Jump to content


Photo
- - - - -

Help,please~ Successfully blocked access to malicious website messages

Started by Reight, Mar 10 2012 10:05 AM

  • This topic is locked This topic is locked
17 replies to this topic

#1 Reight

Reight

    New Member

  • Members
  • Pip
  • 9 posts

Posted 10 March 2012 - 10:05 AM

Hello, Yesterday night I got a virus that was pretending to be a virus scan and I was able to remove it. But after that I am constantly get the messages saying "Malwarebytes anti-malware successfully blocked access to a potentially malicious website: [various IP addresses] ". I am looking for advice on how to resolve this.

Any help would be appreciated, thank you.

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by MTL at 21:40:43 on 2012-03-10
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.3545.2348 [GMT 7:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\STacSV.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\Explorer.EXE
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\aestsrv.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\taskeng.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Windows\system32\RUNDLL32.EXE
C:\Windows\system32\conime.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\TVHome Media2\ScheduleTV.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\BitComet\BitComet.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Users\MTL\AppData\Roaming\autonet.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\BitComet\tools\BitCometService.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page =
uStart Page = hxxp://www.google.com/
uDefault_Page_URL = hxxp://www.112dh.com/#isoshu
uSearch Bar =
mStart Page = hxxp://www.bigseekpro.com/cheatengine/{A56A5A91-076B-4BC8-B96A-55839BBC197D}
uURLSearchHooks: H - No File
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: BitComet Helper: {39f7e362-828a-4b5a-bcaf-5b79bfdfea60} - c:\program files\bitcomet\tools\BitCometBHO_1.5.4.11.dll
BHO: InboxDollars BHO: {6ffb615d-e8ce-4add-8d9f-31c4be9c26e4} - c:\program files\inboxdollars\Toolbar.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\progra~1\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: InboxDollars: {47980628-3844-42aa-a0dd-e2d86bba9600} - c:\program files\inboxdollars\Toolbar.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [BitComet] c:\program files\bitcomet\BitComet.exe /tray
uRun: [nstnb] rundll32.exe "c:\users\mtl\appdata\roaming\cwiqf.dll",rqzytu
uRun: [RegistryBooster] "c:\program files\uniblue\registrybooster\launcher.exe" delay 20000
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [remotefmt] c:\programdata\remotefmt.exe
uRun: [autonet] c:\users\mtl\appdata\roaming\autonet.exe
uRun: [SM?RT-Protection] c:\program files\smadav\SM?RTP.exe rtp
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [QuickSet] c:\program files\dell\quickset\QuickSet.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [Dell Webcam Central] "c:\program files\dell webcam\dell webcam central\WebcamDell.exe" /mode2
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter
mRun: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [UVS10 Preload] c:\program files\ulead systems\ulead videostudio 10\uvPL.exe
mRun: [QuickTime Task] "c:\program files\mpcstar\codecs\quicktime\QTTask.exe" -atboottime
mRun: [ScheduleTV] "c:\program files\tvhome media2\ScheduleTV.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
dRun: [DelayShred] c:\progra~1\mcafee\mshr\shrcl.exe /p7 /q c:\users\mtl\appdata\local\temp\nsv8b12.sh! c:\users\mtl\appdata\local\temp\2942017.sh! c:\users\mtl\appdata\local\micros~1\windows\tempor~1\content.ie5\mb9t22qw\_PAGE_~1.SH!
StartupFolder: c:\users\mtl\appdata\roaming\micros~1\windows\startm~1\programs\startup\delldo~1.lnk - c:\program files\dell\delldock\DellDock.exe
StartupFolder: c:\users\mtl\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\users\mtl\appdata\roaming\microsoft\windows\start menu\programs\startup\OneNote Table Of Contents.onetoc2
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\deskto~1.lnk - c:\program files\research in motion\blackberry\DesktopMgr.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &D&ownload &with BitComet - c:\program files\bitcomet\BitComet.exe/AddLink.htm
IE: &D&ownload all with BitComet - c:\program files\bitcomet\BitComet.exe/AddAllLink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://c:\program files\bitcomet\tools\BitCometBHO_1.5.4.11.dll/206
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
Trusted Zone: internet
Trusted Zone: mcafee.com
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 8.8.8.8 8.8.4.4
TCP: Interfaces\{43D3BEB3-21D7-4471-B56E-EE409BE7CC3E} : DhcpNameServer = 8.8.8.8 8.8.4.4
TCP: Interfaces\{5F37FB9C-DC70-459B-8D92-AC98F01DA98C} : NameServer = 203.130.196.155,202.134.0.155
TCP: Interfaces\{5F37FB9C-DC70-459B-8D92-AC98F01DA98C} : DhcpNameServer = 89.107.66.225 202.134.0.155
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll
Notify: igfxcui - igfxdev.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\mtl\appdata\roaming\mozilla\firefox\profiles\nszc767u.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mpcstar\codecs\quicktime\plugins\npqtplugin.dll
FF - plugin: c:\program files\mpcstar\codecs\quicktime\plugins\npqtplugin2.dll
FF - plugin: c:\program files\mpcstar\codecs\quicktime\plugins\npqtplugin3.dll
FF - plugin: c:\program files\mpcstar\codecs\quicktime\plugins\npqtplugin4.dll
FF - plugin: c:\program files\mpcstar\codecs\quicktime\plugins\npqtplugin5.dll
FF - plugin: c:\program files\mpcstar\codecs\quicktime\plugins\npqtplugin6.dll
FF - plugin: c:\program files\mpcstar\codecs\real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\mpcstar\codecs\real\browser\plugins\nprpjplug.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
FF - user.js: browser.startup.homepage - hxxp://www.google.com/
FF - user.js: browser.startup.page - 1
.
============= SERVICES / DRIVERS ===============
.
R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-3-24 207656]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_ae0b52e0\AEstSrv.exe [2009-3-24 81920]
R2 DockLoginService;Dock Login Service;c:\program files\dell\delldock\DockLogin.exe [2008-9-24 155648]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-3-10 652360]
R2 yksvc;Marvell Yukon Service;RUNDLL32.EXE ykx32coinst,serviceStartProc --> RUNDLL32.EXE ykx32coinst,serviceStartProc [?]
R3 BITCOMET_HELPER_SERVICE;BitComet Disk Boost Service;c:\program files\bitcomet\tools\bitcometservice.exe -service --> c:\program files\bitcomet\tools\BitCometService.exe -service [?]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2009-3-24 29736]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-3-10 20464]
R3 OA009Ufd;Creative Camera OA009 Upper Filter Driver;c:\windows\system32\drivers\OA009Ufd.sys [2009-3-6 133632]
R3 OA009Vid;Creative Camera OA009 Function Driver;c:\windows\system32\drivers\OA009Vid.sys [2009-3-19 271552]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 GadmeiBDA;USB TV Device;c:\windows\system32\drivers\UTVAD.sys [2011-6-2 690560]
S3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-3-24 79240]
S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-3-24 35240]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-3-24 34152]
S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-3-24 40488]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-03-10 02:45:05 -------- d-----w- c:\users\mtl\appdata\roaming\Malwarebytes
2012-03-10 02:45:01 -------- d-----w- c:\programdata\Malwarebytes
2012-03-10 02:45:00 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-10 02:45:00 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-03-10 01:58:18 97792 ----a-w- c:\users\mtl\SmadExtc.dll
2012-03-10 01:58:18 73728 ----a-w- c:\users\mtl\Smadav-Updater.exe
2012-03-10 01:58:18 1503232 ----a-w- c:\users\mtl\Smadav 2012 Rev. 8.9.exe
2012-03-10 01:58:18 103936 ----a-w- c:\users\mtl\SmadEngine.dll
2012-03-09 13:40:30 479232 ----a-w- c:\users\mtl\appdata\local\hinvoj.exe
2012-03-09 13:40:23 72696 ----a-w- c:\users\mtl\appdata\roaming\autonet.exe
2012-03-09 13:40:23 72696 ----a-w- c:\programdata\remotefmt.exe
2012-03-09 13:37:39 -------- d-----w- c:\users\mtl\appdata\roaming\Byajug
2012-03-09 13:37:39 -------- d-----w- c:\users\mtl\appdata\roaming\Arux
2012-03-09 11:27:00 6552120 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{25b6c5a6-e30d-4208-a705-3098297426d5}\mpengine.dll
2012-03-08 02:02:16 548864 ----a-w- c:\program files\mozilla firefox\msvcp80.dll
2012-03-08 02:02:16 479232 ----a-w- c:\program files\mozilla firefox\msvcm80.dll
2012-03-08 02:02:16 45016 ----a-w- c:\program files\mozilla firefox\mozutils.dll
2012-03-08 02:02:15 626688 ----a-w- c:\program files\mozilla firefox\msvcr80.dll
2012-02-16 16:24:27 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2012-02-16 16:08:34 2044416 ----a-w- c:\windows\system32\win32k.sys
2012-02-16 16:00:56 680448 ----a-w- c:\windows\system32\msvcrt.dll
.
==================== Find3M ====================
.
2012-02-23 02:18:36 237072 ------w- c:\windows\system32\MpSigStub.exe
2011-12-14 03:04:54 1798656 ----a-w- c:\windows\system32\jscript9.dll
2011-12-14 02:57:18 1127424 ----a-w- c:\windows\system32\wininet.dll
2011-12-14 02:56:58 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2011-12-14 02:50:04 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-12-12 10:03:43 249856 ------w- c:\windows\Setup1.exe
2011-12-12 10:03:42 73216 ----a-w- c:\windows\ST6UNST.EXE
2011-12-12 07:10:53 256 ----a-w- c:\windows\system32\pool.bin
.
============= FINISH: 21:46:19.10 ===============







