Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Mysearchdial.com


  • This topic is locked This topic is locked
41 replies to this topic

#16 nwarde

nwarde
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK, London
  • Local time:09:08 AM

Posted 28 May 2014 - 05:24 AM

01:05:48.0920 0x1534  swprv - ok
01:05:48.0967 0x1534  [ 192AA3AC01DF071B541094F251DEED10, 5C6EB56D1C39F3717EB754A1B37C8A618BA4F2107F64048E985D71FA04D1AD05 ] Symc8xx         C:\Windows\system32\drivers\symc8xx.sys
01:05:48.0967 0x1534  Symc8xx - ok
01:05:48.0983 0x1534  [ 8C8EB8C76736EBAF3B13B633B2E64125, A6C4845DDED81CCF4947612A4D6E42035136025BCD80812D2FF396927CAADEC5 ] Sym_hi          C:\Windows\system32\drivers\sym_hi.sys
01:05:48.0998 0x1534  Sym_hi - ok
01:05:49.0014 0x1534  [ 8072AF52B5FD103BBBA387A1E49F62CB, D336A7D008D145619E79043EBF5D0D455086BA1FEF89612BC2EA11CC363D82B0 ] Sym_u3          C:\Windows\system32\drivers\sym_u3.sys
01:05:49.0014 0x1534  Sym_u3 - ok
01:05:49.0170 0x1534  [ 9A51B04E9886AA4EE90093586B0BA88D, 1666C29FBFA34174B506678C920636519051D03456A6DDCCD6FF708CAE5D9962 ] SysMain         C:\Windows\system32\sysmain.dll
01:05:49.0279 0x1534  SysMain - ok
01:05:49.0326 0x1534  [ 2DCA225EAE15F42C0933E998EE0231C3, 67C7913E41854DFA3043426B7D59AA1FBBB9DE01A6E6904E40A696A7C61A5F98 ] TabletInputService C:\Windows\System32\TabSvc.dll
01:05:49.0341 0x1534  TabletInputService - ok
01:05:49.0388 0x1534  [ D7673E4B38CE21EE54C59EEEB65E2483, 330D0AD13F5008D8569CE8E5EA0BBD69F54F59FEB54FD903FA18D2849CEC6AF0 ] TapiSrv         C:\Windows\System32\tapisrv.dll
01:05:49.0419 0x1534  TapiSrv - ok
01:05:49.0451 0x1534  [ CB05822CD9CC6C688168E113C603DBE7, 9DB8945BDC702BB13E9DE477F2D3CCA4CE0E9E8CE9B54CE1A25375F2A2C93F0E ] TBS             C:\Windows\System32\tbssvc.dll
01:05:49.0466 0x1534  TBS - ok
01:05:49.0560 0x1534  [ 6D0D344F643E28B31262AC2682109A3C, 276736661876CE69A30CEED117AFCF26677221F278E234B9C7D03B85869B2C92 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
01:05:49.0653 0x1534  Tcpip - ok
01:05:49.0778 0x1534  [ 6D0D344F643E28B31262AC2682109A3C, 276736661876CE69A30CEED117AFCF26677221F278E234B9C7D03B85869B2C92 ] Tcpip6          C:\Windows\system32\DRIVERS\tcpip.sys
01:05:49.0856 0x1534  Tcpip6 - ok
01:05:49.0919 0x1534  [ 5877A786EF27E42C4E84D1356F922302, 1CDCC7D91086DC0FE80057EE8E1AE609A38DD9D241BC17145E7811C916E662C3 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
01:05:49.0919 0x1534  tcpipreg - ok
01:05:49.0950 0x1534  [ 5DCF5E267BE67A1AE926F2DF77FBCC56, E00C0A03AEE579B51B39930A72F39F4EFFE7CDA37187B0AE90F4E001AD15473B ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
01:05:49.0950 0x1534  TDPIPE - ok
01:05:49.0981 0x1534  [ 389C63E32B3CEFED425B61ED92D3F021, E4718E290678F00995E754AE66F1027D227BFAB9E1A1D2AC8E4EAD27DC50CB17 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
01:05:49.0981 0x1534  TDTCP - ok
01:05:50.0028 0x1534  [ 76B06EB8A01FC8624D699E7045303E54, EC30F244B48A35622ED3EE91792F6A1517C5A50770FAB3945E7A945EB7AF28A8 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
01:05:50.0028 0x1534  tdx - ok
01:05:50.0059 0x1534  [ 3CAD38910468EAB9A6479E2F01DB43C7, 9D18C71EDF39743A0A592BC0873909D2B75B5B177B2672A865D1EEC0BFD2F61C ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
01:05:50.0075 0x1534  TermDD - ok
01:05:50.0121 0x1534  [ BB95DA09BEF6E7A131BFF3BA5032090D, BAF6997F8D944F85F0553957677866C7F22E72AA434BA45FFFB6CC41041070DC ] TermService     C:\Windows\System32\termsrv.dll
01:05:50.0153 0x1534  TermService - ok
01:05:50.0199 0x1534  [ C7230FBEE14437716701C15BE02C27B8, 8221DE73D77CF71C2857D78829E807D015D9CB8BDEE4BAFD6950BF0C718CC774 ] Themes          C:\Windows\system32\shsvcs.dll
01:05:50.0215 0x1534  Themes - ok
01:05:50.0231 0x1534  [ 1076FFCFFAAE8385FD62DFCB25AC4708, 8C5C106FCB018E019DEBA8E1A6AA170CD7A93293F27994F724EBC486238DA0AA ] THREADORDER     C:\Windows\system32\mmcss.dll
01:05:50.0231 0x1534  THREADORDER - ok
01:05:50.0277 0x1534  [ EC74E77D0EB004BD3A809B5F8FB8C2CE, 1E4BBC58D0E35D79C764CF1BA73602C5E29A5A2393D40332801D533E445C6667 ] TrkWks          C:\Windows\System32\trkwks.dll
01:05:50.0277 0x1534  TrkWks - ok
01:05:50.0340 0x1534  [ 97D9D6A04E3AD9B6C626B9931DB78DBA, 8E42133ED5EE5EEC414A8B11C1035385C6141E445EA9677F947D20768F25A877 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
01:05:50.0340 0x1534  TrustedInstaller - ok
01:05:50.0371 0x1534  [ F4EAA7ECBCB25DE901C9B7F2CDCDA0B3, 1CBB5106A32362ABDEE73BF170E205FE64DDBF826C5F6DFFCCD229F220B9C85E ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
01:05:50.0387 0x1534  tssecsrv - ok
01:05:50.0402 0x1534  [ 300DB877AC094FEAB0BE7688C3454A9C, 3B36AA191FBE25B1A61150EAA2BDF8BA286DC4C052F6E98B0ED8202135553D8C ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
01:05:50.0418 0x1534  tunnel - ok
01:05:50.0449 0x1534  [ 7D33C4DB2CE363C8518D2DFCF533941F, C6A539AD31B0BD9F895E0A537783AA75D5760C8590D83BA832D59A9B090CA0E9 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
01:05:50.0465 0x1534  uagp35 - ok
01:05:50.0511 0x1534  [ D9728AF68C4C7693CB100B8441CBDEC6, A2CEE1EE4EF17106349F4E6967F504354801934179FBB3F10B9A4E3C30BC28CE ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
01:05:50.0527 0x1534  udfs - ok
01:05:50.0574 0x1534  [ ECEF404F62863755951E09C802C94AD5, 5D92062B3E371F196774EBFE840C78501E55A244DB2A49703C7AC0141C7DABF1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
01:05:50.0574 0x1534  UI0Detect - ok
01:05:50.0621 0x1534  [ B0ACFDC9E4AF279E9116C03E014B2B27, 455D30859E381361FF6EE8B01EDC22A2E66CD5EC22CA9F314E88009DB77A8BAF ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
01:05:50.0621 0x1534  uliagpkx - ok
01:05:50.0667 0x1534  [ 9224BB254F591DE4CA8D572A5F0D635C, C5E7B24587AC5A28ECA63300307AD95B8A846833340126AE378840A40E53C056 ] uliahci         C:\Windows\system32\drivers\uliahci.sys
01:05:50.0667 0x1534  uliahci - ok
01:05:50.0699 0x1534  [ 8514D0E5CD0534467C5FC61BE94A569F, A6EFB967044F88335469DB3351587E31CEC659BB6A7D8ED45C68329232C31BB9 ] UlSata          C:\Windows\system32\drivers\ulsata.sys
01:05:50.0699 0x1534  UlSata - ok
01:05:50.0714 0x1534  [ 38C3C6E62B157A6BC46594FADA45C62B, 44F87DC955CB4E35E0EB4C8B4E931472B33D97FE000C22370A06AD5EDCEFD0BA ] ulsata2         C:\Windows\system32\drivers\ulsata2.sys
01:05:50.0714 0x1534  ulsata2 - ok
01:05:50.0745 0x1534  [ 32CFF9F809AE9AED85464492BF3E32D2, 91AAA47AEF17F373276B01AC8FA823592A0C854541A7A9A3B78F2350DB964EBC ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
01:05:50.0745 0x1534  umbus - ok
01:05:50.0808 0x1534  [ 68308183F4AE0BE7BF8ECD07CB297999, 4444233CA3C42BEE50ED47553D4AE5A7C12D8F288D2FA4B2DAE1D9B9FEC1A72D ] upnphost        C:\Windows\System32\upnphost.dll
01:05:50.0823 0x1534  upnphost - ok
01:05:50.0870 0x1534  [ 6E421CCC57059B0186C6259CA3B6DFC9, E348BF23CCD6C14FD10C1689BBDC77E125245331F97BFE60D4C8FD9A8711CB59 ] USBAAPL         C:\Windows\system32\Drivers\usbaapl.sys
