Jump to content

Recommended Posts

Hi, I'm hoping you guys can help because I'm in over my head here. I had/have the AV Cloud 2012 virus. Basically a fake anti virus program would pop up and tell my computer was infected. I searched the net and found some guides on how to deal with it. I downloaded a program called RKill and another program called combofix that I was using to fight the virus. Except it keeps reinstalling itself so I am not able to get rid of it. Yesterday I saw that something was going on with my PC so ran Combo fix.

Combo fix gave an alert stating that I had the "zero access" virus and that it was a particularly nasty virus and that if after running combo fix I could not connect to the internet I should reboot and if that didn't work then I should run combo fix again. Well I did that and I am still unable to connect to the internet (on a friends PC now).

Also I am not able to do a system restore as any time I try the system restore fails.

So I have no idea what to do now. I'm not completely computer illiterate but I'm also no expert either. I could really use some help and I would really appreciate if you can help. Thanks.

Here is the Hijack this log.

-Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 8:48:12 PM, on 12/21/2011

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

C:\Program Files\Avira\AntiVir Desktop\avmailc.exe

C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\Real\RealPlayer\update\realsched.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe

C:\Documents and Settings\IBUYPOWER\Bluebirds\BlueBirds.exe

c:\program files\avira\antivir desktop\avcenter.exe

C:\Program Files\Avira\AntiVir Desktop\avscan.exe

C:\WINDOWS\system32\dllhost.exe

C:\Program Files\Power DVD Player\PowerDVDPlayer.exe

C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)

O2 - BHO: CrossRider - {A876E312-7D08-401a-B7A6-FAFC5DC2F292} - C:\Program Files\CrossriderWebApps\Crossrider.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Real\RealPlayer\update\realsched.exe" -osboot

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"

O4 - HKCU\..\Run: [bluebirds] C:\Documents and Settings\IBUYPOWER\Bluebirds\BlueBirds.exe

O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Avira Mail Protection (AntiVirMailService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avmailc.exe

O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira Realtime Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Avira Web Protection (AntiVirWebService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: Microsoft Antimalware Service (MsMpSvc) - Unknown owner - c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--

End of file - 6556 bytes

Link to post
Share on other sites

Here is the Malware bytes log I ran last night. This showed something relevant.

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org

Database version: 8384

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

12/21/2011 11:09:27 PM

mbam-log-2011-12-21 (23-09-27).txt

Scan type: Full scan (C:\|)

Objects scanned: 232491

Time elapsed: 1 hour(s), 26 minute(s), 4 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 1

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\IBUYPOWER\Local Settings\Application Data\vsi.exe" -a "firefox.exe -safe-mode) Good: (firefox.exe -safe-mode) -> Quarantined and deleted successfully.

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

And the Avira log also showed detections

Avira Antivirus Premium 2012

Report file date: Wednesday, December 21, 2011 19:53

Scanning for 2952372 virus strains and unwanted programs.

The program is running as a fully functional evaluation version.

Online services are available:

Licensee : Arnold Barrett

Serial number : 2218005751-PEPWE-0000001

Platform : Windows XP

Windows version : (Service Pack 3) [5.1.2600]

Boot mode : Normally booted

Username : SYSTEM

Computer name : IBUYPOWE-18F1F5

Version information:

BUILD.DAT : 12.0.0.888 42511 Bytes 12/15/2011 16:53:00

AVSCAN.EXE : 12.1.0.18 490448 Bytes 12/14/2011 09:12:01

AVSCAN.DLL : 12.1.0.17 54224 Bytes 9/24/2011 00:34:57

LUKE.DLL : 12.1.0.17 68304 Bytes 10/12/2011 02:06:29

AVSCPLR.DLL : 12.1.0.21 99536 Bytes 12/14/2011 05:12:13

AVREG.DLL : 12.1.0.27 227536 Bytes 12/14/2011 05:12:13

VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 07:18:34

VBASE001.VDF : 7.11.0.0 13342208 Bytes 12/14/2010 22:07:39

VBASE002.VDF : 7.11.19.170 14374912 Bytes 12/20/2011 03:32:10

VBASE003.VDF : 7.11.19.171 2048 Bytes 12/20/2011 03:32:10

VBASE004.VDF : 7.11.19.172 2048 Bytes 12/20/2011 03:32:10

VBASE005.VDF : 7.11.19.173 2048 Bytes 12/20/2011 03:32:10

VBASE006.VDF : 7.11.19.174 2048 Bytes 12/20/2011 03:32:11

VBASE007.VDF : 7.11.19.175 2048 Bytes 12/20/2011 03:32:11

VBASE008.VDF : 7.11.19.176 2048 Bytes 12/20/2011 03:32:11

VBASE009.VDF : 7.11.19.177 2048 Bytes 12/20/2011 03:32:11

VBASE010.VDF : 7.11.19.178 2048 Bytes 12/20/2011 03:32:11

VBASE011.VDF : 7.11.19.179 2048 Bytes 12/20/2011 03:32:11

VBASE012.VDF : 7.11.19.180 2048 Bytes 12/20/2011 03:32:11

VBASE013.VDF : 7.11.19.181 2048 Bytes 12/20/2011 03:32:11

VBASE014.VDF : 7.11.19.182 2048 Bytes 12/20/2011 03:32:12

VBASE015.VDF : 7.11.19.183 2048 Bytes 12/20/2011 03:32:12

VBASE016.VDF : 7.11.19.184 2048 Bytes 12/20/2011 03:32:12

VBASE017.VDF : 7.11.19.185 2048 Bytes 12/20/2011 03:32:12

VBASE018.VDF : 7.11.19.186 2048 Bytes 12/20/2011 03:32:12

VBASE019.VDF : 7.11.19.187 2048 Bytes 12/20/2011 03:32:12

VBASE020.VDF : 7.11.19.188 2048 Bytes 12/20/2011 03:32:12

VBASE021.VDF : 7.11.19.189 2048 Bytes 12/20/2011 03:32:13

VBASE022.VDF : 7.11.19.190 2048 Bytes 12/20/2011 03:32:13

VBASE023.VDF : 7.11.19.191 2048 Bytes 12/20/2011 03:32:13

VBASE024.VDF : 7.11.19.192 2048 Bytes 12/20/2011 03:32:13

VBASE025.VDF : 7.11.19.193 2048 Bytes 12/20/2011 03:32:13

VBASE026.VDF : 7.11.19.194 2048 Bytes 12/20/2011 03:32:13

VBASE027.VDF : 7.11.19.195 2048 Bytes 12/20/2011 03:32:13

VBASE028.VDF : 7.11.19.196 2048 Bytes 12/20/2011 03:32:13

VBASE029.VDF : 7.11.19.197 2048 Bytes 12/20/2011 03:32:14

VBASE030.VDF : 7.11.19.198 2048 Bytes 12/20/2011 03:32:14

VBASE031.VDF : 7.11.19.215 169984 Bytes 12/21/2011 03:31:16

Engineversion : 8.2.8.8

AEVDF.DLL : 8.1.2.2 106868 Bytes 12/14/2011 05:12:12

AESCRIPT.DLL : 8.1.3.92 495996 Bytes 12/16/2011 06:05:14

AESCN.DLL : 8.1.7.2 127349 Bytes 9/2/2011 10:46:02

AESBX.DLL : 8.2.4.5 434549 Bytes 12/14/2011 05:12:12

AERDL.DLL : 8.1.9.15 639348 Bytes 9/9/2011 10:16:06

AEPACK.DLL : 8.2.15.1 770423 Bytes 12/14/2011 05:12:11

AEOFFICE.DLL : 8.1.2.24 201084 Bytes 12/16/2011 06:05:13

AEHEUR.DLL : 8.1.3.8 4231543 Bytes 12/16/2011 06:05:12

AEHELP.DLL : 8.1.18.0 254327 Bytes 12/14/2011 05:12:04

AEGEN.DLL : 8.1.5.17 405877 Bytes 12/14/2011 05:12:04

AEEMU.DLL : 8.1.3.0 393589 Bytes 9/2/2011 10:46:01

AECORE.DLL : 8.1.24.2 201080 Bytes 12/16/2011 06:05:07

AEBB.DLL : 8.1.1.0 53618 Bytes 9/2/2011 10:46:01

AVWINLL.DLL : 12.1.0.17 27344 Bytes 10/12/2011 02:06:22

AVPREF.DLL : 12.1.0.17 51920 Bytes 10/12/2011 02:06:18

AVREP.DLL : 12.1.0.17 179920 Bytes 10/12/2011 02:06:19

AVARKT.DLL : 12.1.0.19 208848 Bytes 12/14/2011 09:11:58

AVEVTLOG.DLL : 12.1.0.17 169168 Bytes 10/12/2011 02:06:17

SQLITE3.DLL : 3.7.0.0 398288 Bytes 10/12/2011 02:06:32

AVSMTP.DLL : 12.1.0.17 63440 Bytes 10/12/2011 02:06:20

NETNT.DLL : 12.1.0.17 17104 Bytes 10/12/2011 02:06:30

RCIMAGE.DLL : 12.1.0.17 4493520 Bytes 10/12/2011 02:06:38

RCTEXT.DLL : 12.1.0.16 96208 Bytes 9/24/2011 00:37:28

Configuration settings for the scan:

Jobname.............................: Complete system scan

Configuration file..................: c:\program files\avira\antivir desktop\sysscan.avp

Logging.............................: default

Primary action......................: interactive

Secondary action....................: ignore

Scan master boot sector.............: on

Scan boot sector....................: on

Boot sectors........................: C:,

Process scan........................: on

Extended process scan...............: on

Scan registry.......................: on

Search for rootkits.................: on

Integrity checking of system files..: off

Scan all files......................: All files

Scan archives.......................: on

Recursion depth.....................: 20

Smart extensions....................: on

Macro heuristic.....................: on

File heuristic......................: extended

Start of the scan: Wednesday, December 21, 2011 19:53

Starting master boot sector scan:

Master boot sector HD0

[iNFO] No virus was found!

Master boot sector HD1

[iNFO] No virus was found!

Master boot sector HD2

[iNFO] No virus was found!

Master boot sector HD3

[iNFO] No virus was found!

Master boot sector HD4

[iNFO] No virus was found!

Master boot sector HD5

[iNFO] No virus was found!

Start scanning boot sectors:

Boot sector 'C:\'

[iNFO] No virus was found!

Starting search for hidden objects.

The scan of running processes will be started

Scan process 'rsmsink.exe' - '28' Module(s) have been scanned

Scan process 'msdtc.exe' - '40' Module(s) have been scanned

Scan process 'dllhost.exe' - '60' Module(s) have been scanned

Scan process 'dllhost.exe' - '45' Module(s) have been scanned

Scan process 'vssvc.exe' - '48' Module(s) have been scanned

Scan process 'avscan.exe' - '72' Module(s) have been scanned

Scan process 'avcenter.exe' - '72' Module(s) have been scanned

Scan process 'BlueBirds.exe' - '37' Module(s) have been scanned

Scan process 'PSFree.exe' - '30' Module(s) have been scanned

Scan process 'avgnt.exe' - '65' Module(s) have been scanned

Scan process 'mbamgui.exe' - '25' Module(s) have been scanned

Scan process 'jusched.exe' - '21' Module(s) have been scanned

Scan process 'svchost.exe' - '37' Module(s) have been scanned

Scan process 'realsched.exe' - '38' Module(s) have been scanned

Scan process 'RUNDLL32.EXE' - '28' Module(s) have been scanned

Scan process 'alg.exe' - '35' Module(s) have been scanned

Scan process 'AVWEBGRD.EXE' - '38' Module(s) have been scanned

Scan process 'avmailc.exe' - '29' Module(s) have been scanned

Scan process 'avshadow.exe' - '26' Module(s) have been scanned

Scan process 'mbamservice.exe' - '35' Module(s) have been scanned

Scan process 'LSSrvc.exe' - '19' Module(s) have been scanned

Scan process 'jqs.exe' - '35' Module(s) have been scanned

Scan process 'avguard.exe' - '76' Module(s) have been scanned

Scan process 'Explorer.EXE' - '88' Module(s) have been scanned

Scan process 'svchost.exe' - '34' Module(s) have been scanned

Scan process 'sched.exe' - '41' Module(s) have been scanned

Scan process 'spoolsv.exe' - '52' Module(s) have been scanned

Scan process 'svchost.exe' - '28' Module(s) have been scanned

Scan process 'svchost.exe' - '165' Module(s) have been scanned

Scan process 'svchost.exe' - '39' Module(s) have been scanned

Scan process 'svchost.exe' - '53' Module(s) have been scanned

Scan process 'nvsvc32.exe' - '38' Module(s) have been scanned

Scan process 'lsass.exe' - '59' Module(s) have been scanned

Scan process 'services.exe' - '27' Module(s) have been scanned

Scan process 'winlogon.exe' - '71' Module(s) have been scanned

Scan process 'csrss.exe' - '12' Module(s) have been scanned

Scan process 'smss.exe' - '2' Module(s) have been scanned

Starting to scan executable files (registry).

The registry was scanned ( '1350' files ).

Starting the file scan:

Begin scan in 'C:\'

C:\Qoobox\Quarantine\C\Documents and Settings\IBUYPOWER\Local Settings\Application Data\qui.exe.vir

[DETECTION] Is the TR/Fake.Rean.292 Trojan

C:\Qoobox\Quarantine\C\Documents and Settings\IBUYPOWER\Local Settings\Application Data\xxw.exe.vir

[DETECTION] Is the TR/Fake.Rean.827 Trojan

C:\System Volume Information\_restore{DE18B3A4-DB5C-489C-9B92-E542682F5E9D}\RP28\A0007584.exe

[DETECTION] Is the TR/Fake.Rean.827 Trojan

C:\System Volume Information\_restore{DE18B3A4-DB5C-489C-9B92-E542682F5E9D}\RP33\A0009143.sys

[DETECTION] Is the TR/Rootkit.Gen2 Trojan

Beginning disinfection:

C:\System Volume Information\_restore{DE18B3A4-DB5C-489C-9B92-E542682F5E9D}\RP33\A0009143.sys

[DETECTION] Is the TR/Rootkit.Gen2 Trojan

[NOTE] The file was moved to the quarantine directory under the name '4d7841b9.qua'.

C:\System Volume Information\_restore{DE18B3A4-DB5C-489C-9B92-E542682F5E9D}\RP28\A0007584.exe

[DETECTION] Is the TR/Fake.Rean.827 Trojan

[NOTE] The file was moved to the quarantine directory under the name '55ef6e1e.qua'.

C:\Qoobox\Quarantine\C\Documents and Settings\IBUYPOWER\Local Settings\Application Data\xxw.exe.vir

[DETECTION] Is the TR/Fake.Rean.827 Trojan

[NOTE] The file was moved to the quarantine directory under the name '07fb372e.qua'.

C:\Qoobox\Quarantine\C\Documents and Settings\IBUYPOWER\Local Settings\Application Data\qui.exe.vir

[DETECTION] Is the TR/Fake.Rean.292 Trojan

[NOTE] The file was moved to the quarantine directory under the name '61fe78f1.qua'.

End of the scan: Wednesday, December 21, 2011 21:09

Used time: 1:15:39 Hour(s)

The scan has been done completely.

8147 Scanned directories

237760 Files were scanned

4 Viruses and/or unwanted programs were found

0 Files were classified as suspicious

0 Files were deleted

0 Viruses and unwanted programs were repaired

4 Files were moved to quarantine

0 Files were renamed

0 Files cannot be scanned

237756 Files not concerned

1615 Archives were scanned

0 Warnings

4 Notes

366008 Objects were scanned with rootkit scan

0 Hidden objects were found

Link to post
Share on other sites

Here is the log from combofix which was running when I was typing up the first post. Doesn't appear to show anything but like I said I am in over my head, so I may be missing a lot.

ComboFix 11-12-21.02 - IBUYPOWER 12/22/2011 16:27:39.15.2 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1504 [GMT -11:00]

Running from: c:\documents and settings\IBUYPOWER\My Documents\Downloads\ComboFix.exe

AV: Avira Desktop *Enabled/Updated* {C19476D9-52BC-4E93-8AF3-CCF59F7AE8FE}

AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

.

.

((((((((((((((((((((((((( Files Created from 2011-11-23 to 2011-12-23 )))))))))))))))))))))))))))))))

.

.