.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Home Basic
Boot Device: \Device\HarddiskVolume3
Install Date: 24/03/2009 03:54:58
System Uptime: 10/03/2012 21:37:24 (0 hours ago)
.
Motherboard: Dell Inc. | | 0R639N
Processor: Intel® Core™2 Duo CPU T6400 @ 2.00GHz | Microprocessor | 1200/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 218 GiB total, 88.711 GiB free.
E: is FIXED (NTFS) - 15 GiB total, 9.944 GiB free.
F: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description: Bluetooth Peripheral Device
Device ID: BTHENUM\{00005601-0000-1000-8000-0002EE000001}_LOCALMFG&000F\8&110F2BDC&0&EC9B5B2306D5_C00000000
Manufacturer:
Name: Bluetooth Peripheral Device
PNP Device ID: BTHENUM\{00005601-0000-1000-8000-0002EE000001}_LOCALMFG&000F\8&110F2BDC&0&EC9B5B2306D5_C00000000
Service:
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
Adobe Flash Player 10 Plugin
Adobe Flash Player 11 ActiveX
Adobe Photoshop CS
Adobe Reader 9.5.0
Advanced Audio FX Engine
Apple Application Support
Apple Software Update
ArcSoft Codec
BadCopy Pro
BBSAK
BitComet 1.29
BlackBerry Desktop Software 4.2
BlackBerry Device Software v6.0.0 for the BlackBerry 9700 smartphone
calibre
Cheat Engine 6.1
Dell Dock
Dell Getting Started Guide
Dell Support Center
Dell Touchpad
Dell Webcam Central
Dress Up Rush
EDocs
FormatFactory
Google Toolbar for Internet Explorer
GoToAssist 8.0.0.514
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
InboxDollars
Integrated Webcam Driver (1.02.01.0320)
Intel® Matrix Storage Manager
Java Auto Updater
Java™ 6 Update 26
Java™ 6 Update 7
Kamus 2.04
Live! Cam Avatar Creator
Malwarebytes Anti-Malware version 1.60.1.1000
Managed DirectX (0901)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Project 2007 Service Pack 3 (SP3)
Microsoft Office Project MUI (English) 2007
Microsoft Office Project Professional 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Visio 2007 Service Pack 3 (SP3)
Microsoft Office Visio MUI (English) 2007
Microsoft Office Visio Professional 2007
Microsoft Office Word MUI (English) 2007
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable - KB2467175
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Mobile Partner
Mozilla Firefox 10.0.2 (x86 en-US)
MpcStar 5.0
NJStar Chinese WP
NJStar Communicator
OGA Notifier 2.0.0048.0
PowerDVD
QuickSet
QuickTime
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Express Labeler 3
Roxio Update Manager
RTP for RM2K (Png, Wav, Midi, Fonts)
Safari
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
SmartSound Quicktracks Plugin
SPSS 15.0 for Windows Evaluation Version
Titan Quest
TVHome Media2
Ulead VideoStudio 10
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2597998) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Project 2007 Help (KB963668)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Visio 2007 Help (KB963666)
Update for Microsoft Office Word 2007 Help (KB963665)
VLC media player 1.1.4
WIDCOMM Bluetooth Software 6.1.0.4502
Winamp
Winamp Detector Plug-in
WinRAR archiver
Xfire (remove only)
Yahoo! Detect
Yahoo! Messenger
Yahoo! Software Update
Yahoo! Toolbar
.
==== Event Viewer Messages From Past Week ========
.
10/03/2012 21:38:19, Error: Service Control Manager [7000] - The Intel® PRO/1000 PCI Express Network Connection Driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
10/03/2012 21:38:19, Error: Service Control Manager [7000] - The Intel® PRO/1000 NDIS 6 Adapter Driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
10/03/2012 21:38:19, Error: Service Control Manager [7000] - The Bluetooth Device (Personal Area Network) service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
10/03/2012 21:30:15, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
10/03/2012 21:30:15, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
10/03/2012 21:30:15, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
10/03/2012 09:34:41, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
10/03/2012 09:15:30, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
10/03/2012 08:55:31, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: mfehidk spldr Wanarpv6
10/03/2012 08:55:31, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
10/03/2012 08:54:50, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
10/03/2012 08:54:30, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
10/03/2012 08:54:21, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
09/03/2012 21:20:49, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
08/03/2012 22:35:12, Error: BTHUSB [17] - The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.
06/03/2012 06:59:41, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.34 for the Network Card with network address 00225F3F2116 has been denied by the DHCP server 192.168.1.2 (The DHCP Server sent a DHCPNACK message).
.
==== End Of File ===========================

#2 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 18,272 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 12 March 2012 - 04:49 PM

Welcome to the forum.

Please remove any usb or external drives from the computer before you run this scan!

Please download and run RogueKiller.
Click Scan to scan the system (don't run any other options)
Post back the report.

MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#3 Reight

Reight

    New Member

  • Members
  • Pip
  • 9 posts

Posted 13 March 2012 - 06:27 AM

Okay. here is the report...


RogueKiller V7.3.1 [03/10/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User: MTL [Admin rights]
Mode: Scan -- Date: 03/13/2012 18:19:10

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 12 ¤¤¤
[BLACKLIST DLL] HKCU\[...]\Run : nstnb (rundll32.exe "C:\Users\MTL\AppData\Roaming\cwiqf.dll",rqzytu) -> FOUND
[SUSP PATH] HKUS\.DEFAULT[...]\Run : DelayShred (c:\PROGRA~1\mcafee\mshr\ShrCL.EXE /P7 /q c:\users\mtl\appdata\local\temp\nsv8B12.SH! c:\users\mtl\appdata\local\temp\2942017.SH! C:\Users\MTL\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\MB9T22QW\_PAGE_~1.SH!) -> FOUND
[BLACKLIST DLL] HKUS\S-1-5-21-3412689152-1959603396-70223304-1000[...]\Run : nstnb (rundll32.exe "C:\Users\MTL\AppData\Roaming\cwiqf.dll",rqzytu) -> FOUND
[SUSP PATH] HKUS\S-1-5-18[...]\Run : DelayShred (c:\PROGRA~1\mcafee\mshr\ShrCL.EXE /P7 /q c:\users\mtl\appdata\local\temp\nsv8B12.SH! c:\users\mtl\appdata\local\temp\2942017.SH! C:\Users\MTL\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\MB9T22QW\_PAGE_~1.SH!) -> FOUND
[DNS] HKLM\[...]\ControlSet001\Parameters\Interfaces\{5F37FB9C-DC70-459B-8D92-AC98F01DA98C} : NameServer (203.130.196.155,202.134.0.155) -> FOUND
[DNS] HKLM\[...]\ControlSet002\Parameters\Interfaces\{5F37FB9C-DC70-459B-8D92-AC98F01DA98C} : NameServer (203.130.196.155,202.134.0.155) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND
[HJ] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND
[HIDDEN VAL] HKCU\[...]\Run : S (C:\Program Files\Smadav\SMΔRTP.exe rtp) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: TOSHIBA MK2552GSX +++++
--- User ---
[MBR] c70f33a6cc10e4b539c73d6d9e406d52
[BSP] 54d20d43fa3e91f95afc60f155d7d2e4 : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 15000 Mo
2 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 30801920 | Size: 223434 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1].txt >>
RKreport[1].txt


Thanks for your help

#4 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 18,272 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 13 March 2012 - 08:17 AM

OK, these are.....