01:05:50.0870 0x1534  USBAAPL - ok
01:05:50.0901 0x1534  [ AAB0B5F72D2D726FBFDC895A2902DE1D, 7824AF6E2ADEA23F208526F3A62AD1BACDBBDB23E58EB5806890B0761529C50F ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
01:05:50.0901 0x1534  usbccgp - ok
01:05:50.0948 0x1534  [ E9476E6C486E76BC4898074768FB7131, D14B8F69A511DC1F990A9C123C18689AFE59659BA8130D248D8D03E9BD2143B6 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
01:05:50.0964 0x1534  usbcir - ok
01:05:51.0011 0x1534  [ 153E8515CB86F8BB5D1A8B478EBF4BB2, 0F1F79BA7C32ACAAE69184A56E67D6E18E2E2F07E0BE23F266401431169DAE14 ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
01:05:51.0011 0x1534  usbehci - ok
01:05:51.0042 0x1534  [ 2AE6BCEBD85D31317E433733DAF25888, 7B2C0E8703D0275A620160E479166EB7AA31B0F146507603535CEBF0BA4684A4 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
01:05:51.0042 0x1534  usbhub - ok
01:05:51.0073 0x1534  [ D457EBD0C3A8B3A3A144355B5EE91CBC, 6AD52BDBB1607A48F0B02E663B97C3A00E3345B1B12C259608A5AE728C1C06B2 ] usbohci         C:\Windows\system32\DRIVERS\usbohci.sys
01:05:51.0073 0x1534  usbohci - ok
01:05:51.0104 0x1534  [ B51E52ACF758BE00EF3A58EA452FE360, 79E629EC5DE8AB7F31B0EE9AE94C71E8F703FED5C09A816228726974F7790C85 ] usbprint        C:\Windows\system32\drivers\usbprint.sys
01:05:51.0104 0x1534  usbprint - ok
01:05:51.0151 0x1534  [ BE3DA31C191BC222D9AD503C5224F2AD, 201FB0FDBF423342202686DC0D8A3221B7798AE04C04A649D3441C257C733CE8 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
01:05:51.0167 0x1534  USBSTOR - ok
01:05:51.0182 0x1534  [ 814D653EFC4D48BE3B04A307ECEFF56F, D73D62F51AEFE2F8F2B938B20107C246F2AC2F62ED49112DBD092A5D2E4024B3 ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
01:05:51.0182 0x1534  usbuhci - ok
01:05:51.0229 0x1534  [ 73FF24E21B690625A58109637DDA0DF7, 62B1F9CD82678E2110D4BB5CC86EE8A7AB0757681443916620B6AAA1EF0DECEB ] usbvideo        C:\Windows\system32\Drivers\usbvideo.sys
01:05:51.0229 0x1534  usbvideo - ok
01:05:51.0260 0x1534  [ 1509E705F3AC1D474C92454A5C2DD81F, 7F525921A3513224F8B093A16E19B4235B300349A14B0B86EE11B7473BA53337 ] UxSms           C:\Windows\System32\uxsms.dll
01:05:51.0276 0x1534  UxSms - ok
01:05:51.0338 0x1534  [ CD88D1B7776DC17A119049742EC07EB4, 6B68B9EDB8C6BCB2644F1F004D5743E928509D12107D996F390A24A72E0AA528 ] vds             C:\Windows\System32\vds.exe
01:05:51.0369 0x1534  vds - ok
01:05:51.0401 0x1534  [ 87B06E1F30B749A114F74622D013F8D4, 06C06EF87F7DC668D23B50AA5F419F62474ACF90E325E167491BF290286D6594 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
01:05:51.0416 0x1534  vga - ok
01:05:51.0432 0x1534  [ 2E93AC0A1D8C79D019DB6C51F036636C, 8B6F3B4EE90691A22788915AD0F99D8EE617750430A34E7CEB9AB4FB4E581755 ] VgaSave         C:\Windows\System32\drivers\vga.sys
01:05:51.0447 0x1534  VgaSave - ok
01:05:51.0463 0x1534  [ 5D7159DEF58A800D5781BA3A879627BC, 499A8E51FDE61AE0D7C1812D1E5B331211A36BD095A4992C629B93DE6D80F4E6 ] viaagp          C:\Windows\system32\drivers\viaagp.sys
01:05:51.0479 0x1534  viaagp - ok
01:05:51.0494 0x1534  [ C4F3A691B5BAD343E6249BD8C2D45DEE, 19DE07AD6CD51036FA8A6B8EE82F34D7F5264FF3A12CBE6E52BD036D0303E319 ] ViaC7           C:\Windows\system32\drivers\viac7.sys
01:05:51.0510 0x1534  ViaC7 - ok
01:05:51.0525 0x1534  [ AADF5587A4063F52C2C3FED7887426FC, 0A74791A236FDAFCD045CFB79A159245B94F7C2033E0CD830C1B76F0F994E06D ] viaide          C:\Windows\system32\drivers\viaide.sys
01:05:51.0525 0x1534  viaide - ok
01:05:51.0541 0x1534  [ 69503668AC66C77C6CD7AF86FBDF8C43, 2CE407674A58313737073F02B9A617460BBA84B36C3A16D98AE5ED45279F5006 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
01:05:51.0557 0x1534  volmgr - ok
01:05:51.0603 0x1534  [ 23E41B834759917BFD6B9A0D625D0C28, 9F60992805262F936E8DA33610FDF60A191ECAFC08BBF657C8F9A21833C8EFC5 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
01:05:51.0619 0x1534  volmgrx - ok
01:05:51.0650 0x1534  [ 786DB5771F05EF300390399F626BF30A, 4A07BE5AEDBA4C15C2F9A91250F0488A0B0305C67BB7A037508D5CBF86D4E1B7 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
01:05:51.0666 0x1534  volsnap - ok
01:05:51.0697 0x1534  [ 587253E09325E6BF226B299774B728A9, C9F46197819C2A095456393C518A9B00B59ECDC54F464D038AA7F8DCCDB93CCF ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
01:05:51.0713 0x1534  vsmraid - ok
01:05:51.0822 0x1534  [ DB3D19F850C6EB32BDCB9BC0836ACDDB, D81FF1CDA87A2FE83EFD5B3FE01EFF940952F8BAEE70BEA3B2F6EF30E2121704 ] VSS             C:\Windows\system32\vssvc.exe
01:05:51.0869 0x1534  VSS - ok
01:05:51.0915 0x1534  [ 96EA68B9EB310A69C25EBB0282B2B9DE, C76D3427F8A2953CB4D96BBA1523679CBE1BBF7FA821A35D2FBEB3E67AC6A10B ] W32Time         C:\Windows\system32\w32time.dll
01:05:51.0915 0x1534  W32Time - ok
01:05:51.0962 0x1534  [ 48DFEE8F1AF7C8235D4E626F0C4FE031, A41D05BC0DA3C476C32E0A4DAF015DF7BADF28A03CE236D5596885FF1772F148 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
01:05:51.0962 0x1534  WacomPen - ok
01:05:51.0978 0x1534  [ 55201897378CCA7AF8B5EFD874374A26, 350ADDCEFAA33E301027CFEA8DDE703F6FBD6E53624598CB2E7B671B9E48F7CC ] Wanarp          C:\Windows\system32\DRIVERS\wanarp.sys
01:05:51.0978 0x1534  Wanarp - ok
01:05:51.0993 0x1534  [ 55201897378CCA7AF8B5EFD874374A26, 350ADDCEFAA33E301027CFEA8DDE703F6FBD6E53624598CB2E7B671B9E48F7CC ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
01:05:51.0993 0x1534  Wanarpv6 - ok
01:05:52.0056 0x1534  [ A3CD60FD826381B49F03832590E069AF, 213C5DB5E5D828264286FD7548527566D6160CCA780BC6853B7B28CECF329674 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
01:05:52.0071 0x1534  wcncsvc - ok
01:05:52.0103 0x1534  [ 11BCB7AFCDD7AADACB5746F544D3A9C7, 0370E20FD12ED713F94E5CD76F068F7A7A5E7F42416DD2A8A41249020DA7DA31 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
01:05:52.0103 0x1534  WcsPlugInService - ok
01:05:52.0149 0x1534  [ 78FE9542363F297B18C027B2D7E7C07F, 6BC3ED2A48EF41E1EE597FD58271DB12256EC013518663331CD0FBCB3FC415EE ] Wd              C:\Windows\system32\drivers\wd.sys
01:05:52.0149 0x1534  Wd - ok
01:05:52.0227 0x1534  [ 25944D2CC49E0A6C581D02A74B7D6645, AF8FFAFEC07F1A6A3D4008E609E8E1D705A8DFCC7995C766E3946887203F7BEE ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
01:05:52.0259 0x1534  Wdf01000 - ok
01:05:52.0274 0x1534  [ ABFC76B48BB6C96E3338D8943C5D93B5, B5B22D445724D58641A53276063A4AA2A98F07B93865C86E94661EB31BD63511 ] WdiServiceHost  C:\Windows\system32\wdi.dll
01:05:52.0274 0x1534  WdiServiceHost - ok
01:05:52.0290 0x1534  [ ABFC76B48BB6C96E3338D8943C5D93B5, B5B22D445724D58641A53276063A4AA2A98F07B93865C86E94661EB31BD63511 ] WdiSystemHost   C:\Windows\system32\wdi.dll
01:05:52.0305 0x1534  WdiSystemHost - ok
