51 posts in this topic

Hello again, I was finally able to run a quick scan without my computer shutting down prematurely... here are the results, Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Database version: 912020103

Windows 6.0.6002 Service Pack 2

Internet Explorer 9.0.8112.16421

2/25/2012 9:44:13 PM

mbam-log-2012-02-25 (21-43-46).txt

Scan type: Quick scan

Objects scanned: 189662

Time elapsed: 14 minute(s), 35 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 1

Registry Keys Infected: 4

Registry Values Infected: 3

Registry Data Items Infected: 1

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

c:\Windows\System32\config\systemprofile\AppData\Roaming\Adobe\sp.DLL (TrojanProxy.Agent) -> No action taken.

Registry Keys Infected:

HKEY_CLASSES_ROOT\CLSID\{96AFBE69-C3B0-4b00-8578-D933D2896EE2} (TrojanProxy.Agent) -> No action taken.

HKEY_CLASSES_ROOT\sp (TrojanProxy.Agent) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\sp (TrojanProxy.Agent) -> No action taken.

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SPService (TrojanProxy.Agent) -> No action taken.

Registry Values Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{96AFBE69-C3B0-4B00-8578-D933D2896EE2} (TrojanProxy.Agent) -> Value: {96AFBE69-C3B0-4B00-8578-D933D2896EE2} -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{96AFBE69-C3B0-4b00-8578-D933D2896EE2} (TrojanProxy.Agent) -> Value: {96AFBE69-C3B0-4b00-8578-D933D2896EE2} -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\netsvc (TrojanProxy.Agent) -> Value: netsvc -> No action taken.

Registry Data Items Infected:

HKEY_CLASSES_ROOT\.exe\(default) (PUM.HijackExefiles) -> Bad: (uy) Good: (exefile) -> No action taken.

Folders Infected:

(No malicious items detected)

Files Infected:

c:\Windows\System32\config\systemprofile\AppData\Roaming\Adobe\sp.DLL (TrojanProxy.Agent) -> No action taken........next DDS:.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_24

Run by Owner at 22:31:31 on 2012-02-25

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1918.832 [GMT -5:00]

.

AV: ESET NOD32 Antivirus 5.0 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}

SP: ESET NOD32 Antivirus 5.0 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\PROGRA~1\AVG\AVG2012\avgrsx.exe

C:\Program Files\AVG\AVG2012\avgcsrvx.exe

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\rundll32.exe

C:\Windows\system32\WLANExt.exe

C:\Windows\System32\spoolsv.exe

C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Windows\system32\Dwm.exe

C:\Windows\system32\CAPM5RSK.EXE

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Program Files\AVG\AVG2012\avgwdsvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\HPSIsvc.exe

C:\Program Files\Nero 7\InCD\InCDsrv.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Windows\System32\svchost.exe -k HPZ12

C:\Program Files\AVG\AVG2012\avgnsx.exe

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\system32\spool\DRIVERS\W32X86\3\HP1006MC.EXE

C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe

C:\Windows\system32\spool\drivers\w32x86\3\CAPM5SWK.EXE

C:\Program Files\CyberLink\Shared Files\RichVideo.exe

C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\Windows\system32\svchost.exe -k netsvc

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\DRIVERS\xaudio.exe

C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe

C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\svchost.exe -k WindowsMobile

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\vssvc.exe

C:\Windows\System32\svchost.exe -k swprv

\\?\C:\Windows\system32\wbem\WMIADAP.EXE

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

mStart Page = hxxp://www.google.com

uInternet Settings,ProxyOverride = *.local

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe

mRun: [Apoint] c:\program files\apoint2k\Apoint.exe

mRun: [OnScreenDisplay] c:\program files\hewlett-packard\hp quicktouch\HPKBDAPP.exe

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [HP CP1020 System Tray] "c:\program files\hp\hp laserjet professional cp1020 series\HPCP1020STRAY.EXE"

mRun: [inCD] c:\program files\nero 7\incd\InCD.exe

mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"

uPolicies-explorer: HideSCAHealth = 1 (0x1)

mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

dPolicies-explorer: HideSCAHealth = 1 (0x1)

IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll

IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll

IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll

LSP: mswsock.dll

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab

TCP: DhcpNameServer = 192.168.42.129

TCP: Interfaces\{1B0EB495-034A-4B74-AA50-B2A5754FD25B} : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{1E48C00F-C9FA-4418-9AA0-C60DED99145E} : DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12

TCP: Interfaces\{22D381DF-A7C2-4F0D-BC3E-CEA0A26AEFFC} : DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12

TCP: Interfaces\{26BB1B3C-DC0F-43AA-AF85-6B4A66FF4406} : DhcpNameServer = 192.168.42.129

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\owner\appdata\roaming\mozilla\firefox\profiles\cb370nv0.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z016&form=ZGAADF&q=

FF - prefs.js: network.proxy.type - 0

FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll

FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\microsoft silverlight\4.0.60310.0\npctrlui.dll

FF - plugin: c:\program files\microsoft\office live\npOLW.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npOGAPlugin.dll

FF - plugin: c:\program files\mozilla firefox\plugins\NPTURNMED.dll

FF - plugin: c:\program files\nos\bin\np_gp.dll

FF - plugin: c:\program files\research in motion limited\blackberry app world browser plugin\npappworld.dll

FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll

FF - plugin: c:\program files\wildtangent games\app\browserintegration\registered\0\NP_wtapp.dll

FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

FF - plugin: c:\users\owner\appdata\local\google\update\1.2.183.39\npGoogleOneClick8.dll

FF - plugin: c:\users\owner\appdata\roaming\mozilla\firefox\profiles\cb370nv0.default\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}\plugins\npAclmPlugin.dll

FF - plugin: c:\users\owner\appdata\roaming\mozilla\firefox\profiles\cb370nv0.default\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}\plugins\npProductDetectPlugin.dll

FF - plugin: c:\users\owner\appdata\roaming\mozilla\plugins\npgoogletalk.dll

FF - plugin: c:\users\owner\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll

.

============= SERVICES / DRIVERS ===============

.

R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-7-11 23120]

R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-9-13 32592]

R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-10-7 230608]

R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-8-8 40016]

R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-7-11 295248]

R1 NEOFLTR_700_17289;Juniper Networks TDI Filter Driver (NEOFLTR_700_17289);c:\windows\system32\drivers\NEOFLTR_700_17289.SYS [2011-3-17 84336]

R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2011-6-6 64952]

R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\AVGIDSAgent.exe [2011-10-12 4433248]

R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776]

R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-4-28 21504]

R2 HPSIService;HP SI Service;c:\windows\system32\HPSIsvc.exe [2011-11-28 94208]

R2 SPService;SPService;c:\windows\system32\svchost.exe -k netsvc [2008-4-28 21504]

R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-7-11 134736]

R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-7-11 24272]

R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-10-4 16720]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-8-14 136176]

S2 RapidPortM5;RapidPortM5;c:\windows\system32\drivers\CAPM5LP.SYS [2011-2-18 23232]

S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2009-10-21 54632]

S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864]

S3 GamesAppService;GamesAppService;c:\program files\wildtangent games\app\GamesAppService.exe [2010-10-12 206072]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-8-14 136176]

S3 RTL8187;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187.sys [2008-6-27 335872]

S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2008-4-28 16896]

.

=============== File Associations ===============

.

.exe=uy

.

=============== Created Last 30 ================

.

2012-02-26 01:48:41 0 --sha-w- c:\windows\system32\dds_trash_log.cmd

2012-02-26 01:40:50 -------- d-----w- c:\programdata\Faronics

2012-02-01 13:37:38 -------- d-----w- c:\users\owner\appdata\roaming\AVG2012

2012-02-01 13:28:02 -------- d-----w- c:\programdata\AVG2012

2012-02-01 13:09:27 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2012-02-01 13:09:22 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-02-01 13:09:22 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

.

==================== Find3M ====================

.

2011-12-09 01:41:53 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

.

============= FINISH: 22:32:02.00 ===============...... ...next Attach:.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft® Windows Vista™ Home Premium

Boot Device: \Device\HarddiskVolume1

Install Date: 12/13/2007 4:15:15 AM

System Uptime: 2/25/2012 9:21:10 PM (1 hours ago)

.

Motherboard: Wistron | | 30D6

Processor: AMD Turion 64 X2 TL-58 | Socket A | 1900/200mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 137 GiB total, 19.557 GiB free.

D: is FIXED (NTFS) - 12 GiB total, 1.845 GiB free.

F: is CDROM ()

.

==== Disabled Device Manager Items =============

.

Class GUID: {36fc9e60-c465-11cf-8056-444553540000}

Description: USB Mass Storage Device

Device ID: USB\VID_0BB4&PID_0C91&MI_00\6&1625CEA6&0&0000

Manufacturer: Compatible USB storage device

Name: USB Mass Storage Device

PNP Device ID: USB\VID_0BB4&PID_0C91&MI_00\6&1625CEA6&0&0000

Service: USBSTOR

.

Class GUID:

Description: Android Phone

Device ID: USB\VID_0BB4&PID_0C91&MI_01\6&1625CEA6&0&0001

Manufacturer:

Name: Android Phone

PNP Device ID: USB\VID_0BB4&PID_0C91&MI_01\6&1625CEA6&0&0001

Service:

.

==== System Restore Points ===================

.