2011-12-19 00:58 . 2011-12-19 00:58 388096 ----a-r- c:\documents and settings\IBUYPOWER\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2011-12-19 00:58 . 2011-12-19 00:58 -------- d-----w- c:\program files\Trend Micro

2011-12-16 05:36 . 2011-07-15 13:29 456320 -c--a-w- c:\windows\system32\dllcache\mrxsmb.sys

2011-12-16 05:36 . 2011-07-15 13:29 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-12-14 05:11 . 2011-12-14 05:11 -------- d-----w- c:\documents and settings\IBUYPOWER\Application Data\Avira

2011-12-14 05:11 . 2011-12-14 09:12 134856 ----a-w- c:\windows\system32\drivers\avipbb.sys

2011-12-14 05:11 . 2011-12-14 05:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira

2011-12-14 05:11 . 2011-12-14 05:11 -------- d-----w- c:\program files\Avira

2011-12-14 05:11 . 2011-10-12 02:06 74640 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2011-12-14 05:11 . 2011-10-12 02:06 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys

2011-12-14 03:34 . 2008-04-14 12:00 64512 -c--a-w- c:\windows\system32\dllcache\serial.sys

2011-12-14 03:34 . 2008-04-14 12:00 64512 ----a-w- c:\windows\system32\drivers\serial.sys

2011-12-13 06:20 . 2011-12-13 06:20 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-12-13 06:20 . 2011-09-01 04:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-12-13 06:05 . 2008-04-14 11:10 62976 -c--a-w- c:\windows\system32\dllcache\cdrom.sys

2011-12-13 06:05 . 2008-04-14 11:10 62976 ----a-w- c:\windows\system32\drivers\cdrom.sys

2011-12-13 05:29 . 2011-12-13 05:29 -------- d-----w- c:\windows\system32\wbem\Repository

2011-11-24 20:39 . 2011-11-24 20:39 -------- d-----w- c:\documents and settings\IBUYPOWER\Application Data\FS1ivD3on

2011-11-24 20:39 . 2011-11-24 20:39 -------- d-----w- c:\documents and settings\IBUYPOWER\Application Data\EhYXwjUVeOtPy

2011-11-24 20:29 . 2011-11-24 20:29 -------- d-----w- c:\documents and settings\IBUYPOWER\Application Data\xlIBtzPNyAiDoFa

2011-11-24 19:01 . 2011-11-24 22:34 -------- d-----w- c:\program files\C4ED1

2011-11-24 19:00 . 2011-11-24 19:00 -------- d-----w- c:\documents and settings\IBUYPOWER\Application Data\UXXXqjYYCeIBrO

2011-11-24 19:00 . 2011-11-24 19:01 -------- d-----w- c:\documents and settings\IBUYPOWER\Application Data\F0FC4

2011-11-24 19:00 . 2011-11-24 19:00 -------- d-----w- c:\documents and settings\IBUYPOWER\Application Data\yYYYCwkkIVl

2011-11-24 19:00 . 2011-11-24 19:00 -------- d-----w- c:\documents and settings\IBUYPOWER\Application Data\t77fRRL9hT

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-12-03 20:23 . 2011-07-22 00:08 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-11-23 13:25 . 2008-04-14 12:00 1859584 ----a-w- c:\windows\system32\win32k.sys

2011-11-12 22:01 . 2008-04-14 12:00 138496 ----a-w- c:\windows\system32\drivers\afd.sys

2011-11-08 03:45 . 2011-11-08 03:45 56200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{FE2C836D-6B25-4643-BCC7-B8846728E6BF}\offreg.dll

2011-11-04 19:20 . 2008-04-14 12:00 916992 ----a-w- c:\windows\system32\wininet.dll

2011-11-04 19:20 . 2008-04-14 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll

2011-11-04 19:20 . 2008-04-14 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl

2011-11-04 11:23 . 2008-04-14 12:00 385024 ----a-w- c:\windows\system32\html.iec

2011-11-01 16:07 . 2008-04-14 12:00 1288704 ----a-w- c:\windows\system32\ole32.dll

2011-10-28 05:31 . 2008-04-14 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll

2011-10-25 13:37 . 2008-04-14 12:00 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe

2011-10-25 12:52 . 2008-04-14 00:01 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe

2011-10-18 11:13 . 2008-04-14 12:00 186880 ----a-w- c:\windows\system32\encdec.dll

2011-10-10 14:22 . 2009-07-27 18:20 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-10-07 03:48 . 2011-11-06 20:01 6668624 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{FE2C836D-6B25-4643-BCC7-B8846728E6BF}\mpengine.dll

2011-10-07 03:48 . 2010-01-01 00:51 6668624 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2011-09-28 07:06 . 2008-04-14 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll

2011-09-26 22:41 . 2008-07-30 02:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll

2011-09-26 22:41 . 2008-04-14 12:00 220160 ----a-w- c:\windows\system32\oleacc.dll

2011-09-26 22:41 . 2008-04-14 12:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll

2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll

2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll

.

.

((((((((((((((((((((((((((((( SnapShot_2011-12-16_05.50.22 )))))))))))))))))))))))))))))))))))))))))

.

+ 2011-12-23 03:24 . 2011-12-23 03:24 16384 c:\windows\temp\Perflib_Perfdata_1f0.dat

+ 2008-04-14 12:00 . 2011-12-23 03:29 68796 c:\windows\system32\perfc009.dat

- 2008-04-14 12:00 . 2011-12-16 05:53 68796 c:\windows\system32\perfc009.dat

+ 2011-12-17 22:51 . 2011-12-17 22:51 19968 c:\windows\Installer\8ef20.msi

+ 2008-04-14 12:00 . 2011-12-23 03:29 436026 c:\windows\system32\perfh009.dat

- 2008-04-14 12:00 . 2011-12-16 05:53 436026 c:\windows\system32\perfh009.dat

+ 2011-12-22 05:52 . 2011-12-13 05:25 143000 c:\windows\pchealth\helpctr\Config\Cache\Personal_32_1033.dat

+ 2011-01-14 18:10 . 2011-01-14 18:10 155520 c:\windows\Installer\$PatchCache$\Managed\00004109500200000000000000F01FEC\14.0.5130\GKWORD6.DLL

+ 2011-01-14 18:10 . 2011-01-14 18:10 140160 c:\windows\Installer\$PatchCache$\Managed\00004109500200000000000000F01FEC\14.0.5130\GKEXCEL2.DLL

+ 2009-09-11 03:31 . 2011-12-22 08:38 1590688 c:\windows\system32\Restore\rstrlog.dat

+ 2011-07-21 23:34 . 2011-07-21 23:34 3456000 c:\windows\Installer\169d917.msp

+ 2011-12-19 00:58 . 2011-12-19 00:58 1094656 c:\windows\Installer\1241bbc.msi

+ 2011-01-14 18:10 . 2011-01-14 18:10 2395008 c:\windows\Installer\$PatchCache$\Managed\00004109500200000000000000F01FEC\14.0.5130\GKWORD.DLL

+ 2011-01-14 18:10 . 2011-01-14 18:10 2180992 c:\windows\Installer\$PatchCache$\Managed\00004109500200000000000000F01FEC\14.0.5130\GKPOWERPOINT.DLL

+ 2011-01-14 18:10 . 2011-01-14 18:10 3443072 c:\windows\Installer\$PatchCache$\Managed\00004109500200000000000000F01FEC\14.0.5130\GKEXCEL.DLL

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"PopUpStopperFreeEdition"="c:\progra~1\PANICW~1\POP-UP~1\PSFree.exe" [2005-03-17 536576]

"bluebirds"="c:\documents and settings\IBUYPOWER\Bluebirds\BlueBirds.exe" [2009-04-29 270336]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"nwiz"="nwiz.exe" [2009-06-10 1657376]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-06-10 86016]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-10 13758464]

"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2011-04-03 273544]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-09-01 449608]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-10-12 258512]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

[HKLM\~\startupfolder\C:^Documents and Settings^IBUYPOWER^Start Menu^Programs^Startup^Webshots.lnk]

path=c:\documents and settings\IBUYPOWER\Start Menu\Programs\Startup\Webshots.lnk

backup=c:\windows\pss\Webshots.lnkStartup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\bluebirds]

2009-04-29 09:02 270336 ----a-r- c:\documents and settings\IBUYPOWER\Bluebirds\BlueBirds.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CrossRiderPlugin]

2011-05-15 22:01 478720 ----a-w- c:\program files\CrossriderWebApps\Crossrider.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]

2011-08-02 07:33 4910912 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HDAudDeck]

2008-08-15 03:13 30003200 ----a-r- c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]

2009-08-20 20:25 2363392 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Power DVD Player]

2007-09-06 07:28 391168 ----a-w- c:\program files\Power DVD Player\PowerDVDPlayer.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VeohPlugin]

2009-10-06 00:14 2075384 ----a-w- c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"DisableNotifications"= 1 (0x1)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"=

"c:\\Program Files\\Vietcong\\vietcong.exe"=

"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

"c:\\Program Files\\BitTorrent\\bittorrent.exe"=

"c:\\WINDOWS\\system32\\dpnsvr.exe"=

"c:\\Documents and Settings\\IBUYPOWER\\Application Data\\Macromedia\\Flash Player\\www.macromedia.com\\bin\\octoshape\\octoshape.exe"=

"c:\\Program Files\\FrostWire\\FrostWire.exe"=

.