01:05:52.0352 0x1534  [ 04C37D8107320312FBAE09926103D5E2, 1C6726A9871CBACB240AFA93E57781515F01758D43693DDA395EA683D97234F0 ] WebClient       C:\Windows\System32\webclnt.dll
01:05:52.0368 0x1534  WebClient - ok
01:05:52.0415 0x1534  [ AE3736E7E8892241C23E4EBBB7453B60, 0F998116CC07CD719CB237EAE53BB16B2EDD6973828B9C1055EB981AEA0453D1 ] Wecsvc          C:\Windows\system32\wecsvc.dll
01:05:52.0430 0x1534  Wecsvc - ok
01:05:52.0461 0x1534  [ 670FF720071ED741206D69BD995EA453, 4B96F5E3545F69AE9EBC75DC4AB27B87306D656EE526AE39E7EC7E2B6F83F7FD ] wercplsupport   C:\Windows\System32\wercplsupport.dll
01:05:52.0461 0x1534  wercplsupport - ok
01:05:52.0508 0x1534  [ 32B88481D3B326DA6DEB07B1D03481E7, 821FBAF147E525ED15EB9391B16A96C6D5464841258B11F277EFB57A3BD50E37 ] WerSvc          C:\Windows\System32\WerSvc.dll
01:05:52.0508 0x1534  WerSvc - ok
01:05:52.0571 0x1534  [ 0ACD399F5DB3DF1B58903CF4949AB5A8, F8FA0A8F631AA8F34A0506F1E5E09DFB6CDA1E9E92207A73A74F1A0E7768C49A ] winachsf        C:\Windows\system32\DRIVERS\HSX_CNXT.sys
01:05:52.0586 0x1534  winachsf - ok
01:05:52.0617 0x1534  WinHttpAutoProxySvc - ok
01:05:52.0680 0x1534  [ 6B2A1D0E80110E3D04E6863C6E62FD8A, EE8BC7C378993EFE90273764C83119EBF331768CD7B24DE949233C74A51306C2 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
01:05:52.0695 0x1534  Winmgmt - ok
01:05:52.0789 0x1534  [ 7CFE68BDC065E55AA5E8421607037511, C2CE76D52AD4E31FC4216E94457DC16ABF65A5F3E883F0BD97AD387FB7574533 ] WinRM           C:\Windows\system32\WsmSvc.dll
01:05:52.0867 0x1534  WinRM - ok
01:05:53.0007 0x1534  [ C008405E4FEEB069E30DA1D823910234, C392A7B5FEACB7D11A3A231C1AD65D533984E6E7429ECD3BFBF90A27E8DEB157 ] Wlansvc         C:\Windows\System32\wlansvc.dll
01:05:53.0039 0x1534  Wlansvc - ok
01:05:53.0070 0x1534  [ 2E7255D172DF0B8283CDFB7B433B864E, 60C786CF0EA4A29B309B9457F0496D5A0AF1F093FC2C5D88078865814B7DBBA3 ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
01:05:53.0070 0x1534  WmiAcpi - ok
01:05:53.0117 0x1534  [ 43BE3875207DCB62A85C8C49970B66CC, 27169F2E8A30807794407DA8F80611E4287F940AAE2A1F00F547901872FB9703 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
01:05:53.0132 0x1534  wmiApSrv - ok
01:05:53.0241 0x1534  [ 3978704576A121A9204F8CC49A301A9B, 936CC13B90A183613BDA4081556C96D48CA415B5F65D61E18CB5F2E51EEBE59F ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
01:05:53.0319 0x1534  WMPNetworkSvc - ok
01:05:53.0413 0x1534  [ CFC5A04558F5070CEE3E3A7809F3FF52, 45899E04000E21C4E009BE8B6149F199A5B2E0512C657A525770BF9DBFED7D2B ] WPCSvc          C:\Windows\System32\wpcsvc.dll
01:05:53.0413 0x1534  WPCSvc - ok
01:05:53.0460 0x1534  [ 801FBDB89D472B3C467EB112A0FC9246, C24053FA12732089384D3AF06C676FF201D282FC5AD56A42B6EE8BAED4379CB2 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
01:05:53.0475 0x1534  WPDBusEnum - ok
01:05:53.0538 0x1534  [ DE9D36F91A4DF3D911626643DEBF11EA, 8029ECE76E29276BFB6ED3387AC560A9A779AAF683A4416E96334FAF7BDBADA0 ] WpdUsb          C:\Windows\system32\DRIVERS\wpdusb.sys
01:05:53.0538 0x1534  WpdUsb - ok
01:05:53.0694 0x1534  [ F8D3544ACBCE9110362119F7C10D848E, 31C49201A931751A36286874AC0B929D886F490D7CE48CCC9283850A56AD9FD9 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
01:05:53.0725 0x1534  WPFFontCache_v0400 - ok
01:05:53.0772 0x1534  [ 1CA6C40261DDC0425987980D0CD2AAAB, 727C1E3A170316641F832A8D197EDA6D6EE1206E4ED7B741E5A4017B7F2F7B88 ] wscsvc          C:\Windows\system32\wscsvc.dll
01:05:53.0772 0x1534  wscsvc - ok
01:05:53.0787 0x1534  WSearch - ok
01:05:53.0881 0x1534  [ FC3EC24FCE372C89423E015A2AC1A31E, 8D028182CF83667D3E4D148979972D208FA6D9B8540EE47A0A7831B770ECD257 ] wuauserv        C:\Windows\system32\wuaueng.dll
01:05:53.0943 0x1534  wuauserv - ok
01:05:54.0021 0x1534  [ 06E6F32C8D0A3F66D956F57B43A2E070, 9A6BD96A28294B0372F16E13D652FD603308F64B74A56E41E0C68C5E8011F943 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
01:05:54.0021 0x1534  WudfPf - ok
01:05:54.0053 0x1534  [ 867C301E8B790040AE9CF6486E8041DF, D867D6498C987944D99508B2FAD6D6B749FA1EDFE8124B0863D4A642352F0855 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
01:05:54.0053 0x1534  WUDFRd - ok
01:05:54.0068 0x1534  [ FE47B7BC8EA320C2D9B5E5BF6E303765, 34518DBD1E9EA6E5DA62273B18613761E1D9C6B4E074A93C6D639FBAF02222EA ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
01:05:54.0068 0x1534  wudfsvc - ok
01:05:54.0099 0x1534  [ DAB33CFA9DD24251AAA389FF36B64D4B, 1C5D7C3D6C3552BDD52EB7E76031746D7DAAF64CA2432CC23329DA72BE7252D0 ] XAudio          C:\Windows\system32\DRIVERS\xaudio.sys
01:05:54.0099 0x1534  XAudio - ok
01:05:54.0162 0x1534  [ CD5F291A1161F15896D1A4D63DAFF5DF, 4F30DC454F255249431FCD14DE17858A79A088A4084F2CEDD0CF25382D427285 ] XAudioService   C:\Windows\system32\DRIVERS\xaudio.exe
01:05:54.0193 0x1534  XAudioService - ok
01:05:54.0224 0x1534  ================ Scan global ===============================
01:05:54.0271 0x1534  [ F31EEBC1A1C81FD04005489CC3DCDFE7, 098C35ACFCCE1686C5A6DB6057001CBF8B06A863A0802CB2E9D793F4795F8CEE ] C:\Windows\system32\basesrv.dll
01:05:54.0333 0x1534  [ A508314231C49AEE86987CEA3EAECAD1, D29BCFA967C23C7264592576D62D95FA8C687E8662D19DCCC73653A9EFB6340D ] C:\Windows\system32\winsrv.dll
01:05:54.0396 0x1534  [ A508314231C49AEE86987CEA3EAECAD1, D29BCFA967C23C7264592576D62D95FA8C687E8662D19DCCC73653A9EFB6340D ] C:\Windows\system32\winsrv.dll
01:05:54.0474 0x1534  [ D4E6D91C1349B7BFB3599A6ADA56851B, 8748091BF27F05D28D45688E04DD9229A4B2E159209A64F457703F66A8CECE4D ] C:\Windows\system32\services.exe
01:05:54.0489 0x1534  [ Global ] - ok
01:05:54.0489 0x1534  ================ Scan MBR ==================================
01:05:54.0505 0x1534  [ 85D751F0E41B8E520AEE8C07A8DA777B ] \Device\Harddisk0\DR0
01:05:55.0020 0x1534  \Device\Harddisk0\DR0 - ok
01:05:55.0020 0x1534  ================ Scan VBR ==================================
01:05:55.0035 0x1534  [ 962E4BAF2433C93B634DAE4D08F30C41 ] \Device\Harddisk0\DR0\Partition1
01:05:55.0098 0x1534  \Device\Harddisk0\DR0\Partition1 - ok
01:05:55.0129 0x1534  [ 19DE1444598210D74D6DAEB13A9E2D2D ] \Device\Harddisk0\DR0\Partition2
01:05:55.0145 0x1534  \Device\Harddisk0\DR0\Partition2 - ok
01:05:55.0176 0x1534  AV detected via SS2: Norton Internet Security, C:\Program Files\Norton Internet Security\Engine\18.7.0.13\WSCStub.exe (  ), 0x50010 ( disabled : outofdate )
01:05:55.0191 0x1534  FW detected via SS2: Norton Internet Security, C:\Program Files\Norton Internet Security\Engine\18.7.0.13\WSCStub.exe (  ), 0x50010 ( disabled )
01:05:55.0191 0x1534  Win FW state via NFP2: enabled
01:05:55.0363 0x1534  ============================================================
01:05:55.0363 0x1534  Scan finished
01:05:55.0363 0x1534  ============================================================
01:05:55.0394 0x14e4  Detected object count: 0
01:05:55.0394 0x14e4  Actual detected object count: 0
01:10:28.0893 0x05e4  Deinitialize success