RP643: 11/17/2011 9:29:48 PM - Scheduled Checkpoint

RP644: 11/21/2011 9:26:18 PM - Scheduled Checkpoint

RP645: 11/28/2011 9:19:16 PM - Device Driver Package Install: Hewlett-Packard Printers

RP646: 11/28/2011 9:22:07 PM - Device Driver Package Install: Hewlett-Packard Printers

RP647: 11/28/2011 9:23:09 PM - Device Driver Package Install: Hewlett-Packard Printers

RP648: 11/28/2011 9:24:47 PM - Device Driver Package Install: Hewlett-Packard Printers

RP649: 11/28/2011 9:25:35 PM - Device Driver Package Install: Hewlett-Packard Universal Serial Bus controllers

RP650: 11/28/2011 9:26:12 PM - Device Driver Package Install: Hewlett-Packard Universal Serial Bus controllers

RP651: 12/14/2011 9:41:47 AM - Scheduled Checkpoint

RP652: 12/15/2011 10:41:26 AM - Scheduled Checkpoint

RP653: 12/26/2011 1:56:28 PM - Installed LG United Mobile Driver

RP654: 1/24/2012 11:03:39 AM - Installed HiJackThis

RP655: 1/24/2012 2:28:14 PM - Installed Driver Manager.

RP656: 1/24/2012 2:54:06 PM - Removed Driver Manager.

RP657: 1/25/2012 8:11:00 AM - Windows Update

RP658: 1/25/2012 10:18:35 AM - Installed HP Product Detection

RP659: 1/25/2012 10:19:01 AM - Installed Hewlett-Packard ACLM.NET v1.1.0.0.

RP660: 1/25/2012 11:01:01 AM - Installed GEAR driver installer 4.019

RP661: 1/25/2012 2:06:02 PM - before running eset scan

.

==== Installed Programs ======================

.

32 Bit HP CIO Components Installer

7-Zip 4.62

Adobe AIR

Adobe Anchor Service CS4

Adobe Bridge CS4

Adobe CMaps CS4

Adobe Color - Photoshop Specific CS4

Adobe Color EU Extra Settings CS4

Adobe Color JA Extra Settings CS4

Adobe Color NA Recommended Settings CS4

Adobe Color Video Profiles CS CS4

Adobe CSI CS4

Adobe Default Language CS4

Adobe ExtendScript Toolkit CS4

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Fonts All

Adobe Linguistics CS4

Adobe Output Module

Adobe PDF Library Files CS4

Adobe Photoshop CS4

Adobe Photoshop CS4 Support

Adobe Reader X (10.1.0)

Adobe Search for Help

Adobe Service Manager Extension

Adobe Setup

Adobe Shockwave Player

Adobe Shockwave Player 11.5

Adobe Type Support CS4

Adobe Update Manager CS4

Adobe WinSoft Linguistics Plugin

Adobe XMP Panels CS4

AdobeColorCommonSetCMYK

AdobeColorCommonSetRGB

AIM 6

Apple Application Support

Apple Mobile Device Support

Apple Software Update

Ares 2.1.1

AVG 2012

BlackBerry App World Browser Plugin

BlackBerry Desktop Software 6.0.1

Bonjour

Broadcom 802.11 Wireless LAN Adapter

Brother MFL-Pro Suite MFC-5890CN

Canon iC D800

CCleaner

Compatibility Pack for the 2007 Office system

Conexant HD Audio

Connect

CyberLink YouCam

DivX Setup

doPDF 6.1 printer

DVD Shrink 3.2

DVD Suite

ESU for Microsoft Vista

FileZilla Client 3.1.6

Free Burning Studio 1.0.9.9

Free MP3 WMA OGG Converter 8.2.5

GEAR driver installer 4.019

GIMP 2.4.5

Google Earth Plug-in

Google Talk Plugin

Google Update Helper

HamsterFreeVideoConverter

HDAUDIO Soft Data Fax Modem with SmartCP

Hewlett-Packard ACLM.NET v1.1.0.0

Hewlett-Packard Active Check

Hewlett-Packard Asset Agent for Health Check

HiJackThis

HijackThis 2.0.2

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

HP Active Support Library

HP Customer Experience Enhancements

HP Deskjet 1050 J410 series Basic Device Software

HP Deskjet 1050 J410 series Help

HP Doc Viewer

HP Easy Setup - Frontend

HP Help and Support

HP Product Detection

HP Quick Launch Buttons 6.40 B2

HP QuickPlay 3.6

HP QuickTouch 1.00 C4

HP Smart Web Printing

HP Total Care Advisor

HP Update

HP User Guides 0090

HP Wireless Assistant

HPNetworkAssistant

iTunes

J2SE Runtime Environment 5.0 Update 6

Java Auto Updater

Java 6 Update 2

Java 6 Update 24

Java 6 Update 3

Java 6 Update 5

Java 6 Update 7

Juniper Networks Host Checker

Juniper Networks Secure Application Manager

Juniper Networks Setup Client

Juniper Networks Setup Client Activex Control

Junk Mail filter update

kuler

LabelPrint

LG United Mobile Driver

LightScribe System Software 1.10.19.1

Magic ISO Maker v5.5 (build 0273)

MagicDisc 2.7.105

Malwarebytes' Anti-Malware

Microsoft .NET Framework 3.5 SP1

Microsoft Application Error Reporting

Microsoft Choice Guard

Microsoft Expression Web

Microsoft Expression Web MUI (English)

Microsoft Expression Web Service Pack 1 (SP1)

Microsoft Office 2007 Service Pack 2 (SP2)

Microsoft Office Excel MUI (English) 2007

Microsoft Office Home and Student 2007

Microsoft Office Live Add-in 1.4

Microsoft Office OneNote MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office PowerPoint Viewer 2007 (English)

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)

Microsoft Office Word MUI (English) 2007

Microsoft Search Enhancement Pack

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Sync Framework Runtime Native v1.0 (x86)

Microsoft Sync Framework Services Native v1.0 (x86)

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Works

Mozilla Firefox 4.0 (x86 en-US)

Mozilla Thunderbird (2.0.0.9)

MP3 To Ringtone Gold 3.50

MSCU for Microsoft Vista

MSVCRT

MSXML 4.0 SP2 (KB936181)

MSXML 4.0 SP2 (KB941833)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

muvee autoProducer 6.1

My HP Games

Nero 7 Ultra Edition

neroxml

NetWaiting

NVIDIA Drivers

OGA Notifier 2.0.0048.0

PDF Settings CS4

Photoshop Camera Raw

Power2Go

PowerDirector

QuickPlay SlingPlayer 0.4.6

QuickTime

RICOH R5C83x/84x Flash Media Controller Driver Ver.3.52.02

Security Update for 2007 Microsoft Office System (KB2288931)

Security Update for 2007 Microsoft Office System (KB2289158)

Security Update for 2007 Microsoft Office System (KB951550)

Security Update for 2007 Microsoft Office System (KB969559)

Security Update for 2007 Microsoft Office System (KB978380)

Security Update for Microsoft Office Excel 2007 (KB978382)

Security Update for Microsoft Office PowerPoint 2007 (KB957789)

Security Update for Microsoft Office system 2007 (972581)

Security Update for Microsoft Office system 2007 (KB969613)

Security Update for Microsoft Office system 2007 (KB974234)

Security Update for Microsoft Office Visio Viewer 2007 (KB973709)

Security Update for Microsoft Office Word 2007 (KB2344993)

Skype™ 3.6

Spotify

Suite Shared Configuration CS4

Super Mario Forever

TBS WMP Plug-in

Touch Pad Driver

Uninstall Digital Binoculars Driver

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Microsoft Office 2007 Help for Common Features (KB963673)

Update for Microsoft Office Excel 2007 Help (KB963678)

Update for Microsoft Office InfoPath 2007 (KB976416)

Update for Microsoft Office OneNote 2007 (KB980729)

Update for Microsoft Office OneNote 2007 Help (KB963670)

Update for Microsoft Office Powerpoint 2007 Help (KB963669)

Update for Microsoft Office Script Editor Help (KB963671)

Update for Microsoft Office Word 2007 Help (KB963665)

Update Installer for WildTangent Games App

VC 9.0 Runtime

VC80CRTRedist - 8.0.50727.4053

Viewpoint Media Player

VLC media player 1.0.1

WeatherBug Gadget

WildTangent Games App (HP Games)

Windows Live Call

Windows Live Communications Platform

Windows Live Essentials

Windows Live Family Safety

Windows Live ID Sign-in Assistant

Windows Live Mail

Windows Live Messenger

Windows Live Movie Maker

Windows Live OneCare safety scanner

Windows Live Photo Gallery

Windows Live Sync

Windows Live Toolbar

Windows Live Upload Tool

Windows Live Writer

Windows Mobile Device Center

.

==== End Of File ===========================.... I know i havent explained much in this post, but i am happy in the least bit that i was able to even get and post these logs... if you could search for my last topic you could see what i was going through just to get this far, i believe it was back in january that i began trying to clean this laptop of mine :-(... ... anyone that can help me please i'd greatly appreciate it, as i am sad that i am not able to use my laptop how and when i want to

Share this post


Link to post
Share on other sites

:welcome:

Whether you wish to continue with cleaning or not, you should be aware that you may have been infected by a backdoor trojan. This type of program has the ability to steal passwords and other information from your system. If you are using your computer for sensitive purposes such as internet banking then I recommend you take the following steps immediately:

  • Use another, uninfected computer to change all your internet passwords, especially ones with financial implications such as banks, paypal, ebay, etc. You should also change the passwords for any other site you use.
  • Call your bank(s), credit card company or any other institution which may be affected and advise them that your login/password or credit card information may have been stolen and ask what steps to take with regard to your account.
  • Consider what other private information could possibly have been taken from your computer and take appropriate steps
  • Removing this infection can also disable the ability to connect to the internet.