[DNS] HKLM\[...]\ControlSet001\Parameters\Interfaces\{5F37FB9C-DC70-459B-8D92-AC98F01DA98C} : NameServer (203.130.196.155,202.134.0.155) -> FOUND
[DNS] HKLM\[...]\ControlSet002\Parameters\Interfaces\{5F37FB9C-DC70-459B-8D92-AC98F01DA98C} : NameServer (203.130.196.155,202.134.0.155) -> FOUND

From....
Posted Image

Posted Image

Do you recognize them?

If not > run RogueKiller and click scan then DNSFix

-------------------------------------

[HIDDEN VAL] HKCU\[...]\Run : S (C:\Program Files\Smadav\SMΔRTP.exe rtp) -> FOUND

Did you install Smadav?

------------------------------------

You can run RogueKiller again (scan) and Delete these (click on registry):

[BLACKLIST DLL] HKCU\[...]\Run : nstnb (rundll32.exe "C:\Users\MTL\AppData\Roaming\cwiqf.dll",rqzytu) -> FOUND
[BLACKLIST DLL] HKUS\S-1-5-21-3412689152-1959603396-70223304-1000[...]\Run : nstnb (rundll32.exe "C:\Users\MTL\AppData\Roaming\cwiqf.dll",rqzytu) -> FOUND

----------------------------------

Then please Update and run a Quick Scan with Malwarebytes and post the log, MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#5 Reight

Reight

    New Member

  • Members
  • Pip
  • 9 posts

Posted 14 March 2012 - 08:00 AM

I have done as you instructed. I don't recognize those IP address. Yes, I installed Smadav, It is a local antivirus.


Malwarebytes Anti-Malware (Trial) 1.60.1.1000
www.malwarebytes.org

Database version: v2012.03.14.02

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
MTL :: USER-PC [administrator]

Protection: Enabled

14/03/2012 19:18:48
mbam-log-2012-03-14 (19-59-51).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 254870
Time elapsed: 35 minute(s), 20 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Users\MTL\AppData\Local\Temp\devicerss.exe (Trojan.Agent.UAGen) -> No action taken.

(end)

#6 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 18,272 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 14 March 2012 - 08:10 AM

C:\Users\MTL\AppData\Local\Temp\devicerss.exe (Trojan.Agent.UAGen) -> No action taken.

You didn't delete this??

Scan again and.....

When the scan is complete, click OK, then Show Results to view the results.

Make sure that everything is checked, and click Remove Selected.

MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#7 Reight

Reight

    New Member

  • Members
  • Pip
  • 9 posts

Posted 14 March 2012 - 09:25 AM

No, I have deleted it, I make a mistake --> I posted the logs before I deleted that......

But, even after I deleted it, the messages still show up....

I will scan again and posted it here after I get the result.

Malwarebytes Anti-Malware (Trial) 1.60.1.1000
www.malwarebytes.org

Database version: v2012.03.14.02

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
MTL :: USER-PC [administrator]

Protection: Enabled

14/03/2012 20:56:43
mbam-log-2012-03-14 (20-56-43).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 255820
Time elapsed: 24 minute(s), 20 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)




Thanks

#8 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 18,272 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 14 March 2012 - 09:32 AM

OK, run RogueKiller again and post the new log.

----------------------

Then...............

Please download and run TDSSKiller to your desktop as outlined below:

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

Posted Image

-------------------------

Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

Posted Image

------------------------

Click the Start Scan button.

Posted Image

-----------------------

If a suspicious object is detected, the default action will be Skip, click on Continue
If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
Skip and click on Continue

Posted Image

----------------------

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.


Posted Image


--------------------

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#9 Reight

Reight

    New Member

  • Members
  • Pip
  • 9 posts

Posted 14 March 2012 - 09:49 AM

RogueKiller V7.3.1 [03/10/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User: MTL [Admin rights]
Mode: Scan -- Date: 03/14/2012 21:41:52

¤¤¤ Bad processes: 1 ¤¤¤
[HJ NAME] notepad.exe -- C:\Windows\notepad.exe -> KILLED [TermProc]

¤¤¤ Registry Entries: 8 ¤¤¤
[PREVRUN] HKUS\.DEFAULT[...]\Run : DelayShred (c:\PROGRA~1\mcafee\mshr\ShrCL.EXE /P7 /q c:\users\mtl\appdata\local\temp\nsv8B12.SH! c:\users\mtl\appdata\local\temp\2942017.SH! C:\Users\MTL\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\MB9T22QW\_PAGE_~1.SH!) -> FOUND
[PREVRUN] HKUS\S-1-5-18[...]\Run : DelayShred (c:\PROGRA~1\mcafee\mshr\ShrCL.EXE /P7 /q c:\users\mtl\appdata\local\temp\nsv8B12.SH! c:\users\mtl\appdata\local\temp\2942017.SH! C:\Users\MTL\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\MB9T22QW\_PAGE_~1.SH!) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND
[HJ] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND
[HIDDEN VAL] HKCU\[...]\Run : S (C:\Program Files\Smadav\SMΔRTP.exe rtp) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: TOSHIBA MK2552GSX +++++
--- User ---
[MBR] c70f33a6cc10e4b539c73d6d9e406d52
[BSP] 54d20d43fa3e91f95afc60f155d7d2e4 : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 15000 Mo
2 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 30801920 | Size: 223434 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[6].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt ; RKreport[5].txt ;
RKreport[6].txt