BC AdBot (Login to Remove)

 


#17 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:03:08 AM

Posted 28 May 2014 - 06:55 AM

ComboFix
 
Download Combofix from either of the links below, and save it to your desktop.  
Link 1
Link 2
 
**Note:  It is important that it is saved directly to your desktop**
If you get a message saying "Illegal operation attempted on a registry key that has been marked for deletion", please restart your computer.


 
--------------------------------------------------------------------
 
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
 
--------------------------------------------------------------------
 
Right-Click and Run as Administrator on ComboFix.exe & follow the prompts.

  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt for further review.

WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#18 nwarde

nwarde
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK, London
  • Local time:09:08 AM

Posted 29 May 2014 - 08:06 AM

Hey, I've disabled anti-virus...here's the log.

 

ComboFix 14-05-29.01 - Mariam Warde 29/05/2014  15:44:57.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.44.1033.18.1790.985 [GMT 1:00]
Running from: c:\users\Mariam Warde\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
FW: Privatefirewall *Disabled* {16337F50-A853-219F-6DEC-E7BDA0A7E8E7}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\ipconfig.txt
c:\windows\$NtUninstallKB12984$
c:\windows\$NtUninstallKB12984$\1193940307
c:\windows\$NtUninstallKB12984$\2098941859\@
c:\windows\$NtUninstallKB12984$\2098941859\cfg.ini
c:\windows\$NtUninstallKB12984$\2098941859\Desktop.ini
c:\windows\$NtUninstallKB12984$\2098941859\L\qnbwvoto
c:\windows\$NtUninstallKB12984$\2098941859\U\00000001.@
c:\windows\$NtUninstallKB12984$\2098941859\U\00000002.@
c:\windows\$NtUninstallKB12984$\2098941859\U\00000004.@
c:\windows\$NtUninstallKB12984$\2098941859\U\80000000.@
c:\windows\$NtUninstallKB12984$\2098941859\U\80000004.@
c:\windows\$NtUninstallKB12984$\2098941859\U\80000032.@
c:\windows\$NtUninstallKB12984$\2098941859\version
c:\windows\wininit.ini
.
.
(((((((((((((((((((((((((   Files Created from 2014-04-28 to 2014-05-29  )))))))))))))))))))))))))))))))
.
.
2014-05-29 14:58 . 2014-05-29 15:00    --------    d-----w-    c:\users\Mariam Warde\AppData\Local\temp
2014-05-27 11:11 . 2014-05-27 11:11    --------    d-----w-    c:\program files\Tweaking.com
2014-05-26 01:41 . 2014-05-26 01:41    110296    ----a-w-    c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-05-26 01:40 . 2014-05-26 01:40    --------    d-----w-    c:\program files\Malwarebytes Anti-Malware
2014-05-26 01:40 . 2014-05-12 06:26    51928    ----a-w-    c:\windows\system32\drivers\mwac.sys
2014-05-26 01:40 . 2014-05-12 06:25    74456    ----a-w-    c:\windows\system32\drivers\mbamchameleon.sys
2014-05-26 01:40 . 2014-05-12 06:25    23256    ----a-w-    c:\windows\system32\drivers\mbam.sys
2014-05-26 01:11 . 2014-05-26 23:59    --------    d-----w-    C:\AdwCleaner
2014-05-25 14:29 . 2014-05-25 14:29    --------    d-----w-    c:\programdata\Licenses
2014-05-25 14:29 . 2014-05-29 00:56    --------    d-----w-    c:\program files\SpywareBlaster
2014-05-21 11:34 . 2014-05-21 11:36    --------    d-----w-    c:\programdata\SecTaskMan
2014-05-18 17:00 . 2014-05-18 17:00    --------    d-----w-    c:\users\Mariam Warde\AppData\Local\Privatefirewall
2014-05-18 16:04 . 2013-09-29 20:24    130568    ----a-w-    c:\windows\system32\drivers\pwipf6.sys
2014-05-18 16:03 . 2014-05-18 16:03    --------    d-----w-    c:\programdata\Privacyware
2014-05-18 16:03 . 2014-05-18 16:03    --------    d-----w-    c:\program files\Privacyware
2014-05-17 14:11 . 2014-05-17 14:11    --------    d-----w-    c:\windows\ERUNT
2014-05-17 01:21 . 2014-05-17 01:21    214232    ----a-w-    c:\windows\system32\drivers\RtsUStor.sys
2014-05-17 01:21 . 2014-05-17 01:21    9888840    ----a-w-    c:\windows\system32\RsCRIcon.dll
2014-05-16 10:23 . 2014-05-05 23:14    2382848    ----a-w-    c:\windows\system32\mshtml.tlb
2014-05-14 14:39 . 2010-08-30 07:34    536576    ----a-w-    c:\windows\system32\sqlite3.dll
2014-05-14 10:43 . 2014-05-07 02:26    965232    ----a-w-    c:\program files\Mozilla Firefox\icuuc52.dll
2014-05-14 10:43 . 2014-05-07 02:26    1266800    ----a-w-    c:\program files\Mozilla Firefox\icuin52.dll
2014-05-14 10:43 . 2014-05-07 02:26    10594416    ----a-w-    c:\program files\Mozilla Firefox\icudt52.dll
2014-05-14 00:58 . 2014-05-25 00:51    --------    d-----w-    c:\programdata\Spybot - Search & Destroy
2014-05-14 00:35 . 2014-05-14 01:04    --------    d-----w-    c:\users\Mariam Warde\AppData\Local\Temp(83)
2014-05-14 00:18 . 2014-05-14 00:18    --------    d-----w-    c:\program files\Common Files\Microsoft
2014-05-13 23:56 . 2014-05-13 23:57    --------    d-----w-    c:\program files\Hewlett-Packard
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-03-11 951576]
"Privatefirewall"="c:\program files\Privacyware\Privatefirewall 7.0\PFGUI.exe" [2013-12-17 3048480]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsWelcomeCenter]
2009-04-11 06:28    2153472    ----a-w-    c:\windows\System32\oobefldr.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs    REG_MULTI_SZ       BthServ
LocalServiceAndNoImpersonation    REG_MULTI_SZ       FontCache
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
se58mdm
mindretrieve
rtl8187Se
GcKernel
vsbus
s716mgmt
ezSharedSvc
.
Contents of the 'Scheduled Tasks' folder
.
2014-05-29 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-11-15 11:21]
.
2012-02-08 c:\windows\Tasks\User_Feed_Synchronization-{E8511635-9B27-4B75-B5FE-EA9CCB53645B}.job
- c:\windows\system32\msfeedssync.exe [2012-02-27 09:53]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: {{086FBB95-507D-4b52-AEBF-A18347065FBC} - {765D7625-CF96-401D-81DB-B0DD61106D0D} -
TCP: DhcpNameServer = 192.168.1.1 0.0.0.0
FF - ProfilePath - c:\users\Mariam Warde\AppData\Roaming\Mozilla\Firefox\Profiles\j00wp5pg.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.startup.homepage - hotmail.com
FF - prefs.js: keyword.URL -
FF - prefs.js: network.proxy.http - 202.29.60.220
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2014-05-17 03:01; ascsurfingprotection@iobit.com; c:\users\Mariam Warde\AppData\Roaming\Mozilla\Firefox\Profiles\j00wp5pg.default\extensions\ascsurfingprotection@iobit.com
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
HKU-Default-Run-LightScribe Control Panel - c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe
ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - (no file)
SafeBoot-WudfPf
SafeBoot-WudfRd
AddRemove-{2A6BBBA7-BD88-DCBE-EF0C-E7FD745CB5FC} - c:\progra~2\INSTAL~1\{1E5C7~1\Setup.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-05-29 16:02
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ...
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:f8,c7,a1,82,6a,71,cf,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,8b,15,65,c7,30,62,7d,44,9f,c2,23,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,8b,15,65,c7,30,62,7d,44,9f,c2,23,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\program files\NVIDIA Corporation\Display\nvxdsync.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Privacyware\Privatefirewall 7.0\pfsvc.exe
c:\windows\system32\wbem\WmiApSrv.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2014-05-29  16:09:56 - machine was rebooted
ComboFix-quarantined-files.txt  2014-05-29 15:09
.
Pre-Run: 67,173,535,744 bytes free
Post-Run: 67,099,742,208 bytes free
.
- - End Of File - - EA36140A7EB0E0EE1828582C6672AF66
85D751F0E41B8E520AEE8C07A8DA777B