This infection can almost certainly be cleaned, but as the malware could be configured to run any program a remote attacker requires, it will be impossible to be 100% sure that the machine is clean, if this is unacceptable to you then you should consider reformatting the system partition and reinstalling Windows as this is the only 100% sure answer.

Please post back to let me know how you wish to proceed.

Did you select to remove those that MBAM found?

Share this post


Link to post
Share on other sites

  • Removing this infection can also disable the ability to connect to the internet.

Did you select to remove those that MBAM found?

1st Thank you again for responding,

& 2nd Yes, i would Love to proceed with removing this virus... and to answer the question above; I did not chose to remove those that MBAM found, I wanted to wait on a direct solution so as not to disturb the virus and give it the ability to move somewhere else.. And question, will i be able to restore the internet connection after alls said n done?, or internet's ca-putz for good?

Share this post


Link to post
Share on other sites

Run MBAM again and fix what it finds.

After that:

Download TDSSKiller from here and save it to your Desktop.

Note: if the Cure option is not there, please select 'Skip'.

Please read carefully and follow these steps.

  1. Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
    tdss_1.jpg
  2. Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
    tdss_2.jpg
  3. Click the Start Scan button.
    tdss_3.jpg
  4. If a suspicious object is detected, the default action will be Skip, click on Continue.
    tdss_4.jpg
  5. If malicious objects are found, they will show in the Scan results and offer three (3) options.
  6. Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
    tdss_5.jpg

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Share this post


Link to post
Share on other sites

Wow, Thank you for the quick response yet again... I have just finished completing what you posted and here are the results of tdsskiller:

08:58:37.0211 5860 TDSS rootkit removing tool 2.7.15.0 Feb 27 2012 12:59:02

08:58:38.0188 5860 ============================================================

08:58:38.0189 5860 Current date / time: 2012/02/28 08:58:38.0188

08:58:38.0189 5860 SystemInfo:

08:58:38.0189 5860

08:58:38.0189 5860 OS Version: 6.0.6002 ServicePack: 2.0

08:58:38.0189 5860 Product type: Workstation

08:58:38.0189 5860 ComputerName: LSLAPPY

08:58:38.0214 5860 UserName: Owner

08:58:38.0214 5860 Windows directory: C:\Windows

08:58:38.0214 5860 System windows directory: C:\Windows

08:58:38.0214 5860 Processor architecture: Intel x86

08:58:38.0214 5860 Number of processors: 2

08:58:38.0214 5860 Page size: 0x1000

08:58:38.0214 5860 Boot type: Normal boot

08:58:38.0214 5860 ============================================================

08:58:53.0326 5860 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050

08:58:53.0926 5860 \Device\Harddisk0\DR0:

08:58:53.0948 5860 MBR used

08:58:53.0948 5860 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1123D9D0

08:58:53.0948 5860 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1123DEEC, BlocksNum 0x17DABD5

08:58:56.0511 5860 Initialize success

08:58:56.0511 5860 ============================================================

08:59:10.0503 2324 ============================================================

08:59:10.0503 2324 Scan started

08:59:10.0503 2324 Mode: Manual; SigCheck; TDLFS;

08:59:10.0503 2324 ============================================================

08:59:23.0235 2324 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys

08:59:24.0234 2324 ACPI - ok

08:59:26.0462 2324 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys

08:59:27.0122 2324 adp94xx - ok

08:59:29.0338 2324 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys

08:59:29.0481 2324 adpahci - ok

08:59:30.0344 2324 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys

08:59:30.0580 2324 adpu160m - ok

08:59:31.0271 2324 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys

08:59:31.0318 2324 adpu320 - ok

08:59:32.0644 2324 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys

08:59:35.0113 2324 AFD - ok

08:59:36.0810 2324 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys

08:59:36.0888 2324 agp440 - ok

08:59:38.0134 2324 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys

08:59:38.0205 2324 aic78xx - ok

08:59:39.0660 2324 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys

08:59:39.0741 2324 aliide - ok

08:59:40.0794 2324 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys

08:59:40.0829 2324 amdagp - ok

08:59:42.0017 2324 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys

08:59:42.0239 2324 amdide - ok

08:59:43.0772 2324 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys

09:00:01.0461 2324 AmdK7 - ok

09:00:02.0552 2324 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\DRIVERS\amdk8.sys

09:00:05.0400 2324 AmdK8 - ok

09:00:06.0567 2324 ApfiltrService (edbd73ccf2ef7de8bd119036d85d1487) C:\Windows\system32\DRIVERS\Apfiltr.sys

09:00:07.0343 2324 ApfiltrService - ok

09:00:08.0938 2324 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys

09:00:09.0260 2324 arc - ok

09:00:10.0622 2324 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys

09:00:10.0676 2324 arcsas - ok

09:00:11.0596 2324 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys

09:00:11.0731 2324 AsyncMac - ok

09:00:11.0977 2324 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys

09:00:12.0093 2324 atapi - ok

09:00:13.0986 2324 AVGIDSDriver (4cbb56fbc9c0cbc517e6e3a6889ebddc) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys

09:00:14.0305 2324 AVGIDSDriver - ok

09:00:15.0206 2324 AVGIDSEH (459bce188232e2fe6152423efef65d76) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys

09:00:15.0313 2324 AVGIDSEH - ok

09:00:16.0441 2324 AVGIDSFilter (91d9abe7e88eac7c167cba4ed4d983bf) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys

09:00:16.0571 2324 AVGIDSFilter - ok

09:00:17.0664 2324 AVGIDSShim (3fc2714e185c04308215d46730d41a94) C:\Windows\system32\DRIVERS\AVGIDSShim.Sys

09:00:21.0905 2324 AVGIDSShim - ok

09:00:22.0970 2324 Avgldx86 (bf8118cd5e2255387b715b534d64acd1) C:\Windows\system32\DRIVERS\avgldx86.sys

09:00:23.0263 2324 Avgldx86 - ok

09:00:23.0672 2324 Avgmfx86 (1c77ef67f196466adc9924cb288afe87) C:\Windows\system32\DRIVERS\avgmfx86.sys

09:00:23.0728 2324 Avgmfx86 - ok

09:00:24.0661 2324 Avgrkx86 (f2038ed7284b79dcef581468121192a9) C:\Windows\system32\DRIVERS\avgrkx86.sys

09:00:24.0746 2324 Avgrkx86 - ok

09:00:25.0814 2324 Avgtdix (a6d562b612216d8d02a35ebeb92366bd) C:\Windows\system32\DRIVERS\avgtdix.sys

09:00:25.0956 2324 Avgtdix - ok

09:00:26.0934 2324 BCM43XV (34a0a6386256080f52c74076c6157026) C:\Windows\system32\DRIVERS\bcmwl6.sys

09:00:28.0116 2324 BCM43XV - ok

09:00:28.0471 2324 BCM43XX (34a0a6386256080f52c74076c6157026) C:\Windows\system32\DRIVERS\bcmwl6.sys

09:00:28.0609 2324 BCM43XX - ok

09:00:29.0585 2324 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys

09:00:29.0736 2324 Beep - ok

09:00:30.0156 2324 blbdrive - ok

09:00:30.0281 2324 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys

09:00:30.0391 2324 bowser - ok

09:00:30.0813 2324 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys

09:00:31.0031 2324 BrFiltLo - ok

09:00:31.0476 2324 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys

09:00:31.0597 2324 BrFiltUp - ok

09:00:31.0974 2324 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys

09:00:32.0199 2324 Brserid - ok

09:00:32.0900 2324 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys

09:00:33.0092 2324 BrSerWdm - ok

09:00:34.0554 2324 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys

09:00:35.0311 2324 BrUsbMdm - ok

09:00:35.0756 2324 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys

09:00:36.0207 2324 BrUsbSer - ok

09:00:37.0173 2324 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys

09:00:37.0690 2324 BTHMODEM - ok

09:00:38.0115 2324 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys

09:00:38.0339 2324 cdfs - ok

09:00:38.0910 2324 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys

09:00:39.0070 2324 cdrom - ok

09:00:39.0668 2324 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys

09:00:39.0923 2324 circlass - ok

09:00:40.0932 2324 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys

09:00:41.0063 2324 CLFS - ok

09:00:41.0534 2324 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys

09:00:41.0633 2324 CmBatt - ok

09:00:42.0149 2324 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys

09:00:42.0240 2324 cmdide - ok

09:00:42.0596 2324 CnxtHdAudService (b6e7991e3d6146c04c85cd31af22a381) C:\Windows\system32\drivers\CHDRT32.sys

