Jump to content

Malwarebytes

Infected... Please help

- - - - -
Started by LloydP, Feb 25 2012 10:58 PM
Olmarick Win/32 infected CD drive missing Multiple Infection regedit failure command prompt not working system failure Blue screen of death svhost infected Please HELP

50 replies to this topic

#1
LloydP
Posted 25 February 2012 - 10:58 PM

    New Member

  • Members
  • Pip
  • 36 posts
  • Gender:Male
  • Location:USA
  • Interests:Everything n Anything
Hello again, I was finally able to run a quick scan without my computer shutting down prematurely... here are the results, Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 912020103

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421

2/25/2012 9:44:13 PM
mbam-log-2012-02-25 (21-43-46).txt

Scan type: Quick scan
Objects scanned: 189662
Time elapsed: 14 minute(s), 35 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 4
Registry Values Infected: 3
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
c:\Windows\System32\config\systemprofile\AppData\Roaming\Adobe\sp.DLL (TrojanProxy.Agent) -> No action taken.

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{96AFBE69-C3B0-4b00-8578-D933D2896EE2} (TrojanProxy.Agent) -> No action taken.
HKEY_CLASSES_ROOT\sp (TrojanProxy.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\sp (TrojanProxy.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SPService (TrojanProxy.Agent) -> No action taken.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{96AFBE69-C3B0-4B00-8578-D933D2896EE2} (TrojanProxy.Agent) -> Value: {96AFBE69-C3B0-4B00-8578-D933D2896EE2} -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{96AFBE69-C3B0-4b00-8578-D933D2896EE2} (TrojanProxy.Agent) -> Value: {96AFBE69-C3B0-4b00-8578-D933D2896EE2} -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\netsvc (TrojanProxy.Agent) -> Value: netsvc -> No action taken.

Registry Data Items Infected:
HKEY_CLASSES_ROOT\.exe\(default) (PUM.HijackExefiles) -> Bad: (uy) Good: (exefile) -> No action taken.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Windows\System32\config\systemprofile\AppData\Roaming\Adobe\sp.DLL (TrojanProxy.Agent) -> No action taken........next DDS:.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_24
Run by Owner at 22:31:31 on 2012-02-25
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1918.832 [GMT -5:00]
.
AV: ESET NOD32 Antivirus 5.0 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET NOD32 Antivirus 5.0 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\rundll32.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\CAPM5RSK.EXE
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\HPSIsvc.exe
C:\Program Files\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\spool\DRIVERS\W32X86\3\HP1006MC.EXE
C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
C:\Windows\system32\spool\drivers\w32x86\3\CAPM5SWK.EXE
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k netsvc
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
\\?\C:\Windows\system32\wbem\WMIADAP.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
mRun: [OnScreenDisplay] c:\program files\hewlett-packard\hp quicktouch\HPKBDAPP.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [HP CP1020 System Tray] "c:\program files\hp\hp laserjet professional cp1020 series\HPCP1020STRAY.EXE"
mRun: [InCD] c:\program files\nero 7\incd\InCD.exe
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
uPolicies-explorer: HideSCAHealth = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
dPolicies-explorer: HideSCAHealth = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
LSP: mswsock.dll
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab
TCP: DhcpNameServer = 192.168.42.129
TCP: Interfaces\{1B0EB495-034A-4B74-AA50-B2A5754FD25B} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{1E48C00F-C9FA-4418-9AA0-C60DED99145E} : DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
TCP: Interfaces\{22D381DF-A7C2-4F0D-BC3E-CEA0A26AEFFC} : DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
TCP: Interfaces\{26BB1B3C-DC0F-43AA-AF85-6B4A66FF4406} : DhcpNameServer = 192.168.42.129
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\owner\appdata\roaming\mozilla\firefox\profiles\cb370nv0.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z016&form=ZGAADF&q=
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60310.0\npctrlui.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npOGAPlugin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPTURNMED.dll
FF - plugin: c:\program files\nos\bin\np_gp.dll
FF - plugin: c:\program files\research in motion limited\blackberry app world browser plugin\npappworld.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - plugin: c:\program files\wildtangent games\app\browserintegration\registered\0\NP_wtapp.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\owner\appdata\local\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\users\owner\appdata\roaming\mozilla\firefox\profiles\cb370nv0.default\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}\plugins\npAclmPlugin.dll
FF - plugin: c:\users\owner\appdata\roaming\mozilla\firefox\profiles\cb370nv0.default\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}\plugins\npProductDetectPlugin.dll
FF - plugin: c:\users\owner\appdata\roaming\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\owner\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-7-11 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-9-13 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-10-7 230608]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-8-8 40016]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-7-11 295248]
R1 NEOFLTR_700_17289;Juniper Networks TDI Filter Driver (NEOFLTR_700_17289);c:\windows\system32\drivers\NEOFLTR_700_17289.SYS [2011-3-17 84336]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2011-6-6 64952]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\AVGIDSAgent.exe [2011-10-12 4433248]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-4-28 21504]
R2 HPSIService;HP SI Service;c:\windows\system32\HPSIsvc.exe [2011-11-28 94208]
R2 SPService;SPService;c:\windows\system32\svchost.exe -k netsvc [2008-4-28 21504]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-7-11 134736]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-7-11 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-10-4 16720]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-8-14 136176]
S2 RapidPortM5;RapidPortM5;c:\windows\system32\drivers\CAPM5LP.SYS [2011-2-18 23232]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2009-10-21 54632]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864]
S3 GamesAppService;GamesAppService;c:\program files\wildtangent games\app\GamesAppService.exe [2010-10-12 206072]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-8-14 136176]
S3 RTL8187;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187.sys [2008-6-27 335872]
S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2008-4-28 16896]
.
=============== File Associations ===============
.
.exe=uy
.
=============== Created Last 30 ================
.
2012-02-26 01:48:41 0 --sha-w- c:\windows\system32\dds_trash_log.cmd
2012-02-26 01:40:50 -------- d-----w- c:\programdata\Faronics
2012-02-01 13:37:38 -------- d-----w- c:\users\owner\appdata\roaming\AVG2012
2012-02-01 13:28:02 -------- d-----w- c:\programdata\AVG2012
2012-02-01 13:09:27 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-02-01 13:09:22 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-01 13:09:22 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
.
==================== Find3M ====================
.
2011-12-09 01:41:53 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
============= FINISH: 22:32:02.00 ===============...... ...next Attach:.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 12/13/2007 4:15:15 AM
System Uptime: 2/25/2012 9:21:10 PM (1 hours ago)
.
Motherboard: Wistron | | 30D6
Processor: AMD Turion™ 64 X2 TL-58 | Socket A | 1900/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 137 GiB total, 19.557 GiB free.
D: is FIXED (NTFS) - 12 GiB total, 1.845 GiB free.
F: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {36fc9e60-c465-11cf-8056-444553540000}
Description: USB Mass Storage Device
Device ID: USB\VID_0BB4&PID_0C91&MI_00\6&1625CEA6&0&0000
Manufacturer: Compatible USB storage device
Name: USB Mass Storage Device
PNP Device ID: USB\VID_0BB4&PID_0C91&MI_00\6&1625CEA6&0&0000
Service: USBSTOR
.
Class GUID:
Description: Android Phone
Device ID: USB\VID_0BB4&PID_0C91&MI_01\6&1625CEA6&0&0001
Manufacturer:
Name: Android Phone
PNP Device ID: USB\VID_0BB4&PID_0C91&MI_01\6&1625CEA6&0&0001
Service:
.
==== System Restore Points ===================
.
RP643: 11/17/2011 9:29:48 PM - Scheduled Checkpoint
RP644: 11/21/2011 9:26:18 PM - Scheduled Checkpoint
RP645: 11/28/2011 9:19:16 PM - Device Driver Package Install: Hewlett-Packard Printers
RP646: 11/28/2011 9:22:07 PM - Device Driver Package Install: Hewlett-Packard Printers
RP647: 11/28/2011 9:23:09 PM - Device Driver Package Install: Hewlett-Packard Printers
RP648: 11/28/2011 9:24:47 PM - Device Driver Package Install: Hewlett-Packard Printers
RP649: 11/28/2011 9:25:35 PM - Device Driver Package Install: Hewlett-Packard Universal Serial Bus controllers
RP650: 11/28/2011 9:26:12 PM - Device Driver Package Install: Hewlett-Packard Universal Serial Bus controllers
RP651: 12/14/2011 9:41:47 AM - Scheduled Checkpoint
RP652: 12/15/2011 10:41:26 AM - Scheduled Checkpoint
RP653: 12/26/2011 1:56:28 PM - Installed LG United Mobile Driver
RP654: 1/24/2012 11:03:39 AM - Installed HiJackThis
RP655: 1/24/2012 2:28:14 PM - Installed Driver Manager.
RP656: 1/24/2012 2:54:06 PM - Removed Driver Manager.
RP657: 1/25/2012 8:11:00 AM - Windows Update
RP658: 1/25/2012 10:18:35 AM - Installed HP Product Detection
RP659: 1/25/2012 10:19:01 AM - Installed Hewlett-Packard ACLM.NET v1.1.0.0.
RP660: 1/25/2012 11:01:01 AM - Installed GEAR driver installer 4.019
RP661: 1/25/2012 2:06:02 PM - before running eset scan
.
==== Installed Programs ======================
.
32 Bit HP CIO Components Installer
7-Zip 4.62
Adobe AIR
Adobe Anchor Service CS4
Adobe Bridge CS4
Adobe CMaps CS4
Adobe Color - Photoshop Specific CS4
Adobe Color EU Extra Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Recommended Settings CS4
Adobe Color Video Profiles CS CS4
Adobe CSI CS4
Adobe Default Language CS4
Adobe ExtendScript Toolkit CS4
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Fonts All
Adobe Linguistics CS4
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Photoshop CS4
Adobe Photoshop CS4 Support
Adobe Reader X (10.1.0)
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe Shockwave Player
Adobe Shockwave Player 11.5
Adobe Type Support CS4
Adobe Update Manager CS4
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS4
AdobeColorCommonSetCMYK
AdobeColorCommonSetRGB
AIM 6
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Ares 2.1.1
AVG 2012
BlackBerry App World Browser Plugin
BlackBerry Desktop Software 6.0.1
Bonjour
Broadcom 802.11 Wireless LAN Adapter
Brother MFL-Pro Suite MFC-5890CN
Canon iC D800
CCleaner
Compatibility Pack for the 2007 Office system
Conexant HD Audio
Connect
CyberLink YouCam
DivX Setup
doPDF 6.1 printer
DVD Shrink 3.2
DVD Suite
ESU for Microsoft Vista
FileZilla Client 3.1.6
Free Burning Studio 1.0.9.9
Free MP3 WMA OGG Converter 8.2.5
GEAR driver installer 4.019
GIMP 2.4.5
Google Earth Plug-in
Google Talk Plugin
Google Update Helper
HamsterFreeVideoConverter
HDAUDIO Soft Data Fax Modem with SmartCP
Hewlett-Packard ACLM.NET v1.1.0.0
Hewlett-Packard Active Check
Hewlett-Packard Asset Agent for Health Check
HiJackThis
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Active Support Library
HP Customer Experience Enhancements
HP Deskjet 1050 J410 series Basic Device Software
HP Deskjet 1050 J410 series Help
HP Doc Viewer
HP Easy Setup - Frontend
HP Help and Support
HP Product Detection
HP Quick Launch Buttons 6.40 B2
HP QuickPlay 3.6
HP QuickTouch 1.00 C4
HP Smart Web Printing
HP Total Care Advisor
HP Update
HP User Guides 0090
HP Wireless Assistant
HPNetworkAssistant
iTunes
J2SE Runtime Environment 5.0 Update 6
Java Auto Updater
Java™ 6 Update 2
Java™ 6 Update 24
Java™ 6 Update 3
Java™ 6 Update 5
Java™ 6 Update 7
Juniper Networks Host Checker
Juniper Networks Secure Application Manager
Juniper Networks Setup Client
Juniper Networks Setup Client Activex Control
Junk Mail filter update
kuler
LabelPrint
LG United Mobile Driver
LightScribe System Software 1.10.19.1
Magic ISO Maker v5.5 (build 0273)
MagicDisc 2.7.105
Malwarebytes' Anti-Malware
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Expression Web
Microsoft Expression Web MUI (English)
Microsoft Expression Web Service Pack 1 (SP1)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office Live Add-in 1.4
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)
Microsoft Office Word MUI (English) 2007
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Works
Mozilla Firefox 4.0 (x86 en-US)
Mozilla Thunderbird (2.0.0.9)
MP3 To Ringtone Gold 3.50
MSCU for Microsoft Vista
MSVCRT
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
muvee autoProducer 6.1
My HP Games
Nero 7 Ultra Edition
neroxml
NetWaiting
NVIDIA Drivers
OGA Notifier 2.0.0048.0
PDF Settings CS4
Photoshop Camera Raw
Power2Go
PowerDirector
QuickPlay SlingPlayer 0.4.6
QuickTime
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.52.02
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2289158)
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB978380)
Security Update for Microsoft Office Excel 2007 (KB978382)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Skype™ 3.6
Spotify
Suite Shared Configuration CS4
Super Mario Forever
TBS WMP Plug-in
Touch Pad Driver
Uninstall Digital Binoculars Driver
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office InfoPath 2007 (KB976416)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update Installer for WildTangent Games App
VC 9.0 Runtime
VC80CRTRedist - 8.0.50727.4053
Viewpoint Media Player
VLC media player 1.0.1
WeatherBug Gadget
WildTangent Games App (HP Games)
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live OneCare safety scanner
Windows Live Photo Gallery
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
Windows Mobile Device Center
.
==== End Of File ===========================.... I know i havent explained much in this post, but i am happy in the least bit that i was able to even get and post these logs... if you could search for my last topic you could see what i was going through just to get this far, i believe it was back in january that i began trying to clean this laptop of mine :-(... ... anyone that can help me please i'd greatly appreciate it, as i am sad that i am not able to use my laptop how and when i want to