21:43:16.0717 1216 TDSS rootkit removing tool 2.7.20.0 Mar 9 2012 17:10:43
21:43:18.0434 1216 ============================================================
21:43:18.0435 1216 Current date / time: 2012/03/14 21:43:18.0434
21:43:18.0435 1216 SystemInfo:
21:43:18.0435 1216
21:43:18.0435 1216 OS Version: 6.0.6002 ServicePack: 2.0
21:43:18.0435 1216 Product type: Workstation
21:43:18.0435 1216 ComputerName: USER-PC
21:43:18.0435 1216 UserName: MTL
21:43:18.0435 1216 Windows directory: C:\Windows
21:43:18.0435 1216 System windows directory: C:\Windows
21:43:18.0435 1216 Processor architecture: Intel x86
21:43:18.0435 1216 Number of processors: 2
21:43:18.0435 1216 Page size: 0x1000
21:43:18.0435 1216 Boot type: Normal boot
21:43:18.0435 1216 ============================================================
21:43:19.0173 1216 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
21:43:19.0176 1216 \Device\Harddisk0\DR0:
21:43:19.0176 1216 MBR used
21:43:19.0176 1216 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1D4C000
21:43:19.0176 1216 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1D60000, BlocksNum 0x1B465170
21:43:19.0261 1216 Initialize success
21:43:19.0261 1216 ============================================================
21:44:27.0457 5916 ============================================================
21:44:27.0457 5916 Scan started
21:44:27.0457 5916 Mode: Manual; SigCheck; TDLFS;
21:44:27.0457 5916 ============================================================
21:44:28.0503 5916 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
21:44:28.0676 5916 ACPI - ok
21:44:28.0859 5916 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
21:44:28.0888 5916 adp94xx - ok
21:44:28.0929 5916 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
21:44:28.0953 5916 adpahci - ok
21:44:29.0063 5916 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
21:44:29.0081 5916 adpu160m - ok
21:44:29.0115 5916 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
21:44:29.0132 5916 adpu320 - ok
21:44:29.0297 5916 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
21:44:29.0370 5916 AFD - ok
21:44:29.0486 5916 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
21:44:29.0502 5916 agp440 - ok
21:44:29.0542 5916 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
21:44:29.0559 5916 aic78xx - ok
21:44:29.0664 5916 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
21:44:29.0681 5916 aliide - ok
21:44:29.0713 5916 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
21:44:29.0728 5916 amdagp - ok
21:44:29.0757 5916 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
21:44:29.0773 5916 amdide - ok
21:44:29.0866 5916 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
21:44:29.0993 5916 AmdK7 - ok
21:44:30.0090 5916 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
21:44:30.0159 5916 AmdK8 - ok
21:44:30.0288 5916 ApfiltrService (448da519f3b6ffa158c513156053181e) C:\Windows\system32\DRIVERS\Apfiltr.sys
21:44:30.0341 5916 ApfiltrService - ok
21:44:30.0399 5916 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
21:44:30.0417 5916 arc - ok
21:44:30.0550 5916 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
21:44:30.0567 5916 arcsas - ok
21:44:30.0625 5916 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
21:44:30.0679 5916 AsyncMac - ok
21:44:30.0788 5916 atapi (0d83c87a801a3dfcd1bf73893fe7518c) C:\Windows\system32\drivers\atapi.sys
21:44:30.0803 5916 atapi - ok
21:44:30.0863 5916 athr (ac89d6200482a3a72e7cd05c0db6113c) C:\Windows\system32\DRIVERS\athr.sys
21:44:30.0962 5916 athr - ok
21:44:31.0094 5916 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
21:44:31.0155 5916 Beep - ok
21:44:31.0320 5916 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
21:44:31.0378 5916 blbdrive - ok
21:44:31.0510 5916 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
21:44:31.0566 5916 bowser - ok
21:44:31.0669 5916 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
21:44:31.0771 5916 BrFiltLo - ok
21:44:31.0868 5916 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
21:44:31.0907 5916 BrFiltUp - ok
21:44:31.0942 5916 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
21:44:32.0187 5916 Brserid - ok
21:44:32.0297 5916 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
21:44:32.0385 5916 BrSerWdm - ok
21:44:32.0412 5916 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
21:44:32.0493 5916 BrUsbMdm - ok
21:44:32.0588 5916 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
21:44:32.0671 5916 BrUsbSer - ok
21:44:32.0801 5916 BthEnum (6d39c954799b63ba866910234cf7d726) C:\Windows\system32\DRIVERS\BthEnum.sys
21:44:32.0841 5916 BthEnum - ok
21:44:32.0971 5916 BTHMODEM (9a966a8e86d1771911ae34a20d11bff3) C:\Windows\system32\DRIVERS\bthmodem.sys
21:44:33.0064 5916 BTHMODEM - ok
21:44:33.0100 5916 BthPan (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys
21:44:33.0165 5916 BthPan - ok
21:44:33.0314 5916 BthPort (611ff3f2f095c8d4a6d4cfd9dcc09793) C:\Windows\system32\Drivers\BTHport.sys
21:44:33.0375 5916 BthPort - ok
21:44:33.0513 5916 BTHUSB (d330803eab2a15caec7f011f1d4cb30e) C:\Windows\system32\Drivers\BTHUSB.sys
21:44:33.0544 5916 BTHUSB - ok
21:44:33.0584 5916 btwaudio (f2f7342742180d5060285499dee50f99) C:\Windows\system32\drivers\btwaudio.sys
21:44:33.0598 5916 btwaudio - ok
21:44:33.0688 5916 btwavdt (32f59f26a30cfc508da11db3ea0f8b77) C:\Windows\system32\drivers\btwavdt.sys
21:44:33.0700 5916 btwavdt - ok
21:44:33.0752 5916 btwl2cap (ecb98391c756a7b9cfbae89d9d1235e1) C:\Windows\system32\DRIVERS\btwl2cap.sys
21:44:33.0762 5916 btwl2cap - ok
21:44:33.0841 5916 btwrchid (03658734ef7d0f3b3f4636d3e8a38964) C:\Windows\system32\DRIVERS\btwrchid.sys
21:44:33.0852 5916 btwrchid - ok
21:44:33.0901 5916 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
21:44:33.0951 5916 cdfs - ok
21:44:34.0056 5916 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
21:44:34.0102 5916 cdrom - ok
21:44:34.0141 5916 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
21:44:34.0195 5916 circlass - ok
21:44:34.0301 5916 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
21:44:34.0327 5916 CLFS - ok
21:44:34.0431 5916 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
21:44:34.0485 5916 CmBatt - ok
21:44:34.0560 5916 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
21:44:34.0575 5916 cmdide - ok
21:44:34.0638 5916 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
21:44:34.0657 5916 Compbatt - ok
21:44:34.0735 5916 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
21:44:34.0749 5916 crcdisk - ok
21:44:34.0789 5916 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
21:44:34.0844 5916 Crusoe - ok
21:44:34.0936 5916 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
21:44:35.0003 5916 DfsC - ok
21:44:35.0118 5916 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
21:44:35.0136 5916 disk - ok
21:44:35.0187 5916 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
21:44:35.0229 5916 drmkaud - ok
21:44:35.0340 5916 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
21:44:35.0376 5916 DXGKrnl - ok
21:44:35.0461 5916 e1express (908ed85b7806e8af3af5e9b74f7809d4) C:\Windows\system32\DRIVERS\e1e6032.sys
21:44:35.0519 5916 e1express - ok
21:44:35.0599 5916 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
21:44:35.0660 5916 E1G60 - ok
21:44:35.0738 5916 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
21:44:35.0759 5916 Ecache - ok
21:44:35.0867 5916 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
21:44:35.0892 5916 elxstor - ok