Edited by nwarde, 29 May 2014 - 10:13 AM.


#19 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:03:08 AM

Posted 29 May 2014 - 06:18 PM

**WARNING**Unfortunately one or more of the infections I have identified are Backdoor Trojans, IRCBots or other Malware capable of stealing very important information. You need to stop using all Internet Banking sites, change passwords to all sites with sensitive information from a clean computer and phone your bank to inform them that you may be a victim of identify theft. More often than not, we advise users that a full reinstallation of their Operating System is the only way to ensure that their computer will ever be 100% clean again.
 
Unfortunately I have found what is known as the ZeroAccess rootkit on your system. It is an especially nasty infection that can take quite some time to clean as well as may have damaged your system files itself. As a warning, during the cleaning (if you choose to do so) you may lose internet access with this computer and in the end we may need to reinstall the operating system anyway depending on the extent of the infection.
 
If you would like to format and reinstall your Operating System please let me know and we can assist you with that.
 
If you would like to continue with the cleaning, please continue with the following instructions and I will be more than happy to help.   :)
----------
 
Run a new scan with ComboFix and post the new log.


WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#20 nwarde

nwarde
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK, London
  • Local time:09:08 AM

Posted 30 May 2014 - 07:25 AM

Ahhh..I may have to rescan again. Shall I do it in Safe Mode with Firewall, and other programs disabled (addons, plug ins etc)? I only disabled my anti-virus.

 

I think I will do the above and then try this

http://malwaretips.com/blogs/remove-zeroaccess-rootkit/

 

If those don't work, then I will have to format. :(



#21 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:03:08 AM

Posted 30 May 2014 - 07:32 AM

Can you run ComboFix in Normal Mode?  If so, please do that.  :)  

 

We have already removed most of the infection, but the warning was given due to the backdoor capabilities of the infection.  No need to really try anything other than what we are doing now.  :)


WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#22 nwarde

nwarde
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK, London
  • Local time:09:08 AM

Posted 01 June 2014 - 07:20 AM

Hi, I will try ComboFix again later today, as computer's going so slow.

 

EDIT....
ComboFix doesn't seem to work anymore. I only get the Extract and Backup Your Registry boxes, then nothing
happens, It's been like this since my last post at 1:20pm. Not sure why this is happening.


Edited by nwarde, 01 June 2014 - 08:47 AM.


#23 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:03:08 AM

Posted 01 June 2014 - 10:18 AM

Try to give it a run in Safe Mode.  If that does not work, please do the following...
 
Download RogueKiller from one of the following links and save it to your desktop:

  • Link 1
  • Link 2
    • Close all programs and disconnect any USB or external drives before running the tool.
    • Double-click RogueKiller.exe to run the tool (Vista or 7 users: Right-click and select Run As Administrator).
    • Once the Prescan has finished, click Scan.
    • Once the Status box shows "Scan Finished", just close the program. <--Don't fix anything!
    • Copy and paste the report that opens into your next reply.
      • The log can also be found on your desktop labeled (RKreport[X]_S_xxdatexx_xtimex)
      • The highest number of [X], is the most recent Scan

WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#24 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:03:08 AM

Posted 04 June 2014 - 07:15 AM

Still here?


WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#25 nwarde

nwarde
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK, London
  • Local time:09:08 AM

Posted 04 June 2014 - 09:03 AM

Hi, I managed to run ComboFix in Safe Mode. It scanned but when the computer restarts I get this message

 

Warning. 0251 System CMOS Checksum Bad. Default configuation used. Press F1 to resume.

 