#2
LDTate
Posted 27 February 2012 - 05:31 PM

    Forum Deity

  • Moderators
  • PipPipPipPipPipPip
  • 20,118 posts
  • Gender:Male
  • Location:Missouri, USA
:welcome:

Whether you wish to continue with cleaning or not, you should be aware that you may have been infected by a backdoor trojan. This type of program has the ability to steal passwords and other information from your system. If you are using your computer for sensitive purposes such as internet banking then I recommend you take the following steps immediately:
  • Use another, uninfected computer to change all your internet passwords, especially ones with financial implications such as banks, paypal, ebay, etc. You should also change the passwords for any other site you use.
  • Call your bank(s), credit card company or any other institution which may be affected and advise them that your login/password or credit card information may have been stolen and ask what steps to take with regard to your account.
  • Consider what other private information could possibly have been taken from your computer and take appropriate steps
  • Removing this infection can also disable the ability to connect to the internet.
This infection can almost certainly be cleaned, but as the malware could be configured to run any program a remote attacker requires, it will be impossible to be 100% sure that the machine is clean, if this is unacceptable to you then you should consider reformatting the system partition and reinstalling Windows as this is the only 100% sure answer.

Please post back to let me know how you wish to proceed.

Did you select to remove those that MBAM found?


Larry Tate
Consumer Support Specialist

Posted Image

Follow us: Twitter, Become a fan: Facebook

#3
LloydP
Posted 28 February 2012 - 07:41 AM

    New Member

  • Members
  • Pip
  • 36 posts
  • Gender:Male
  • Location:USA
  • Interests:Everything n Anything

View PostLDTate, on 27 February 2012 - 05:31 PM, said:

  • Removing this infection can also disable the ability to connect to the internet.

Did you select to remove those that MBAM found?

1st Thank you again for responding,

& 2nd Yes, i would Love to proceed with removing this virus... and to answer the question above; I did not chose to remove those that MBAM found, I wanted to wait on a direct solution so as not to disturb the virus and give it the ability to move somewhere else.. And question, will i be able to restore the internet connection after alls said n done?, or internet's ca-putz for good?


#4
LDTate
Posted 28 February 2012 - 07:47 AM

    Forum Deity

  • Moderators
  • PipPipPipPipPipPip
  • 20,118 posts
  • Gender:Male
  • Location:Missouri, USA
Run MBAM again and fix what it finds.

After that:

Download TDSSKiller from here and save it to your Desktop.

Note: if the Cure option is not there, please select 'Skip'.

Please read carefully and follow these steps.

  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    Posted Image

  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    Posted Image

  • Click the Start Scan button.

    Posted Image

  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image

  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

    Posted Image

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.


