foxit PDF Reader(7 MB) from here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.

Note: When installing FoxitReader, be careful not to install anything to do with AskBar.
[/list]
Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 NeedHelp6

NeedHelp6
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:15 AM

Posted 26 April 2012 - 10:16 AM

Ok, I made a little mistake in removing Adobe Reader 9 and BitTorrent. I uninstalled them using the control panel, and not Revo.

I ran CC clean with no problems.

I ran MBAM with no problems, here is the log:


Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.04.26.02

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Will :: WILL-PC [administrator]

4/26/2012 7:39:58 AM
mbam-log-2012-04-26 (07-39-58).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 190573
Time elapsed: 9 minute(s), 58 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Here is the log from Hijack This:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:13:50 AM, on 4/26/2012
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\Explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [VMM Mode Selection] C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

--
End of file - 3915 bytes



The computer seems to be doing ok, I have not had any redirect problems or bogus icons/notifications popping up.

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:15 AM

Posted 26 April 2012 - 01:44 PM

Greetings NeedHelp6

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [VMM Mode Selection] C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe
      O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
      O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
      O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brackets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the ActiveX control to install
    • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • Click on copy to clipboard or copy and paste the results here in this topic

Copy and paste that log as a reply to this topic

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 NeedHelp6

NeedHelp6
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:15 AM

Posted 26 April 2012 - 05:26 PM

I ran Hijack This with no problems, and I removed 3 of the 4 that you recommended.

I was able to run Eset scanner, and here is that log:

C:\Windows\System32\DBBK\4457FC9E01CA8B7399863218E23FAE07 Win32/Boaxxe.E trojan


I clicked on finish, and I am not sure if it did anything with that trojan, at least it didn't say that it did.

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:15 AM

Posted 26 April 2012 - 08:30 PM

Hello

There are some minor things in your online scan that should be removed.


delete files

  • Copy all text in the quote box (below)...to Notepad.

    @echo off
    rd /s /q "C:\Windows\System32\DBBK\4457FC9E01CA8B7399863218E23FAE07\"
    del /f /s /q "C:\Windows\System32\DBBK\4457FC9E01CA8B7399863218E23FAE07"
    del %0

  • Save the Notepad file on your desktop...as delfile.bat... save type as "All Files"
    It should look like this: Posted Image<--XPPosted Image<--vista
  • Double click on delfile.bat to execute it.
    A black CMD window will flash, then disappear...this is normal.
  • The files and folders, if found...will have been deleted and the "delfile.bat" file will also be deleted.


The rest of the Online scan is only reporting backups created during the course of this fix C:\Qoobox\Quarantine\, and/or items located in System Restore's cache C:\System Volume Information\, Whatever is in these folders can't harm you unless you choose to perform a manual restore. the following steps will remove these backups.




Very well done!! This is my general post for when your logs show no more signs of malware - Please let me know if you still are having problems with your computer and what these problems are.


:Why we need to remove some of our tools:

Some of the tools we have used to clean your computer were made by fellow malware fighters and are very powerful and if used incorrectly or at the wronge time can make the computer an expensive paper weight.
They are updated all the time and some of them more than once a day so by the time you are ready to use them again they will already be outdated.

The following procedures will implement some cleanup procedures to remove these tools. It will also reset your System Restore by flushing out previous restore points and create a new restore point. It will also remove all the backups our tools may have made.
:DeFogger:

Note** Defogger only needs to be run if it was run when we first started. If you have not already run it then skip this.

  • To re-enable your Emulation drivers, double click DeFogger to run the tool.
  • The application window will appear
  • Click the Re-enable button to re-enable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK.
Your Emulation drivers are now re-enabled.

:Uninstall ComboFix:

  • turn off all active protection software
  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box ComboFix /Uninstall and click OK.
  • Note the space between the X and the /Uninstall, it needs to be there.
  • Posted Image

:Remove the rest of our tools:

Please download OTCleanIt and save it to desktop. This tool will remove all the tools we used to clean your pc.
  • Double-click OTCleanIt.exe.
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes, if not delete it by yourself.
  • If asked to restart the computer, please do so
Note: If you receive a warning from your firewall or other security programs regarding OTCleanIt attempting to contact the internet, please allow it to do so.

:The programs you can keep:

Some of the programs that we have used would be a good idea to keep and used often in helping to keep the computer clean. I use these programs on my computer.

Revo Uninstaller Free - this is the uninstaller that I had you download and works allot better than add/remove in windows and has saved me more than once from corrupted installs and uninstalls

CCleaner - This is a good program to clean out temp files, I would use this once a week or before any malware scan to remove unwanted temp files - It has a built in registry cleaner but I would leave that alone and not use any registry cleaner

Malwarebytes' Anti-Malware The Gold standerd today in antimalware scanners

:Security programs:

One of the questions I am asked all the time is "What programs do you use" I have at this time 4 computers in my home and I have this setup on all 4 of them.

  • Microsoft Security Essentials - provides real-time protection for your home PC that guards against viruses, spyware, and other malicious software.
  • WinPatrol As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.
  • Malwarebytes' Anti-Malware Malwarebytes' Anti-Malware is a new and powerful anti-malware tool. It is
    totally free but for real-time protection you will have to pay a small one-time fee. We used this to help clean your computer and recomend keeping it and using often. (I have upgraded to the paid version of MBAM and I am glad I did)

:Security awareness:

The other question I am asked all the time is "How can I prevent this from happening again." and the short answer to that is to be aware of what is out there and how to start spotting dangers.

Here are some articles that are must reads and should be read by everybody in your household that uses the internet

internetsafety

Internet Safety for Kids

Here is some more reading for you from some of my colleges

PC Safety and Security - What Do I Need? from my friends at Tech Support Forum

COMPUTER SECURITY - a short guide to staying safer online from my friends at Malware Removal

quoted from Tech Support Forum

Conclusion

There is no such thing as ‘perfect security’. This applies to many things, not just computer systems. Using the above guide you should be able to take all the reasonable steps you can to prevent infection. However, the most important part of all this is you, the user. Surf sensibly and think before you download a file or click on a link. Take a few moments to assess the possible risks and you should be able to enjoy all the internet has to offer.


I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can then be closed.

I Will Keep This Open For About Three Days, If Anything Comes Up - Just Come Back And Let Me Know, after that time you will have to send me a PM

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users