ComboFix 14-05-29.01 - Mariam Warde 04/06/2014  14:36:36.3.2 - x86 MINIMAL
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.44.1033.18.1790.1362 [GMT 1:00]
Running from: c:\users\Mariam Warde\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
FW: Privatefirewall *Disabled* {16337F50-A853-219F-6DEC-E7BDA0A7E8E7}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((   Files Created from 2014-05-04 to 2014-06-04  )))))))))))))))))))))))))))))))
.
.
2014-06-04 13:47 . 2014-06-04 13:51    --------    d-----w-    c:\users\Mariam Warde\AppData\Local\temp
2014-06-04 13:47 . 2014-06-04 13:47    --------    d-----w-    c:\windows\system32\config\systemprofile\AppData\Local\temp
2014-06-04 13:47 . 2014-06-04 13:47    --------    d-----w-    c:\users\Public\AppData\Local\temp
2014-06-04 13:47 . 2014-06-04 13:47    --------    d-----w-    c:\users\Default\AppData\Local\temp
2014-06-03 21:13 . 2014-04-30 23:37    8073384    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E28FA9EC-67F8-4B70-ACC3-129ECC1E288F}\mpengine.dll
2014-06-03 19:10 . 2014-04-23 10:50    765968    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{677753AD-85C5-4677-8936-E28D1E71F361}\gapaengine.dll
2014-06-01 13:48 . 2014-04-30 23:37    8073384    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-05-26 01:41 . 2014-05-26 01:41    110296    ----a-w-    c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-05-26 01:40 . 2014-05-12 06:26    51928    ----a-w-    c:\windows\system32\drivers\mwac.sys
2014-05-26 01:40 . 2014-05-12 06:25    74456    ----a-w-    c:\windows\system32\drivers\mbamchameleon.sys
2014-05-26 01:40 . 2014-05-12 06:25    23256    ----a-w-    c:\windows\system32\drivers\mbam.sys
2014-05-26 01:11 . 2014-05-26 23:59    --------    d-----w-    C:\AdwCleaner
2014-05-25 14:29 . 2014-05-25 14:29    --------    d-----w-    c:\programdata\Licenses
2014-05-21 11:34 . 2014-05-21 11:36    --------    d-----w-    c:\programdata\SecTaskMan
2014-05-18 17:00 . 2014-05-18 17:00    --------    d-----w-    c:\users\Mariam Warde\AppData\Local\Privatefirewall
2014-05-18 16:04 . 2013-09-29 20:24    130568    ----a-w-    c:\windows\system32\drivers\pwipf6.sys
2014-05-18 16:03 . 2014-05-18 16:03    --------    d-----w-    c:\programdata\Privacyware
2014-05-17 14:11 . 2014-05-17 14:11    --------    d-----w-    c:\windows\ERUNT
2014-05-17 01:21 . 2014-05-17 01:21    214232    ----a-w-    c:\windows\system32\drivers\RtsUStor.sys
2014-05-17 01:21 . 2014-05-17 01:21    9888840    ----a-w-    c:\windows\system32\RsCRIcon.dll
2014-05-16 10:23 . 2014-05-05 23:14    2382848    ----a-w-    c:\windows\system32\mshtml.tlb
2014-05-14 14:39 . 2010-08-30 07:34    536576    ----a-w-    c:\windows\system32\sqlite3.dll
2014-05-14 10:43 . 2014-05-07 02:26    965232    ----a-w-    c:\program files\Mozilla Firefox\icuuc52.dll
2014-05-14 10:43 . 2014-05-07 02:26    1266800    ----a-w-    c:\program files\Mozilla Firefox\icuin52.dll
2014-05-14 10:43 . 2014-05-07 02:26    10594416    ----a-w-    c:\program files\Mozilla Firefox\icudt52.dll
2014-05-14 00:58 . 2014-05-25 00:51    --------    d-----w-    c:\programdata\Spybot - Search & Destroy
2014-05-14 00:35 . 2014-05-14 01:04    --------    d-----w-    c:\users\Mariam Warde\AppData\Local\Temp(83)
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-05-27 12:33 . 2012-06-13 10:23    765968    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2014-05-14 11:20 . 2013-11-15 13:51    692400    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2014-05-14 11:20 . 2013-11-15 13:51    70832    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2014-03-31 21:46 . 2014-03-31 21:46    130712    ----a-w-    c:\windows\system32\MSSTDFMT.DLL
2014-03-11 08:52 . 2011-04-27 14:25    104264    ----a-w-    c:\windows\system32\drivers\NisDrvWFP.sys
2014-03-10 17:17 . 2014-02-18 18:26    109856    ----a-w-    c:\windows\system32\IObitSmartDefragExtension.dll
2014-03-07 23:12 . 2014-04-10 09:43    1806848    ----a-w-    c:\windows\system32\jscript9.dll
2014-03-07 23:02 . 2014-04-10 09:43    1427968    ----a-w-    c:\windows\system32\inetcpl.cpl
2014-03-07 23:02 . 2014-04-10 09:43    1129472    ----a-w-    c:\windows\system32\wininet.dll
2014-03-07 22:57 . 2014-04-10 09:43    142848    ----a-w-    c:\windows\system32\ieUnatt.exe
2014-03-07 22:56 . 2014-04-10 09:43    421376    ----a-w-    c:\windows\system32\vbscript.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-03-11 951576]
"Privatefirewall"="c:\program files\Privacyware\Privatefirewall 7.0\PFGUI.exe" [2013-12-17 3048480]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsWelcomeCenter]
2009-04-11 06:28    2153472    ----a-w-    c:\windows\System32\oobefldr.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs    REG_MULTI_SZ       BthServ
LocalServiceAndNoImpersonation    REG_MULTI_SZ       FontCache
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
se58mdm
mindretrieve
rtl8187Se
GcKernel
vsbus
s716mgmt
ezSharedSvc
.
Contents of the 'Scheduled Tasks' folder
.
2014-06-04 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-11-15 11:21]
.
2012-02-08 c:\windows\Tasks\User_Feed_Synchronization-{E8511635-9B27-4B75-B5FE-EA9CCB53645B}.job
- c:\windows\system32\msfeedssync.exe [2012-02-27 09:53]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: {{086FBB95-507D-4b52-AEBF-A18347065FBC} - {765D7625-CF96-401D-81DB-B0DD61106D0D} -
TCP: DhcpNameServer = 192.168.1.1 0.0.0.0
FF - ProfilePath - c:\users\Mariam Warde\AppData\Roaming\Mozilla\Firefox\Profiles\j00wp5pg.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.startup.homepage - hotmail.com
FF - prefs.js: keyword.URL -
FF - prefs.js: network.proxy.http - 202.29.60.220
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2014-05-17 03:01; ascsurfingprotection@iobit.com; c:\users\Mariam Warde\AppData\Roaming\Mozilla\Firefox\Profiles\j00wp5pg.default\extensions\ascsurfingprotection@iobit.com
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-06-04 14:50
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ...
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:f8,c7,a1,82,6a,71,cf,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,8b,15,65,c7,30,62,7d,44,9f,c2,23,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,8b,15,65,c7,30,62,7d,44,9f,c2,23,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\program files\NVIDIA Corporation\Display\nvxdsync.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Privacyware\Privatefirewall 7.0\pfsvc.exe
c:\windows\system32\wbem\WmiApSrv.exe
.
**************************************************************************
.
Completion time: 2014-06-04  14:56:10 - machine was rebooted
ComboFix-quarantined-files.txt  2014-06-04 13:56
ComboFix2.txt  2014-05-29 15:09
.
Pre-Run: 65,724,395,520 bytes free
Post-Run: 65,689,673,728 bytes free
.
- - End Of File - - 272A9D72104EDCFE7080C720D41C099A
85D751F0E41B8E520AEE8C07A8DA777B
 



#26 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:03:08 AM

Posted 04 June 2014 - 07:38 PM

Looks like you have more computer issues than just malware right now unfortunately....we will get fixed what we can and then you can start a new topic in the Hardware section.   :)
 
ComboFix

  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

    ClearJavaCache::
     
    Firefox::
    FF - ProfilePath - c:\users\Mariam Warde\AppData\Roaming\Mozilla\Firefox\Profiles\j00wp5pg.default\
    FF - prefs.js: browser.search.defaulturl -
    FF - prefs.js: browser.startup.homepage - hotmail.com
    FF - prefs.js: keyword.URL -
    FF - prefs.js: network.proxy.http - 202.29.60.220
    FF - prefs.js: network.proxy.http_port - 8080
    FF - prefs.js: network.proxy.type - 0
    FF - ExtSQL: 2014-05-17 03:01; ascsurfingprotection@iobit.com; c:\users\Mariam 

  • Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.
     
    CFScriptB-4.gif
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix may request an update; please allow it.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
----------
 
Post the new ComboFix log and then let me know how your system is running.


WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#27 nwarde

nwarde
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK, London
  • Local time:09:08 AM

Posted 05 June 2014 - 06:56 AM

I had to run ComboFix in Safe Mode. I'm still getting pop ups but not as much as before. :(

 

ComboFix 14-06-04.01 - Mariam Warde 05/06/2014  12:34:10.5.2 - x86 MINIMAL
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.44.1033.18.1790.1359 [GMT 1:00]
Running from: C:\Users\Mariam Warde\Desktop\ComboFix.exe
Command switches used :: C:\Users\Mariam Warde\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
FW: Privatefirewall *Disabled* {16337F50-A853-219F-6DEC-E7BDA0A7E8E7}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point


(((((((((((((((((((((((((   Files Created from 2014-05-05 to 2014-06-05  )))))))))))))))))))))))))))))))

 

-------

 

Also, I don't know if the above ComboFix scanned properly as that's all there was.


Edited by nwarde, 05 June 2014 - 07:17 AM.


#28 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:03:08 AM

Posted 05 June 2014 - 09:30 AM

No that does not look right.
 
Download RogueKiller to your Desktop.

  • Quit all running programs
  • For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe
  • There will be a pre-scan that will run automatically (this is normal)
  • Once the pre-scan has finished, press the Scan button.
  • If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe
  • Once the Scan is complete, press the Report button to generate the results. 

Please post the contents of the RKreport.txt in your next Reply.


WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#29 nwarde

nwarde
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK, London
  • Local time:09:08 AM

Posted 06 June 2014 - 07:32 AM

Ok, I managed to run RogueKiller without any problems.

 

RogueKiller V9.0.2.0 [Jun  3 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User : Mariam Warde [Admin rights]
Mode : Scan -- Date : 06/06/2014  13:16:05

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 17 ¤¤¤
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\catchme -> FOUND
[HJ NAME] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\k750mdm -> FOUND
[HJ NAME] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\WinVd32 -> FOUND
[HJ NAME] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\k750mdm -> FOUND
[HJ NAME] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WinVd32 -> FOUND
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\catchme -> FOUND
[HJ NAME] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\k750mdm -> FOUND
[HJ NAME] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\WinVd32 -> FOUND
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet003\Services\catchme -> FOUND
[HJ NAME] HKEY_LOCAL_MACHINE\System\ControlSet003\Services\k750mdm -> FOUND
[HJ NAME] HKEY_LOCAL_MACHINE\System\ControlSet003\Services\WinVd32 -> FOUND
[PUM.Policies] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0  -> FOUND
[PUM.Policies] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | EnableLUA : 0  -> FOUND
[PUM.StartMenu] HKEY_USERS\S-1-5-21-2163373236-3868281997-4167716840-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowPrinters : 0  -> FOUND
[PUM.StartMenu] HKEY_USERS\S-1-5-21-2163373236-3868281997-4167716840-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowRun : 0  -> FOUND
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> FOUND
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ HOSTS File : 1 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1       localhost