R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [12/13/2011 6:11 PM 36000]

R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [9/4/2011 12:47 AM 232512]

R2 AntiVirMailService;Avira Mail Protection;c:\program files\Avira\AntiVir Desktop\avmailc.exe [12/13/2011 6:11 PM 342480]

R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [12/13/2011 6:11 PM 86224]

R2 AntiVirWebService;Avira Web Protection;c:\program files\Avira\AntiVir Desktop\avwebgrd.exe [12/13/2011 6:11 PM 463824]

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [12/12/2011 7:20 PM 366152]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [12/12/2011 7:20 PM 22216]

R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [7/27/2009 7:54 AM 845184]

S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

2009-08-20 20:24 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe

.

Contents of the 'Scheduled Tasks' folder

.

2011-12-23 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1935655697-796845957-682003330-1004.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-01-24 21:25]

.

2011-12-21 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1935655697-796845957-682003330-1004.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-01-24 21:25]

.

.

------- Supplementary Scan -------

.

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll

TCP: DhcpNameServer = 167.206.254.1 167.206.254.2

FF - ProfilePath - c:\documents and settings\IBUYPOWER\Application Data\Mozilla\Firefox\Profiles\ekruw1do.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=

FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

FF - Ext: Veehd Plugin: {3DB5ABE1-407D-458F-AD5D-8D89BD625CCC} - %profile%\extensions\{3DB5ABE1-407D-458F-AD5D-8D89BD625CCC}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff

FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext

FF - Ext: Premiumplay Codec-C: crossriderapp435@crossrider.com - c:\documents and settings\All Users\Application Data\CodecCheck\firefox

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-12-22 16:34

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'lsass.exe'(708)

c:\program files\Avira\AntiVir Desktop\avsda.dll

.

- - - - - - - > 'explorer.exe'(304)

c:\windows\system32\WININET.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

Completion time: 2011-12-22 16:35:25

ComboFix-quarantined-files.txt 2011-12-23 03:35

ComboFix2.txt 2011-12-22 06:40

ComboFix3.txt 2011-12-22 06:13

ComboFix4.txt 2011-12-22 05:21

ComboFix5.txt 2011-12-23 03:26

.

Pre-Run: 211,307,036,672 bytes free

Post-Run: 211,295,657,984 bytes free

.

- - End Of File - - C06E0CEC8ACC4A0C98BFA11AA3A66B52

Link to post
Share on other sites

I saw the sticky at the top of the forum and ran the DDS scan, it didn't appear to find anything. Here is the log.

FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

FF - Ext: Veehd Plugin: {3DB5ABE1-407D-458F-AD5D-8D89BD625CCC} - %profile%\extensions\{3DB5ABE1-407D-458F-AD5D-8D89BD625CCC}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension

FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff

FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\Ext

FF - Ext: Premiumplay Codec-C: crossriderapp435@crossrider.com - c:\documents and settings\all users\application data\codeccheck\firefox

.

============= SERVICES / DRIVERS ===============

.

R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2011-12-13 36000]

R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2011-9-4 232512]

R2 AntiVirMailService;Avira Mail Protection;c:\program files\avira\antivir desktop\avmailc.exe [2011-12-13 342480]

R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-12-13 86224]

R2 AntiVirService;Avira Realtime Protection;c:\program files\avira\antivir desktop\avguard.exe [2011-12-13 110032]

R2 AntiVirWebService;Avira Web Protection;c:\program files\avira\antivir desktop\avwebgrd.exe [2011-12-13 463824]

R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-12-13 74640]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-12-12 366152]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-12-12 22216]

R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2009-7-27 845184]

R4 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-12-22 41272]

S0 vkquwexg;vkquwexg;c:\windows\system32\drivers\combo-fix.sys --> c:\windows\system32\drivers\Combo-Fix.sys [?]

S1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\mpfilter.sys --> c:\windows\system32\drivers\MpFilter.sys [?]

.

=============== Created Last 30 ================

.

2011-12-23 04:05:55 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-12-23 03:26:39 -------- d-----w- C:\ComboFix

2011-12-19 00:58:29 388096 ----a-r- c:\documents and settings\ibuypower\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe

2011-12-19 00:58:29 -------- d-----w- c:\program files\Trend Micro

2011-12-16 05:36:49 456320 -c--a-w- c:\windows\system32\dllcache\mrxsmb.sys

2011-12-16 05:36:49 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-12-14 05:11:31 -------- d-----w- c:\documents and settings\ibuypower\application data\Avira

2011-12-14 05:11:01 74640 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2011-12-14 05:11:01 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys

2011-12-14 05:11:01 -------- d-----w- c:\program files\Avira

2011-12-14 05:11:01 -------- d-----w- c:\documents and settings\all users\application data\Avira

2011-12-14 03:34:43 64512 -c--a-w- c:\windows\system32\dllcache\serial.sys

2011-12-14 03:34:43 64512 ----a-w- c:\windows\system32\drivers\serial.sys

2011-12-13 06:20:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-12-13 06:20:00 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-12-13 06:05:22 62976 -c--a-w- c:\windows\system32\dllcache\cdrom.sys

2011-12-13 06:05:22 62976 ----a-w- c:\windows\system32\drivers\cdrom.sys

2011-12-13 05:50:39 98816 ----a-w- c:\windows\sed.exe

2011-12-13 05:50:39 518144 ----a-w- c:\windows\SWREG.exe

2011-12-13 05:50:39 256000 ----a-w- c:\windows\PEV.exe

2011-12-13 05:50:39 208896 ----a-w- c:\windows\MBR.exe

2011-12-13 05:29:38 -------- d-----w- c:\windows\system32\wbem\repository\FS

2011-12-13 05:29:38 -------- d-----w- c:\windows\system32\wbem\Repository

2011-11-24 20:39:29 -------- d-----w- c:\documents and settings\ibuypower\application data\FS1ivD3on

2011-11-24 20:39:29 -------- d-----w- c:\documents and settings\ibuypower\application data\EhYXwjUVeOtPy

2011-11-24 20:29:55 -------- d-----w- c:\documents and settings\ibuypower\application data\xlIBtzPNyAiDoFa

2011-11-24 19:01:10 -------- d-----w- c:\program files\C4ED1

2011-11-24 19:00:38 -------- d-----w- c:\documents and settings\ibuypower\application data\UXXXqjYYCeIBrO

2011-11-24 19:00:37 -------- d-----w- c:\documents and settings\ibuypower\application data\F0FC4

2011-11-24 19:00:32 -------- d-----w- c:\documents and settings\ibuypower\application data\yYYYCwkkIVl

2011-11-24 19:00:32 -------- d-----w- c:\documents and settings\ibuypower\application data\t77fRRL9hT

.

==================== Find3M ====================

.

2011-12-03 20:23:01 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-11-23 13:25:32 1859584 ----a-w- c:\windows\system32\win32k.sys

2011-11-12 22:01:38 138496 ----a-w- c:\windows\system32\drivers\afd.sys

2011-11-04 19:20:51 916992 ----a-w- c:\windows\system32\wininet.dll

2011-11-04 19:20:51 43520 ----a-w- c:\windows\system32\licmgr10.dll

2011-11-04 19:20:51 1469440 ------w- c:\windows\system32\inetcpl.cpl

2011-11-04 11:23:59 385024 ----a-w- c:\windows\system32\html.iec

2011-11-01 16:07:10 1288704 ----a-w- c:\windows\system32\ole32.dll

2011-10-28 05:31:48 33280 ----a-w- c:\windows\system32\csrsrv.dll

2011-10-25 13:37:08 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe

2011-10-25 12:52:02 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe

2011-10-18 11:13:22 186880 ----a-w- c:\windows\system32\encdec.dll

2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-09-28 07:06:50 599040 ----a-w- c:\windows\system32\crypt32.dll

2011-09-26 22:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll

2011-09-26 22:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll

2011-09-26 22:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll

.