21:44:35.0940 5916 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
21:44:35.0972 5916 ErrDev - ok
21:44:36.0075 5916 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
21:44:36.0136 5916 exfat - ok
21:44:36.0240 5916 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
21:44:36.0287 5916 fastfat - ok
21:44:36.0328 5916 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
21:44:36.0386 5916 fdc - ok
21:44:36.0496 5916 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
21:44:36.0512 5916 FileInfo - ok
21:44:36.0540 5916 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
21:44:36.0593 5916 Filetrace - ok
21:44:36.0683 5916 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
21:44:36.0730 5916 flpydisk - ok
21:44:36.0786 5916 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
21:44:36.0810 5916 FltMgr - ok
21:44:36.0925 5916 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
21:44:36.0968 5916 Fs_Rec - ok
21:44:37.0123 5916 GadmeiBDA (3c1818c2c3b4631000e5ae1df72e179c) C:\Windows\system32\DRIVERS\UTVAD.sys
21:44:37.0202 5916 GadmeiBDA - ok
21:44:37.0295 5916 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
21:44:37.0317 5916 gagp30kx - ok
21:44:37.0445 5916 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
21:44:37.0518 5916 HDAudBus - ok
21:44:37.0577 5916 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
21:44:37.0681 5916 HidBth - ok
21:44:37.0787 5916 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
21:44:37.0883 5916 HidIr - ok
21:44:38.0001 5916 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
21:44:38.0042 5916 HidUsb - ok
21:44:38.0078 5916 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
21:44:38.0095 5916 HpCISSs - ok
21:44:38.0212 5916 HTTP (0eeeca26c8d4bde2a4664db058a81937) C:\Windows\system32\drivers\HTTP.sys
21:44:38.0272 5916 HTTP - ok
21:44:38.0400 5916 hwdatacard (63b3eff36272787619c1e773ed581693) C:\Windows\system32\DRIVERS\ewusbmdm.sys
21:44:38.0445 5916 hwdatacard - ok
21:44:38.0481 5916 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
21:44:38.0496 5916 i2omp - ok
21:44:38.0603 5916 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
21:44:38.0647 5916 i8042prt - ok
21:44:38.0691 5916 iaStor (80c633722da72e97f3f5b3b11325696d) C:\Windows\system32\drivers\iastor.sys
21:44:38.0711 5916 iaStor - ok
21:44:38.0818 5916 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
21:44:38.0838 5916 iaStorV - ok
21:44:39.0025 5916 igfx (8dad27dd28a4274866767c89c0bf154f) C:\Windows\system32\DRIVERS\igdkmd32.sys
21:44:39.0149 5916 igfx - ok
21:44:39.0275 5916 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
21:44:39.0290 5916 iirsp - ok
21:44:39.0343 5916 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
21:44:39.0357 5916 intelide - ok
21:44:39.0495 5916 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
21:44:39.0536 5916 intelppm - ok
21:44:39.0593 5916 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:44:39.0647 5916 IpFilterDriver - ok
21:44:39.0724 5916 IpInIp - ok
21:44:39.0754 5916 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
21:44:39.0813 5916 IPMIDRV - ok
21:44:39.0841 5916 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
21:44:39.0890 5916 IPNAT - ok
21:44:39.0990 5916 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
21:44:40.0042 5916 IRENUM - ok
21:44:40.0061 5916 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
21:44:40.0076 5916 isapnp - ok
21:44:40.0168 5916 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
21:44:40.0190 5916 iScsiPrt - ok
21:44:40.0227 5916 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
21:44:40.0246 5916 iteatapi - ok
21:44:40.0281 5916 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
21:44:40.0295 5916 iteraid - ok
21:44:40.0370 5916 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
21:44:40.0386 5916 kbdclass - ok
21:44:40.0440 5916 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
21:44:40.0485 5916 kbdhid - ok
21:44:40.0559 5916 KSecDD (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
21:44:40.0602 5916 KSecDD - ok
21:44:40.0736 5916 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
21:44:40.0823 5916 lltdio - ok
21:44:40.0912 5916 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
21:44:40.0928 5916 LSI_FC - ok
21:44:40.0965 5916 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
21:44:40.0981 5916 LSI_SAS - ok
21:44:41.0029 5916 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
21:44:41.0046 5916 LSI_SCSI - ok
21:44:41.0142 5916 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
21:44:41.0204 5916 luafv - ok
21:44:41.0338 5916 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\Windows\system32\drivers\mbam.sys
21:44:41.0351 5916 MBAMProtector - ok
21:44:41.0397 5916 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
21:44:41.0412 5916 megasas - ok
21:44:41.0445 5916 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
21:44:41.0479 5916 MegaSR - ok
21:44:41.0643 5916 mfeavfk (abe05f6853072fdb29d4523c8e344578) C:\Windows\system32\drivers\mfeavfk.sys
21:44:41.0656 5916 mfeavfk - ok
21:44:41.0703 5916 mfebopk (7728b3c34b5b13cacb520ccee2af8cc7) C:\Windows\system32\drivers\mfebopk.sys
21:44:41.0714 5916 mfebopk - ok
21:44:41.0738 5916 mfehidk (f2ae6af4817e612fc162dcc580b7a5cc) C:\Windows\system32\drivers\mfehidk.sys
21:44:41.0752 5916 mfehidk - ok
21:44:41.0850 5916 mferkdk (db75c83e3e57037390b7b4392bca5481) C:\Windows\system32\drivers\mferkdk.sys
21:44:41.0861 5916 mferkdk - ok
21:44:41.0918 5916 mfesmfk (702730b18c342b40cdce85cd98eee88e) C:\Windows\system32\drivers\mfesmfk.sys
21:44:41.0929 5916 mfesmfk - ok
21:44:41.0982 5916 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
21:44:42.0035 5916 Modem - ok
21:44:42.0110 5916 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
21:44:42.0167 5916 monitor - ok
21:44:42.0212 5916 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
21:44:42.0228 5916 mouclass - ok
21:44:42.0254 5916 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
21:44:42.0305 5916 mouhid - ok
21:44:42.0365 5916 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
21:44:42.0381 5916 MountMgr - ok
21:44:42.0435 5916 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
21:44:42.0452 5916 mpio - ok
21:44:42.0483 5916 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
21:44:42.0522 5916 mpsdrv - ok
21:44:42.0596 5916 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
21:44:42.0610 5916 Mraid35x - ok
21:44:42.0660 5916 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
21:44:42.0727 5916 MRxDAV - ok
21:44:42.0839 5916 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
21:44:42.0871 5916 mrxsmb - ok
21:44:42.0943 5916 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:44:42.0983 5916 mrxsmb10 - ok
21:44:43.0110 5916 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:44:43.0132 5916 mrxsmb20 - ok
21:44:43.0178 5916 msahci (f70590424eefbf5c27a40c67afdb8383) C:\Windows\system32\drivers\msahci.sys
21:44:43.0192 5916 msahci - ok
21:44:43.0247 5916 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
21:44:43.0263 5916 msdsm - ok
21:44:43.0325 5916 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
21:44:43.0380 5916 Msfs - ok
21:44:43.0445 5916 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
21:44:43.0460 5916 msisadrv - ok
21:44:43.0526 5916 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
21:44:43.0579 5916 MSKSSRV - ok
21:44:43.0643 5916 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
21:44:43.0700 5916 MSPCLOCK - ok
21:44:43.0755 5916 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