09:00:42.0810 2324 CnxtHdAudService - ok

09:00:43.0462 2324 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys

09:00:43.0518 2324 Compbatt - ok

09:00:44.0230 2324 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys

09:00:44.0279 2324 crcdisk - ok

09:00:45.0137 2324 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys

09:00:45.0297 2324 Crusoe - ok

09:00:46.0143 2324 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys

09:00:46.0391 2324 DfsC - ok

09:00:47.0180 2324 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys

09:00:53.0153 2324 disk - ok

09:00:53.0954 2324 dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys

09:00:54.0080 2324 dot4 - ok

09:00:55.0382 2324 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys

09:00:55.0424 2324 Dot4Print - ok

09:00:56.0322 2324 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys

09:00:56.0503 2324 dot4usb - ok

09:00:57.0594 2324 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys

09:00:57.0696 2324 drmkaud - ok

09:00:58.0697 2324 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys

09:00:58.0968 2324 DXGKrnl - ok

09:00:59.0675 2324 E100B (c0b00e55cf82d122d25983c7a6a53dea) C:\Windows\system32\DRIVERS\e100b325.sys

09:01:00.0107 2324 E100B - ok

09:01:00.0858 2324 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys

09:01:01.0094 2324 E1G60 - ok

09:01:01.0646 2324 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys

09:01:01.0778 2324 Ecache - ok

09:01:02.0385 2324 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys

09:01:02.0444 2324 elxstor - ok

09:01:02.0981 2324 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys

09:01:03.0143 2324 exfat - ok

09:01:03.0439 2324 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys

09:01:03.0573 2324 fastfat - ok

09:01:04.0126 2324 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys

09:01:04.0362 2324 fdc - ok

09:01:04.0713 2324 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys

09:01:04.0922 2324 FileInfo - ok

09:01:05.0141 2324 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys

09:01:05.0311 2324 Filetrace - ok

09:01:06.0481 2324 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys

09:01:06.0709 2324 flpydisk - ok

09:01:06.0914 2324 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys

09:01:06.0958 2324 FltMgr - ok

09:01:07.0365 2324 fssfltr (b74b0578fd1d3f897e95f2a2b69ea051) C:\Windows\system32\DRIVERS\fssfltr.sys

09:01:07.0399 2324 fssfltr - ok

09:01:07.0556 2324 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys

09:01:07.0737 2324 Fs_Rec - ok

09:01:08.0261 2324 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys

09:01:08.0305 2324 gagp30kx - ok

09:01:08.0512 2324 GEARAspiWDM (5ae3a887ece5bbb72cfab273c2fd1cfa) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

09:01:08.0562 2324 GEARAspiWDM - ok

09:01:08.0679 2324 HBtnKey (93aee3434935fc2f805fefd8dc5ed1b4) C:\Windows\system32\DRIVERS\cpqbttn.sys

09:01:08.0709 2324 HBtnKey - ok

09:01:08.0858 2324 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys

09:01:09.0034 2324 HdAudAddService - ok

09:01:09.0293 2324 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys

09:01:09.0406 2324 HDAudBus - ok

09:01:09.0751 2324 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys

09:01:09.0856 2324 HidBth - ok

09:01:09.0957 2324 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys

09:01:10.0037 2324 HidIr - ok

09:01:10.0219 2324 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys

09:01:10.0289 2324 HidUsb - ok

09:01:10.0513 2324 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys

09:01:10.0539 2324 HpCISSs - ok

09:01:10.0606 2324 HpqKbFiltr (35956140e686d53bf676cf0c778880fc) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys

09:01:10.0655 2324 HpqKbFiltr - ok

09:01:10.0827 2324 HpqRemHid (115c0933b3ed51dfbec4449348c8065b) C:\Windows\system32\DRIVERS\HpqRemHid.sys

09:01:10.0914 2324 HpqRemHid - ok

09:01:11.0099 2324 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS

09:01:11.0198 2324 HSFHWAZL - ok

09:01:11.0698 2324 HSF_DPV (1882827f41dee51c70e24c567c35bfb5) C:\Windows\system32\DRIVERS\HSX_DPV.sys

09:01:13.0312 2324 HSF_DPV - ok

09:01:13.0491 2324 HSXHWAZL (a44ddf3ba83e4664bf4de9220097578c) C:\Windows\system32\DRIVERS\HSXHWAZL.sys

09:01:13.0520 2324 HSXHWAZL - ok

09:01:13.0612 2324 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys

09:01:13.0681 2324 HTTP - ok

09:01:13.0824 2324 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys

09:01:13.0856 2324 i2omp - ok

09:01:13.0966 2324 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys

09:01:14.0033 2324 i8042prt - ok

09:01:14.0186 2324 ialm (496db78e6a0c4c44023d9a92b4a7ac31) C:\Windows\system32\DRIVERS\igdkmd32.sys

09:01:14.0331 2324 ialm - ok

09:01:14.0867 2324 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys

09:01:14.0894 2324 iaStorV - ok

09:01:15.0006 2324 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys

09:01:15.0095 2324 iirsp - ok

09:01:15.0174 2324 InCDfs (580a81790cd0a48d85da322267da7ac4) C:\Windows\system32\drivers\InCDFs.sys

09:01:15.0201 2324 InCDfs - ok

09:01:15.0249 2324 InCDPass (aaa2789d2ce21b31be9406ba1ceb7285) C:\Windows\system32\drivers\InCDPass.sys

09:01:15.0261 2324 InCDPass - ok

09:01:15.0279 2324 InCDrec (4d022577e9072b5d22e0a383a7806bbb) C:\Windows\system32\drivers\InCDrec.sys

09:01:15.0292 2324 InCDrec - ok

09:01:15.0343 2324 incdrm (c258e57321a3c3737f4fa815fa69ee0b) C:\Windows\system32\drivers\InCDRm.sys

09:01:15.0374 2324 incdrm - ok

09:01:15.0610 2324 intelide (97469037714070e45194ed318d636401) C:\Windows\system32\drivers\intelide.sys

09:01:15.0631 2324 intelide - ok

09:01:15.0711 2324 intelppm (ce44cc04262f28216dd4341e9e36a16f) C:\Windows\system32\DRIVERS\intelppm.sys

09:01:15.0811 2324 intelppm - ok

09:01:15.0904 2324 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys

09:01:15.0968 2324 IpFilterDriver - ok

09:01:16.0032 2324 IpInIp - ok

09:01:16.0125 2324 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys

09:01:16.0194 2324 IPMIDRV - ok

09:01:16.0329 2324 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys

09:01:16.0370 2324 IPNAT - ok

09:01:16.0789 2324 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys

09:01:16.0872 2324 IRENUM - ok

09:01:17.0017 2324 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys

09:01:17.0060 2324 isapnp - ok

09:01:17.0128 2324 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys

09:01:17.0148 2324 iScsiPrt - ok

09:01:17.0182 2324 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys

09:01:17.0201 2324 iteatapi - ok

09:01:17.0347 2324 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys

09:01:17.0369 2324 iteraid - ok

09:01:17.0437 2324 JL2005C (4974d83c18642355c00287286cf33939) C:\Windows\system32\Drivers\jl2005c.sys

09:01:17.0513 2324 JL2005C ( UnsignedFile.Multi.Generic ) - warning

09:01:17.0513 2324 JL2005C - detected UnsignedFile.Multi.Generic (1)

09:01:17.0611 2324 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys

09:01:17.0626 2324 kbdclass - ok

09:01:17.0764 2324 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys

09:01:17.0816 2324 kbdhid - ok

09:01:18.0069 2324 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys

09:01:18.0180 2324 KSecDD - ok

09:01:18.0367 2324 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys

09:01:18.0447 2324 lltdio - ok

09:01:18.0573 2324 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys

09:01:18.0635 2324 LSI_FC - ok

09:01:18.0788 2324 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys

09:01:18.0832 2324 LSI_SAS - ok

09:01:19.0010 2324 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys

09:01:19.0065 2324 LSI_SCSI - ok

09:01:19.0192 2324 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys

09:01:19.0292 2324 luafv - ok

09:01:19.0607 2324 mcdbus (af61a1c34e2d3f7543f9ccfc323170b8) C:\Windows\system32\DRIVERS\mcdbus.sys

09:01:19.0680 2324 mcdbus ( UnsignedFile.Multi.Generic ) - warning

09:01:19.0680 2324 mcdbus - detected UnsignedFile.Multi.Generic (1)

09:01:20.0165 2324 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys

09:01:20.0224 2324 mdmxsdk - ok

09:01:20.0438 2324 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys

09:01:20.0525 2324 megasas - ok

09:01:20.0675 2324 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys

09:01:20.0818 2324 Modem - ok

09:01:20.0914 2324 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys

09:01:21.0990 2324 monitor - ok

09:01:22.0339 2324 motmodem (fe80c18ba448ddd76b7bead9eb203d37) C:\Windows\system32\DRIVERS\motmodem.sys

09:01:22.0505 2324 motmodem - ok

09:01:22.0686 2324 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys

09:01:22.0761 2324 mouclass - ok

09:01:22.0921 2324 mouhid (a3a6dff7e9e757db3df51a833bc28885) C:\Windows\system32\drivers\mouhid.sys

09:01:23.0142 2324 mouhid - ok

09:01:23.0271 2324 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys

09:01:23.0352 2324 MountMgr - ok

09:01:23.0651 2324 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys

09:01:23.0755 2324 mpio - ok

09:01:23.0881 2324 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys

09:01:24.0080 2324 mpsdrv - ok

09:01:24.0270 2324 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys

09:01:24.0304 2324 Mraid35x - ok

09:01:24.0545 2324 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys

09:01:24.0696 2324 MRxDAV - ok

09:01:24.0936 2324 mrxsmb (5fe5cf325f5b02ebc60832d3440cb414) C:\Windows\system32\DRIVERS\mrxsmb.sys