============= FINISH: 17:15:12.42 ===============

Link to post
Share on other sites

  • Staff

Hi and welcome to Malwarebytes.

I notice that you are using more than one antivirus program (Microsoft and Avira). This is very dangerous, as multiple AVs can interfere with one another and actually allow MORE viruses to get through. I strongly suggest you go to Start -> Control Panel -> Add or Remove Programs and uninstall all but one antivirus program.

  • Download the file TDSSKiller.zip and extract it into a folder on the infected PC.
  • Execute the file TDSSKiller.exe by double-clicking on it.
  • Wait for the scan and disinfection process to be over.
  • When its work is over, the utility prompts for a reboot to complete the disinfection.

By default, the utility outputs runtime log into the system disk root directory (the disk where the operating system is installed, C:\ as a rule).

The log is like UtilityName.Version_Date_Time_log.txt.

for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt.

Please post that log here.

Link to post
Share on other sites

Thank you for the reply. As far as I know I uninstalled microsoft security essentials. It is not listed in the ADD/Remove programs. But it keeps being listed when I run combofix. I'm not sure what is going on there.

Here is the log. It didn't not appear to find anything.

FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

FF - Ext: Veehd Plugin: {3DB5ABE1-407D-458F-AD5D-8D89BD625CCC} - %profile%\extensions\{3DB5ABE1-407D-458F-AD5D-8D89BD625CCC}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension

FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff

FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\Ext

FF - Ext: Premiumplay Codec-C: crossriderapp435@crossrider.com - c:\documents and settings\all users\application data\codeccheck\firefox

.

============= SERVICES / DRIVERS ===============

.

R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2011-12-13 36000]

R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2011-9-4 232512]

R2 AntiVirMailService;Avira Mail Protection;c:\program files\avira\antivir desktop\avmailc.exe [2011-12-13 342480]

R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-12-13 86224]

R2 AntiVirService;Avira Realtime Protection;c:\program files\avira\antivir desktop\avguard.exe [2011-12-13 110032]

R2 AntiVirWebService;Avira Web Protection;c:\program files\avira\antivir desktop\avwebgrd.exe [2011-12-13 463824]

R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-12-13 74640]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-12-12 366152]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-12-12 22216]

R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2009-7-27 845184]

R4 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-12-22 41272]

S0 vkquwexg;vkquwexg;c:\windows\system32\drivers\combo-fix.sys --> c:\windows\system32\drivers\Combo-Fix.sys [?]

S1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\mpfilter.sys --> c:\windows\system32\drivers\MpFilter.sys [?]

.

=============== Created Last 30 ================

.

2011-12-23 04:05:55 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-12-23 03:26:39 -------- d-----w- C:\ComboFix

2011-12-19 00:58:29 388096 ----a-r- c:\documents and settings\ibuypower\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe

2011-12-19 00:58:29 -------- d-----w- c:\program files\Trend Micro

2011-12-16 05:36:49 456320 -c--a-w- c:\windows\system32\dllcache\mrxsmb.sys

2011-12-16 05:36:49 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-12-14 05:11:31 -------- d-----w- c:\documents and settings\ibuypower\application data\Avira

2011-12-14 05:11:01 74640 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2011-12-14 05:11:01 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys

2011-12-14 05:11:01 -------- d-----w- c:\program files\Avira

2011-12-14 05:11:01 -------- d-----w- c:\documents and settings\all users\application data\Avira

2011-12-14 03:34:43 64512 -c--a-w- c:\windows\system32\dllcache\serial.sys

2011-12-14 03:34:43 64512 ----a-w- c:\windows\system32\drivers\serial.sys

2011-12-13 06:20:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-12-13 06:20:00 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-12-13 06:05:22 62976 -c--a-w- c:\windows\system32\dllcache\cdrom.sys

2011-12-13 06:05:22 62976 ----a-w- c:\windows\system32\drivers\cdrom.sys

2011-12-13 05:50:39 98816 ----a-w- c:\windows\sed.exe

2011-12-13 05:50:39 518144 ----a-w- c:\windows\SWREG.exe

2011-12-13 05:50:39 256000 ----a-w- c:\windows\PEV.exe

2011-12-13 05:50:39 208896 ----a-w- c:\windows\MBR.exe

2011-12-13 05:29:38 -------- d-----w- c:\windows\system32\wbem\repository\FS

2011-12-13 05:29:38 -------- d-----w- c:\windows\system32\wbem\Repository

2011-11-24 20:39:29 -------- d-----w- c:\documents and settings\ibuypower\application data\FS1ivD3on

2011-11-24 20:39:29 -------- d-----w- c:\documents and settings\ibuypower\application data\EhYXwjUVeOtPy

2011-11-24 20:29:55 -------- d-----w- c:\documents and settings\ibuypower\application data\xlIBtzPNyAiDoFa

2011-11-24 19:01:10 -------- d-----w- c:\program files\C4ED1

2011-11-24 19:00:38 -------- d-----w- c:\documents and settings\ibuypower\application data\UXXXqjYYCeIBrO

2011-11-24 19:00:37 -------- d-----w- c:\documents and settings\ibuypower\application data\F0FC4

2011-11-24 19:00:32 -------- d-----w- c:\documents and settings\ibuypower\application data\yYYYCwkkIVl

2011-11-24 19:00:32 -------- d-----w- c:\documents and settings\ibuypower\application data\t77fRRL9hT

.

==================== Find3M ====================

.

2011-12-03 20:23:01 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-11-23 13:25:32 1859584 ----a-w- c:\windows\system32\win32k.sys

2011-11-12 22:01:38 138496 ----a-w- c:\windows\system32\drivers\afd.sys

2011-11-04 19:20:51 916992 ----a-w- c:\windows\system32\wininet.dll

2011-11-04 19:20:51 43520 ----a-w- c:\windows\system32\licmgr10.dll

2011-11-04 19:20:51 1469440 ------w- c:\windows\system32\inetcpl.cpl

2011-11-04 11:23:59 385024 ----a-w- c:\windows\system32\html.iec

2011-11-01 16:07:10 1288704 ----a-w- c:\windows\system32\ole32.dll

2011-10-28 05:31:48 33280 ----a-w- c:\windows\system32\csrsrv.dll

2011-10-25 13:37:08 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe

2011-10-25 12:52:02 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe

2011-10-18 11:13:22 186880 ----a-w- c:\windows\system32\encdec.dll

2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-09-28 07:06:50 599040 ----a-w- c:\windows\system32\crypt32.dll

2011-09-26 22:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll

2011-09-26 22:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll

2011-09-26 22:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll

.

============= FINISH: 17:15:12.42 ===============

Perhaps I may have gotten the virus but it changed around my internet settings? I am having the same problem another poster described in a recent thread in that my PC is endlessly trying to acquire a network. Also an additional problem I am having is I can no longer run RKILL. When I try to run it It starts and then I get an error message and it closes. Thanks again for any help or direction you can offer.

Link to post
Share on other sites

Sorry about that. I have a bunch of different logs on the memory stick I am using.