21:44:43.0810 5916 MSPQM - ok
21:44:43.0889 5916 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
21:44:43.0909 5916 MsRPC - ok
21:44:43.0982 5916 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
21:44:43.0997 5916 mssmbios - ok
21:44:44.0064 5916 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
21:44:44.0119 5916 MSTEE - ok
21:44:44.0173 5916 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
21:44:44.0190 5916 Mup - ok
21:44:44.0274 5916 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
21:44:44.0309 5916 NativeWifiP - ok
21:44:44.0419 5916 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
21:44:44.0452 5916 NDIS - ok
21:44:44.0518 5916 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
21:44:44.0569 5916 NdisTapi - ok
21:44:44.0620 5916 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
21:44:44.0672 5916 Ndisuio - ok
21:44:44.0743 5916 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
21:44:44.0776 5916 NdisWan - ok
21:44:44.0846 5916 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
21:44:44.0894 5916 NDProxy - ok
21:44:44.0953 5916 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
21:44:45.0004 5916 NetBIOS - ok
21:44:45.0072 5916 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
21:44:45.0124 5916 netbt - ok
21:44:45.0210 5916 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
21:44:45.0227 5916 nfrd960 - ok
21:44:45.0328 5916 nmwcd (696b37ea78f9d9767a2f18ba0304a51a) C:\Windows\system32\drivers\nmwcd.sys
21:44:45.0368 5916 nmwcd - ok
21:44:45.0483 5916 nmwcdc (60ef5f5621d7832f00a3f190a0c905e2) C:\Windows\system32\drivers\ccdcmbo.sys
21:44:45.0565 5916 nmwcdc - ok
21:44:45.0705 5916 nmwcdcm (4c3726467d67483f054c88f058e9c153) C:\Windows\system32\drivers\nmwcdcm.sys
21:44:45.0747 5916 nmwcdcm - ok
21:44:45.0787 5916 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
21:44:45.0819 5916 Npfs - ok
21:44:45.0932 5916 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
21:44:45.0989 5916 nsiproxy - ok
21:44:46.0063 5916 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
21:44:46.0115 5916 Ntfs - ok
21:44:46.0221 5916 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
21:44:46.0307 5916 ntrigdigi - ok
21:44:46.0328 5916 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
21:44:46.0381 5916 Null - ok
21:44:46.0481 5916 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
21:44:46.0499 5916 nvraid - ok
21:44:46.0527 5916 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
21:44:46.0544 5916 nvstor - ok
21:44:46.0580 5916 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
21:44:46.0597 5916 nv_agp - ok
21:44:46.0669 5916 NwlnkFlt - ok
21:44:46.0682 5916 NwlnkFwd - ok
21:44:46.0733 5916 OA009Ufd (2cf21d5f8f1b74bb1922135ac2b12ddb) C:\Windows\system32\DRIVERS\OA009Ufd.sys
21:44:46.0765 5916 OA009Ufd - ok
21:44:46.0803 5916 OA009Vid (636c6ee8bb6ec473b8fe221eff77e0cc) C:\Windows\system32\DRIVERS\OA009Vid.sys
21:44:46.0832 5916 OA009Vid - ok
21:44:46.0951 5916 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
21:44:47.0039 5916 ohci1394 - ok
21:44:47.0161 5916 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
21:44:47.0247 5916 Parport - ok
21:44:47.0289 5916 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
21:44:47.0307 5916 partmgr - ok
21:44:47.0344 5916 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
21:44:47.0414 5916 Parvdm - ok
21:44:47.0517 5916 PCDSRVC{E9D79540-57D5953E-06020101}_0 (92fddbed716bf5c3cb766101563cfce5) c:\program files\dell support center\pcdsrvc.pkms
21:44:47.0563 5916 PCDSRVC{E9D79540-57D5953E-06020101}_0 - ok
21:44:47.0659 5916 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
21:44:47.0679 5916 pci - ok
21:44:47.0719 5916 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
21:44:47.0734 5916 pciide - ok
21:44:47.0775 5916 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
21:44:47.0793 5916 pcmcia - ok
21:44:47.0916 5916 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
21:44:48.0030 5916 PEAUTH - ok
21:44:48.0153 5916 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
21:44:48.0211 5916 PptpMiniport - ok
21:44:48.0236 5916 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
21:44:48.0293 5916 Processor - ok
21:44:48.0401 5916 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
21:44:48.0432 5916 PSched - ok
21:44:48.0482 5916 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\Windows\system32\Drivers\PxHelp20.sys
21:44:48.0494 5916 PxHelp20 - ok
21:44:48.0642 5916 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
21:44:48.0773 5916 ql2300 - ok
21:44:48.0896 5916 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
21:44:48.0912 5916 ql40xx - ok
21:44:48.0927 5916 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
21:44:48.0986 5916 QWAVEdrv - ok
21:44:49.0070 5916 R300 (e642b131fb74caf4bb8a014f31113142) C:\Windows\system32\DRIVERS\atikmdag.sys
21:44:49.0190 5916 R300 - ok
21:44:49.0299 5916 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
21:44:49.0353 5916 RasAcd - ok
21:44:49.0376 5916 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
21:44:49.0428 5916 Rasl2tp - ok
21:44:49.0547 5916 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
21:44:49.0579 5916 RasPppoe - ok
21:44:49.0596 5916 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
21:44:49.0617 5916 RasSstp - ok
21:44:49.0649 5916 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
21:44:49.0683 5916 rdbss - ok
21:44:49.0773 5916 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
21:44:49.0829 5916 RDPCDD - ok
21:44:49.0864 5916 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
21:44:49.0907 5916 rdpdr - ok
21:44:49.0919 5916 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
21:44:49.0976 5916 RDPENCDD - ok
21:44:50.0080 5916 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
21:44:50.0130 5916 RDPWD - ok
21:44:50.0243 5916 RFCOMM (6482707f9f4da0ecbab43b2e0398a101) C:\Windows\system32\DRIVERS\rfcomm.sys
21:44:50.0291 5916 RFCOMM - ok
21:44:50.0351 5916 RimUsb (f17713d108aca124a139fde877eef68a) C:\Windows\system32\Drivers\RimUsb.sys
21:44:50.0396 5916 RimUsb - ok
21:44:50.0527 5916 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\Windows\system32\DRIVERS\RimSerial.sys
21:44:50.0568 5916 RimVSerPort - ok
21:44:50.0595 5916 ROOTMODEM (75e8a6bfa7374aba833ae92bf41ae4e6) C:\Windows\system32\Drivers\RootMdm.sys
21:44:50.0645 5916 ROOTMODEM - ok
21:44:50.0735 5916 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
21:44:50.0785 5916 rspndr - ok
21:44:50.0828 5916 RTSTOR (d1fb9a678bd6c2b1129fcb09d5feb6dd) C:\Windows\system32\drivers\RTSTOR.SYS
21:44:50.0880 5916 RTSTOR - ok
21:44:50.0979 5916 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
21:44:50.0995 5916 sbp2port - ok
21:44:51.0042 5916 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
21:44:51.0140 5916 secdrv - ok
21:44:51.0235 5916 Sedsercpsv - ok
21:44:51.0274 5916 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
21:44:51.0354 5916 Serenum - ok
21:44:51.0384 5916 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
21:44:51.0470 5916 Serial - ok
21:44:51.0567 5916 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
21:44:51.0615 5916 sermouse - ok
21:44:51.0649 5916 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
21:44:51.0691 5916 sffdisk - ok
21:44:51.0777 5916 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
21:44:51.0827 5916 sffp_mmc - ok
21:44:51.0838 5916 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
21:44:51.0878 5916 sffp_sd - ok