Larry Tate
Consumer Support Specialist

Posted Image

Follow us: Twitter, Become a fan: Facebook

#5
LloydP
Posted 28 February 2012 - 09:13 AM

    New Member

  • Members
  • Pip
  • 36 posts
  • Gender:Male
  • Location:USA
  • Interests:Everything n Anything
Wow, Thank you for the quick response yet again... I have just finished completing what you posted and here are the results of tdsskiller:

08:58:37.0211 5860 TDSS rootkit removing tool 2.7.15.0 Feb 27 2012 12:59:02
08:58:38.0188 5860 ============================================================
08:58:38.0189 5860 Current date / time: 2012/02/28 08:58:38.0188
08:58:38.0189 5860 SystemInfo:
08:58:38.0189 5860
08:58:38.0189 5860 OS Version: 6.0.6002 ServicePack: 2.0
08:58:38.0189 5860 Product type: Workstation
08:58:38.0189 5860 ComputerName: LSLAPPY
08:58:38.0214 5860 UserName: Owner
08:58:38.0214 5860 Windows directory: C:\Windows
08:58:38.0214 5860 System windows directory: C:\Windows
08:58:38.0214 5860 Processor architecture: Intel x86
08:58:38.0214 5860 Number of processors: 2
08:58:38.0214 5860 Page size: 0x1000
08:58:38.0214 5860 Boot type: Normal boot
08:58:38.0214 5860 ============================================================
08:58:53.0326 5860 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
08:58:53.0926 5860 \Device\Harddisk0\DR0:
08:58:53.0948 5860 MBR used
08:58:53.0948 5860 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1123D9D0
08:58:53.0948 5860 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1123DEEC, BlocksNum 0x17DABD5
08:58:56.0511 5860 Initialize success
08:58:56.0511 5860 ============================================================
08:59:10.0503 2324 ============================================================
08:59:10.0503 2324 Scan started
08:59:10.0503 2324 Mode: Manual; SigCheck; TDLFS;
08:59:10.0503 2324 ============================================================
08:59:23.0235 2324 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
08:59:24.0234 2324 ACPI - ok
08:59:26.0462 2324 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
08:59:27.0122 2324 adp94xx - ok
08:59:29.0338 2324 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
08:59:29.0481 2324 adpahci - ok
08:59:30.0344 2324 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
08:59:30.0580 2324 adpu160m - ok
08:59:31.0271 2324 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
08:59:31.0318 2324 adpu320 - ok
08:59:32.0644 2324 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys
08:59:35.0113 2324 AFD - ok
08:59:36.0810 2324 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
08:59:36.0888 2324 agp440 - ok
08:59:38.0134 2324 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
08:59:38.0205 2324 aic78xx - ok
08:59:39.0660 2324 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
08:59:39.0741 2324 aliide - ok
08:59:40.0794 2324 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
08:59:40.0829 2324 amdagp - ok
08:59:42.0017 2324 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
08:59:42.0239 2324 amdide - ok
08:59:43.0772 2324 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
09:00:01.0461 2324 AmdK7 - ok
09:00:02.0552 2324 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\DRIVERS\amdk8.sys
09:00:05.0400 2324 AmdK8 - ok
09:00:06.0567 2324 ApfiltrService (edbd73ccf2ef7de8bd119036d85d1487) C:\Windows\system32\DRIVERS\Apfiltr.sys
09:00:07.0343 2324 ApfiltrService - ok
09:00:08.0938 2324 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
09:00:09.0260 2324 arc - ok
09:00:10.0622 2324 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
09:00:10.0676 2324 arcsas - ok
09:00:11.0596 2324 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
09:00:11.0731 2324 AsyncMac - ok
09:00:11.0977 2324 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
09:00:12.0093 2324 atapi - ok
09:00:13.0986 2324 AVGIDSDriver (4cbb56fbc9c0cbc517e6e3a6889ebddc) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
09:00:14.0305 2324 AVGIDSDriver - ok
09:00:15.0206 2324 AVGIDSEH (459bce188232e2fe6152423efef65d76) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
09:00:15.0313 2324 AVGIDSEH - ok
09:00:16.0441 2324 AVGIDSFilter (91d9abe7e88eac7c167cba4ed4d983bf) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
09:00:16.0571 2324 AVGIDSFilter - ok
09:00:17.0664 2324 AVGIDSShim (3fc2714e185c04308215d46730d41a94) C:\Windows\system32\DRIVERS\AVGIDSShim.Sys
09:00:21.0905 2324 AVGIDSShim - ok
09:00:22.0970 2324 Avgldx86 (bf8118cd5e2255387b715b534d64acd1) C:\Windows\system32\DRIVERS\avgldx86.sys
09:00:23.0263 2324 Avgldx86 - ok
09:00:23.0672 2324 Avgmfx86 (1c77ef67f196466adc9924cb288afe87) C:\Windows\system32\DRIVERS\avgmfx86.sys
09:00:23.0728 2324 Avgmfx86 - ok
09:00:24.0661 2324 Avgrkx86 (f2038ed7284b79dcef581468121192a9) C:\Windows\system32\DRIVERS\avgrkx86.sys
09:00:24.0746 2324 Avgrkx86 - ok
09:00:25.0814 2324 Avgtdix (a6d562b612216d8d02a35ebeb92366bd) C:\Windows\system32\DRIVERS\avgtdix.sys
09:00:25.0956 2324 Avgtdix - ok
09:00:26.0934 2324 BCM43XV (34a0a6386256080f52c74076c6157026) C:\Windows\system32\DRIVERS\bcmwl6.sys
09:00:28.0116 2324 BCM43XV - ok
09:00:28.0471 2324 BCM43XX (34a0a6386256080f52c74076c6157026) C:\Windows\system32\DRIVERS\bcmwl6.sys
09:00:28.0609 2324 BCM43XX - ok
09:00:29.0585 2324 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
09:00:29.0736 2324 Beep - ok
09:00:30.0156 2324 blbdrive - ok
09:00:30.0281 2324 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
09:00:30.0391 2324 bowser - ok
09:00:30.0813 2324 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
09:00:31.0031 2324 BrFiltLo - ok
09:00:31.0476 2324 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
09:00:31.0597 2324 BrFiltUp - ok
09:00:31.0974 2324 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
09:00:32.0199 2324 Brserid - ok
09:00:32.0900 2324 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
09:00:33.0092 2324 BrSerWdm - ok
09:00:34.0554 2324 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
09:00:35.0311 2324 BrUsbMdm - ok
09:00:35.0756 2324 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
09:00:36.0207 2324 BrUsbSer - ok
09:00:37.0173 2324 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
09:00:37.0690 2324 BTHMODEM - ok
09:00:38.0115 2324 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
09:00:38.0339 2324 cdfs - ok
09:00:38.0910 2324 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
09:00:39.0070 2324 cdrom - ok
09:00:39.0668 2324 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
09:00:39.0923 2324 circlass - ok
09:00:40.0932 2324 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
09:00:41.0063 2324 CLFS - ok
09:00:41.0534 2324 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
09:00:41.0633 2324 CmBatt - ok
09:00:42.0149 2324 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
09:00:42.0240 2324 cmdide - ok
09:00:42.0596 2324 CnxtHdAudService (b6e7991e3d6146c04c85cd31af22a381) C:\Windows\system32\drivers\CHDRT32.sys
09:00:42.0810 2324 CnxtHdAudService - ok
09:00:43.0462 2324 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
09:00:43.0518 2324 Compbatt - ok
09:00:44.0230 2324 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
09:00:44.0279 2324 crcdisk - ok
09:00:45.0137 2324 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
09:00:45.0297 2324 Crusoe - ok
09:00:46.0143 2324 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys
09:00:46.0391 2324 DfsC - ok
09:00:47.0180 2324 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
09:00:53.0153 2324 disk - ok
09:00:53.0954 2324 dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
09:00:54.0080 2324 dot4 - ok
09:00:55.0382 2324 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
09:00:55.0424 2324 Dot4Print - ok
09:00:56.0322 2324 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
09:00:56.0503 2324 dot4usb - ok
09:00:57.0594 2324 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
09:00:57.0696 2324 drmkaud - ok
09:00:58.0697 2324 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
09:00:58.0968 2324 DXGKrnl - ok
09:00:59.0675 2324 E100B (c0b00e55cf82d122d25983c7a6a53dea) C:\Windows\system32\DRIVERS\e100b325.sys
09:01:00.0107 2324 E100B - ok
09:01:00.0858 2324 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
09:01:01.0094 2324 E1G60 - ok
09:01:01.0646 2324 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
09:01:01.0778 2324 Ecache - ok
09:01:02.0385 2324 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
09:01:02.0444 2324 elxstor - ok
09:01:02.0981 2324 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
09:01:03.0143 2324 exfat - ok
09:01:03.0439 2324 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
09:01:03.0573 2324 fastfat - ok
09:01:04.0126 2324 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
09:01:04.0362 2324 fdc - ok
09:01:04.0713 2324 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
09:01:04.0922 2324 FileInfo - ok
09:01:05.0141 2324 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
09:01:05.0311 2324 Filetrace - ok
09:01:06.0481 2324 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
09:01:06.0709 2324 flpydisk - ok
09:01:06.0914 2324 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
09:01:06.0958 2324 FltMgr - ok
09:01:07.0365 2324 fssfltr (b74b0578fd1d3f897e95f2a2b69ea051) C:\Windows\system32\DRIVERS\fssfltr.sys
09:01:07.0399 2324 fssfltr - ok
09:01:07.0556 2324 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
09:01:07.0737 2324 Fs_Rec - ok
09:01:08.0261 2324 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
09:01:08.0305 2324 gagp30kx - ok
09:01:08.0512 2324 GEARAspiWDM (5ae3a887ece5bbb72cfab273c2fd1cfa) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
09:01:08.0562 2324 GEARAspiWDM - ok
09:01:08.0679 2324 HBtnKey (93aee3434935fc2f805fefd8dc5ed1b4) C:\Windows\system32\DRIVERS\cpqbttn.sys
09:01:08.0709 2324 HBtnKey - ok
09:01:08.0858 2324 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
09:01:09.0034 2324 HdAudAddService - ok
09:01:09.0293 2324 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
09:01:09.0406 2324 HDAudBus - ok
09:01:09.0751 2324 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
09:01:09.0856 2324 HidBth - ok
09:01:09.0957 2324 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
09:01:10.0037 2324 HidIr - ok
09:01:10.0219 2324 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
09:01:10.0289 2324 HidUsb - ok
09:01:10.0513 2324 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
09:01:10.0539 2324 HpCISSs - ok
09:01:10.0606 2324 HpqKbFiltr (35956140e686d53bf676cf0c778880fc) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
09:01:10.0655 2324 HpqKbFiltr - ok
09:01:10.0827 2324 HpqRemHid (115c0933b3ed51dfbec4449348c8065b) C:\Windows\system32\DRIVERS\HpqRemHid.sys
09:01:10.0914 2324 HpqRemHid - ok
09:01:11.0099 2324 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
09:01:11.0198 2324 HSFHWAZL - ok
09:01:11.0698 2324 HSF_DPV (1882827f41dee51c70e24c567c35bfb5) C:\Windows\system32\DRIVERS\HSX_DPV.sys
09:01:13.0312 2324 HSF_DPV - ok
09:01:13.0491 2324 HSXHWAZL (a44ddf3ba83e4664bf4de9220097578c) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
09:01:13.0520 2324 HSXHWAZL - ok
09:01:13.0612 2324 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
09:01:13.0681 2324 HTTP - ok
09:01:13.0824 2324 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
09:01:13.0856 2324 i2omp - ok
09:01:13.0966 2324 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
09:01:14.0033 2324 i8042prt - ok
09:01:14.0186 2324 ialm (496db78e6a0c4c44023d9a92b4a7ac31) C:\Windows\system32\DRIVERS\igdkmd32.sys