¤¤¤ Antirootkit : 115 ¤¤¤
[EAT:Addr] (explorer.exe) authui.dll - AddGadgetMessageHandler : C:\Windows\system32\DUser.dll @ 0x740f152c
[EAT:Addr] (explorer.exe) authui.dll - AttachWndProcA : C:\Windows\system32\DUser.dll @ 0x740fc80a
[EAT:Addr] (explorer.exe) authui.dll - AttachWndProcW : C:\Windows\system32\DUser.dll @ 0x740edd2c
[EAT:Addr] (explorer.exe) authui.dll - AutoTrace : C:\Windows\system32\DUser.dll @ 0x740f7041
[EAT:Addr] (explorer.exe) authui.dll - BeginTransition : C:\Windows\system32\DUser.dll @ 0x740fc9a7
[EAT:Addr] (explorer.exe) authui.dll - BuildAnimation : C:\Windows\system32\DUser.dll @ 0x740f1135
[EAT:Addr] (explorer.exe) authui.dll - BuildDropTarget : C:\Windows\system32\DUser.dll @ 0x740f7131
[EAT:Addr] (explorer.exe) authui.dll - BuildInterpolation : C:\Windows\system32\DUser.dll @ 0x740f118c
[EAT:Addr] (explorer.exe) authui.dll - CreateAction : C:\Windows\system32\DUser.dll @ 0x740e7339
[EAT:Addr] (explorer.exe) authui.dll - CreateGadget : C:\Windows\system32\DUser.dll @ 0x740e5197
[EAT:Addr] (explorer.exe) authui.dll - CreateTransition : C:\Windows\system32\DUser.dll @ 0x740fc83a
[EAT:Addr] (explorer.exe) authui.dll - DUserBuildGadget : C:\Windows\system32\DUser.dll @ 0x740fb7e8
[EAT:Addr] (explorer.exe) authui.dll - DUserCastClass : C:\Windows\system32\DUser.dll @ 0x740fc776
[EAT:Addr] (explorer.exe) authui.dll - DUserCastDirect : C:\Windows\system32\DUser.dll @ 0x740fc7b9
[EAT:Addr] (explorer.exe) authui.dll - DUserCastHandle : C:\Windows\system32\DUser.dll @ 0x740fb81e
[EAT:Addr] (explorer.exe) authui.dll - DUserDeleteGadget : C:\Windows\system32\DUser.dll @ 0x740fb9c1
[EAT:Addr] (explorer.exe) authui.dll - DUserFindClass : C:\Windows\system32\DUser.dll @ 0x740fc6e7
[EAT:Addr] (explorer.exe) authui.dll - DUserFlushDeferredMessages : C:\Windows\system32\DUser.dll @ 0x740f0020
[EAT:Addr] (explorer.exe) authui.dll - DUserFlushMessages : C:\Windows\system32\DUser.dll @ 0x740f0096
[EAT:Addr] (explorer.exe) authui.dll - DUserGetAlphaPRID : C:\Windows\system32\DUser.dll @ 0x740f78fd
[EAT:Addr] (explorer.exe) authui.dll - DUserGetGutsData : C:\Windows\system32\DUser.dll @ 0x740fc7c9
[EAT:Addr] (explorer.exe) authui.dll - DUserGetRectPRID : C:\Windows\system32\DUser.dll @ 0x740f7908
[EAT:Addr] (explorer.exe) authui.dll - DUserGetRotatePRID : C:\Windows\system32\DUser.dll @ 0x740f7913
[EAT:Addr] (explorer.exe) authui.dll - DUserGetScalePRID : C:\Windows\system32\DUser.dll @ 0x740f791e
[EAT:Addr] (explorer.exe) authui.dll - DUserInstanceOf : C:\Windows\system32\DUser.dll @ 0x740fc735
[EAT:Addr] (explorer.exe) authui.dll - DUserPostEvent : C:\Windows\system32\DUser.dll @ 0x740e630f
[EAT:Addr] (explorer.exe) authui.dll - DUserPostMethod : C:\Windows\system32\DUser.dll @ 0x740fb639
[EAT:Addr] (explorer.exe) authui.dll - DUserRegisterGuts : C:\Windows\system32\DUser.dll @ 0x740ea5b1
[EAT:Addr] (explorer.exe) authui.dll - DUserRegisterStub : C:\Windows\system32\DUser.dll @ 0x740e9f93
[EAT:Addr] (explorer.exe) authui.dll - DUserRegisterSuper : C:\Windows\system32\DUser.dll @ 0x740eb046
[EAT:Addr] (explorer.exe) authui.dll - DUserSendEvent : C:\Windows\system32\DUser.dll @ 0x740e3258
[EAT:Addr] (explorer.exe) authui.dll - DUserSendMethod : C:\Windows\system32\DUser.dll @ 0x740fb5b0
[EAT:Addr] (explorer.exe) authui.dll - DUserStopAnimation : C:\Windows\system32\DUser.dll @ 0x740f84e4
[EAT:Addr] (explorer.exe) authui.dll - DeleteHandle : C:\Windows\system32\DUser.dll @ 0x740e3ef8
[EAT:Addr] (explorer.exe) authui.dll - DetachWndProc : C:\Windows\system32\DUser.dll @ 0x740e657d
[EAT:Addr] (explorer.exe) authui.dll - DllMain : C:\Windows\system32\DUser.dll @ 0x740e76f9
[EAT:Addr] (explorer.exe) authui.dll - DrawGadgetTree : C:\Windows\system32\DUser.dll @ 0x740fc646
[EAT:Addr] (explorer.exe) authui.dll - EndTransition : C:\Windows\system32\DUser.dll @ 0x740fca90
[EAT:Addr] (explorer.exe) authui.dll - EnumGadgets : C:\Windows\system32\DUser.dll @ 0x740fc30f
[EAT:Addr] (explorer.exe) authui.dll - FindGadgetFromPoint : C:\Windows\system32\DUser.dll @ 0x740e6da8
[EAT:Addr] (explorer.exe) authui.dll - FindGadgetMessages : C:\Windows\system32\DUser.dll @ 0x740fc19d
[EAT:Addr] (explorer.exe) authui.dll - FindStdColor : C:\Windows\system32\DUser.dll @ 0x740edc66
[EAT:Addr] (explorer.exe) authui.dll - FireGadgetMessages : C:\Windows\system32\DUser.dll @ 0x740fc06b
[EAT:Addr] (explorer.exe) authui.dll - ForwardGadgetMessage : C:\Windows\system32\DUser.dll @ 0x740f1cb5
[EAT:Addr] (explorer.exe) authui.dll - GetActionTimeslice : C:\Windows\system32\DUser.dll @ 0x740fcb05
[EAT:Addr] (explorer.exe) authui.dll - GetDebug : C:\Windows\system32\DUser.dll @ 0x740f705d
[EAT:Addr] (explorer.exe) authui.dll - GetGadget : C:\Windows\system32\DUser.dll @ 0x740fc527
[EAT:Addr] (explorer.exe) authui.dll - GetGadgetAnimation : C:\Windows\system32\DUser.dll @ 0x740e7083
[EAT:Addr] (explorer.exe) authui.dll - GetGadgetBufferInfo : C:\Windows\system32\DUser.dll @ 0x740f2d45
[EAT:Addr] (explorer.exe) authui.dll - GetGadgetCenterPoint : C:\Windows\system32\DUser.dll @ 0x740fbe6f
[EAT:Addr] (explorer.exe) authui.dll - GetGadgetFocus : C:\Windows\system32\DUser.dll @ 0x740ece28
[EAT:Addr] (explorer.exe) authui.dll - GetGadgetMessageFilter : C:\Windows\system32\DUser.dll @ 0x740fc5ba
[EAT:Addr] (explorer.exe) authui.dll - GetGadgetProperty : C:\Windows\system32\DUser.dll @ 0x740e7135
[EAT:Addr] (explorer.exe) authui.dll - GetGadgetRect : C:\Windows\system32\DUser.dll @ 0x740e2d8e
[EAT:Addr] (explorer.exe) authui.dll - GetGadgetRgn : C:\Windows\system32\DUser.dll @ 0x740e540a
[EAT:Addr] (explorer.exe) authui.dll - GetGadgetRootInfo : C:\Windows\system32\DUser.dll @ 0x740fbfbb
[EAT:Addr] (explorer.exe) authui.dll - GetGadgetRotation : C:\Windows\system32\DUser.dll @ 0x740fbd35
[EAT:Addr] (explorer.exe) authui.dll - GetGadgetScale : C:\Windows\system32\DUser.dll @ 0x740fbbe9
[EAT:Addr] (explorer.exe) authui.dll - GetGadgetSize : C:\Windows\system32\DUser.dll @ 0x740fc3ca
[EAT:Addr] (explorer.exe) authui.dll - GetGadgetStyle : C:\Windows\system32\DUser.dll @ 0x740f232c
[EAT:Addr] (explorer.exe) authui.dll - GetGadgetTicket : C:\Windows\system32\DUser.dll @ 0x740ec94f