21:44:51.0906 5916 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
21:44:51.0991 5916 sfloppy - ok
21:44:52.0100 5916 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
21:44:52.0116 5916 sisagp - ok
21:44:52.0136 5916 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
21:44:52.0152 5916 SiSRaid2 - ok
21:44:52.0181 5916 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
21:44:52.0197 5916 SiSRaid4 - ok
21:44:52.0313 5916 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
21:44:52.0363 5916 Smb - ok
21:44:52.0414 5916 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
21:44:52.0430 5916 spldr - ok
21:44:52.0539 5916 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
21:44:52.0580 5916 srv - ok
21:44:52.0644 5916 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
21:44:52.0696 5916 srv2 - ok
21:44:52.0786 5916 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
21:44:52.0815 5916 srvnet - ok
21:44:52.0884 5916 STHDA (14a9ad287fda70a06463e09c4328c1f2) C:\Windows\system32\DRIVERS\stwrt.sys
21:44:52.0942 5916 STHDA - ok
21:44:53.0080 5916 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
21:44:53.0095 5916 swenum - ok
21:44:53.0128 5916 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
21:44:53.0143 5916 Symc8xx - ok
21:44:53.0165 5916 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
21:44:53.0180 5916 Sym_hi - ok
21:44:53.0205 5916 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
21:44:53.0220 5916 Sym_u3 - ok
21:44:53.0398 5916 Tcpip (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
21:44:53.0442 5916 Tcpip - ok
21:44:53.0469 5916 Tcpip6 (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
21:44:53.0535 5916 Tcpip6 - ok
21:44:53.0637 5916 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
21:44:53.0693 5916 tcpipreg - ok
21:44:53.0741 5916 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
21:44:53.0792 5916 TDPIPE - ok
21:44:53.0818 5916 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
21:44:53.0858 5916 TDTCP - ok
21:44:53.0950 5916 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
21:44:53.0981 5916 tdx - ok
21:44:54.0022 5916 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
21:44:54.0039 5916 TermDD - ok
21:44:54.0177 5916 TrueSight (0455d57c7fdb1252784202f2f7deb1d5) c:\windows\system32\drivers\TrueSight.sys
21:44:54.0183 5916 TrueSight ( UnsignedFile.Multi.Generic ) - warning
21:44:54.0183 5916 TrueSight - detected UnsignedFile.Multi.Generic (1)
21:44:54.0239 5916 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
21:44:54.0294 5916 tssecsrv - ok
21:44:54.0441 5916 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
21:44:54.0529 5916 tunmp - ok
21:44:54.0623 5916 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
21:44:54.0644 5916 tunnel - ok
21:44:54.0676 5916 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
21:44:54.0692 5916 uagp35 - ok
21:44:54.0741 5916 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
21:44:54.0775 5916 udfs - ok
21:44:54.0911 5916 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
21:44:54.0928 5916 uliagpkx - ok
21:44:54.0976 5916 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
21:44:54.0996 5916 uliahci - ok
21:44:55.0033 5916 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
21:44:55.0049 5916 UlSata - ok
21:44:55.0150 5916 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
21:44:55.0166 5916 ulsata2 - ok
21:44:55.0189 5916 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
21:44:55.0240 5916 umbus - ok
21:44:55.0349 5916 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
21:44:55.0398 5916 usbccgp - ok
21:44:55.0440 5916 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
21:44:55.0522 5916 usbcir - ok
21:44:55.0615 5916 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
21:44:55.0646 5916 usbehci - ok
21:44:55.0682 5916 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
21:44:55.0731 5916 usbhub - ok
21:44:55.0827 5916 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
21:44:55.0912 5916 usbohci - ok
21:44:55.0952 5916 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
21:44:56.0033 5916 usbprint - ok
21:44:56.0134 5916 usbser (d575246188f63de0accf6eac5fb59e6a) C:\Windows\system32\drivers\usbser.sys
21:44:56.0180 5916 usbser - ok
21:44:56.0242 5916 UsbserFilt (e748d50b3b2ec7f40a2ba67fb094cf01) C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys
21:44:56.0293 5916 UsbserFilt - ok
21:44:56.0384 5916 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:44:56.0425 5916 USBSTOR - ok
21:44:56.0468 5916 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
21:44:56.0543 5916 usbuhci - ok
21:44:56.0664 5916 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
21:44:56.0704 5916 vga - ok
21:44:56.0727 5916 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
21:44:56.0767 5916 VgaSave - ok
21:44:56.0795 5916 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
21:44:56.0811 5916 viaagp - ok
21:44:56.0842 5916 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
21:44:56.0882 5916 ViaC7 - ok
21:44:56.0991 5916 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
21:44:57.0006 5916 viaide - ok
21:44:57.0046 5916 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
21:44:57.0062 5916 volmgr - ok
21:44:57.0124 5916 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
21:44:57.0149 5916 volmgrx - ok
21:44:57.0243 5916 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
21:44:57.0265 5916 volsnap - ok
21:44:57.0322 5916 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
21:44:57.0340 5916 vsmraid - ok
21:44:57.0441 5916 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
21:44:57.0511 5916 WacomPen - ok
21:44:57.0583 5916 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
21:44:57.0627 5916 Wanarp - ok
21:44:57.0634 5916 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
21:44:57.0668 5916 Wanarpv6 - ok
21:44:57.0765 5916 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
21:44:57.0780 5916 Wd - ok
21:44:57.0867 5916 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
21:44:57.0910 5916 Wdf01000 - ok
21:44:58.0063 5916 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
21:44:58.0095 5916 WmiAcpi - ok
21:44:58.0150 5916 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
21:44:58.0202 5916 WpdUsb - ok
21:44:58.0279 5916 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
21:44:58.0327 5916 ws2ifsl - ok
21:44:58.0389 5916 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
21:44:58.0437 5916 WUDFRd - ok
21:44:58.0554 5916 yukonwlh (1a51df1a5c658d534ed980d18f7982de) C:\Windows\system32\DRIVERS\yk60x86.sys
21:44:58.0631 5916 yukonwlh - ok
21:44:58.0686 5916 MBR (0x1B8) (cdb4de4bbd714f152979da2dcbef57eb) \Device\Harddisk0\DR0
21:44:59.0220 5916 \Device\Harddisk0\DR0 - ok
21:44:59.0256 5916 Boot (0x1200) (c65ebb53ad6ab8ce1915d4348cce8aee) \Device\Harddisk0\DR0\Partition0
21:44:59.0257 5916 \Device\Harddisk0\DR0\Partition0 - ok
21:44:59.0272 5916 Boot (0x1200) (3caf8afa1c4a4b927adc4d6f28acdaec) \Device\Harddisk0\DR0\Partition1
21:44:59.0273 5916 \Device\Harddisk0\DR0\Partition1 - ok
21:44:59.0275 5916 ============================================================
21:44:59.0275 5916 Scan finished
21:44:59.0275 5916 ============================================================
21:44:59.0333 5200 Detected object count: 1
21:44:59.0333 5200 Actual detected object count: 1
21:46:03.0461 5200 TrueSight ( UnsignedFile.Multi.Generic ) - skipped by user
21:46:03.0461 5200 TrueSight ( UnsignedFile.Multi.Generic ) - User select action: Skip

