Jump to content

Need help cleaning virus from computer


Recommended Posts

My computer seems to have a virus -- I keep getting notifications that malwarebytes is blocking an outgoing malicious file.

When I ran the Avira virus scan it found 3 exp/pidief.aik.1 exp/pidief.aj1 amd exp/pidief files. I'm not sure Avira could clean them.

At any rate it didn't stop. When I ran the malwarebytes scan it found a tr/alureonfk.30 trojan file but after scan still had problem.

Last year, someone here helped me with the same problem. I would appreciate some help please.

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_27

Run by Judy at 17:27:10 on 2011-12-15

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.767.86 [GMT -5:00]

.

AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}

.

============== Running Processes ===============

.

C:\WINDOWS\System32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

svchost.exe

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Google\Update\GoogleUpdate.exe

C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\Secunia\PSI\PSIA.exe

C:\Program Files\VERIZONDM\bin\sprtsvc.exe

C:\WINDOWS\System32\svchost.exe -k imgsvc

C:\Program Files\VERIZONDM\bin\tgsrvc.exe

C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe

C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe

C:\Program Files\Common Files\Authentium\AntiVirus5\vseqrts.exe

C:\Program Files\Secunia\PSI\sua.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe

C:\Program Files\Logitech\Logitech Vid\vid.exe

C:\Program Files\I8kfanGUI\I8kfanGUI.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Secunia\PSI\psi_tray.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Common Files\Java\Java Update\jucheck.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

c:\program files\avira\antivir desktop\avcenter.exe

c:\program files\avira\antivir desktop\avcenter.exe

.

============== Pseudo HJT Report ===============

.

uInternet Settings,ProxyOverride = <local>;*.local

mURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: SecureBrowsing bho: {7632abca-b104-4fbc-9c70-419c4147061b} - c:\program files\m86security secure browsing\SecureBrowsing.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7018.1622\swg.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

BHO: Yontoo Layers: {fd72061e-9fde-484d-a58a-0bab4151cad8} - c:\program files\yontoo layers runtime\YontooIEClient_2.dll

TB: M86 Security Secure Browsing: {b99f805c-f0b1-48ea-8c8b-753bfcbed913} - c:\program files\m86security secure browsing\SecureBrowsing.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

TB: Download Energy Toolbar: {2bae58c2-79f9-45d1-a286-81f911301c3a} - c:\program files\p2p_energy\tbP2P1.dll

TB: Discover USA Toolbar: {48405d3d-2674-4cd8-b1ef-9a719443bd3f} - c:\program files\search_usa\tbSea0.dll

TB: Download Energy Toolbar: {ad708c09-d51b-45b3-9d28-4eba2681febf} - c:\program files\download_energy\tbDow1.dll

TB: AIM Toolbar: {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll

EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

uRun: [OM2_Monitor] "c:\program files\olympus\olympus master 2\MMonitor.exe"

uRun: [Logitech Vid] "c:\program files\logitech\logitech vid\vid.exe" -bootmode

uRun: [i8kfangui] c:\program files\i8kfangui\I8kfanGUI.exe /startup

uRun: [AROReminder] c:\program files\aro 2011\aro.exe -rem

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [OM2_Monitor] "c:\program files\olympus\olympus master 2\FirstStart.exe" /OM

mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\logitech webcam software\LWS.exe" /hide

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [userFaultCheck] %systemroot%\system32\dumprep 0 -u

dRunOnce: [RunNarrator] Narrator.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\secuni~1.lnk - c:\program files\secunia\psi\psi_tray.exe

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab

DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab

TCP: DhcpNameServer = 192.168.1.1 192.168.1.1

TCP: Interfaces\{66C8DB40-0463-4ACE-AFF2-AB9F7DEC0263} : DhcpNameServer = 192.168.1.1 192.168.1.1

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Notify: AtiExtEvent - Ati2evxx.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\judy\application data\mozilla\firefox\profiles\j52sfuq9.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=

FF - prefs.js: browser.search.selectedEngine - Bing

FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=

FF - prefs.js: network.proxy.http - 127.0.0.1

FF - prefs.js: network.proxy.http_port - 64242

FF - prefs.js: network.proxy.type - 0

FF - plugin: c:\documents and settings\judy\application data\facebook\npfbplugin_1_0_3.dll

FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\google\picasa3\npPicasa3.dll

FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\mozilla firefox\plugins\NPcol400.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll

FF - plugin: c:\program files\olympus\ib utilities\firefox plugin\npIbInst.dll

.

---- FIREFOX POLICIES ----

FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(yahoo.homepage.dontask, true);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(extentions.y2layers.installId, 0f23a4c7-fef6-4ad8-9201-717df781bb56

FF - user.js: extentions.y2layers.installId - 032cccb3-48a5-48fa-a037-36f99cf47c05

FF - user.js: extentions.y2layers.installId - 5c10a373-8026-4409-80e1-8ecd03661f88

.

============= SERVICES / DRIVERS ===============

.

R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2011-9-1 11608]

R1 fanio;FanIO driver;c:\windows\system32\drivers\fanio.sys [2011-1-31 14464]

R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-9-1 66616]

.

=============== Created Last 30 ================

.

.

==================== Find3M ====================

.

2011-12-06 11:08:07 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-09-28 07:06:50 599040 ----a-w- c:\windows\system32\crypt32.dll

2011-09-26 16:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll

2011-09-26 16:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll

2011-09-26 16:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll

.

=================== ROOTKIT ====================

.

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net

Windows 5.1.2600 Disk: WDC_WD3200AAJS-22RYA0 rev.12.01B01 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3

.

device: opened successfully

user: MBR read successfully

.