09:01:14.0331 2324 ialm - ok
09:01:14.0867 2324 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
09:01:14.0894 2324 iaStorV - ok
09:01:15.0006 2324 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
09:01:15.0095 2324 iirsp - ok
09:01:15.0174 2324 InCDfs (580a81790cd0a48d85da322267da7ac4) C:\Windows\system32\drivers\InCDFs.sys
09:01:15.0201 2324 InCDfs - ok
09:01:15.0249 2324 InCDPass (aaa2789d2ce21b31be9406ba1ceb7285) C:\Windows\system32\drivers\InCDPass.sys
09:01:15.0261 2324 InCDPass - ok
09:01:15.0279 2324 InCDrec (4d022577e9072b5d22e0a383a7806bbb) C:\Windows\system32\drivers\InCDrec.sys
09:01:15.0292 2324 InCDrec - ok
09:01:15.0343 2324 incdrm (c258e57321a3c3737f4fa815fa69ee0b) C:\Windows\system32\drivers\InCDRm.sys
09:01:15.0374 2324 incdrm - ok
09:01:15.0610 2324 intelide (97469037714070e45194ed318d636401) C:\Windows\system32\drivers\intelide.sys
09:01:15.0631 2324 intelide - ok
09:01:15.0711 2324 intelppm (ce44cc04262f28216dd4341e9e36a16f) C:\Windows\system32\DRIVERS\intelppm.sys
09:01:15.0811 2324 intelppm - ok
09:01:15.0904 2324 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
09:01:15.0968 2324 IpFilterDriver - ok
09:01:16.0032 2324 IpInIp - ok
09:01:16.0125 2324 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
09:01:16.0194 2324 IPMIDRV - ok
09:01:16.0329 2324 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
09:01:16.0370 2324 IPNAT - ok
09:01:16.0789 2324 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
09:01:16.0872 2324 IRENUM - ok
09:01:17.0017 2324 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
09:01:17.0060 2324 isapnp - ok
09:01:17.0128 2324 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
09:01:17.0148 2324 iScsiPrt - ok
09:01:17.0182 2324 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
09:01:17.0201 2324 iteatapi - ok
09:01:17.0347 2324 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
09:01:17.0369 2324 iteraid - ok
09:01:17.0437 2324 JL2005C (4974d83c18642355c00287286cf33939) C:\Windows\system32\Drivers\jl2005c.sys
09:01:17.0513 2324 JL2005C ( UnsignedFile.Multi.Generic ) - warning
09:01:17.0513 2324 JL2005C - detected UnsignedFile.Multi.Generic (1)
09:01:17.0611 2324 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
09:01:17.0626 2324 kbdclass - ok
09:01:17.0764 2324 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
09:01:17.0816 2324 kbdhid - ok
09:01:18.0069 2324 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
09:01:18.0180 2324 KSecDD - ok
09:01:18.0367 2324 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
09:01:18.0447 2324 lltdio - ok
09:01:18.0573 2324 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
09:01:18.0635 2324 LSI_FC - ok
09:01:18.0788 2324 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
09:01:18.0832 2324 LSI_SAS - ok
09:01:19.0010 2324 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
09:01:19.0065 2324 LSI_SCSI - ok
09:01:19.0192 2324 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
09:01:19.0292 2324 luafv - ok
09:01:19.0607 2324 mcdbus (af61a1c34e2d3f7543f9ccfc323170b8) C:\Windows\system32\DRIVERS\mcdbus.sys
09:01:19.0680 2324 mcdbus ( UnsignedFile.Multi.Generic ) - warning
09:01:19.0680 2324 mcdbus - detected UnsignedFile.Multi.Generic (1)
09:01:20.0165 2324 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
09:01:20.0224 2324 mdmxsdk - ok
09:01:20.0438 2324 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
09:01:20.0525 2324 megasas - ok
09:01:20.0675 2324 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
09:01:20.0818 2324 Modem - ok
09:01:20.0914 2324 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
09:01:21.0990 2324 monitor - ok
09:01:22.0339 2324 motmodem (fe80c18ba448ddd76b7bead9eb203d37) C:\Windows\system32\DRIVERS\motmodem.sys
09:01:22.0505 2324 motmodem - ok
09:01:22.0686 2324 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
09:01:22.0761 2324 mouclass - ok
09:01:22.0921 2324 mouhid (a3a6dff7e9e757db3df51a833bc28885) C:\Windows\system32\drivers\mouhid.sys
09:01:23.0142 2324 mouhid - ok
09:01:23.0271 2324 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
09:01:23.0352 2324 MountMgr - ok
09:01:23.0651 2324 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
09:01:23.0755 2324 mpio - ok
09:01:23.0881 2324 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
09:01:24.0080 2324 mpsdrv - ok
09:01:24.0270 2324 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
09:01:24.0304 2324 Mraid35x - ok
09:01:24.0545 2324 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
09:01:24.0696 2324 MRxDAV - ok
09:01:24.0936 2324 mrxsmb (5fe5cf325f5b02ebc60832d3440cb414) C:\Windows\system32\DRIVERS\mrxsmb.sys
09:01:25.0065 2324 mrxsmb - ok
09:01:25.0469 2324 mrxsmb10 (30b9c769446af379a2afb72b0392604d) C:\Windows\system32\DRIVERS\mrxsmb10.sys
09:01:25.0589 2324 mrxsmb10 - ok
09:01:25.0659 2324 mrxsmb20 (fea239b3ec4877e2b7e23204af589ddf) C:\Windows\system32\DRIVERS\mrxsmb20.sys
09:01:25.0736 2324 mrxsmb20 - ok
09:01:25.0797 2324 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
09:01:25.0833 2324 msahci - ok
09:01:25.0978 2324 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
09:01:26.0076 2324 msdsm - ok
09:01:26.0179 2324 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
09:01:26.0343 2324 Msfs - ok
09:01:26.0531 2324 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
09:01:26.0590 2324 msisadrv - ok
09:01:26.0701 2324 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
09:01:27.0946 2324 MSKSSRV - ok
09:01:28.0232 2324 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
09:01:28.0344 2324 MSPCLOCK - ok
09:01:28.0406 2324 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
09:01:28.0519 2324 MSPQM - ok
09:01:28.0793 2324 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
09:01:28.0831 2324 MsRPC - ok
09:01:28.0967 2324 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
09:01:28.0984 2324 mssmbios - ok
09:01:29.0279 2324 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
09:01:29.0423 2324 MSTEE - ok
09:01:29.0523 2324 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
09:01:29.0576 2324 Mup - ok
09:01:29.0809 2324 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
09:01:29.0855 2324 NativeWifiP - ok
09:01:30.0240 2324 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
09:01:30.0285 2324 NDIS - ok
09:01:30.0477 2324 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
09:01:30.0544 2324 NdisTapi - ok
09:01:30.0599 2324 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
09:01:30.0638 2324 Ndisuio - ok
09:01:31.0053 2324 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
09:01:31.0137 2324 NdisWan - ok
09:01:31.0244 2324 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
09:01:31.0316 2324 NDProxy - ok
09:01:31.0421 2324 NEOFLTR_700_17289 (21795b5ee8f96d094ed4e6b87ad31895) C:\Windows\system32\Drivers\NEOFLTR_700_17289.SYS
09:01:31.0528 2324 NEOFLTR_700_17289 - ok
09:01:31.0661 2324 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
09:01:31.0709 2324 NetBIOS - ok
09:01:31.0981 2324 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
09:01:32.0004 2324 nfrd960 - ok
09:01:32.0140 2324 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
09:01:32.0263 2324 Npfs - ok
09:01:32.0337 2324 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
09:01:32.0479 2324 nsiproxy - ok
09:01:32.0617 2324 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
09:01:32.0684 2324 Ntfs - ok
09:01:32.0724 2324 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
09:01:33.0034 2324 ntrigdigi - ok
09:01:33.0172 2324 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
09:01:33.0228 2324 Null - ok
09:01:33.0658 2324 NVENETFD (d958a2b5f6ad5c3b8ccdc4d7da62466c) C:\Windows\system32\DRIVERS\nvmfdx32.sys
09:01:33.0888 2324 NVENETFD - ok
09:01:35.0014 2324 nvlddmkm (d65bc32c1795191b7f2b028351ab4fe2) C:\Windows\system32\DRIVERS\nvlddmkm.sys
09:01:37.0010 2324 nvlddmkm - ok
09:01:37.0320 2324 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
09:01:37.0360 2324 nvraid - ok
09:01:37.0428 2324 nvsmu (9aebc32f9d6e02ebee0369ab296fe7c8) C:\Windows\system32\DRIVERS\nvsmu.sys
09:01:37.0516 2324 nvsmu - ok
09:01:37.0598 2324 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
09:01:37.0692 2324 nvstor - ok
09:01:37.0902 2324 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
09:01:37.0982 2324 nv_agp - ok
09:01:38.0007 2324 NwlnkFlt - ok
09:01:38.0054 2324 NwlnkFwd - ok
09:01:38.0199 2324 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
09:01:38.0291 2324 ohci1394 - ok
09:01:38.0467 2324 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
09:01:38.0644 2324 Parport - ok
09:01:38.0700 2324 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
09:01:38.0740 2324 partmgr - ok
09:01:38.0869 2324 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
09:01:39.0115 2324 Parvdm - ok
09:01:39.0363 2324 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
09:01:39.0435 2324 pci - ok
09:01:42.0691 2324 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
09:01:42.0761 2324 pciide - ok
09:01:43.0266 2324 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
09:01:43.0299 2324 pcmcia - ok
09:01:43.0872 2324 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
09:01:44.0143 2324 PEAUTH - ok
09:01:44.0909 2324 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
09:01:45.0028 2324 PptpMiniport - ok
09:01:45.0819 2324 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
09:01:46.0043 2324 Processor - ok
09:01:46.0505 2324 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
09:01:46.0593 2324 PSched - ok
09:01:47.0223 2324 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
09:01:51.0414 2324 ql2300 - ok
09:01:51.0834 2324 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
09:01:51.0884 2324 ql40xx - ok
09:01:52.0275 2324 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
09:01:52.0418 2324 QWAVEdrv - ok
09:01:52.0780 2324 RapidPortM5 (f356179731961a0812884cc31d8e6a59) C:\Windows\system32\Drivers\CAPM5LP.SYS
09:01:52.0938 2324 RapidPortM5 - ok
09:01:53.0144 2324 RasAcd - ok
09:01:53.0409 2324 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
09:01:53.0529 2324 Rasl2tp - ok
09:01:53.0741 2324 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
09:01:53.0832 2324 RasPppoe - ok
09:01:53.0917 2324 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
09:01:54.0128 2324 RasSstp - ok
09:01:54.0459 2324 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
09:01:54.0545 2324 rdbss - ok
09:01:54.0809 2324 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
09:01:54.0925 2324 RDPCDD - ok
09:01:55.0342 2324 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
09:01:55.0589 2324 rdpdr - ok
09:01:55.0973 2324 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
09:01:56.0053 2324 RDPENCDD - ok
09:01:56.0584 2324 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
09:01:56.0708 2324 RDPWD - ok
09:01:57.0108 2324 rimmptsk (c35ca13d3627ebd9dd12a23ce781bc3d) C:\Windows\system32\DRIVERS\rimmptsk.sys
09:01:57.0306 2324 rimmptsk - ok
09:01:57.0881 2324 rimsptsk (c398bca91216755b098679a8da8a2300) C:\Windows\system32\DRIVERS\rimsptsk.sys
09:01:58.0004 2324 rimsptsk - ok
09:01:58.0373 2324 RimUsb (92d33f76769a028ddc54a863eb7de4a2) C:\Windows\system32\Drivers\RimUsb.sys
09:01:58.0532 2324 RimUsb - ok
09:01:59.0034 2324 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\Windows\system32\DRIVERS\RimSerial.sys
09:01:59.0218 2324 RimVSerPort - ok
09:01:59.0519 2324 rismxdp (2a2554cb24506e0a0508fc395c4a1b42) C:\Windows\system32\DRIVERS\rixdptsk.sys