17:25:16.0765 3068 TDSS rootkit removing tool 2.6.24.0 Dec 22 2011 18:21:27

17:25:17.0093 3068 ============================================================

17:25:17.0093 3068 Current date / time: 2011/12/22 17:25:17.0093

17:25:17.0093 3068 SystemInfo:

17:25:17.0093 3068

17:25:17.0093 3068 OS Version: 5.1.2600 ServicePack: 3.0

17:25:17.0093 3068 Product type: Workstation

17:25:17.0093 3068 ComputerName: IBUYPOWE-18F1F5

17:25:17.0093 3068 UserName: IBUYPOWER

17:25:17.0093 3068 Windows directory: C:\WINDOWS

17:25:17.0093 3068 System windows directory: C:\WINDOWS

17:25:17.0093 3068 Processor architecture: Intel x86

17:25:17.0093 3068 Number of processors: 2

17:25:17.0093 3068 Page size: 0x1000

17:25:17.0093 3068 Boot type: Normal boot

17:25:17.0093 3068 ============================================================

17:25:18.0703 3068 Initialize success

17:25:42.0656 3608 ============================================================

17:25:42.0656 3608 Scan started

17:25:42.0656 3608 Mode: Manual; SigCheck; TDLFS;

17:25:42.0656 3608 ============================================================

17:25:44.0046 3608 Abiosdsk - ok

17:25:44.0062 3608 abp480n5 - ok

17:25:44.0125 3608 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

17:25:44.0437 3608 ACPI - ok

17:25:44.0515 3608 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

17:25:44.0609 3608 ACPIEC - ok

17:25:44.0609 3608 adpu160m - ok

17:25:44.0625 3608 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

17:25:44.0687 3608 aec - ok

17:25:44.0734 3608 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys

17:25:44.0765 3608 AFD - ok

17:25:44.0765 3608 Aha154x - ok

17:25:44.0765 3608 aic78u2 - ok

17:25:44.0781 3608 aic78xx - ok

17:25:44.0781 3608 AliIde - ok

17:25:44.0781 3608 amsint - ok

17:25:44.0796 3608 asc - ok

17:25:44.0796 3608 asc3350p - ok

17:25:44.0796 3608 asc3550 - ok

17:25:44.0843 3608 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

17:25:44.0890 3608 AsyncMac - ok

17:25:45.0000 3608 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

17:25:45.0062 3608 atapi - ok

17:25:45.0062 3608 Atdisk - ok

17:25:45.0093 3608 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

17:25:45.0171 3608 Atmarpc - ok

17:25:45.0218 3608 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

17:25:45.0265 3608 audstub - ok

17:25:45.0281 3608 avgntflt (7713e4eb0276702faa08e52a6e23f2a6) C:\WINDOWS\system32\DRIVERS\avgntflt.sys

17:25:45.0328 3608 avgntflt - ok

17:25:45.0343 3608 avipbb (475fbb85956534720858ae72010c0a43) C:\WINDOWS\system32\DRIVERS\avipbb.sys

17:25:45.0343 3608 avipbb - ok

17:25:45.0359 3608 avkmgr (271cfd1a989209b1964e24d969552bf7) C:\WINDOWS\system32\DRIVERS\avkmgr.sys

17:25:45.0359 3608 avkmgr - ok

17:25:45.0468 3608 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

17:25:45.0531 3608 Beep - ok

17:25:45.0718 3608 catchme - ok

17:25:45.0734 3608 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

17:25:45.0828 3608 cbidf2k - ok

17:25:45.0828 3608 cd20xrnt - ok

17:25:45.0828 3608 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

17:25:45.0890 3608 Cdaudio - ok

17:25:45.0937 3608 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

17:25:46.0000 3608 Cdfs - ok

17:25:46.0062 3608 cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

17:25:46.0109 3608 cdrom - ok

17:25:46.0109 3608 Changer - ok

17:25:46.0125 3608 CmdIde - ok

17:25:46.0125 3608 Cpqarray - ok

17:25:46.0140 3608 dac2w2k - ok

17:25:46.0140 3608 dac960nt - ok

17:25:46.0156 3608 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

17:25:46.0203 3608 Disk - ok

17:25:46.0234 3608 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

17:25:46.0296 3608 dmboot - ok

17:25:46.0312 3608 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

17:25:46.0390 3608 dmio - ok

17:25:46.0437 3608 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

17:25:46.0515 3608 dmload - ok

17:25:46.0578 3608 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

17:25:46.0640 3608 DMusic - ok

17:25:46.0656 3608 dpti2o - ok

17:25:46.0656 3608 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

17:25:46.0703 3608 drmkaud - ok

17:25:46.0765 3608 dtsoftbus01 (c0c7ceccb6c85994c2bc92d58e52d3f2) C:\WINDOWS\system32\DRIVERS\dtsoftbus01.sys

17:25:46.0781 3608 dtsoftbus01 - ok

17:25:46.0828 3608 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

17:25:46.0890 3608 Fastfat - ok

17:25:47.0015 3608 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys

17:25:47.0062 3608 Fdc - ok

17:25:47.0078 3608 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

17:25:47.0125 3608 Fips - ok

17:25:47.0171 3608 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

17:25:47.0234 3608 Flpydisk - ok

17:25:47.0265 3608 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys

17:25:47.0328 3608 FltMgr - ok

17:25:47.0343 3608 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

17:25:47.0406 3608 Fs_Rec - ok

17:25:47.0406 3608 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

17:25:47.0484 3608 Ftdisk - ok

17:25:47.0515 3608 GEARAspiWDM (df6e37b27a9a1a498c6d9f29995b7a03) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys

17:25:47.0515 3608 GEARAspiWDM - ok

17:25:47.0640 3608 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

17:25:47.0687 3608 Gpc - ok

17:25:47.0718 3608 grmnusb (6003bc70f1a8307262bd3c941bda0b7e) C:\WINDOWS\system32\drivers\grmnusb.sys

17:25:47.0781 3608 grmnusb - ok

17:25:47.0828 3608 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

17:25:47.0890 3608 HDAudBus - ok

17:25:47.0953 3608 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

17:25:48.0015 3608 hidusb - ok

17:25:48.0015 3608 hpn - ok

17:25:48.0078 3608 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

17:25:48.0125 3608 HTTP - ok

17:25:48.0234 3608 i2omgmt - ok

17:25:48.0234 3608 i2omp - ok

17:25:48.0234 3608 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

17:25:48.0281 3608 i8042prt - ok

17:25:48.0328 3608 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

17:25:48.0390 3608 Imapi - ok

17:25:48.0390 3608 ini910u - ok

17:25:48.0390 3608 IntelIde - ok

17:25:48.0406 3608 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

17:25:48.0468 3608 intelppm - ok

17:25:48.0562 3608 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys

17:25:48.0640 3608 Ip6Fw - ok

17:25:48.0671 3608 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

17:25:48.0750 3608 IpFilterDriver - ok

17:25:48.0781 3608 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

17:25:48.0828 3608 IpInIp - ok

17:25:48.0859 3608 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

17:25:48.0937 3608 IpNat - ok

17:25:48.0984 3608 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

17:25:49.0109 3608 IPSec - ok

17:25:49.0250 3608 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

17:25:49.0265 3608 IRENUM - ok

17:25:49.0375 3608 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

17:25:49.0421 3608 isapnp - ok

17:25:49.0468 3608 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

17:25:49.0531 3608 Kbdclass - ok

17:25:49.0531 3608 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

17:25:49.0578 3608 kbdhid - ok

17:25:49.0609 3608 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

17:25:49.0671 3608 kmixer - ok

17:25:49.0687 3608 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

17:25:49.0781 3608 KSecDD - ok

17:25:49.0812 3608 L1e (93e64bab9dee162ca0ca5258d132a047) C:\WINDOWS\system32\DRIVERS\l1e51x86.sys

17:25:49.0843 3608 L1e - ok

17:25:49.0906 3608 lbrtfdc - ok

17:25:49.0968 3608 MBAMProtector (69a6268d7f81e53d568ab4e7e991caf3) C:\WINDOWS\system32\drivers\mbam.sys

17:25:49.0968 3608 MBAMProtector - ok

17:25:50.0031 3608 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

17:25:50.0093 3608 mnmdd - ok

17:25:50.0125 3608 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

17:25:50.0218 3608 Modem - ok

17:25:50.0312 3608 monfilt (9fa7207d1b1adead88ae8eed9cdbbaa5) C:\WINDOWS\system32\drivers\monfilt.sys

17:25:50.0390 3608 monfilt - ok

17:25:50.0484 3608 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

17:25:50.0546 3608 Mouclass - ok

17:25:50.0593 3608 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

17:25:50.0640 3608 mouhid - ok

17:25:50.0687 3608 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

17:25:50.0812 3608 MountMgr - ok

17:25:50.0812 3608 MpFilter - ok

17:25:50.0812 3608 mraid35x - ok

17:25:50.0828 3608 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

17:25:50.0890 3608 MRxDAV - ok

17:25:50.0906 3608 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

17:25:50.0953 3608 Msfs - ok

17:25:50.0984 3608 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

17:25:51.0062 3608 MSKSSRV - ok

17:25:51.0093 3608 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

17:25:51.0171 3608 MSPCLOCK - ok

17:25:51.0250 3608 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

17:25:51.0296 3608 MSPQM - ok

17:25:51.0328 3608 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

17:25:51.0375 3608 mssmbios - ok

17:25:51.0390 3608 MTsensor (d48659bb24c48345d926ecb45c1ebdf5) C:\WINDOWS\system32\DRIVERS\ASACPI.sys