Disk trace:

called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8345849F]<<

_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x8345f738]; MOV EAX, [0x8345f8ac]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }

1 ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Harddisk0\DR0[0x83FC8AB8]

3 CLASSPNP[0xF76BCFD7] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\00000068[0x83F05F18]

5 ACPI[0xF7533620] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> [0x83FCF940]

\Driver\atapi[0x83F466A0] -> IRP_MJ_CREATE -> 0x8345849F

error: Read A device attached to the system is not functioning.

kernel: MBR read successfully

_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [bP+0x0], CH; JL 0x2e; JNZ 0x3a; }

detected disk devices:

detected hooks:

\Driver\atapi DriverStartIo -> 0x834582C6

user & kernel MBR OK

Warning: possible TDL3 rootkit infection !

.

============= FINISH: 17:31:22.12 ===============

Here is the zip attachment.

attach.zip

Link to post
Share on other sites

:welcome:

Logs will be closed if you haven't replied within 3 days

Please don't attach the scans / logs from these scans, use "copy/paste".

DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision.

Doing so could make your pc inoperatible and could require a full reinstall of your OS, losing all your programs and data.

Vista and Windows 7 users:

1. These tools MUST be run from the executable. (.exe) every time you run them

2. With Admin Rights (Right click, choose "Run as Administrator")

Stay with this topic until I give you the all clean post.

You might want to print these instructions out.

Download TDSSKiller from here and save it to your Desktop.

Note: if the Cure option is not there, please select 'Skip'.

Please read carefully and follow these steps.

  1. Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
    tdss_1.jpg
  2. Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
    tdss_2.jpg
  3. Click the Start Scan button.
    tdss_3.jpg
  4. If a suspicious object is detected, the default action will be Skip, click on Continue.
    tdss_4.jpg
  5. If malicious objects are found, they will show in the Scan results and offer three (3) options.
  6. Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
    tdss_5.jpg

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Link to post
Share on other sites

16:58:38.0046 2456 TDSS rootkit removing tool 2.6.24.0 Dec 22 2011 18:21:27

16:58:40.0046 2456 ============================================================

16:58:40.0046 2456 Current date / time: 2011/12/22 16:58:40.0046

16:58:40.0046 2456 SystemInfo:

16:58:40.0046 2456

16:58:40.0046 2456 OS Version: 5.1.2600 ServicePack: 3.0

16:58:40.0046 2456 Product type: Workstation

16:58:40.0046 2456 ComputerName: JUDY-TUM01T7ZLL

16:58:40.0046 2456 UserName: Judy

16:58:40.0046 2456 Windows directory: C:\WINDOWS

16:58:40.0046 2456 System windows directory: C:\WINDOWS

16:58:40.0046 2456 Processor architecture: Intel x86

16:58:40.0046 2456 Number of processors: 2

16:58:40.0046 2456 Page size: 0x1000

16:58:40.0046 2456 Boot type: Normal boot

16:58:40.0046 2456 ============================================================

16:58:41.0140 2456 Initialize success

16:59:29.0125 3248 ============================================================

16:59:29.0125 3248 Scan started

16:59:29.0125 3248 Mode: Manual; SigCheck; TDLFS;

16:59:29.0125 3248 ============================================================

16:59:33.0281 3248 Abiosdsk - ok

16:59:33.0312 3248 abp480n5 - ok

16:59:33.0468 3248 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

16:59:38.0468 3248 ACPI - ok

16:59:38.0531 3248 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

16:59:38.0671 3248 ACPIEC - ok

16:59:38.0703 3248 adpu160m - ok

16:59:38.0750 3248 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

16:59:38.0921 3248 aec - ok

16:59:38.0953 3248 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys

16:59:39.0078 3248 AFD - ok

16:59:39.0078 3248 Aha154x - ok

16:59:39.0093 3248 aic78u2 - ok

16:59:39.0109 3248 aic78xx - ok

16:59:39.0125 3248 AliIde - ok

16:59:39.0140 3248 amsint - ok

16:59:39.0187 3248 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys

16:59:39.0328 3248 Arp1394 - ok

16:59:39.0328 3248 asc - ok

16:59:39.0343 3248 asc3350p - ok

16:59:39.0359 3248 asc3550 - ok

16:59:39.0406 3248 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

16:59:39.0546 3248 AsyncMac - ok

16:59:39.0578 3248 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

16:59:39.0703 3248 atapi - ok

16:59:39.0703 3248 Atdisk - ok

16:59:39.0812 3248 ati2mtag (cd5c874245435c9ce7e347e28cf3c6b5) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys

16:59:40.0062 3248 ati2mtag - ok

16:59:40.0109 3248 AtiHdmiService (dc6957811ff95f2dd3004361b20d8d3f) C:\WINDOWS\system32\drivers\AtiHdmi.sys

16:59:40.0171 3248 AtiHdmiService - ok

16:59:40.0203 3248 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

16:59:40.0359 3248 Atmarpc - ok

16:59:40.0390 3248 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

16:59:40.0546 3248 audstub - ok

16:59:40.0625 3248 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys

16:59:40.0671 3248 avgio - ok

16:59:40.0703 3248 avgntflt (1e4114685de1ffa9675e09c6a1fb3f4b) C:\WINDOWS\system32\DRIVERS\avgntflt.sys

16:59:47.0031 3248 avgntflt - ok

16:59:47.0109 3248 avipbb (0f78d3dae6dedd99ae54c9491c62adf2) C:\WINDOWS\system32\DRIVERS\avipbb.sys