09:01:59.0653 2324 rismxdp - ok
09:02:00.0361 2324 ROOTMODEM (75e8a6bfa7374aba833ae92bf41ae4e6) C:\Windows\system32\Drivers\RootMdm.sys
09:02:00.0634 2324 ROOTMODEM - ok
09:02:01.0326 2324 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
09:02:01.0594 2324 rspndr - ok
09:02:02.0271 2324 RTL8187 (25c91ee1be0c0cfa79696a2d0b47aa43) C:\Windows\system32\DRIVERS\RTL8187.sys
09:02:02.0560 2324 RTL8187 - ok
09:02:03.0216 2324 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
09:02:03.0364 2324 sbp2port - ok
09:02:03.0583 2324 sdbus (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys
09:02:03.0784 2324 sdbus - ok
09:02:03.0909 2324 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
09:02:04.0447 2324 secdrv - ok
09:02:04.0716 2324 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
09:02:05.0050 2324 Serenum - ok
09:02:05.0162 2324 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
09:02:05.0335 2324 Serial - ok
09:02:05.0490 2324 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
09:02:05.0641 2324 sermouse - ok
09:02:05.0733 2324 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\DRIVERS\sffdisk.sys
09:02:05.0771 2324 sffdisk - ok
09:02:05.0836 2324 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
09:02:06.0003 2324 sffp_mmc - ok
09:02:06.0183 2324 sffp_sd (9f66a46c55d6f1ccabc79bb7afccc545) C:\Windows\system32\DRIVERS\sffp_sd.sys
09:02:06.0229 2324 sffp_sd - ok
09:02:06.0277 2324 sfloppy (c33bfbd6e9e41fcd9ffef9729e9faed6) C:\Windows\system32\DRIVERS\sfloppy.sys
09:02:06.0377 2324 sfloppy - ok
09:02:06.0654 2324 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
09:02:06.0688 2324 sisagp - ok
09:02:06.0736 2324 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
09:02:06.0775 2324 SiSRaid2 - ok
09:02:06.0957 2324 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
09:02:06.0972 2324 SiSRaid4 - ok
09:02:07.0104 2324 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
09:02:07.0162 2324 Smb - ok
09:02:07.0383 2324 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
09:02:07.0461 2324 spldr - ok
09:02:07.0575 2324 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
09:02:07.0645 2324 srv - ok
09:02:07.0782 2324 srv2 (a5940ca32ed206f90be9fabdf6e92de4) C:\Windows\system32\DRIVERS\srv2.sys
09:02:07.0901 2324 srv2 - ok
09:02:07.0962 2324 srvnet (37aa1d560d5fa486c4b11c2f276ada61) C:\Windows\system32\DRIVERS\srvnet.sys
09:02:07.0995 2324 srvnet - ok
09:02:08.0642 2324 StillCam (ef70b3d22b4bffda6ea851ecb063efaa) C:\Windows\system32\DRIVERS\serscan.sys
09:02:08.0757 2324 StillCam - ok
09:02:09.0265 2324 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
09:02:11.0847 2324 swenum - ok
09:02:12.0000 2324 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
09:02:12.0015 2324 Symc8xx - ok
09:02:12.0083 2324 SymIM - ok
09:02:12.0122 2324 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
09:02:12.0137 2324 Sym_hi - ok
09:02:12.0224 2324 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
09:02:12.0248 2324 Sym_u3 - ok
09:02:12.0447 2324 Tcpip (65877aa1b6a7cb797488e831698973e9) C:\Windows\system32\drivers\tcpip.sys
09:02:12.0505 2324 Tcpip - ok
09:02:12.0802 2324 Tcpip6 (65877aa1b6a7cb797488e831698973e9) C:\Windows\system32\DRIVERS\tcpip.sys
09:02:12.0886 2324 Tcpip6 - ok
09:02:13.0011 2324 tcpipreg (4b8f496292d40192acb052e030c023a7) C:\Windows\system32\drivers\tcpipreg.sys
09:02:13.0047 2324 tcpipreg - ok
09:02:13.0110 2324 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
09:02:13.0151 2324 TDPIPE - ok
09:02:13.0209 2324 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
09:02:13.0248 2324 TDTCP - ok
09:02:13.0299 2324 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
09:02:13.0398 2324 tdx - ok
09:02:13.0622 2324 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
09:02:13.0651 2324 TermDD - ok
09:02:13.0860 2324 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
09:02:13.0913 2324 tssecsrv - ok
09:02:14.0014 2324 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
09:02:14.0049 2324 tunmp - ok
09:02:14.0149 2324 tunnel (119b8184e106baedc83fce5ddf3950da) C:\Windows\system32\DRIVERS\tunnel.sys
09:02:14.0218 2324 tunnel - ok
09:02:14.0379 2324 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
09:02:14.0398 2324 uagp35 - ok
09:02:14.0483 2324 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
09:02:14.0518 2324 udfs - ok
09:02:14.0653 2324 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
09:02:14.0668 2324 uliagpkx - ok
09:02:14.0877 2324 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
09:02:14.0900 2324 uliahci - ok
09:02:14.0949 2324 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
09:02:14.0968 2324 UlSata - ok
09:02:15.0073 2324 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
09:02:15.0098 2324 ulsata2 - ok
09:02:15.0146 2324 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
09:02:15.0203 2324 umbus - ok
09:02:15.0527 2324 UMPass (88bd96a1baeed33ee8bdf9499c07a841) C:\Windows\system32\DRIVERS\umpass.sys
09:02:15.0609 2324 UMPass - ok
09:02:15.0735 2324 USBAAPL (d4fb6ecc60a428564ba8768b0e23c0fc) C:\Windows\system32\Drivers\usbaapl.sys
09:02:15.0785 2324 USBAAPL - ok
09:02:15.0867 2324 usbbus - ok
09:02:16.0027 2324 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
09:02:16.0084 2324 usbccgp - ok
09:02:16.0206 2324 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
09:02:16.0271 2324 usbcir - ok
09:02:16.0511 2324 UsbDiag - ok
09:02:16.0684 2324 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
09:02:16.0880 2324 usbehci - ok
09:02:17.0104 2324 UsbGps - ok
09:02:17.0197 2324 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
09:02:17.0288 2324 usbhub - ok
09:02:17.0434 2324 USBModem - ok
09:02:17.0497 2324 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys
09:02:17.0549 2324 usbohci - ok
09:02:17.0607 2324 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
09:02:17.0655 2324 usbprint - ok
09:02:17.0699 2324 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
09:02:17.0773 2324 usbscan - ok
09:02:17.0919 2324 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
09:02:17.0984 2324 USBSTOR - ok
09:02:18.0077 2324 usbuhci (325dbbacb8a36af9988ccf40eac228cc) C:\Windows\system32\DRIVERS\usbuhci.sys
09:02:18.0155 2324 usbuhci - ok
09:02:18.0401 2324 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
09:02:18.0520 2324 usbvideo - ok
09:02:18.0619 2324 usb_rndisx (35c9095fa7076466afbfc5b9ec4b779e) C:\Windows\system32\DRIVERS\usb8023x.sys
09:02:18.0775 2324 usb_rndisx - ok
09:02:18.0911 2324 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
09:02:19.0087 2324 vga - ok
09:02:19.0192 2324 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
09:02:19.0289 2324 VgaSave - ok
09:02:19.0592 2324 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
09:02:19.0716 2324 viaagp - ok
09:02:19.0838 2324 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
09:02:19.0998 2324 ViaC7 - ok
09:02:20.0113 2324 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
09:02:20.0150 2324 viaide - ok
09:02:20.0243 2324 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
09:02:20.0303 2324 volmgr - ok
09:02:20.0391 2324 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
09:02:20.0491 2324 volmgrx - ok
09:02:20.0583 2324 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
09:02:20.0639 2324 volsnap - ok
09:02:20.0782 2324 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
09:02:20.0840 2324 vsmraid - ok
09:02:21.0068 2324 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
09:02:21.0287 2324 WacomPen - ok
09:02:21.0385 2324 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
09:02:21.0480 2324 Wanarp - ok
09:02:21.0493 2324 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
09:02:21.0691 2324 Wanarpv6 - ok
09:02:21.0970 2324 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
09:02:22.0038 2324 Wd - ok
09:02:22.0126 2324 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
09:02:22.0251 2324 Wdf01000 - ok
09:02:22.0526 2324 winachsf (e096ffb754f1e45ae1bddac1275ae2c5) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
09:02:22.0700 2324 winachsf - ok
09:02:22.0958 2324 WinUSB (676f4b665bdd8053eaa53ac1695b8074) C:\Windows\system32\DRIVERS\WinUSB.sys
09:02:23.0027 2324 WinUSB - ok
09:02:23.0108 2324 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
09:02:23.0181 2324 WmiAcpi - ok
09:02:23.0341 2324 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
09:02:23.0391 2324 WpdUsb - ok
09:02:23.0470 2324 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
09:02:23.0580 2324 ws2ifsl - ok
09:02:23.0689 2324 WSDPrintDevice (4422ac5ed8d4c2f0db63e71d4c069dd7) C:\Windows\system32\DRIVERS\WSDPrint.sys
09:02:23.0750 2324 WSDPrintDevice - ok
09:02:23.0892 2324 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
09:02:23.0992 2324 WUDFRd - ok
09:02:24.0202 2324 XAudio (19e7c173b6242ad7521e537ae54768bf) C:\Windows\system32\DRIVERS\xaudio.sys
09:02:24.0243 2324 XAudio - ok
09:02:24.0390 2324 MBR (0x1B8) (c0dcf0ac171db02db8b0014c5d767cf1) \Device\Harddisk0\DR0
09:02:24.0418 2324 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
09:02:24.0418 2324 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
09:02:24.0532 2324 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
09:02:24.0533 2324 \Device\Harddisk0\DR0 - detected TDSS File System (1)
09:02:24.0547 2324 Boot (0x1200) (089e52857d55d6905cc3ae026a8ddf87) \Device\Harddisk0\DR0\Partition0
09:02:24.0549 2324 \Device\Harddisk0\DR0\Partition0 - ok
09:02:24.0598 2324 Boot (0x1200) (479e33c6512598c2cddb86c643ba1188) \Device\Harddisk0\DR0\Partition1
09:02:24.0602 2324 \Device\Harddisk0\DR0\Partition1 - ok
09:02:24.0604 2324 ============================================================
09:02:24.0604 2324 Scan finished
09:02:24.0604 2324 ============================================================
09:02:24.0706 3536 Detected object count: 4
09:02:24.0706 3536 Actual detected object count: 4
09:03:56.0680 3536 JL2005C ( UnsignedFile.Multi.Generic ) - skipped by user
09:03:56.0680 3536 JL2005C ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:03:56.0681 3536 mcdbus ( UnsignedFile.Multi.Generic ) - skipped by user
09:03:56.0681 3536 mcdbus ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:03:56.0826 3536 \Device\Harddisk0\DR0\# - copied to quarantine
09:03:56.0828 3536 \Device\Harddisk0\DR0 - copied to quarantine
09:03:56.0863 3536 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine
09:03:56.0875 3536 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
09:03:56.0882 3536 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine
09:03:56.0898 3536 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine
09:03:56.0915 3536 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine
09:03:56.0919 3536 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine
09:03:56.0923 3536 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine
09:03:56.0927 3536 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine
09:03:56.0934 3536 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine
09:03:56.0955 3536 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine
09:03:56.0988 3536 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
09:03:56.0989 3536 \Device\Harddisk0\DR0 - ok
09:03:58.0254 3536 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure
09:03:58.0256 3536 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
09:03:58.0256 3536 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
09:04:18.0022 4416 Deinitialize success