09:01:25.0065 2324 mrxsmb - ok

09:01:25.0469 2324 mrxsmb10 (30b9c769446af379a2afb72b0392604d) C:\Windows\system32\DRIVERS\mrxsmb10.sys

09:01:25.0589 2324 mrxsmb10 - ok

09:01:25.0659 2324 mrxsmb20 (fea239b3ec4877e2b7e23204af589ddf) C:\Windows\system32\DRIVERS\mrxsmb20.sys

09:01:25.0736 2324 mrxsmb20 - ok

09:01:25.0797 2324 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys

09:01:25.0833 2324 msahci - ok

09:01:25.0978 2324 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys

09:01:26.0076 2324 msdsm - ok

09:01:26.0179 2324 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys

09:01:26.0343 2324 Msfs - ok

09:01:26.0531 2324 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys

09:01:26.0590 2324 msisadrv - ok

09:01:26.0701 2324 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys

09:01:27.0946 2324 MSKSSRV - ok

09:01:28.0232 2324 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys

09:01:28.0344 2324 MSPCLOCK - ok

09:01:28.0406 2324 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys

09:01:28.0519 2324 MSPQM - ok

09:01:28.0793 2324 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys

09:01:28.0831 2324 MsRPC - ok

09:01:28.0967 2324 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys

09:01:28.0984 2324 mssmbios - ok

09:01:29.0279 2324 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys

09:01:29.0423 2324 MSTEE - ok

09:01:29.0523 2324 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys

09:01:29.0576 2324 Mup - ok

09:01:29.0809 2324 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys

09:01:29.0855 2324 NativeWifiP - ok

09:01:30.0240 2324 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys

09:01:30.0285 2324 NDIS - ok

09:01:30.0477 2324 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys

09:01:30.0544 2324 NdisTapi - ok

09:01:30.0599 2324 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys

09:01:30.0638 2324 Ndisuio - ok

09:01:31.0053 2324 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys

09:01:31.0137 2324 NdisWan - ok

09:01:31.0244 2324 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys

09:01:31.0316 2324 NDProxy - ok

09:01:31.0421 2324 NEOFLTR_700_17289 (21795b5ee8f96d094ed4e6b87ad31895) C:\Windows\system32\Drivers\NEOFLTR_700_17289.SYS

09:01:31.0528 2324 NEOFLTR_700_17289 - ok

09:01:31.0661 2324 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys

09:01:31.0709 2324 NetBIOS - ok

09:01:31.0981 2324 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys

09:01:32.0004 2324 nfrd960 - ok

09:01:32.0140 2324 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys

09:01:32.0263 2324 Npfs - ok

09:01:32.0337 2324 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys

09:01:32.0479 2324 nsiproxy - ok

09:01:32.0617 2324 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys

09:01:32.0684 2324 Ntfs - ok

09:01:32.0724 2324 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys

09:01:33.0034 2324 ntrigdigi - ok

09:01:33.0172 2324 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys

09:01:33.0228 2324 Null - ok

09:01:33.0658 2324 NVENETFD (d958a2b5f6ad5c3b8ccdc4d7da62466c) C:\Windows\system32\DRIVERS\nvmfdx32.sys

09:01:33.0888 2324 NVENETFD - ok

09:01:35.0014 2324 nvlddmkm (d65bc32c1795191b7f2b028351ab4fe2) C:\Windows\system32\DRIVERS\nvlddmkm.sys

09:01:37.0010 2324 nvlddmkm - ok

09:01:37.0320 2324 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys

09:01:37.0360 2324 nvraid - ok

09:01:37.0428 2324 nvsmu (9aebc32f9d6e02ebee0369ab296fe7c8) C:\Windows\system32\DRIVERS\nvsmu.sys

09:01:37.0516 2324 nvsmu - ok

09:01:37.0598 2324 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys

09:01:37.0692 2324 nvstor - ok

09:01:37.0902 2324 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys

09:01:37.0982 2324 nv_agp - ok

09:01:38.0007 2324 NwlnkFlt - ok

09:01:38.0054 2324 NwlnkFwd - ok

09:01:38.0199 2324 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys

09:01:38.0291 2324 ohci1394 - ok

09:01:38.0467 2324 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys

09:01:38.0644 2324 Parport - ok

09:01:38.0700 2324 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys

09:01:38.0740 2324 partmgr - ok

09:01:38.0869 2324 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys

09:01:39.0115 2324 Parvdm - ok

09:01:39.0363 2324 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys

09:01:39.0435 2324 pci - ok

09:01:42.0691 2324 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys

09:01:42.0761 2324 pciide - ok

09:01:43.0266 2324 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys

09:01:43.0299 2324 pcmcia - ok

09:01:43.0872 2324 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys

09:01:44.0143 2324 PEAUTH - ok

09:01:44.0909 2324 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys

09:01:45.0028 2324 PptpMiniport - ok

09:01:45.0819 2324 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys

09:01:46.0043 2324 Processor - ok

09:01:46.0505 2324 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys

09:01:46.0593 2324 PSched - ok

09:01:47.0223 2324 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys

09:01:51.0414 2324 ql2300 - ok

09:01:51.0834 2324 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys

09:01:51.0884 2324 ql40xx - ok

09:01:52.0275 2324 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys

09:01:52.0418 2324 QWAVEdrv - ok

09:01:52.0780 2324 RapidPortM5 (f356179731961a0812884cc31d8e6a59) C:\Windows\system32\Drivers\CAPM5LP.SYS

09:01:52.0938 2324 RapidPortM5 - ok

09:01:53.0144 2324 RasAcd - ok

09:01:53.0409 2324 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys

09:01:53.0529 2324 Rasl2tp - ok

09:01:53.0741 2324 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys

09:01:53.0832 2324 RasPppoe - ok

09:01:53.0917 2324 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys

09:01:54.0128 2324 RasSstp - ok

09:01:54.0459 2324 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys

09:01:54.0545 2324 rdbss - ok

09:01:54.0809 2324 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys

09:01:54.0925 2324 RDPCDD - ok

09:01:55.0342 2324 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys

09:01:55.0589 2324 rdpdr - ok

09:01:55.0973 2324 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys

09:01:56.0053 2324 RDPENCDD - ok

09:01:56.0584 2324 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys

09:01:56.0708 2324 RDPWD - ok

09:01:57.0108 2324 rimmptsk (c35ca13d3627ebd9dd12a23ce781bc3d) C:\Windows\system32\DRIVERS\rimmptsk.sys

09:01:57.0306 2324 rimmptsk - ok

09:01:57.0881 2324 rimsptsk (c398bca91216755b098679a8da8a2300) C:\Windows\system32\DRIVERS\rimsptsk.sys

09:01:58.0004 2324 rimsptsk - ok

09:01:58.0373 2324 RimUsb (92d33f76769a028ddc54a863eb7de4a2) C:\Windows\system32\Drivers\RimUsb.sys

09:01:58.0532 2324 RimUsb - ok

09:01:59.0034 2324 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\Windows\system32\DRIVERS\RimSerial.sys

09:01:59.0218 2324 RimVSerPort - ok

09:01:59.0519 2324 rismxdp (2a2554cb24506e0a0508fc395c4a1b42) C:\Windows\system32\DRIVERS\rixdptsk.sys

09:01:59.0653 2324 rismxdp - ok

09:02:00.0361 2324 ROOTMODEM (75e8a6bfa7374aba833ae92bf41ae4e6) C:\Windows\system32\Drivers\RootMdm.sys

09:02:00.0634 2324 ROOTMODEM - ok

09:02:01.0326 2324 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys

09:02:01.0594 2324 rspndr - ok

09:02:02.0271 2324 RTL8187 (25c91ee1be0c0cfa79696a2d0b47aa43) C:\Windows\system32\DRIVERS\RTL8187.sys

09:02:02.0560 2324 RTL8187 - ok

09:02:03.0216 2324 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys

09:02:03.0364 2324 sbp2port - ok

09:02:03.0583 2324 sdbus (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys

09:02:03.0784 2324 sdbus - ok

09:02:03.0909 2324 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys

09:02:04.0447 2324 secdrv - ok

09:02:04.0716 2324 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys

09:02:05.0050 2324 Serenum - ok

09:02:05.0162 2324 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys

09:02:05.0335 2324 Serial - ok

09:02:05.0490 2324 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys

09:02:05.0641 2324 sermouse - ok

09:02:05.0733 2324 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\DRIVERS\sffdisk.sys

09:02:05.0771 2324 sffdisk - ok

09:02:05.0836 2324 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys

09:02:06.0003 2324 sffp_mmc - ok

09:02:06.0183 2324 sffp_sd (9f66a46c55d6f1ccabc79bb7afccc545) C:\Windows\system32\DRIVERS\sffp_sd.sys

09:02:06.0229 2324 sffp_sd - ok

09:02:06.0277 2324 sfloppy (c33bfbd6e9e41fcd9ffef9729e9faed6) C:\Windows\system32\DRIVERS\sfloppy.sys