16:59:47.0140 3248 avipbb - ok

16:59:47.0203 3248 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

16:59:47.0359 3248 Beep - ok

16:59:47.0453 3248 catchme - ok

16:59:47.0484 3248 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

16:59:47.0656 3248 cbidf2k - ok

16:59:47.0750 3248 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys

16:59:47.0875 3248 CCDECODE - ok

16:59:47.0890 3248 cd20xrnt - ok

16:59:47.0921 3248 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

16:59:48.0109 3248 Cdaudio - ok

16:59:48.0140 3248 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

16:59:48.0265 3248 Cdfs - ok

16:59:48.0296 3248 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

16:59:48.0421 3248 Cdrom - ok

16:59:48.0453 3248 CmdIde - ok

16:59:48.0531 3248 Cpqarray - ok

16:59:48.0546 3248 dac2w2k - ok

16:59:48.0562 3248 dac960nt - ok

16:59:48.0593 3248 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

16:59:48.0734 3248 Disk - ok

16:59:49.0046 3248 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

16:59:49.0296 3248 dmboot - ok

16:59:49.0359 3248 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

16:59:49.0531 3248 dmio - ok

16:59:49.0546 3248 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

16:59:49.0703 3248 dmload - ok

16:59:49.0734 3248 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

16:59:49.0859 3248 DMusic - ok

16:59:49.0875 3248 dpti2o - ok

16:59:49.0890 3248 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

16:59:50.0031 3248 drmkaud - ok

16:59:50.0093 3248 fanio (0dd24dabb0b8c4ac0d8f2ebf0492276a) C:\WINDOWS\system32\drivers\fanio.sys

16:59:50.0125 3248 fanio ( UnsignedFile.Multi.Generic ) - warning

16:59:50.0125 3248 fanio - detected UnsignedFile.Multi.Generic (1)

16:59:50.0187 3248 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

16:59:50.0359 3248 Fastfat - ok

16:59:50.0390 3248 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys

16:59:50.0515 3248 Fdc - ok

16:59:50.0531 3248 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

16:59:50.0671 3248 Fips - ok

16:59:50.0718 3248 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys

16:59:50.0843 3248 Flpydisk - ok

16:59:50.0875 3248 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

16:59:51.0046 3248 FltMgr - ok

16:59:51.0062 3248 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

16:59:51.0234 3248 Fs_Rec - ok

16:59:51.0265 3248 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

16:59:51.0437 3248 Ftdisk - ok

16:59:51.0484 3248 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys

16:59:51.0515 3248 GEARAspiWDM - ok

16:59:51.0546 3248 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

16:59:51.0671 3248 Gpc - ok

16:59:51.0734 3248 HDAudBus (3fcc124b6e08ee0e9351f717dd136939) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

16:59:51.0765 3248 HDAudBus ( UnsignedFile.Multi.Generic ) - warning

16:59:51.0765 3248 HDAudBus - detected UnsignedFile.Multi.Generic (1)

16:59:51.0812 3248 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

16:59:51.0968 3248 hidusb - ok

16:59:52.0000 3248 hpn - ok

16:59:52.0046 3248 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

16:59:52.0140 3248 HTTP - ok

16:59:52.0156 3248 i2omp - ok

16:59:52.0203 3248 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

16:59:52.0437 3248 i8042prt - ok

16:59:52.0468 3248 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

16:59:52.0625 3248 Imapi - ok

16:59:52.0656 3248 ini910u - ok

16:59:52.0843 3248 IntcAzAudAddService (9f6320e7b0c43e4e5693e1515ba5595c) C:\WINDOWS\system32\drivers\RtkHDAud.sys

16:59:53.0312 3248 IntcAzAudAddService - ok

16:59:53.0390 3248 IntelIde - ok

16:59:53.0421 3248 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

16:59:53.0562 3248 ip6fw - ok

16:59:53.0671 3248 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

16:59:53.0812 3248 IpFilterDriver - ok

16:59:53.0859 3248 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

16:59:53.0984 3248 IpInIp - ok

16:59:54.0015 3248 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

16:59:54.0140 3248 IpNat - ok

16:59:54.0156 3248 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

16:59:54.0281 3248 IPSec - ok

16:59:54.0296 3248 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

16:59:54.0421 3248 IRENUM - ok

16:59:54.0437 3248 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

16:59:54.0562 3248 isapnp - ok

16:59:54.0578 3248 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

16:59:54.0703 3248 Kbdclass - ok

16:59:54.0718 3248 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

16:59:54.0828 3248 kbdhid - ok

16:59:54.0890 3248 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

16:59:55.0000 3248 kmixer - ok

16:59:55.0031 3248 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

16:59:55.0125 3248 KSecDD - ok

16:59:55.0156 3248 LVPr2Mon (1a7db7a00a4b0d8da24cd691a4547291) C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys

16:59:55.0171 3248 LVPr2Mon - ok

16:59:55.0187 3248 MBAMProtector (69a6268d7f81e53d568ab4e7e991caf3) C:\WINDOWS\system32\drivers\mbam.sys