Thank You very much for your speedy assistance again!
Thank You

#6
LDTate
Posted 28 February 2012 - 09:18 AM

    Forum Deity

  • Moderators
  • PipPipPipPipPipPip
  • 20,118 posts
  • Gender:Male
  • Location:Missouri, USA
Please run a new MBAM scan being sure to update before scanning.

Post the scan results

Also please describe how your computer behaves at the moment.


Please don't attach the scans / logs, use "copy/paste".
Larry Tate
Consumer Support Specialist

Posted Image

Follow us: Twitter, Become a fan: Facebook

#7
LloydP
Posted 28 February 2012 - 09:41 AM

    New Member

  • Members
  • Pip
  • 36 posts
  • Gender:Male
  • Location:USA
  • Interests:Everything n Anything
New Scan:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 912022803

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421

2/28/2012 9:34:06 AM
mbam-log-2012-02-28 (09-34-06).txt

Scan type: Quick scan
Objects scanned: 201790
Time elapsed: 12 minute(s), 41 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

...

Yeyy Thank You..... ,
My computer seems to be running a bit sluggish at points.. while i was running the scan i forgot that avg was running and a pop up came saying it caught two things i clicked close... Ummmm, my command prompt comes up, as well as regedit... i dont know if my cd drive is fix yet however... guess i will see when i get a cd to put in. Right now i have to go run and do some errands, i will be back and see what to do and post any new results.., again Thank You very much

#8
LDTate
Posted 28 February 2012 - 09:43 AM

    Forum Deity

  • Moderators
  • PipPipPipPipPipPip
  • 20,118 posts
  • Gender:Male
  • Location:Missouri, USA
That looks good.