09:02:06.0377 2324 sfloppy - ok

09:02:06.0654 2324 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys

09:02:06.0688 2324 sisagp - ok

09:02:06.0736 2324 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys

09:02:06.0775 2324 SiSRaid2 - ok

09:02:06.0957 2324 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys

09:02:06.0972 2324 SiSRaid4 - ok

09:02:07.0104 2324 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys

09:02:07.0162 2324 Smb - ok

09:02:07.0383 2324 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys

09:02:07.0461 2324 spldr - ok

09:02:07.0575 2324 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys

09:02:07.0645 2324 srv - ok

09:02:07.0782 2324 srv2 (a5940ca32ed206f90be9fabdf6e92de4) C:\Windows\system32\DRIVERS\srv2.sys

09:02:07.0901 2324 srv2 - ok

09:02:07.0962 2324 srvnet (37aa1d560d5fa486c4b11c2f276ada61) C:\Windows\system32\DRIVERS\srvnet.sys

09:02:07.0995 2324 srvnet - ok

09:02:08.0642 2324 StillCam (ef70b3d22b4bffda6ea851ecb063efaa) C:\Windows\system32\DRIVERS\serscan.sys

09:02:08.0757 2324 StillCam - ok

09:02:09.0265 2324 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys

09:02:11.0847 2324 swenum - ok

09:02:12.0000 2324 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys

09:02:12.0015 2324 Symc8xx - ok

09:02:12.0083 2324 SymIM - ok

09:02:12.0122 2324 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys

09:02:12.0137 2324 Sym_hi - ok

09:02:12.0224 2324 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys

09:02:12.0248 2324 Sym_u3 - ok

09:02:12.0447 2324 Tcpip (65877aa1b6a7cb797488e831698973e9) C:\Windows\system32\drivers\tcpip.sys

09:02:12.0505 2324 Tcpip - ok

09:02:12.0802 2324 Tcpip6 (65877aa1b6a7cb797488e831698973e9) C:\Windows\system32\DRIVERS\tcpip.sys

09:02:12.0886 2324 Tcpip6 - ok

09:02:13.0011 2324 tcpipreg (4b8f496292d40192acb052e030c023a7) C:\Windows\system32\drivers\tcpipreg.sys

09:02:13.0047 2324 tcpipreg - ok

09:02:13.0110 2324 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys

09:02:13.0151 2324 TDPIPE - ok

09:02:13.0209 2324 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys

09:02:13.0248 2324 TDTCP - ok

09:02:13.0299 2324 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys

09:02:13.0398 2324 tdx - ok

09:02:13.0622 2324 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys

09:02:13.0651 2324 TermDD - ok

09:02:13.0860 2324 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys

09:02:13.0913 2324 tssecsrv - ok

09:02:14.0014 2324 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys

09:02:14.0049 2324 tunmp - ok

09:02:14.0149 2324 tunnel (119b8184e106baedc83fce5ddf3950da) C:\Windows\system32\DRIVERS\tunnel.sys

09:02:14.0218 2324 tunnel - ok

09:02:14.0379 2324 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys

09:02:14.0398 2324 uagp35 - ok

09:02:14.0483 2324 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys

09:02:14.0518 2324 udfs - ok

09:02:14.0653 2324 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys

09:02:14.0668 2324 uliagpkx - ok

09:02:14.0877 2324 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys

09:02:14.0900 2324 uliahci - ok

09:02:14.0949 2324 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys

09:02:14.0968 2324 UlSata - ok

09:02:15.0073 2324 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys

09:02:15.0098 2324 ulsata2 - ok

09:02:15.0146 2324 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys

09:02:15.0203 2324 umbus - ok

09:02:15.0527 2324 UMPass (88bd96a1baeed33ee8bdf9499c07a841) C:\Windows\system32\DRIVERS\umpass.sys

09:02:15.0609 2324 UMPass - ok

09:02:15.0735 2324 USBAAPL (d4fb6ecc60a428564ba8768b0e23c0fc) C:\Windows\system32\Drivers\usbaapl.sys

09:02:15.0785 2324 USBAAPL - ok

09:02:15.0867 2324 usbbus - ok

09:02:16.0027 2324 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys

09:02:16.0084 2324 usbccgp - ok

09:02:16.0206 2324 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys

09:02:16.0271 2324 usbcir - ok

09:02:16.0511 2324 UsbDiag - ok

09:02:16.0684 2324 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys

09:02:16.0880 2324 usbehci - ok

09:02:17.0104 2324 UsbGps - ok

09:02:17.0197 2324 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys

09:02:17.0288 2324 usbhub - ok

09:02:17.0434 2324 USBModem - ok

09:02:17.0497 2324 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys

09:02:17.0549 2324 usbohci - ok

09:02:17.0607 2324 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys

09:02:17.0655 2324 usbprint - ok

09:02:17.0699 2324 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys

09:02:17.0773 2324 usbscan - ok

09:02:17.0919 2324 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS

09:02:17.0984 2324 USBSTOR - ok

09:02:18.0077 2324 usbuhci (325dbbacb8a36af9988ccf40eac228cc) C:\Windows\system32\DRIVERS\usbuhci.sys

09:02:18.0155 2324 usbuhci - ok

09:02:18.0401 2324 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys

09:02:18.0520 2324 usbvideo - ok

09:02:18.0619 2324 usb_rndisx (35c9095fa7076466afbfc5b9ec4b779e) C:\Windows\system32\DRIVERS\usb8023x.sys

09:02:18.0775 2324 usb_rndisx - ok

09:02:18.0911 2324 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys

09:02:19.0087 2324 vga - ok

09:02:19.0192 2324 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys

09:02:19.0289 2324 VgaSave - ok

09:02:19.0592 2324 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys

09:02:19.0716 2324 viaagp - ok

09:02:19.0838 2324 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys

09:02:19.0998 2324 ViaC7 - ok

09:02:20.0113 2324 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys

09:02:20.0150 2324 viaide - ok

09:02:20.0243 2324 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys

09:02:20.0303 2324 volmgr - ok

09:02:20.0391 2324 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys

09:02:20.0491 2324 volmgrx - ok

09:02:20.0583 2324 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys

09:02:20.0639 2324 volsnap - ok

09:02:20.0782 2324 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys

09:02:20.0840 2324 vsmraid - ok

09:02:21.0068 2324 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys

09:02:21.0287 2324 WacomPen - ok

09:02:21.0385 2324 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys

09:02:21.0480 2324 Wanarp - ok

09:02:21.0493 2324 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys

09:02:21.0691 2324 Wanarpv6 - ok

09:02:21.0970 2324 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys

09:02:22.0038 2324 Wd - ok

09:02:22.0126 2324 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys

09:02:22.0251 2324 Wdf01000 - ok

09:02:22.0526 2324 winachsf (e096ffb754f1e45ae1bddac1275ae2c5) C:\Windows\system32\DRIVERS\HSX_CNXT.sys

09:02:22.0700 2324 winachsf - ok

09:02:22.0958 2324 WinUSB (676f4b665bdd8053eaa53ac1695b8074) C:\Windows\system32\DRIVERS\WinUSB.sys

09:02:23.0027 2324 WinUSB - ok

09:02:23.0108 2324 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys

09:02:23.0181 2324 WmiAcpi - ok

09:02:23.0341 2324 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys

09:02:23.0391 2324 WpdUsb - ok

09:02:23.0470 2324 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys

09:02:23.0580 2324 ws2ifsl - ok

09:02:23.0689 2324 WSDPrintDevice (4422ac5ed8d4c2f0db63e71d4c069dd7) C:\Windows\system32\DRIVERS\WSDPrint.sys

09:02:23.0750 2324 WSDPrintDevice - ok

09:02:23.0892 2324 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys

09:02:23.0992 2324 WUDFRd - ok

09:02:24.0202 2324 XAudio (19e7c173b6242ad7521e537ae54768bf) C:\Windows\system32\DRIVERS\xaudio.sys

09:02:24.0243 2324 XAudio - ok

09:02:24.0390 2324 MBR (0x1B8) (c0dcf0ac171db02db8b0014c5d767cf1) \Device\Harddisk0\DR0

09:02:24.0418 2324 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected

09:02:24.0418 2324 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)

09:02:24.0532 2324 \Device\Harddisk0\DR0 ( TDSS File System ) - warning

09:02:24.0533 2324 \Device\Harddisk0\DR0 - detected TDSS File System (1)

09:02:24.0547 2324 Boot (0x1200) (089e52857d55d6905cc3ae026a8ddf87) \Device\Harddisk0\DR0\Partition0

09:02:24.0549 2324 \Device\Harddisk0\DR0\Partition0 - ok

09:02:24.0598 2324 Boot (0x1200) (479e33c6512598c2cddb86c643ba1188) \Device\Harddisk0\DR0\Partition1

09:02:24.0602 2324 \Device\Harddisk0\DR0\Partition1 - ok

09:02:24.0604 2324 ============================================================

09:02:24.0604 2324 Scan finished

09:02:24.0604 2324 ============================================================

09:02:24.0706 3536 Detected object count: 4

09:02:24.0706 3536 Actual detected object count: 4

09:03:56.0680 3536 JL2005C ( UnsignedFile.Multi.Generic ) - skipped by user

09:03:56.0680 3536 JL2005C ( UnsignedFile.Multi.Generic ) - User select action: Skip

09:03:56.0681 3536 mcdbus ( UnsignedFile.Multi.Generic ) - skipped by user

09:03:56.0681 3536 mcdbus ( UnsignedFile.Multi.Generic ) - User select action: Skip

09:03:56.0826 3536 \Device\Harddisk0\DR0\# - copied to quarantine

09:03:56.0828 3536 \Device\Harddisk0\DR0 - copied to quarantine

09:03:56.0863 3536 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine

09:03:56.0875 3536 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine

09:03:56.0882 3536 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine

09:03:56.0898 3536 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine

09:03:56.0915 3536 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine

09:03:56.0919 3536 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine

09:03:56.0923 3536 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine

09:03:56.0927 3536 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine

09:03:56.0934 3536 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine

09:03:56.0955 3536 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine

09:03:56.0988 3536 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot

09:03:56.0989 3536 \Device\Harddisk0\DR0 - ok

09:03:58.0254 3536 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure

09:03:58.0256 3536 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user

09:03:58.0256 3536 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

09:04:18.0022 4416 Deinitialize success

Thank You very much for your speedy assistance again!