16:59:55.0218 3248 MBAMProtector - ok

16:59:55.0281 3248 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

16:59:55.0437 3248 mnmdd - ok

16:59:55.0453 3248 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

16:59:55.0578 3248 Modem - ok

16:59:55.0609 3248 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys

16:59:55.0765 3248 MODEMCSA - ok

16:59:55.0765 3248 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

16:59:55.0906 3248 Mouclass - ok

16:59:55.0937 3248 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

16:59:56.0093 3248 mouhid - ok

16:59:56.0109 3248 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

16:59:56.0234 3248 MountMgr - ok

16:59:56.0234 3248 mraid35x - ok

16:59:56.0265 3248 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

16:59:56.0406 3248 MRxDAV - ok

16:59:56.0453 3248 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

16:59:56.0625 3248 MRxSmb - ok

16:59:56.0640 3248 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

16:59:56.0781 3248 Msfs - ok

16:59:56.0843 3248 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

16:59:56.0968 3248 MSKSSRV - ok

16:59:56.0984 3248 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

16:59:57.0109 3248 MSPCLOCK - ok

16:59:57.0140 3248 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

16:59:57.0250 3248 MSPQM - ok

16:59:57.0296 3248 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

16:59:57.0406 3248 mssmbios - ok

16:59:57.0421 3248 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys

16:59:57.0546 3248 MSTEE - ok

16:59:57.0578 3248 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys

16:59:57.0671 3248 Mup - ok

16:59:57.0734 3248 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

16:59:57.0859 3248 NABTSFEC - ok

16:59:57.0890 3248 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

16:59:58.0031 3248 NDIS - ok

16:59:58.0046 3248 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys

16:59:58.0187 3248 NdisIP - ok

16:59:58.0218 3248 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

16:59:58.0296 3248 NdisTapi - ok

16:59:58.0343 3248 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

16:59:58.0468 3248 Ndisuio - ok

16:59:58.0468 3248 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

16:59:58.0593 3248 NdisWan - ok

16:59:58.0625 3248 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

16:59:58.0687 3248 NDProxy - ok

16:59:58.0734 3248 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

16:59:58.0859 3248 NetBIOS - ok

16:59:58.0890 3248 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

16:59:59.0031 3248 NetBT - ok

16:59:59.0093 3248 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys

16:59:59.0203 3248 NIC1394 - ok

16:59:59.0234 3248 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

16:59:59.0375 3248 Npfs - ok

16:59:59.0406 3248 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

16:59:59.0593 3248 Ntfs - ok

16:59:59.0640 3248 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

16:59:59.0765 3248 Null - ok

16:59:59.0796 3248 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

16:59:59.0953 3248 NwlnkFlt - ok

16:59:59.0968 3248 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

17:00:00.0125 3248 NwlnkFwd - ok

17:00:00.0156 3248 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys

17:00:00.0406 3248 ohci1394 - ok

17:00:00.0484 3248 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys

17:00:00.0625 3248 Parport - ok

17:00:00.0640 3248 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

17:00:00.0765 3248 PartMgr - ok

17:00:00.0796 3248 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

17:00:00.0937 3248 ParVdm - ok

17:00:00.0953 3248 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

17:00:01.0062 3248 PCI - ok

17:00:01.0078 3248 PCIDump - ok

17:00:01.0093 3248 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

17:00:01.0234 3248 PCIIde - ok

17:00:01.0296 3248 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys

17:00:01.0437 3248 Pcmcia - ok

17:00:01.0468 3248 perc2 - ok

17:00:01.0468 3248 perc2hib - ok

17:00:01.0609 3248 PID_PEPI (dd184d9adfe2a8a21741dbdfe9e22f5c) C:\WINDOWS\system32\DRIVERS\LV302V32.SYS

17:00:01.0828 3248 PID_PEPI - ok

17:00:01.0906 3248 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

17:00:02.0046 3248 PptpMiniport - ok

17:00:02.0093 3248 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys

17:00:02.0218 3248 Processor - ok

17:00:02.0234 3248 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

17:00:02.0359 3248 PSched - ok

17:00:02.0390 3248 PSI (d24dfd16a1e2a76034df5aa18125c35d) C:\WINDOWS\system32\DRIVERS\psi_mf.sys

17:00:02.0406 3248 PSI - ok

17:00:02.0437 3248 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

17:00:02.0593 3248 Ptilink - ok

17:00:02.0593 3248 ql1080 - ok

17:00:02.0609 3248 Ql10wnt - ok

17:00:02.0609 3248 ql12160 - ok

17:00:02.0625 3248 ql1240 - ok

17:00:02.0640 3248 ql1280 - ok

17:00:02.0671 3248 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

17:00:02.0812 3248 RasAcd - ok

17:00:02.0843 3248 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

17:00:02.0984 3248 Rasl2tp - ok

17:00:03.0000 3248 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

17:00:03.0109 3248 RasPppoe - ok

17:00:03.0140 3248 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

17:00:03.0296 3248 Raspti - ok

17:00:03.0328 3248 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

17:00:03.0453 3248 Rdbss - ok

17:00:03.0468 3248 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

17:00:03.0625 3248 RDPCDD - ok

17:00:03.0640 3248 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

17:00:03.0781 3248 rdpdr - ok

17:00:03.0953 3248 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys

17:00:04.0031 3248 RDPWD - ok

17:00:04.0078 3248 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

17:00:04.0203 3248 redbook - ok

17:00:04.0250 3248 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

17:00:04.0359 3248 Secdrv - ok

17:00:04.0390 3248 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

17:00:04.0531 3248 serenum - ok

17:00:04.0546 3248 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys

17:00:04.0671 3248 Serial - ok

17:00:04.0703 3248 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

17:00:04.0812 3248 Sfloppy - ok

17:00:04.0828 3248 Simbad - ok

17:00:04.0843 3248 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys

17:00:04.0968 3248 SLIP - ok

17:00:05.0015 3248 smserial (fc512d9288cd4985a3f59a1184559051) C:\WINDOWS\system32\DRIVERS\smserial.sys