[EAT:Addr] (explorer.exe) authui.dll - GetMessageExA : C:\Windows\system32\DUser.dll @ 0x740ef459
[EAT:Addr] (explorer.exe) authui.dll - GetMessageExW : C:\Windows\system32\DUser.dll @ 0x740fb6c3
[EAT:Addr] (explorer.exe) authui.dll - GetStdColorBrushF : C:\Windows\system32\DUser.dll @ 0x740fcbea
[EAT:Addr] (explorer.exe) authui.dll - GetStdColorBrushI : C:\Windows\system32\DUser.dll @ 0x740e2c3b
[EAT:Addr] (explorer.exe) authui.dll - GetStdColorF : C:\Windows\system32\DUser.dll @ 0x740fce45
[EAT:Addr] (explorer.exe) authui.dll - GetStdColorI : C:\Windows\system32\DUser.dll @ 0x740efaf7
[EAT:Addr] (explorer.exe) authui.dll - GetStdColorName : C:\Windows\system32\DUser.dll @ 0x740fcd46
[EAT:Addr] (explorer.exe) authui.dll - GetStdColorPenF : C:\Windows\system32\DUser.dll @ 0x740fccd2
[EAT:Addr] (explorer.exe) authui.dll - GetStdColorPenI : C:\Windows\system32\DUser.dll @ 0x740fcc5e
[EAT:Addr] (explorer.exe) authui.dll - GetStdPalette : C:\Windows\system32\DUser.dll @ 0x740fb82e
[EAT:Addr] (explorer.exe) authui.dll - GetTransitionInterface : C:\Windows\system32\DUser.dll @ 0x740fc933
[EAT:Addr] (explorer.exe) authui.dll - InitGadgetComponent : C:\Windows\system32\DUser.dll @ 0x740fb8be
[EAT:Addr] (explorer.exe) authui.dll - InitGadgets : C:\Windows\system32\DUser.dll @ 0x740ee373
[EAT:Addr] (explorer.exe) authui.dll - InvalidateGadget : C:\Windows\system32\DUser.dll @ 0x740e3de5
[EAT:Addr] (explorer.exe) authui.dll - IsGadgetParentChainStyle : C:\Windows\system32\DUser.dll @ 0x740fba7f
[EAT:Addr] (explorer.exe) authui.dll - IsInsideContext : C:\Windows\system32\DUser.dll @ 0x740fb56c
[EAT:Addr] (explorer.exe) authui.dll - IsStartDelete : C:\Windows\system32\DUser.dll @ 0x740f121d
[EAT:Addr] (explorer.exe) authui.dll - LookupGadgetTicket : C:\Windows\system32\DUser.dll @ 0x740fcdbc
[EAT:Addr] (explorer.exe) authui.dll - MapGadgetPoints : C:\Windows\system32\DUser.dll @ 0x740f3861
[EAT:Addr] (explorer.exe) authui.dll - PeekMessageExA : C:\Windows\system32\DUser.dll @ 0x740fb710
[EAT:Addr] (explorer.exe) authui.dll - PeekMessageExW : C:\Windows\system32\DUser.dll @ 0x740fb75e
[EAT:Addr] (explorer.exe) authui.dll - PlayTransition : C:\Windows\system32\DUser.dll @ 0x740fc8b0
[EAT:Addr] (explorer.exe) authui.dll - PrintTransition : C:\Windows\system32\DUser.dll @ 0x740fca1c
[EAT:Addr] (explorer.exe) authui.dll - RegisterGadgetMessage : C:\Windows\system32\DUser.dll @ 0x740e7ba3
[EAT:Addr] (explorer.exe) authui.dll - RegisterGadgetMessageString : C:\Windows\system32\DUser.dll @ 0x740fc149
[EAT:Addr] (explorer.exe) authui.dll - RegisterGadgetProperty : C:\Windows\system32\DUser.dll @ 0x740e7d5d
[EAT:Addr] (explorer.exe) authui.dll - RemoveGadgetMessageHandler : C:\Windows\system32\DUser.dll @ 0x740fc21a
[EAT:Addr] (explorer.exe) authui.dll - RemoveGadgetProperty : C:\Windows\system32\DUser.dll @ 0x740f0dee
[EAT:Addr] (explorer.exe) authui.dll - SetActionTimeslice : C:\Windows\system32\DUser.dll @ 0x740fcb82
[EAT:Addr] (explorer.exe) authui.dll - SetGadgetBufferInfo : C:\Windows\system32\DUser.dll @ 0x740f2c09
[EAT:Addr] (explorer.exe) authui.dll - SetGadgetCenterPoint : C:\Windows\system32\DUser.dll @ 0x740fbf0a
[EAT:Addr] (explorer.exe) authui.dll - SetGadgetFillF : C:\Windows\system32\DUser.dll @ 0x740fbb47
[EAT:Addr] (explorer.exe) authui.dll - SetGadgetFillI : C:\Windows\system32\DUser.dll @ 0x740f2149
[EAT:Addr] (explorer.exe) authui.dll - SetGadgetFocus : C:\Windows\system32\DUser.dll @ 0x740ecebb
[EAT:Addr] (explorer.exe) authui.dll - SetGadgetFocusEx : C:\Windows\system32\DUser.dll @ 0x740f3188
[EAT:Addr] (explorer.exe) authui.dll - SetGadgetMessageFilter : C:\Windows\system32\DUser.dll @ 0x740e5a70
[EAT:Addr] (explorer.exe) authui.dll - SetGadgetOrder : C:\Windows\system32\DUser.dll @ 0x740fc45d
[EAT:Addr] (explorer.exe) authui.dll - SetGadgetParent : C:\Windows\system32\DUser.dll @ 0x740e55f8
[EAT:Addr] (explorer.exe) authui.dll - SetGadgetProperty : C:\Windows\system32\DUser.dll @ 0x740f1284
[EAT:Addr] (explorer.exe) authui.dll - SetGadgetRect : C:\Windows\system32\DUser.dll @ 0x740e5305
[EAT:Addr] (explorer.exe) authui.dll - SetGadgetRootInfo : C:\Windows\system32\DUser.dll @ 0x740ee857
[EAT:Addr] (explorer.exe) authui.dll - SetGadgetRotation : C:\Windows\system32\DUser.dll @ 0x740fbdc9
[EAT:Addr] (explorer.exe) authui.dll - SetGadgetScale : C:\Windows\system32\DUser.dll @ 0x740fbc84
[EAT:Addr] (explorer.exe) authui.dll - SetGadgetStyle : C:\Windows\system32\DUser.dll @ 0x740e4c48
[EAT:Addr] (explorer.exe) authui.dll - UninitGadgetComponent : C:\Windows\system32\DUser.dll @ 0x740fb93f
[EAT:Addr] (explorer.exe) authui.dll - UnregisterGadgetMessage : C:\Windows\system32\DUser.dll @ 0x740fc171
[EAT:Addr] (explorer.exe) authui.dll - UnregisterGadgetMessageString : C:\Windows\system32\DUser.dll @ 0x740fc149
[EAT:Addr] (explorer.exe) authui.dll - UnregisterGadgetProperty : C:\Windows\system32\DUser.dll @ 0x740fc2e3
[EAT:Addr] (explorer.exe) authui.dll - UtilBuildFont : C:\Windows\system32\DUser.dll @ 0x740fb83a
[EAT:Addr] (explorer.exe) authui.dll - UtilDrawBlendRect : C:\Windows\system32\DUser.dll @ 0x740fb84a
[EAT:Addr] (explorer.exe) authui.dll - UtilDrawOutlineRect : C:\Windows\system32\DUser.dll @ 0x740fb85a
[EAT:Addr] (explorer.exe) authui.dll - UtilGetColor : C:\Windows\system32\DUser.dll @ 0x740fb86a
[EAT:Addr] (explorer.exe) authui.dll - UtilSetBackground : C:\Windows\system32\DUser.dll @ 0x740fcd78
[EAT:Addr] (explorer.exe) authui.dll - WaitMessageEx : C:\Windows\system32\DUser.dll @ 0x740fb7ac

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST9200827AS ATA Device +++++
--- User ---
[MBR] 010904ec780088feca09b854e6962c90
[BSP] f6968936683b8f47b3d1f10c0309309d : HP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 181200 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 371099648 | Size: 9578 MB
User = LL1 ... OK
User = LL2 ... OK



#30 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:03:08 AM

Posted 06 June 2014 - 09:06 AM

--Rogue Killer--

  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • Select all of the Registry entries
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close Rogue Killer

-------------------


WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users