Thank You

Share this post


Link to post
Share on other sites

Please run a new MBAM scan being sure to update before scanning.

Post the scan results

Also please describe how your computer behaves at the moment.

Please don't attach the scans / logs, use "copy/paste".

Share this post


Link to post
Share on other sites

New Scan:

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Database version: 912022803

Windows 6.0.6002 Service Pack 2

Internet Explorer 9.0.8112.16421

2/28/2012 9:34:06 AM

mbam-log-2012-02-28 (09-34-06).txt

Scan type: Quick scan

Objects scanned: 201790

Time elapsed: 12 minute(s), 41 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

...

Yeyy Thank You..... ,

My computer seems to be running a bit sluggish at points.. while i was running the scan i forgot that avg was running and a pop up came saying it caught two things i clicked close... Ummmm, my command prompt comes up, as well as regedit... i dont know if my cd drive is fix yet however... guess i will see when i get a cd to put in. Right now i have to go run and do some errands, i will be back and see what to do and post any new results.., again Thank You very much

Share this post


Link to post
Share on other sites

That looks good.

Please do not attach the scan results from Combofx. Use copy/paste.

Vista and Windows 7 users:

1. These tools MUST be run from the executable. (.exe) every time you run them

2. With Admin Rights (Right click, choose "Run as Administrator")

Download ComboFix from one of these locations:

Link 1

Link 2 If using this link, Right Click and select Save As.

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : Protective Programs
  • Double click on ComboFix.exe & follow the prompts.
    Notes: Combofix will run without the Recovery Console installed. Skip the Recovery Console part if you're running Vista or Windows 7.
    Note: If you have XP SP3, use the XP SP2 package.
    If Vista or Windows 7, skip the Recovery Console part
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

RC1.png

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC2-1.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt using Copy / Paste in your next reply.

Notes:

1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.

2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.

3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.

4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Give it atleast 20-30 minutes to finish if needed.

Please do not attach the scan results from Combofx. Use copy/paste.

Also please describe how your computer behaves at the moment.

Share this post


Link to post
Share on other sites

That's great to hear... I've downloaded the CF and began to run it, however, a couple pop ups came up prior and during the scan which i believe is still running(the blue screen is still open and cursor still blinking)... the 1st of 3 was an alert notifying me that eset nod32 antivirus and antispyware is still running, the 2nd was to confirm that i wanted to go ahead with the scan even with the eset antivirus&spy still running... the 3rd was a windows pop up from windows solution center stating "freeware implementation of XCACLS has stopped working." ... Now, before you ask, i had uninstalled eset weeks ago and cannot find where eset is running is why i clicked go ahead with CF, also i did not click the "close program" button that the windows solution center... as im typing this a dds script began running :-)

Share this post


Link to post
Share on other sites

either that or my jacket swiped over the tracking pad and clicked the dds by accident ??

Share this post


Link to post
Share on other sites

*Combofix has just finished as i was typing this stating it has detected a rootkit virus and needs to restart...:-(

Update: CF had a couple pop ups that came up twice stating "You are infected with Rootkit.ZeroAccess! It has inserted itself into the tcp/ip stack. This is a particularly difficult infection. If for any reason you are unable to connect to the internet after running combofix, reboot once & see if that fixes it. If it's not fixed run combofix one more time."

**after rebooting as combofix directed a popup saying the recycling bin on drive c is corrupted, do you wish to delete?.. i clicked yes, and now CF is running an auto scan with the blue screen under administrator... now on completed stage 5 and i await the computer to turn on from that then i will post the logs, sorry for all the posts in between, i just wanted to describe how my computer was behaving at each moment.. and thank you for your time and patience, i appreciate it very much!

Share this post


Link to post
Share on other sites

Ok its finished... it deleted some files and folders which i wrote down but dont know if is relevent to write, but here is the CF report:

ComboFix 12-02-27.02 - Owner 02/28/2012 13:22:11.3.2 - x86

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1918.881 [GMT -5:00]

Running from: c:\users\Owner\Desktop\ComboFix.exe

AV: ESET NOD32 Antivirus 5.0 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}

SP: ESET NOD32 Antivirus 5.0 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\Owner\Desktop\MP3 to RingTone Gold.lnk

c:\windows\$NtUninstallKB35951$

c:\windows\$NtUninstallKB35951$\4011156346\@

c:\windows\$NtUninstallKB35951$\4011156346\bckfg.tmp

c:\windows\$NtUninstallKB35951$\4011156346\cfg.ini

c:\windows\$NtUninstallKB35951$\4011156346\Desktop.ini

c:\windows\$NtUninstallKB35951$\4011156346\keywords

c:\windows\$NtUninstallKB35951$\4011156346\kwrd.dll

c:\windows\$NtUninstallKB35951$\4011156346\L\qnbwvoto

c:\windows\$NtUninstallKB35951$\4011156346\lsflt7.ver

c:\windows\$NtUninstallKB35951$\4011156346\oemid

c:\windows\$NtUninstallKB35951$\4011156346\U\00000001.@

c:\windows\$NtUninstallKB35951$\4011156346\U\00000002.@

c:\windows\$NtUninstallKB35951$\4011156346\U\00000004.@

c:\windows\$NtUninstallKB35951$\4011156346\U\80000000.@

c:\windows\$NtUninstallKB35951$\4011156346\U\80000004.@

c:\windows\$NtUninstallKB35951$\4011156346\U\80000032.@

c:\windows\$NtUninstallKB35951$\4011156346\version

c:\windows\$NtUninstallKB35951$\4082853687

.

c:\windows\system32\drivers\netbt.sys was missing

Restored copy from - c:\combofix\HarddiskVolumeShadowCopy9_!Windows!System32!drivers!netbt.sys

.

.

((((((((((((((((((((((((( Files Created from 2012-01-28 to 2012-02-28 )))))))))))))))))))))))))))))))

.

.

2012-02-28 18:41 . 2012-02-28 18:41 -------- d-----w- c:\users\Public\AppData\Local\temp

2012-02-28 18:41 . 2012-02-28 18:41 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-02-28 18:41 . 2009-04-11 04:45 185856 ----a-w- c:\windows\system32\drivers\netbt.sys

2012-02-28 14:26 . 2012-02-28 14:26 -------- d-----w- C:\$AVG

2012-02-28 14:03 . 2012-02-28 14:03 -------- d-----w- C:\TDSSKiller_Quarantine

2012-02-27 02:08 . 2012-02-27 02:08 51712 ----a-w- c:\windows\system32\vCB68H0K.com

2012-02-26 01:48 . 2012-02-28 13:14 0 --sha-w- c:\windows\system32\dds_trash_log.cmd

2012-02-26 01:40 . 2012-02-26 01:40 -------- d-----w- c:\programdata\Faronics

2012-02-01 13:37 . 2012-02-01 13:37 -------- d-----w- c:\users\Owner\AppData\Roaming\AVG2012

2012-02-01 13:28 . 2012-02-01 13:53 -------- d-----w- c:\programdata\AVG2012

2012-02-01 13:09 . 2010-12-20 23:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2012-02-01 13:09 . 2012-02-01 13:09 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-02-01 13:09 . 2010-12-20 23:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-01-24 16:04 . 2012-01-24 16:04 388096 ----a-r- c:\users\Owner\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2011-12-09 01:41 . 2011-06-10 01:28 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-03-18 17:53 . 2011-03-31 15:13 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-07-09 159744]

"OnScreenDisplay"="c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2007-09-04 554320]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-24 13601312]

"HP CP1020 System Tray"="c:\program files\HP\HP LaserJet Professional CP1020 Series\HPCP1020STRAY.EXE" [2011-03-31 2620416]

"InCD"="c:\program files\Nero 7\InCD\InCD.exe" [2007-06-25 1057064]

"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]

"HideSCAHealth"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Canon iC D800 Status Window.LNK]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Canon iC D800 Status Window.LNK

backup=c:\windows\pss\Canon iC D800 Status Window.LNK.CommonStartup

backupExtension=.CommonStartup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2011-06-06 16:55 937920 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2011-06-06 16:55 35736 ----a-w- c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]

2007-06-27 23:03 152872 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BrMfcWnd]

2008-04-11 19:13 1085440 ------r- c:\program files\Brother\Brmfcmon\BrMfcWnd.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter3]

2007-12-21 22:57 86016 ------w- c:\program files\Brother\ControlCenter3\BrCtrCen.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]

2010-09-16 20:04 1164584 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]

2011-05-24 13:13 136176 ----atw- c:\users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

2007-10-15 01:17 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPADVISOR]

2007-10-01 23:10 1783136 ----a-w- c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant]

2007-09-13 15:47 480560 ----a-w- c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2011-04-14 15:32 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

2007-03-01 19:57 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]

2009-06-24 15:38 92704 ----a-w- c:\windows\System32\nvmctray.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService]

2007-12-20 00:27 468264 ----a-w- c:\program files\HP\QuickPlay\QPService.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2010-11-29 22:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecurDisc]

2007-06-25 12:47 1629480 ----a-w- c:\program files\Nero 7\InCD\NBHGui.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2010-10-29 18:49 249064 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UCam_Menu]

2008-06-13 22:11 210216 ------w- c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WAWifiMessage]

2007-01-08 22:53 311296 ----a-w- c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]

2008-01-19 07:38 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Mobile Device Center]

2007-05-31 13:21 648072 ----a-w- c:\windows\WindowsMobile\wmdc.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Mobile-based device management]

2006-11-02 09:45 215552 ----a-w- c:\windows\WindowsMobile\wmdSync.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]

2008-01-19 07:33 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]

"AntiVirusOverride"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2594951614-2104154672-3464771787-1004]

"EnableNotificationsRef"=dword:00000001

.