17:00:05.0125 3248 smserial - ok

17:00:05.0140 3248 Sparrow - ok

17:00:05.0171 3248 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

17:00:05.0281 3248 splitter - ok

17:00:05.0312 3248 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

17:00:05.0437 3248 sr - ok

17:00:05.0484 3248 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys

17:00:05.0578 3248 Srv - ok

17:00:05.0640 3248 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys

17:00:05.0656 3248 ssmdrv - ok

17:00:05.0687 3248 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys

17:00:05.0796 3248 streamip - ok

17:00:05.0828 3248 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

17:00:05.0937 3248 swenum - ok

17:00:05.0984 3248 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

17:00:06.0093 3248 swmidi - ok

17:00:06.0125 3248 symc810 - ok

17:00:06.0125 3248 symc8xx - ok

17:00:06.0140 3248 sym_hi - ok

17:00:06.0156 3248 sym_u3 - ok

17:00:06.0171 3248 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

17:00:06.0281 3248 sysaudio - ok

17:00:06.0343 3248 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

17:00:06.0453 3248 Tcpip - ok

17:00:06.0468 3248 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

17:00:06.0593 3248 TDPIPE - ok

17:00:06.0625 3248 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

17:00:06.0734 3248 TDTCP - ok

17:00:06.0765 3248 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

17:00:06.0859 3248 TermDD - ok

17:00:06.0906 3248 TosIde - ok

17:00:06.0953 3248 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

17:00:07.0062 3248 Udfs - ok

17:00:07.0062 3248 ultra - ok

17:00:07.0093 3248 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

17:00:07.0250 3248 Update - ok

17:00:07.0281 3248 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys

17:00:07.0328 3248 USBAAPL - ok

17:00:07.0343 3248 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys

17:00:07.0453 3248 usbaudio - ok

17:00:07.0484 3248 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

17:00:07.0609 3248 usbccgp - ok

17:00:07.0656 3248 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

17:00:07.0765 3248 usbehci - ok

17:00:07.0781 3248 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

17:00:07.0906 3248 usbhub - ok

17:00:07.0953 3248 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys

17:00:08.0062 3248 usbohci - ok

17:00:08.0093 3248 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

17:00:08.0218 3248 usbprint - ok

17:00:08.0250 3248 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

17:00:08.0375 3248 usbscan - ok

17:00:08.0406 3248 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

17:00:08.0515 3248 USBSTOR - ok

17:00:08.0531 3248 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

17:00:08.0640 3248 VgaSave - ok

17:00:08.0656 3248 ViaIde - ok

17:00:08.0671 3248 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

17:00:08.0796 3248 VolSnap - ok

17:00:08.0843 3248 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

17:00:08.0968 3248 Wanarp - ok

17:00:08.0984 3248 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

17:00:09.0109 3248 wdmaud - ok

17:00:09.0156 3248 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS

17:00:09.0265 3248 WSTCODEC - ok

17:00:09.0328 3248 yukonwxp (67331fd053f97a874a60374be6b59523) C:\WINDOWS\system32\DRIVERS\yk51x86.sys

17:00:09.0375 3248 yukonwxp - ok

17:00:09.0390 3248 MBR (0x1B8) (1f753b395539269a3484aecd505b79bd) \Device\Harddisk0\DR0

17:00:09.0390 3248 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected

17:00:09.0390 3248 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)

17:00:09.0453 3248 \Device\Harddisk0\DR0 ( TDSS File System ) - warning

17:00:09.0453 3248 \Device\Harddisk0\DR0 - detected TDSS File System (1)

17:00:09.0453 3248 Boot (0x1200) (a17a18b8539b644e22585130762c99a0) \Device\Harddisk0\DR0\Partition0

17:00:09.0453 3248 \Device\Harddisk0\DR0\Partition0 - ok

17:00:09.0453 3248 ============================================================

17:00:09.0453 3248 Scan finished

17:00:09.0453 3248 ============================================================

17:00:09.0562 2896 Detected object count: 4

17:00:09.0562 2896 Actual detected object count: 4

17:00:25.0546 2896 fanio ( UnsignedFile.Multi.Generic ) - skipped by user

17:00:25.0546 2896 fanio ( UnsignedFile.Multi.Generic ) - User select action: Skip

17:00:25.0546 2896 HDAudBus ( UnsignedFile.Multi.Generic ) - skipped by user

17:00:25.0546 2896 HDAudBus ( UnsignedFile.Multi.Generic ) - User select action: Skip

17:00:25.0578 2896 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot

17:00:25.0578 2896 \Device\Harddisk0\DR0 - ok

17:00:25.0578 2896 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure

17:00:25.0578 2896 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user

17:00:25.0578 2896 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

17:01:04.0171 2448 Deinitialize success

Thank you!

Link to post
Share on other sites

Please do not attach the scan results from Combofx. Use copy/paste.

Vista and Windows 7 users:

1. These tools MUST be run from the executable. (.exe) every time you run them

2. With Admin Rights (Right click, choose "Run as Administrator")

Download ComboFix from one of these locations:

Link 1

Link 2 If using this link, Right Click and select Save As.

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : Protective Programs
  • Double click on ComboFix.exe & follow the prompts.
    Notes: Combofix will run without the Recovery Console installed. Skip the Recovery Console part if you're running Vista or Windows 7.
    Note: If you have XP SP3, use the XP SP2 package.
    If Vista or Windows 7, skip the Recovery Console part
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

RC1.png

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC2-1.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt using Copy / Paste in your next reply.

Notes:

1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.

2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.

3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.

4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Give it atleast 20-30 minutes to finish if needed.

Please do not attach the scan results from Combofx. Use copy/paste.