#10 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 18,272 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 14 March 2012 - 09:53 AM

OK, that scan is clean.

Please download and run ComboFix.
The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingc...to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Please include the C:\ComboFix.txt in your next reply for further review.

MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#11 Reight

Reight

    New Member

  • Members
  • Pip
  • 9 posts

Posted 17 March 2012 - 10:35 AM

ComboFix 12-03-16.05 - MTL 17/03/2012 22:00:15.1.2 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.3545.2116 [GMT 7:00]
Running from: c:\users\MTL\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\MTL\Documents\~WRL1243.tmp
c:\users\MTL\Documents\~WRL2017.tmp
c:\users\MTL\Smadav 2012 Rev. 8.9.exe
c:\users\MTL\SmadEngine.dll
c:\windows\system32\system
.
Infected copy of c:\windows\system32\drivers\ntfs.sys was found and disinfected
Restored copy from - c:\windows\winsxs\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.0.6002.18005_none_a85ca2c91a0d64df\ntfs.sys
.
.
((((((((((((((((((((((((( Files Created from 2012-02-17 to 2012-03-17 )))))))))))))))))))))))))))))))
.
.
2012-03-17 15:13 . 2012-03-17 15:13 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-15 02:05 . 2012-02-02 15:16 2044416 ----a-w- c:\windows\system32\win32k.sys
2012-03-15 02:05 . 2012-02-14 15:45 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-03-15 02:05 . 2012-02-13 13:44 1068544 ----a-w- c:\windows\system32\DWrite.dll
2012-03-15 02:05 . 2012-02-14 15:45 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2012-03-15 02:05 . 2012-02-13 14:12 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2012-03-15 02:05 . 2012-02-13 13:47 683008 ----a-w- c:\windows\system32\d2d1.dll
2012-03-15 02:05 . 2012-01-31 10:59 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2012-03-15 02:04 . 2012-01-09 15:54 613376 ----a-w- c:\windows\system32\rdpencom.dll
2012-03-15 02:04 . 2012-01-09 13:58 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-10 02:45 . 2012-03-10 02:45 -------- d-----w- c:\users\MTL\AppData\Roaming\Malwarebytes
2012-03-10 02:45 . 2012-03-10 02:45 -------- d-----w- c:\programdata\Malwarebytes
2012-03-10 02:45 . 2012-03-10 02:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-03-10 02:45 . 2011-12-10 08:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-10 01:58 . 2011-07-10 10:45 73728 ----a-w- c:\users\MTL\Smadav-Updater.exe
2012-03-10 01:58 . 2010-02-19 11:26 97792 ----a-w- c:\users\MTL\SmadExtc.dll
2012-03-09 13:37 . 2012-03-10 05:48 -------- d-----w- c:\users\MTL\AppData\Roaming\Byajug
2012-03-09 13:37 . 2012-03-09 14:09 -------- d-----w- c:\users\MTL\AppData\Roaming\Arux
2012-03-08 02:02 . 2012-03-08 02:02 548864 ----a-w- c:\program files\Mozilla Firefox\msvcp80.dll
2012-03-08 02:02 . 2012-03-08 02:02 479232 ----a-w- c:\program files\Mozilla Firefox\msvcm80.dll
2012-03-08 02:02 . 2012-03-08 02:02 45016 ----a-w- c:\program files\Mozilla Firefox\mozutils.dll
2012-03-08 02:02 . 2012-03-08 02:02 626688 ----a-w- c:\program files\Mozilla Firefox\msvcr80.dll
2012-02-16 16:00 . 2011-12-14 16:17 680448 ----a-w- c:\windows\system32\msvcrt.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-23 02:18 . 2010-08-01 11:09 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-02-08 06:03 . 2012-03-16 09:34 6552120 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E11C10BA-8B8B-4B0A-B935-DECF15E8CC16}\mpengine.dll
2011-12-20 02:42 . 2011-12-20 02:42 86528 ----a-w- c:\windows\system32\iesysprep.dll
2011-12-20 02:42 . 2011-12-20 02:42 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-12-20 02:42 . 2011-12-20 02:42 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-12-20 02:42 . 2011-12-20 02:42 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-12-20 02:42 . 2011-12-20 02:42 161792 ----a-w- c:\windows\system32\msls31.dll
2011-12-20 02:42 . 2011-12-20 02:42 74752 ----a-w- c:\windows\system32\iesetup.dll
2011-12-20 02:42 . 2011-12-20 02:42 63488 ----a-w- c:\windows\system32\tdc.ocx
2011-12-20 02:42 . 2011-12-20 02:42 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-12-20 02:42 . 2011-12-20 02:42 367104 ----a-w- c:\windows\system32\html.iec
2011-12-20 02:42 . 2011-12-20 02:42 23552 ----a-w- c:\windows\system32\licmgr10.dll
2011-12-20 02:42 . 2011-12-20 02:42 152064 ----a-w- c:\windows\system32\wextract.exe
2011-12-20 02:42 . 2011-12-20 02:42 150528 ----a-w- c:\windows\system32\iexpress.exe
2011-12-20 02:42 . 2011-12-20 02:42 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2011-12-20 02:42 . 2011-12-20 02:42 11776 ----a-w- c:\windows\system32\mshta.exe
2011-12-20 02:42 . 2011-12-20 02:42 101888 ----a-w- c:\windows\system32\admparse.dll
2011-12-20 02:42 . 2011-12-20 02:42 35840 ----a-w- c:\windows\system32\imgutil.dll
2011-12-20 02:42 . 2011-12-20 02:42 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-03-08 02:02 . 2011-09-06 15:50 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6FFB615D-E8CE-4ADD-8D9F-31C4BE9C26E4}]
2011-04-17 07:34 1547776 ----a-w- c:\program files\InboxDollars\Toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{47980628-3844-42AA-A0DD-E2D86BBA9600}"= "c:\program files\InboxDollars\Toolbar.dll" [2011-04-17 1547776]
.
[HKEY_CLASSES_ROOT\clsid\{47980628-3844-42aa-a0dd-e2d86bba9600}]
[HKEY_CLASSES_ROOT\FCTB000062133.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{5DB5671F-D35B-419E-A124-0653A57FBCA1}]
[HKEY_CLASSES_ROOT\FCTB000062133.IEToolbar]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{47980628-3844-42AA-A0DD-E2D86BBA9600}"= "c:\program files\InboxDollars\Toolbar.dll" [2011-04-17 1547776]
.
[HKEY_CLASSES_ROOT\clsid\{47980628-3844-42aa-a0dd-e2d86bba9600}]
[HKEY_CLASSES_ROOT\FCTB000062133.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{5DB5671F-D35B-419E-A124-0653A57FBCA1}]
[HKEY_CLASSES_ROOT\FCTB000062133.IEToolbar]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SM?RT-Protection"="c:\program files\Smadav\SM?RTP.exe" [?]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"BitComet"="c:\program files\BitComet\BitComet.exe" [2011-09-23 11515184]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe" [2011-08-21 6276408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2010-04-05 288040]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-12-09 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-12-09 178712]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-12-09 154136]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-05-07 178712]
"Dell Webcam Central"="c:\program files\Dell Webcam\Dell Webcam Central\WebcamDell.exe" [2008-06-03 446635]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2008-05-23 128296]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2008-12-15 483420]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"UVS10 Preload"="c:\program files\Ulead Systems\Ulead VideoStudio 10\uvPL.exe" [2006-03-06 36864]
"QuickTime Task"="c:\program files\MpcStar\Codecs\QuickTime\QTTask.exe" [2010-11-29 421888]
"ScheduleTV"="c:\program files\TVHome Media2\ScheduleTV.exe" [2010-06-07 110592]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-03 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
.
c:\users\MTL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-9-24 1295656]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
OneNote Table Of Contents.onetoc2 [2009-8-7 3656]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2010-10-20 113664]
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-6-6 752168]
Desktop Manager.lnk - c:\program files\Research In Motion\BlackBerry\DesktopMgr.exe [2006-9-7 1114217]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-9-24 1295656]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2009-03-24 02:14 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer9"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3412689152-1959603396-70223304-1000]
"EnableNotificationsRef"=dword:00000007
.
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\aestsrv.exe [2008-12-15 81920]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-09 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2012-02-07 23:02]
.
2012-03-17 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\uaclauncher.exe [2012-02-07 23:02]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.id/
mStart Page = hxxp://www.bigseekpro.com/cheatengine/{A56A5A91-076B-4BC8-B96A-55839BBC197D}
IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Trusted Zone: internet
Trusted Zone: mcafee.com
TCP: DhcpNameServer = 8.8.8.8 8.8.4.4
FF - ProfilePath - c:\users\MTL\AppData\Roaming\Mozilla\Firefox\Profiles\nszc767u.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
FF - user.js: browser.startup.homepage - hxxp://www.google.com/
FF - user.js: browser.startup.page - 1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
HKCU-Run-RegistryBooster - c:\program files\Uniblue\RegistryBooster\launcher.exe
HKLM-Run-dellsupportcenter - c:\program files\Dell Support Center\bin\sprtcmd.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-03-17 22:22
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3412689152-1959603396-70223304-1000_Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):08,54,48,6f,ec,b0,d1,97,7a,f7,61,8f,3a,cc,96,df,f0,08,00,ac,9b,
ad,87,81,d0,f3,ba,c4,56,8b,54,e0,26,46,36,cb,b9,9f,c2,92,00,00,00,00,00,00,\
.
[HKEY_USERS\S-1-5-21-3412689152-1959603396-70223304-1000_Classes\CLSID\{bb72e9b3-e6b1-4586-9c50-ef84617dcfa4}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:00000087
"Therad"=dword:0000001e
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
38,95,44,85,db,e3,4c,87,85,5d,43,c5,ec,f0,ab,9e,67,39,e7,91,bf,75,10,b9,30,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0010\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0011\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(2820)
c:\windows\system32\btncopy.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\STacSV.exe
c:\program files\Dell\DellDock\DockLogin.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\windows\system32\RUNDLL32.EXE
c:\windows\system32\conime.exe
c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\System32\wsqmcons.exe
.
**************************************************************************
.
Completion time: 2012-03-17 22:31:31 - machine was rebooted
ComboFix-quarantined-files.txt 2012-03-17 15:30
.
Pre-Run: 94,593,359,872 bytes free
Post-Run: 95,741,407,232 bytes free
.
- - End Of File - - 6DD436CEBF279B026DF2640698D63971

#12 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 18,272 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 17 March 2012 - 11:05 AM

Please Update and run a Quick Scan with MBAM, post the report.

Please let me know how it is, MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#13 Reight

Reight

    New Member

  • Members
  • Pip
  • 9 posts

Posted 18 March 2012 - 12:52 AM

Malwarebytes Anti-Malware (Trial) 1.60.1.1000
www.malwarebytes.org

Database version: v2012.03.18.01

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
MTL :: USER-PC [administrator]

Protection: Enabled

18/03/2012 12:42:13
mbam-log-2012-03-18 (12-42-13).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 189084
Time elapsed: 7 minute(s),

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#14 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 18,272 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 18 March 2012 - 12:56 AM

How is it????? MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#15 Reight

Reight

    New Member

  • Members
  • Pip
  • 9 posts

Posted 18 March 2012 - 01:12 AM

The messages still show up

#16 Reight

Reight

    New Member

  • Members
  • Pip
  • 9 posts

Posted 18 March 2012 - 01:48 AM

The messages still show up, only this time from the upper left corner of the desktop, instead of upper right corner.

#17 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 18,272 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 18 March 2012 - 07:20 AM

The messages still show up

What's the message?

-----------------------------

Next, please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan.
http://www.eset.eu/online-scanner
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the ActiveX control to install
Click Start
Make sure that the options Remove found threats and the option Scan unwanted applications is checked
Click Scan
Wait for the scan to finish
Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
Copy and paste that log as a reply to this topic


MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#18 LDTate

LDTate

    Forum Deity

  • Moderators
  • PipPipPipPipPipPip
  • 20,228 posts
  • Gender:Male
  • Location:Missouri, USA

Posted 25 March 2012 - 08:49 AM

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!
Larry Tate
Consumer Support Specialist

Posted Image

Follow us: Twitter, Become a fan: Facebook
Back to Resolved HijackThis Logs


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Malwarebytes Forum
  2. Malware Removal Support
  3. Malware Removal Help
  4. Resolved HijackThis Logs
  5. Privacy Policy
  6. Terms of Use ·