Please do not attach the scan results from Combofx. Use copy/paste.


Vista and Windows 7 users:
1. These tools MUST be run from the executable. (.exe) every time you run them
2. With Admin Rights (Right click, choose "Run as Administrator")


Download ComboFix from one of these locations:

Link 1
Link 2 If using this link, Right Click and select Save As.


* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : Protective Programs


  • Double click on ComboFix.exe & follow the prompts.

    Notes: Combofix will run without the Recovery Console installed. Skip the Recovery Console part if you're running Vista or Windows 7.

    Note: If you have XP SP3, use the XP SP2 package.
    If Vista or Windows 7, skip the Recovery Console part

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt using Copy / Paste in your next reply.


Notes:

1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Give it atleast 20-30 minutes to finish if needed.

Please do not attach the scan results from Combofx. Use copy/paste.

Also please describe how your computer behaves at the moment.


Larry Tate
Consumer Support Specialist

Posted Image

Follow us: Twitter, Become a fan: Facebook

#9
LloydP
Posted 28 February 2012 - 12:09 PM

    New Member

  • Members
  • Pip
  • 36 posts
  • Gender:Male
  • Location:USA
  • Interests:Everything n Anything
That's great to hear... I've downloaded the CF and began to run it, however, a couple pop ups came up prior and during the scan which i believe is still running(the blue screen is still open and cursor still blinking)... the 1st of 3 was an alert notifying me that eset nod32 antivirus and antispyware is still running, the 2nd was to confirm that i wanted to go ahead with the scan even with the eset antivirus&spy still running... the 3rd was a windows pop up from windows solution center stating "freeware implementation of XCACLS has stopped working." ... Now, before you ask, i had uninstalled eset weeks ago and cannot find where eset is running is why i clicked go ahead with CF, also i did not click the "close program" button that the windows solution center... as im typing this a dds script began running :-)

#10
LloydP
Posted 28 February 2012 - 12:11 PM

    New Member

  • Members
  • Pip
  • 36 posts
  • Gender:Male
  • Location:USA
  • Interests:Everything n Anything
either that or my jacket swiped over the tracking pad and clicked the dds by accident ??

#11
LloydP
Posted 28 February 2012 - 01:31 PM

    New Member

  • Members
  • Pip
  • 36 posts
  • Gender:Male
  • Location:USA
  • Interests:Everything n Anything
*Combofix has just finished as i was typing this stating it has detected a rootkit virus and needs to restart...:-(
Update: CF had a couple pop ups that came up twice stating "You are infected with Rootkit.ZeroAccess! It has inserted itself into the tcp/ip stack. This is a particularly difficult infection. If for any reason you are unable to connect to the internet after running combofix, reboot once & see if that fixes it. If it's not fixed run combofix one more time."
**after rebooting as combofix directed a popup saying the recycling bin on drive c is corrupted, do you wish to delete?.. i clicked yes, and now CF is running an auto scan with the blue screen under administrator... now on completed stage 5 and i await the computer to turn on from that then i will post the logs, sorry for all the posts in between, i just wanted to describe how my computer was behaving at each moment.. and thank you for your time and patience, i appreciate it very much!

#12
LDTate
Posted 28 February 2012 - 01:57 PM

    Forum Deity

  • Moderators
  • PipPipPipPipPipPip
  • 20,118 posts
  • Gender:Male
  • Location:Missouri, USA
Post the results after CF runs.
Larry Tate
Consumer Support Specialist

Posted Image

Follow us: Twitter, Become a fan: Facebook

#13
LloydP
Posted 28 February 2012 - 02:01 PM

    New Member

  • Members
  • Pip
  • 36 posts
  • Gender:Male
  • Location:USA
  • Interests:Everything n Anything
Ok its finished... it deleted some files and folders which i wrote down but dont know if is relevent to write, but here is the CF report:

ComboFix 12-02-27.02 - Owner 02/28/2012 13:22:11.3.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1918.881 [GMT -5:00]
Running from: c:\users\Owner\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 5.0 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET NOD32 Antivirus 5.0 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Owner\Desktop\MP3 to RingTone Gold.lnk
c:\windows\$NtUninstallKB35951$
c:\windows\$NtUninstallKB35951$\4011156346\@
c:\windows\$NtUninstallKB35951$\4011156346\bckfg.tmp
c:\windows\$NtUninstallKB35951$\4011156346\cfg.ini
c:\windows\$NtUninstallKB35951$\4011156346\Desktop.ini
c:\windows\$NtUninstallKB35951$\4011156346\keywords
c:\windows\$NtUninstallKB35951$\4011156346\kwrd.dll
c:\windows\$NtUninstallKB35951$\4011156346\L\qnbwvoto
c:\windows\$NtUninstallKB35951$\4011156346\lsflt7.ver
c:\windows\$NtUninstallKB35951$\4011156346\oemid
c:\windows\$NtUninstallKB35951$\4011156346\U\00000001.@
c:\windows\$NtUninstallKB35951$\4011156346\U\00000002.@
c:\windows\$NtUninstallKB35951$\4011156346\U\00000004.@
c:\windows\$NtUninstallKB35951$\4011156346\U\80000000.@
c:\windows\$NtUninstallKB35951$\4011156346\U\80000004.@
c:\windows\$NtUninstallKB35951$\4011156346\U\80000032.@
c:\windows\$NtUninstallKB35951$\4011156346\version
c:\windows\$NtUninstallKB35951$\4082853687
.
c:\windows\system32\drivers\netbt.sys was missing
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy9_!Windows!System32!drivers!netbt.sys
.
.
((((((((((((((((((((((((( Files Created from 2012-01-28 to 2012-02-28 )))))))))))))))))))))))))))))))
.
.
2012-02-28 18:41 . 2012-02-28 18:41 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-02-28 18:41 . 2012-02-28 18:41 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-02-28 18:41 . 2009-04-11 04:45 185856 ----a-w- c:\windows\system32\drivers\netbt.sys
2012-02-28 14:26 . 2012-02-28 14:26 -------- d-----w- C:\$AVG
2012-02-28 14:03 . 2012-02-28 14:03 -------- d-----w- C:\TDSSKiller_Quarantine
2012-02-27 02:08 . 2012-02-27 02:08 51712 ----a-w- c:\windows\system32\vCB68H0K.com
2012-02-26 01:48 . 2012-02-28 13:14 0 --sha-w- c:\windows\system32\dds_trash_log.cmd
2012-02-26 01:40 . 2012-02-26 01:40 -------- d-----w- c:\programdata\Faronics
2012-02-01 13:37 . 2012-02-01 13:37 -------- d-----w- c:\users\Owner\AppData\Roaming\AVG2012
2012-02-01 13:28 . 2012-02-01 13:53 -------- d-----w- c:\programdata\AVG2012
2012-02-01 13:09 . 2010-12-20 23:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-02-01 13:09 . 2012-02-01 13:09 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-02-01 13:09 . 2010-12-20 23:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-24 16:04 . 2012-01-24 16:04 388096 ----a-r- c:\users\Owner\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-12-09 01:41 . 2011-06-10 01:28 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-03-18 17:53 . 2011-03-31 15:13 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-07-09 159744]
"OnScreenDisplay"="c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2007-09-04 554320]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-24 13601312]
"HP CP1020 System Tray"="c:\program files\HP\HP LaserJet Professional CP1020 Series\HPCP1020STRAY.EXE" [2011-03-31 2620416]
"InCD"="c:\program files\Nero 7\InCD\InCD.exe" [2007-06-25 1057064]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Canon iC D800 Status Window.LNK]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Canon iC D800 Status Window.LNK
backup=c:\windows\pss\Canon iC D800 Status Window.LNK.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-06-06 16:55 937920 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-06-06 16:55 35736 ----a-w- c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2007-06-27 23:03 152872 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BrMfcWnd]
2008-04-11 19:13 1085440 ------r- c:\program files\Brother\Brmfcmon\BrMfcWnd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter3]
2007-12-21 22:57 86016 ------w- c:\program files\Brother\ControlCenter3\BrCtrCen.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-09-16 20:04 1164584 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-05-24 13:13 136176 ----atw- c:\users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-10-15 01:17 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPADVISOR]
2007-10-01 23:10 1783136 ----a-w- c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant]
2007-09-13 15:47 480560 ----a-w- c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-04-14 15:32 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 19:57 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2009-06-24 15:38 92704 ----a-w- c:\windows\System32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService]
2007-12-20 00:27 468264 ----a-w- c:\program files\HP\QuickPlay\QPService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 22:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecurDisc]
2007-06-25 12:47 1629480 ----a-w- c:\program files\Nero 7\InCD\NBHGui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-10-29 18:49 249064 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UCam_Menu]
2008-06-13 22:11 210216 ------w- c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WAWifiMessage]
2007-01-08 22:53 311296 ----a-w- c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-19 07:38 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Mobile Device Center]
2007-05-31 13:21 648072 ----a-w- c:\windows\WindowsMobile\wmdc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Mobile-based device management]
2006-11-02 09:45 215552 ----a-w- c:\windows\WindowsMobile\wmdSync.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-19 07:33 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2594951614-2104154672-3464771787-1004]
"EnableNotificationsRef"=dword:00000001
.
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
WSIMD
pageserver
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-10-18 20:25 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-27 c:\windows\Tasks\At1.job
- c:\windows\system32\vCB68H0K.com [2012-02-27 02:08]
.
2012-02-27 c:\windows\Tasks\At11.job
- c:\windows\system32\vCB68H0K.com [2012-02-27 02:08]
.
2012-02-27 c:\windows\Tasks\At13.job
- c:\windows\system32\vCB68H0K.com [2012-02-27 02:08]
.
2012-02-27 c:\windows\Tasks\At15.job
- c:\windows\system32\vCB68H0K.com [2012-02-27 02:08]
.
2012-02-28 c:\windows\Tasks\At17.job
- c:\windows\system32\vCB68H0K.com [2012-02-27 02:08]
.
2012-02-27 c:\windows\Tasks\At19.job
- c:\windows\system32\vCB68H0K.com [2012-02-27 02:08]
.
2012-02-27 c:\windows\Tasks\At21.job
- c:\windows\system32\vCB68H0K.com [2012-02-27 02:08]
.
2012-02-27 c:\windows\Tasks\At23.job
- c:\windows\system32\vCB68H0K.com [2012-02-27 02:08]
.
2012-02-27 c:\windows\Tasks\At25.job
- c:\windows\system32\vCB68H0K.com [2012-02-27 02:08]
.
2012-02-27 c:\windows\Tasks\At27.job
- c:\windows\system32\vCB68H0K.com [2012-02-27 02:08]
.
2012-02-27 c:\windows\Tasks\At3.job
- c:\windows\system32\vCB68H0K.com [2012-02-27 02:08]
.
2012-02-27 c:\windows\Tasks\At5.job
- c:\windows\system32\vCB68H0K.com [2012-02-27 02:08]
.
2012-02-27 c:\windows\Tasks\At7.job
- c:\windows\system32\vCB68H0K.com [2012-02-27 02:08]
.
2012-02-27 c:\windows\Tasks\At9.job
- c:\windows\system32\vCB68H0K.com [2012-02-27 02:08]
.
2012-02-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-08-15 01:15]
.
2011-11-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-08-15 01:15]
.
2011-05-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2594951614-2104154672-3464771787-1004Core.job
- c:\users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-24 13:13]
.
2011-05-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2594951614-2104154672-3464771787-1004UA.job
- c:\users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-24 13:13]
.
2011-03-30 c:\windows\Tasks\User_Feed_Synchronization-{2B218748-593F-4BDD-B64A-F5C65DE210E2}.job
- c:\windows\system32\msfeedssync.exe [2011-10-29 23:20]
.
2011-03-30 c:\windows\Tasks\User_Feed_Synchronization-{E5B0DB57-5983-461A-AB59-62B6F077BFCE}.job
- c:\windows\system32\msfeedssync.exe [2011-10-29 23:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\cb370nv0.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z016&form=ZGAADF&q=
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-FlashPlayerUpdate - c:\windows\system32\Macromed\Flash\FlashUtil10t_ActiveX.exe
MSConfigStartUp-Messenger (Yahoo!) - c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-02-28 13:44
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
.
c:\users\Owner\AppData\Local\Temp\catchme.dll 53248 bytes executable
.
scan completed successfully
hidden files: 1
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\progra~1\AVG\AVG2012\avgrsx.exe
c:\program files\AVG\AVG2012\avgcsrvx.exe
c:\windows\system32\nvvsvc.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\WLANExt.exe
c:\windows\system32\CAPM5RSK.EXE
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\AVG\AVG2012\avgwdsvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\HPSIsvc.exe
c:\program files\Nero 7\InCD\InCDsrv.exe
c:\program files\AVG\AVG2012\avgnsx.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\spool\DRIVERS\W32X86\3\HP1006MC.EXE
c:\windows\system32\spool\drivers\w32x86\3\CAPM5SWK.EXE
c:\program files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
c:\program files\Apoint2K\ApMsgFwd.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Apoint2K\Apntex.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\HP\QuickPlay\Kernel\TV\QPSched.exe
.
**************************************************************************
.
Completion time: 2012-02-28 13:50:37 - machine was rebooted
ComboFix-quarantined-files.txt 2012-02-28 18:50
.
Pre-Run: 20,072,837,120 bytes free
Post-Run: 21,281,939,456 bytes free
.
- - End Of File - - 96435A781B0B01777DFA12CE44B24443