Also please describe how your computer behaves at the moment.

Link to post
Share on other sites

ComboFix 11-12-22.04 - Judy 12/22/2011 18:23:11.3.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.767.157 [GMT -5:00]

Running from: c:\documents and settings\Judy\Desktop\ComboFix.exe

AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\All Users\Application Data\TEMP

c:\documents and settings\All Users\Application Data\TEMP\{89A43E80-AC6C-4DA8-9800-F4B30ED577C0}\PostBuild.exe

c:\windows\EventSystem.log

c:\windows\system32\oobe\isperror

c:\windows\system32\oobe\isperror\ispcnerr.htm

c:\windows\system32\oobe\isperror\ispdtone.htm

c:\windows\system32\oobe\isperror\isphdshk.htm

c:\windows\system32\oobe\isperror\ispins.htm

c:\windows\system32\oobe\isperror\ispnoanw.htm

c:\windows\system32\oobe\isperror\isppberr.htm

c:\windows\system32\oobe\isperror\ispphbsy.htm

c:\windows\system32\oobe\isperror\ispsbusy.htm

c:\windows\system32\SET407.tmp

c:\windows\TEMP\logishrd\LVPrcInj01.dll

.

Infected copy of c:\windows\system32\drivers\ntfs.sys was found and disinfected

Restored copy from - c:\windows\ERDNT\cache\ntfs.sys

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Legacy_DHCP32

-------\Legacy_HELPSVC32

-------\Service_Dhcp32

-------\Service_helpsvc32

.

.

((((((((((((((((((((((((( Files Created from 2011-11-22 to 2011-12-22 )))))))))))))))))))))))))))))))

.

.

2011-12-19 11:36 . 2011-12-19 11:36 -------- d-----w- C:\found.000

2011-12-13 15:42 . 2011-12-13 15:42 -------- d-----w- c:\documents and settings\Default User\Application Data\Apple Computer

2011-12-13 15:06 . 2011-12-13 15:06 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple Computer

2011-12-13 15:06 . 2011-12-13 15:50 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Apple Computer

2011-12-13 11:09 . 2011-12-16 03:28 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-12-06 11:08 . 2011-09-29 22:46 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-10-10 14:22 . 2010-01-27 23:49 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-09-28 07:06 . 2002-08-29 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll

2011-09-26 16:41 . 2008-07-29 23:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll

2011-09-26 16:41 . 2002-08-29 12:00 220160 ----a-w- c:\windows\system32\oleacc.dll

2011-09-26 16:41 . 2002-08-29 12:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll

2011-11-25 16:42 . 2011-03-24 09:48 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]

2011-07-15 04:46 195360 ----a-w- c:\program files\Yontoo Layers Runtime\YontooIEClient_2.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{48405d3d-2674-4cd8-b1ef-9a719443bd3f}"= "c:\program files\Search_USA\tbSea0.dll" [2010-10-17 2735200]

"{2bae58c2-79f9-45d1-a286-81f911301c3a}"= "c:\program files\P2P_Energy\tbP2P1.dll" [2010-10-17 2735200]

"{ad708c09-d51b-45b3-9d28-4eba2681febf}"= "c:\program files\Download_Energy\tbDow1.dll" [2010-07-22 2515552]

.

[HKEY_CLASSES_ROOT\clsid\{48405d3d-2674-4cd8-b1ef-9a719443bd3f}]

.

[HKEY_CLASSES_ROOT\clsid\{2bae58c2-79f9-45d1-a286-81f911301c3a}]

.

[HKEY_CLASSES_ROOT\clsid\{ad708c09-d51b-45b3-9d28-4eba2681febf}]

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{2BAE58C2-79F9-45D1-A286-81F911301C3A}"= "c:\program files\P2P_Energy\tbP2P1.dll" [2010-10-17 2735200]

"{48405D3D-2674-4CD8-B1EF-9A719443BD3F}"= "c:\program files\Search_USA\tbSea0.dll" [2010-10-17 2735200]

"{AD708C09-D51B-45B3-9D28-4EBA2681FEBF}"= "c:\program files\Download_Energy\tbDow1.dll" [2010-07-22 2515552]

.

[HKEY_CLASSES_ROOT\clsid\{2bae58c2-79f9-45d1-a286-81f911301c3a}]

.

[HKEY_CLASSES_ROOT\clsid\{48405d3d-2674-4cd8-b1ef-9a719443bd3f}]

.

[HKEY_CLASSES_ROOT\clsid\{ad708c09-d51b-45b3-9d28-4eba2681febf}]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-02-16 39408]

"OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [2009-11-26 95632]

"Logitech Vid"="c:\program files\Logitech\Logitech Vid\vid.exe" [2009-07-16 5458704]

"i8kfangui"="c:\program files\I8kfanGUI\I8kfanGUI.exe" [2007-02-16 856064]

"AROReminder"="c:\program files\ARO 2011\aro.exe" [2011-01-25 2312048]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe" [2009-11-26 54672]

"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-04-21 281768]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]

"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-08-19 421736]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"RunNarrator"="Narrator.exe" [2008-04-14 53760]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [2011-4-19 291896]

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\srvA00]

@="service"

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\AIM\\aim.exe"=

"c:\\Program Files\\eMule\\emule.exe"=

"c:\\Program Files\\eMulePlus\\eMule.exe"=

"c:\\Program Files\\FrostWire\\FrostWire.exe"=

"c:\\Program Files\\LimeWire\\LimeWire.exe"=

"c:\\WINDOWS\\system32\\sessmgr.exe"=

"c:\\Program Files\\SoulseekNS\\slsk.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Logitech\\Logitech Vid\\Vid.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"67:UDP"= 67:UDP:*:Disabled:DHCP Server

.