17:25:51.0421 3608 MTsensor - ok

17:25:51.0468 3608 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys

17:25:51.0531 3608 Mup - ok

17:25:51.0593 3608 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

17:25:51.0703 3608 NDIS - ok

17:25:51.0796 3608 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

17:25:51.0812 3608 NdisTapi - ok

17:25:51.0875 3608 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

17:25:51.0937 3608 Ndisuio - ok

17:25:51.0937 3608 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

17:25:51.0984 3608 NdisWan - ok

17:25:52.0046 3608 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

17:25:52.0062 3608 NDProxy - ok

17:25:52.0078 3608 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

17:25:52.0140 3608 NetBIOS - ok

17:25:52.0140 3608 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

17:25:52.0218 3608 Npfs - ok

17:25:52.0250 3608 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

17:25:52.0328 3608 Ntfs - ok

17:25:52.0437 3608 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

17:25:52.0484 3608 Null - ok

17:25:52.0687 3608 nv (bf506d232c5e6f2dae80f5c11b45c60e) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys

17:25:52.0937 3608 nv - ok

17:25:53.0015 3608 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

17:25:53.0093 3608 NwlnkFlt - ok

17:25:53.0125 3608 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

17:25:53.0203 3608 NwlnkFwd - ok

17:25:53.0218 3608 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys

17:25:53.0281 3608 Parport - ok

17:25:53.0296 3608 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

17:25:53.0406 3608 PartMgr - ok

17:25:53.0453 3608 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

17:25:53.0515 3608 ParVdm - ok

17:25:53.0578 3608 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

17:25:53.0625 3608 PCI - ok

17:25:53.0687 3608 PCIDump - ok

17:25:53.0687 3608 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

17:25:53.0734 3608 PCIIde - ok

17:25:53.0781 3608 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys

17:25:53.0875 3608 Pcmcia - ok

17:25:53.0890 3608 PDCOMP - ok

17:25:53.0890 3608 PDFRAME - ok

17:25:53.0890 3608 PDRELI - ok

17:25:53.0890 3608 PDRFRAME - ok

17:25:53.0906 3608 perc2 - ok

17:25:53.0906 3608 perc2hib - ok

17:25:53.0921 3608 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

17:25:53.0984 3608 PptpMiniport - ok

17:25:54.0015 3608 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

17:25:54.0093 3608 PSched - ok

17:25:54.0109 3608 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

17:25:54.0171 3608 Ptilink - ok

17:25:54.0281 3608 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys

17:25:54.0281 3608 PxHelp20 - ok

17:25:54.0296 3608 ql1080 - ok

17:25:54.0296 3608 Ql10wnt - ok

17:25:54.0296 3608 ql12160 - ok

17:25:54.0296 3608 ql1240 - ok

17:25:54.0312 3608 ql1280 - ok

17:25:54.0343 3608 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

17:25:54.0390 3608 RasAcd - ok

17:25:54.0406 3608 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

17:25:54.0453 3608 Rasl2tp - ok

17:25:54.0468 3608 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

17:25:54.0531 3608 RasPppoe - ok

17:25:54.0546 3608 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

17:25:54.0593 3608 Raspti - ok

17:25:54.0640 3608 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

17:25:54.0718 3608 Rdbss - ok

17:25:54.0718 3608 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

17:25:54.0781 3608 RDPCDD - ok

17:25:54.0828 3608 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys

17:25:54.0890 3608 RDPWD - ok

17:25:54.0953 3608 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

17:25:55.0015 3608 redbook - ok

17:25:55.0109 3608 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

17:25:55.0156 3608 Secdrv - ok

17:25:55.0187 3608 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

17:25:55.0265 3608 serenum - ok

17:25:55.0281 3608 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys

17:25:55.0343 3608 Serial - ok

17:25:55.0375 3608 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

17:25:55.0421 3608 Sfloppy - ok

17:25:55.0421 3608 Simbad - ok

17:25:55.0437 3608 Sparrow - ok

17:25:55.0484 3608 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

17:25:55.0546 3608 splitter - ok

17:25:55.0593 3608 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

17:25:55.0640 3608 sr - ok

17:25:55.0718 3608 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys

17:25:55.0750 3608 Srv - ok

17:25:55.0859 3608 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys

17:25:55.0859 3608 ssmdrv - ok

17:25:55.0921 3608 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

17:25:55.0984 3608 swenum - ok

17:25:55.0984 3608 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

17:25:56.0046 3608 swmidi - ok

17:25:56.0046 3608 symc810 - ok

17:25:56.0046 3608 symc8xx - ok

17:25:56.0062 3608 sym_hi - ok

17:25:56.0062 3608 sym_u3 - ok

17:25:56.0062 3608 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

17:25:56.0125 3608 sysaudio - ok

17:25:56.0171 3608 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

17:25:56.0203 3608 Tcpip - ok

17:25:56.0250 3608 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

17:25:56.0312 3608 TDPIPE - ok

17:25:56.0328 3608 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

17:25:56.0421 3608 TDTCP - ok

17:25:56.0484 3608 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

17:25:56.0546 3608 TermDD - ok

17:25:56.0546 3608 TosIde - ok

17:25:56.0593 3608 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

17:25:56.0671 3608 Udfs - ok

17:25:56.0687 3608 ultra - ok

17:25:56.0687 3608 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

17:25:56.0781 3608 Update - ok

17:25:56.0843 3608 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

17:25:56.0890 3608 usbccgp - ok

17:25:56.0937 3608 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

17:25:57.0000 3608 usbehci - ok

17:25:57.0046 3608 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

17:25:57.0109 3608 usbhub - ok

17:25:57.0218 3608 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

17:25:57.0265 3608 USBSTOR - ok

17:25:57.0312 3608 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

17:25:57.0359 3608 usbuhci - ok

17:25:57.0390 3608 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

17:25:57.0437 3608 VgaSave - ok

17:25:57.0484 3608 VIAHdAudAddService (51b24990850076f659d1d1daefbed6f1) C:\WINDOWS\system32\drivers\viahduaa.sys

17:25:57.0546 3608 VIAHdAudAddService - ok

17:25:57.0546 3608 ViaIde - ok

17:25:57.0546 3608 vkquwexg - ok

17:25:57.0609 3608 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

17:25:57.0687 3608 VolSnap - ok

17:25:57.0750 3608 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

17:25:57.0796 3608 Wanarp - ok

17:25:57.0796 3608 WDICA - ok

17:25:57.0828 3608 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

17:25:57.0875 3608 wdmaud - ok

17:25:57.0921 3608 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys

17:25:57.0968 3608 WS2IFSL - ok

17:25:57.0984 3608 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

17:25:58.0062 3608 WudfPf - ok

17:25:58.0093 3608 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

17:25:58.0093 3608 WudfRd - ok

17:25:58.0109 3608 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0

17:25:58.0281 3608 \Device\Harddisk0\DR0 - ok

17:25:58.0281 3608 MBR (0x1B8) (739b36f7a373fc81121d831231b6d311) \Device\Harddisk6\DR14

17:26:00.0468 3608 \Device\Harddisk6\DR14 - ok

17:26:00.0468 3608 Boot (0x1200) (ca4c3579d07cfe82d812ead1c58ed49a) \Device\Harddisk0\DR0\Partition0

17:26:00.0484 3608 \Device\Harddisk0\DR0\Partition0 - ok

17:26:00.0484 3608 Boot (0x1200) (cabbb75b819b0fb6ea8863fa964c8549) \Device\Harddisk6\DR14\Partition0

17:26:00.0484 3608 \Device\Harddisk6\DR14\Partition0 - ok

17:26:00.0484 3608 ============================================================

17:26:00.0484 3608 Scan finished

17:26:00.0484 3608 ============================================================

17:26:00.0593 0388 Detected object count: 0

17:26:00.0593 0388 Actual detected object count: 0

17:26:15.0609 2788 ============================================================

17:26:15.0609 2788 Scan started

17:26:15.0609 2788 Mode: Manual;