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

WindowsMobile REG_MULTI_SZ wcescomm rapimgr

LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr

LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

WSIMD

pageserver

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

2007-10-18 20:25 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe

.

Contents of the 'Scheduled Tasks' folder

.

2012-02-27 c:\windows\Tasks\At1.job

- c:\windows\system32\vCB68H0K.com [2012-02-27 02:08]

.

2012-02-27 c:\windows\Tasks\At11.job

- c:\windows\system32\vCB68H0K.com [2012-02-27 02:08]

.

2012-02-27 c:\windows\Tasks\At13.job

- c:\windows\system32\vCB68H0K.com [2012-02-27 02:08]

.

2012-02-27 c:\windows\Tasks\At15.job

- c:\windows\system32\vCB68H0K.com [2012-02-27 02:08]

.

2012-02-28 c:\windows\Tasks\At17.job

- c:\windows\system32\vCB68H0K.com [2012-02-27 02:08]

.

2012-02-27 c:\windows\Tasks\At19.job

- c:\windows\system32\vCB68H0K.com [2012-02-27 02:08]

.

2012-02-27 c:\windows\Tasks\At21.job

- c:\windows\system32\vCB68H0K.com [2012-02-27 02:08]

.

2012-02-27 c:\windows\Tasks\At23.job

- c:\windows\system32\vCB68H0K.com [2012-02-27 02:08]

.

2012-02-27 c:\windows\Tasks\At25.job

- c:\windows\system32\vCB68H0K.com [2012-02-27 02:08]

.

2012-02-27 c:\windows\Tasks\At27.job

- c:\windows\system32\vCB68H0K.com [2012-02-27 02:08]

.

2012-02-27 c:\windows\Tasks\At3.job

- c:\windows\system32\vCB68H0K.com [2012-02-27 02:08]

.

2012-02-27 c:\windows\Tasks\At5.job

- c:\windows\system32\vCB68H0K.com [2012-02-27 02:08]

.

2012-02-27 c:\windows\Tasks\At7.job

- c:\windows\system32\vCB68H0K.com [2012-02-27 02:08]

.

2012-02-27 c:\windows\Tasks\At9.job

- c:\windows\system32\vCB68H0K.com [2012-02-27 02:08]

.

2012-02-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-08-15 01:15]

.

2011-11-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-08-15 01:15]

.

2011-05-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2594951614-2104154672-3464771787-1004Core.job

- c:\users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-24 13:13]

.

2011-05-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2594951614-2104154672-3464771787-1004UA.job

- c:\users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-24 13:13]

.

2011-03-30 c:\windows\Tasks\User_Feed_Synchronization-{2B218748-593F-4BDD-B64A-F5C65DE210E2}.job

- c:\windows\system32\msfeedssync.exe [2011-10-29 23:20]

.

2011-03-30 c:\windows\Tasks\User_Feed_Synchronization-{E5B0DB57-5983-461A-AB59-62B6F077BFCE}.job

- c:\windows\system32\msfeedssync.exe [2011-10-29 23:20]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

mStart Page = hxxp://www.google.com

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.1.1

FF - ProfilePath - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\cb370nv0.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z016&form=ZGAADF&q=

FF - prefs.js: network.proxy.type - 0

.

- - - - ORPHANS REMOVED - - - -

.

MSConfigStartUp-FlashPlayerUpdate - c:\windows\system32\Macromed\Flash\FlashUtil10t_ActiveX.exe

MSConfigStartUp-Messenger (Yahoo!) - c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,

Rootkit scan 2012-02-28 13:44

Windows 6.0.6002 Service Pack 2 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

.

c:\users\Owner\AppData\Local\Temp\catchme.dll 53248 bytes executable

.

scan completed successfully

hidden files: 1

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

------------------------ Other Running Processes ------------------------

.

c:\progra~1\AVG\AVG2012\avgrsx.exe

c:\program files\AVG\AVG2012\avgcsrvx.exe

c:\windows\system32\nvvsvc.exe

c:\windows\system32\rundll32.exe

c:\windows\system32\WLANExt.exe

c:\windows\system32\CAPM5RSK.EXE

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files\AVG\AVG2012\avgwdsvc.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\windows\system32\HPSIsvc.exe

c:\program files\Nero 7\InCD\InCDsrv.exe

c:\program files\AVG\AVG2012\avgnsx.exe

c:\program files\Common Files\LightScribe\LSSrvc.exe

c:\windows\system32\spool\DRIVERS\W32X86\3\HP1006MC.EXE

c:\windows\system32\spool\drivers\w32x86\3\CAPM5SWK.EXE

c:\program files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe

c:\program files\Apoint2K\ApMsgFwd.exe

c:\windows\ehome\ehmsas.exe

c:\program files\Apoint2K\Apntex.exe

c:\program files\CyberLink\Shared Files\RichVideo.exe

c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

c:\windows\system32\DRIVERS\xaudio.exe

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe

c:\program files\HP\QuickPlay\Kernel\TV\QPSched.exe

.

**************************************************************************

.

Completion time: 2012-02-28 13:50:37 - machine was rebooted

ComboFix-quarantined-files.txt 2012-02-28 18:50

.

Pre-Run: 20,072,837,120 bytes free

Post-Run: 21,281,939,456 bytes free

.

- - End Of File - - 96435A781B0B01777DFA12CE44B24443

And i dont know if you wanted me to post the dds logs that came up while combofix was running before the reboot?

Share this post


Link to post
Share on other sites

Please go to http://www.virustotal.com/, click on Browse, and upload the following file for analysis:

c:\windows\system32\vCB68H0K.com

Then click Submit. Allow the file to be scanned, and then please copy and paste the results here for me to see.

If virustotal is too busy you can try these.

http://virusscan.jotti.org

http://www.kaspersky.com/scanforvirus.html

Share this post


Link to post
Share on other sites

When i go to the sites and try to upload 1st a pop up from AVG comes up asking if i should move the virus to a vault, i click ignore and 2nd behind that screen is another pop up stating "vCB68H0K You don't have permission to open this file. Contact the file owner or an administrator to obtain permission."

Share this post


Link to post
Share on other sites

Copy/paste the text in the Codebox below into notepad:

Here's how to do that:

Click Start > Run type Notepad click OK.

This will open an empty notepad file:

Take your mouse, and place your cursor at the beginning of the text in the box below, then click and hold the left mouse button, while pulling your mouse over the text. This should highlight the text. Now release the left mouse button. Now, with the cursor over the highlighted text, right click the mouse for options, and select 'copy'. Now over the empty Notepad box, right click your mouse again, and select 'paste' and you will have copied and pasted the text.

KillAll::

File::
c:\windows\system32\vCB68H0K.com

AtJob::


Folder::
C:\TDSSKiller_Quarantine

ClearJavaCache::

Save this file to your desktop, Save this as "CFScript"

Here's how to do that:

1.Click File;

2.Click Save As... Change the directory to your desktop;

3.Change the Save as type to "All Files";

4.Type in the file name: CFScript

5.Click Save ...

CFScriptB-4.gif

Drag CFScript.txt into ComboFix.exe

Then post the results log using Copy / Paste

Also please describe how your computer behaves at the moment.

Share this post


Link to post
Share on other sites

Ok, currently running ... side note/question, should i have unchecked the box that pops up asking if i would like to run this program and do i always ask before opening? ... if you understand what i mean... i will post the CF log when it finishes... oh and another question, where does the log file save to defaultly?

Share this post


Link to post
Share on other sites

ok , Thank you.. only reason i was asking is because i was unsure if the script that you'd had me make was going to run after that pop up.. the CF is almost done now; restarting as i'm typing this sentence here

Share this post


Link to post
Share on other sites

Its taking a long while to shut down, longer than normal at this point... its on the screen "shutting down..." and the loading circle still appears to be rotating..., Just to keep you informed as to the behavior of the laptop

Share this post


Link to post
Share on other sites

I don't know if this is normal at all after the script has run and the deletion of certain files..... or if the computer is frozen or what, but it's still on the shutting down screen and is still loading.... almost 20 minutes later

Share this post


Link to post
Share on other sites

If it's hung, you'll need to manually power it off and back on

Share this post


Link to post
Share on other sites

Will the log appear when it restarts after i hard power it off? if not where would i find the log?

Share this post


Link to post
Share on other sites

ok.. Thank You, i will post the log when completed.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  
Followers 0

  • Recently Browsing   0 members

    No registered users viewing this page.