R1 fanio;FanIO driver;c:\windows\system32\drivers\fanio.sys [1/31/2011 10:33 PM 14464]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [9/1/2011 8:26 PM 136360]

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [5/4/2011 10:45 AM 366152]

R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\psia.exe [4/19/2011 1:44 AM 993848]

R2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [4/19/2011 1:44 AM 399416]

R2 sprtsvc_verizondm;SupportSoft Sprocket Service (verizondm);c:\program files\VERIZONDM\bin\sprtsvc.exe [9/2/2010 4:46 AM 206120]

R2 tgsrvc_verizondm;SupportSoft Repair Service (verizondm);c:\program files\VERIZONDM\bin\tgsrvc.exe [9/2/2010 4:46 AM 185640]

R2 vseamps;vseamps;c:\program files\Common Files\Authentium\AntiVirus5\vseamps.exe [4/8/2010 3:46 PM 117288]

R2 vsedsps;vsedsps;c:\program files\Common Files\Authentium\AntiVirus5\vsedsps.exe [4/8/2010 3:46 PM 117288]

R2 vseqrts;vseqrts;c:\program files\Common Files\Authentium\AntiVirus5\vseqrts.exe [4/8/2010 3:46 PM 154152]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [5/4/2011 10:45 AM 22216]

R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [9/1/2010 3:30 AM 15544]

S2 ClipSrv32;ClipBook ;c:\windows\system32\wmploc32.exe --> c:\windows\system32\wmploc32.exe [?]

S2 CryptSvc32;Cryptographic Services ;c:\windows\system32\quartz32.exe --> c:\windows\system32\quartz32.exe [?]

S2 DcomLaunch32;DCOM Server Process Launcher ;c:\windows\system32\rasman32.exe --> c:\windows\system32\rasman32.exe [?]

S2 dmadmin3232;Logical Disk Manager Administrative Service ;c:\windows\system32\rtm32.exe --> c:\windows\system32\rtm32.exe [?]

S2 ERSvc32;Error Reporting Service ;c:\windows\system32\netui032.exe --> c:\windows\system32\netui032.exe [?]

S2 ERSvc3232;Error Reporting Service ;c:\windows\system32\wshatm32.exe --> c:\windows\system32\wshatm32.exe [?]

S2 FontCache3.0.0.032;Windows Presentation Foundation Font Cache 3.0.0.0 ;c:\windows\system32\pdh32.exe --> c:\windows\system32\pdh32.exe [?]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/16/2010 4:44 PM 135664]

S2 LMIRescue_5ebd5304-3ca6-47cb-9603-d9a4b6ab657b;LogMeIn Rescue (5ebd5304-3ca6-47cb-9603-d9a4b6ab657b);"c:\docume~1\Sarah\LOCALS~1\Temp\LMIR0001.tmp\LMI_Rescue_srv.exe" -service -sid 5ebd5304-3ca6-47cb-9603-d9a4b6ab657b --> c:\docume~1\Sarah\LOCALS~1\Temp\LMIR0001.tmp\LMI_Rescue_srv.exe [?]

S2 NtLmSsp32;NT LM Security Support Provider ;c:\windows\system32\wmasf32.exe --> c:\windows\system32\wmasf32.exe [?]

S2 srvA00;srvA00;c:\windows\system32\svchost.exe -k netsvcs [8/29/2002 7:00 AM 14336]

S2 UPS32;Uninterruptible Power Supply ;c:\windows\system32\shimeng32.exe --> c:\windows\system32\shimeng32.exe [?]

S2 vsedsps32;vsedsps ;c:\windows\system32\kbdhu32.exe --> c:\windows\system32\kbdhu32.exe [?]

S2 wuauserv3232;Automatic Updates ;c:\windows\system32\iaspolcy32.exe --> c:\windows\system32\iaspolcy32.exe [?]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2/16/2010 4:44 PM 135664]

.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

srvA00

.

Contents of the 'Scheduled Tasks' folder

.

2011-12-13 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]

.

2011-11-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-16 21:44]

.

2011-11-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-16 21:44]

.

2011-02-01 c:\windows\Tasks\ParetoLogic Update Version2.job

- c:\program files\Common Files\ParetoLogic\UUS2\Pareto_Update.exe [2009-01-13 14:59]

.

.

------- Supplementary Scan -------

.

uInternet Settings,ProxyOverride = <local>;*.local

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

TCP: DhcpNameServer = 192.168.1.1 192.168.1.1

DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab

DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab

FF - ProfilePath - c:\documents and settings\Judy\Application Data\Mozilla\Firefox\Profiles\j52sfuq9.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=

FF - prefs.js: browser.search.selectedEngine - Bing

FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=

FF - prefs.js: network.proxy.http - 127.0.0.1

FF - prefs.js: network.proxy.http_port - 64242

FF - prefs.js: network.proxy.type - 0

FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(yahoo.homepage.dontask, true);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(extentions.y2layers.installId, 0f23a4c7-fef6-4ad8-9201-717df781bb56

FF - user.js: extentions.y2layers.installId - 032cccb3-48a5-48fa-a037-36f99cf47c05

FF - user.js: extentions.y2layers.installId - 5c10a373-8026-4409-80e1-8ecd03661f88

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-12-22 18:39

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\srvA00]

"servicedll"="\\?\globalroot\Device\HarddiskVolume1\WINDOWS\Temp\srvA00.tmp"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Windows\AutorunsDisabled]

"Appinit_Dlls"="c:\\WINDOWS\\system32\\nmevtmsg32.dll"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(768)

c:\windows\system32\Ati2evxx.dll

.