And i dont know if you wanted me to post the dds logs that came up while combofix was running before the reboot?

#14
LDTate
Posted 28 February 2012 - 02:25 PM

    Forum Deity

  • Moderators
  • PipPipPipPipPipPip
  • 20,118 posts
  • Gender:Male
  • Location:Missouri, USA

Please go to http://www.virustotal.com/, click on Browse, and upload the following file for analysis:

c:\windows\system32\vCB68H0K.com



Then click Submit. Allow the file to be scanned, and then please copy and paste the results here for me to see.


If virustotal is too busy you can try these.

http://virusscan.jotti.org

http://www.kaspersky...anforvirus.html







Larry Tate
Consumer Support Specialist

Posted Image

Follow us: Twitter, Become a fan: Facebook

#15
LloydP
Posted 28 February 2012 - 02:44 PM

    New Member

  • Members
  • Pip
  • 36 posts
  • Gender:Male
  • Location:USA
  • Interests:Everything n Anything
When i go to the sites and try to upload 1st a pop up from AVG comes up asking if i should move the virus to a vault, i click ignore and 2nd behind that screen is another pop up stating "vCB68H0K You don't have permission to open this file. Contact the file owner or an administrator to obtain permission."

#16
LDTate
Posted 28 February 2012 - 02:50 PM

    Forum Deity

  • Moderators
  • PipPipPipPipPipPip
  • 20,118 posts
  • Gender:Male
  • Location:Missouri, USA

Copy/paste the text in the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Take your mouse, and place your cursor at the beginning of the text in the box below, then click and hold the left mouse button, while pulling your mouse over the text. This should highlight the text. Now release the left mouse button. Now, with the cursor over the highlighted text, right click the mouse for options, and select 'copy'. Now over the empty Notepad box, right click your mouse again, and select 'paste' and you will have copied and pasted the text. 

KillAll::

File::
c:\windows\system32\vCB68H0K.com

AtJob:: 


Folder::
C:\TDSSKiller_Quarantine

ClearJavaCache::

Save this file to your desktop, Save this as "CFScript"

Here's how to do that:
1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...


Posted Image

Drag CFScript.txt into ComboFix.exe


Then post the results log using Copy / Paste


Also please describe how your computer behaves at the moment.
Larry Tate
Consumer Support Specialist

Posted Image

Follow us: Twitter, Become a fan: Facebook

#17
LloydP
Posted 28 February 2012 - 03:06 PM

    New Member

  • Members
  • Pip
  • 36 posts
  • Gender:Male
  • Location:USA
  • Interests:Everything n Anything
Ok, currently running ... side note/question, should i have unchecked the box that pops up asking if i would like to run this program and do i always ask before opening? ... if you understand what i mean... i will post the CF log when it finishes... oh and another question, where does the log file save to defaultly?

#18
LDTate
Posted 28 February 2012 - 03:10 PM

    Forum Deity

  • Moderators
  • PipPipPipPipPipPip
  • 20,118 posts
  • Gender:Male
  • Location:Missouri, USA
Leave it checked. You're running Vista and that's the UAC
http://en.wikipedia....Account_Control

The CF log saves on your desktop and in CF directory
Larry Tate
Consumer Support Specialist

Posted Image

Follow us: Twitter, Become a fan: Facebook

#19
LloydP
Posted 28 February 2012 - 03:15 PM

    New Member

  • Members
  • Pip
  • 36 posts
  • Gender:Male
  • Location:USA
  • Interests:Everything n Anything
ok , Thank you.. only reason i was asking is because i was unsure if the script that you'd had me make was going to run after that pop up.. the CF is almost done now; restarting as i'm typing this sentence here

#20
LloydP
Posted 28 February 2012 - 03:24 PM

    New Member

  • Members
  • Pip
  • 36 posts
  • Gender:Male
  • Location:USA
  • Interests:Everything n Anything
Its taking a long while to shut down, longer than normal at this point... its on the screen "shutting down..." and the loading circle still appears to be rotating..., Just to keep you informed as to the behavior of the laptop
Back to Resolved HijackThis Logs · Next Unread Topic →


1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

  1. Malwarebytes Forum
  2. Computer Help
  3. Malware Removal - HijackThis Logs
  4. Resolved HijackThis Logs

Products

About

Partners

Follow Us