- - - - - - - > 'explorer.exe'(5960)

c:\windows\system32\WININET.dll

c:\windows\TEMP\logishrd\LVPrcInj01.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\System32\Ati2evxx.exe

c:\windows\system32\Ati2evxx.exe

c:\program files\Avira\AntiVir Desktop\avguard.exe

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Avira\AntiVir Desktop\avshadow.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe

c:\program files\iPod\bin\iPodService.exe

c:\program files\Common Files\Java\Java Update\jucheck.exe

.

**************************************************************************

.

Completion time: 2011-12-22 18:45:11 - machine was rebooted

ComboFix-quarantined-files.txt 2011-12-22 23:45

.

Pre-Run: 270,646,747,136 bytes free

Post-Run: 271,883,296,768 bytes free

.

- - End Of File - - 78E2321F05F76BE6276E5C046A8AF8B2

Link to post
Share on other sites

Copy/paste the text in the Codebox below into notepad:

Here's how to do that:

Click Start > Run type Notepad click OK.

This will open an empty notepad file:

Take your mouse, and place your cursor at the beginning of the text in the box below, then click and hold the left mouse button, while pulling your mouse over the text. This should highlight the text. Now release the left mouse button. Now, with the cursor over the highlighted text, right click the mouse for options, and select 'copy'. Now over the empty Notepad box, right click your mouse again, and select 'paste' and you will have copied and pasted the text.

KillAll::

FireFox::
FF - ProfilePath - c:\documents and settings\Judy\Application Data\Mozilla\Firefox\Profiles\j52sfuq9.default\
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 64242
FF - prefs.js: network.proxy.type - 0

Save this file to your desktop, Save this as "CFScript"

Here's how to do that:

1.Click File;

2.Click Save As... Change the directory to your desktop;

3.Change the Save as type to "All Files";

4.Type in the file name: CFScript

5.Click Save ...

CFScriptB-4.gif

Drag CFScript.txt into ComboFix.exe

Then post the results log using Copy / Paste

Also please describe how your computer behaves at the moment.

Link to post
Share on other sites

Firefox (Windows)

1. Click "Tools", then click "Options" to bring up the Options window.

2. Click the "Advanced" button, then click the "Network" tab.

3. Click the "Settings" button, located next to "Configure how Firefox connects to the Internet".

4. Click the radio button labeled "No proxy". Click "OK" twice. This will remove the proxy server settings in Firefox.

Link to post
Share on other sites

Is the internet working?

If not, did you do this?

1. Click "Tools", then click "Options" to bring up the Options window.

2. Click the "Advanced" button, then click the "Network" tab.

3. Click the "Settings" button, located next to "Configure how Firefox connects to the Internet".

4. Click the radio button labeled "No proxy". Click "OK" twice. This will remove the proxy server settings in Firefox.

Link to post
Share on other sites

Good job thumbup.gif

The following will implement some cleanup procedures as well as reset System Restore points:

For XP:

  • Click START run
  • Now type ComboFix /Uninstall in the runbox and click OK. Note the space between the X and the /, it needs to be there.

For Vista / Windows 7

  • Click START Search
  • Now type ComboFix /Uninstall in the runbox and click OK. Note the space between the X and the /, it needs to be there.

If you used DeFogger

To re-enable your Emulation drivers, double click DeFogger to run the tool.

  • The application window will appear
  • Click the Re-enable button to re-enable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK

IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_enable which will appear on your desktop.

Your Emulation drivers are now re-enabled.

Here's my usual all clean post

To be on the safe side, I would also change all my passwords.

This infection appears to have been cleaned, but as the malware could be configured to run any program a remote attacker requires, it's impossible to be 100% sure that any machine is clean.

Log looks good :D

  • Update your AntiVirus Software - It is imperative that you update your Antivirus software at least once a week
    (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.
  • Use a Firewall - I can not stress how important it is that you use a Firewall on your computer.
    Without a firewall your computer is succeptible to being hacked and taken over.
    I am very serious about this and see it happen almost every day with my clients.
    Simply using a Firewall in its default configuration can lower your risk greatly.
  • Using a secure browser plugin M86 SecureBrowsing makes it safe to search, surf and socialize online. This free browser plug-in displays security icons next to links on search engines and social networking sites like Facebook, Twitter and LinkedIn, so you'll know which pages are safe and which ones to avoid.
    •Free browser plug-in for Internet Explorer and Firefox
    •Real-time safety ratings
    •Ideal for Facebook, Twitter and LinkedIn
  • JAVA Click this link and click on the Free JAVA Download
  • Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly.
    This will ensure your computer has always the latest security updates available installed on your computer.
    If there are new updates to install, install them immediately, reboot your computer, and revisit the site
    until there are no more critical updates.

Only run one Anti-Virus and Firewall program.

I would suggest you read:

PC Safety and Security--What Do I Need?.

How to Prevent Malware:

The full version of Malwarebytes' Anti-Malware could have helped protect your computer against this threat.

We use different ways of protecting your computer(s):

  • Dynamically Blocks Malware Sites & Servers
  • Malware Execution Prevention

Save yourself the hassle and get protected.

Link to post
Share on other sites

How about my netbook? Should I follow the same steps to clean it?

I had a virus notification pop up -- ran a virus scan and it appeared to clear it.

When I ran a scan yesterday it found about 6 sites to quarantine.

If I am not getting any other notifications - can I assume it is cleaned?

Thank you for your help.

Judy

Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.