17:26:15.0609 2788 ============================================================

17:26:15.0765 2788 Abiosdsk - ok

17:26:15.0765 2788 abp480n5 - ok

17:26:15.0781 2788 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

17:26:15.0781 2788 ACPI - ok

17:26:15.0812 2788 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

17:26:15.0828 2788 ACPIEC - ok

17:26:15.0828 2788 adpu160m - ok

17:26:15.0859 2788 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

17:26:15.0859 2788 aec - ok

17:26:15.0875 2788 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys

17:26:15.0875 2788 AFD - ok

17:26:15.0875 2788 Aha154x - ok

17:26:15.0875 2788 aic78u2 - ok

17:26:15.0890 2788 aic78xx - ok

17:26:15.0890 2788 AliIde - ok

17:26:15.0890 2788 amsint - ok

17:26:15.0906 2788 asc - ok

17:26:15.0906 2788 asc3350p - ok

17:26:15.0906 2788 asc3550 - ok

17:26:15.0953 2788 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

17:26:15.0953 2788 AsyncMac - ok

17:26:15.0953 2788 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

17:26:15.0953 2788 atapi - ok

17:26:15.0968 2788 Atdisk - ok

17:26:15.0984 2788 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

17:26:15.0984 2788 Atmarpc - ok

17:26:16.0015 2788 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

17:26:16.0015 2788 audstub - ok

17:26:16.0093 2788 avgntflt (7713e4eb0276702faa08e52a6e23f2a6) C:\WINDOWS\system32\DRIVERS\avgntflt.sys

17:26:16.0093 2788 avgntflt - ok

17:26:16.0140 2788 avipbb (475fbb85956534720858ae72010c0a43) C:\WINDOWS\system32\DRIVERS\avipbb.sys

17:26:16.0140 2788 avipbb - ok

17:26:16.0140 2788 avkmgr (271cfd1a989209b1964e24d969552bf7) C:\WINDOWS\system32\DRIVERS\avkmgr.sys

17:26:16.0140 2788 avkmgr - ok

17:26:16.0156 2788 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

17:26:16.0156 2788 Beep - ok

17:26:16.0281 2788 catchme - ok

17:26:16.0296 2788 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

17:26:16.0296 2788 cbidf2k - ok

17:26:16.0296 2788 cd20xrnt - ok

17:26:16.0312 2788 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

17:26:16.0312 2788 Cdaudio - ok

17:26:16.0359 2788 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

17:26:16.0359 2788 Cdfs - ok

17:26:16.0406 2788 cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

17:26:16.0406 2788 cdrom - ok

17:26:16.0421 2788 Changer - ok

17:26:16.0437 2788 CmdIde - ok

17:26:16.0437 2788 Cpqarray - ok

17:26:16.0437 2788 dac2w2k - ok

17:26:16.0437 2788 dac960nt - ok

17:26:16.0468 2788 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

17:26:16.0484 2788 Disk - ok

17:26:16.0500 2788 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

17:26:16.0500 2788 dmboot - ok

17:26:16.0515 2788 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

17:26:16.0531 2788 dmio - ok

17:26:16.0546 2788 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

17:26:16.0546 2788 dmload - ok

17:26:16.0578 2788 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

17:26:16.0578 2788 DMusic - ok

17:26:16.0593 2788 dpti2o - ok

17:26:16.0609 2788 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

17:26:16.0609 2788 drmkaud - ok

17:26:16.0671 2788 dtsoftbus01 (c0c7ceccb6c85994c2bc92d58e52d3f2) C:\WINDOWS\system32\DRIVERS\dtsoftbus01.sys

17:26:16.0671 2788 dtsoftbus01 - ok

17:26:16.0734 2788 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

17:26:16.0734 2788 Fastfat - ok

17:26:16.0750 2788 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys

17:26:16.0750 2788 Fdc - ok

17:26:16.0765 2788 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

17:26:16.0765 2788 Fips - ok

17:26:16.0765 2788 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

17:26:16.0781 2788 Flpydisk - ok

17:26:16.0843 2788 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys

17:26:16.0859 2788 FltMgr - ok

17:26:16.0875 2788 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

17:26:16.0875 2788 Fs_Rec - ok

17:26:16.0875 2788 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

17:26:16.0875 2788 Ftdisk - ok

17:26:16.0921 2788 GEARAspiWDM (df6e37b27a9a1a498c6d9f29995b7a03) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys

17:26:16.0921 2788 GEARAspiWDM - ok

17:26:16.0953 2788 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

17:26:16.0953 2788 Gpc - ok

17:26:16.0984 2788 grmnusb (6003bc70f1a8307262bd3c941bda0b7e) C:\WINDOWS\system32\drivers\grmnusb.sys

17:26:16.0984 2788 grmnusb - ok

17:26:17.0031 2788 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

17:26:17.0031 2788 HDAudBus - ok

17:26:17.0046 2788 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

17:26:17.0046 2788 hidusb - ok

17:26:17.0046 2788 hpn - ok

17:26:17.0062 2788 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

17:26:17.0062 2788 HTTP - ok

17:26:17.0093 2788 i2omgmt - ok

17:26:17.0109 2788 i2omp - ok

17:26:17.0109 2788 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

17:26:17.0109 2788 i8042prt - ok

17:26:17.0109 2788 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

17:26:17.0109 2788 Imapi - ok

17:26:17.0125 2788 ini910u - ok

17:26:17.0125 2788 IntelIde - ok

17:26:17.0156 2788 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

17:26:17.0156 2788 intelppm - ok

17:26:17.0203 2788 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys

17:26:17.0203 2788 Ip6Fw - ok

17:26:17.0203 2788 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

17:26:17.0203 2788 IpFilterDriver - ok

17:26:17.0203 2788 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

17:26:17.0203 2788 IpInIp - ok

17:26:17.0250 2788 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

17:26:17.0250 2788 IpNat - ok

17:26:17.0265 2788 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

17:26:17.0265 2788 IPSec - ok

17:26:17.0296 2788 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

17:26:17.0296 2788 IRENUM - ok

17:26:17.0343 2788 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

17:26:17.0343 2788 isapnp - ok

17:26:17.0343 2788 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

17:26:17.0343 2788 Kbdclass - ok

17:26:17.0375 2788 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

17:26:17.0375 2788 kbdhid - ok

17:26:17.0421 2788 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

17:26:17.0421 2788 kmixer - ok

17:26:17.0468 2788 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

17:26:17.0468 2788 KSecDD - ok

17:26:17.0500 2788 L1e (93e64bab9dee162ca0ca5258d132a047) C:\WINDOWS\system32\DRIVERS\l1e51x86.sys

17:26:17.0500 2788 L1e - ok

17:26:17.0500 2788 lbrtfdc - ok

17:26:17.0500 2788 MBAMProtector (69a6268d7f81e53d568ab4e7e991caf3) C:\WINDOWS\system32\drivers\mbam.sys

17:26:17.0515 2788 MBAMProtector - ok

17:26:17.0515 2788 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

17:26:17.0515 2788 mnmdd - ok

17:26:17.0546 2788 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

17:26:17.0546 2788 Modem - ok

17:26:17.0609 2788 monfilt (9fa7207d1b1adead88ae8eed9cdbbaa5) C:\WINDOWS\system32\drivers\monfilt.sys

17:26:17.0609 2788 monfilt - ok

17:26:17.0609 2788 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

17:26:17.0609 2788 Mouclass - ok

17:26:17.0625 2788 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

17:26:17.0625 2788 mouhid - ok

17:26:17.0687 2788 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

17:26:17.0687 2788 MountMgr - ok

17:26:17.0687 2788 MpFilter - ok

17:26:17.0687 2788 mraid35x - ok

17:26:17.0703 2788 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

17:26:17.0703 2788 MRxDAV - ok

17:26:17.0703 2788 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

17:26:17.0703 2788 Msfs - ok

17:26:17.0734 2788 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

17:26:17.0734 2788 MSKSSRV - ok

17:26:17.0765 2788 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

17:26:17.0765 2788 MSPCLOCK - ok

17:26:17.0781 2788 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

17:26:17.0781 2788 MSPQM - ok

17:26:17.0812 2788 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

17:26:17.0812 2788 mssmbios - ok

17:26:17.0812 2788 MTsensor (d48659bb24c48345d926ecb45c1ebdf5) C:\WINDOWS\system32\DRIVERS\ASACPI.sys

17:26:17.0812 2788 MTsensor - ok

17:26:17.0843 2788 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys

17:26:17.0843 2788 Mup - ok

17:26:17.0859 2788 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

17:26:17.0859 2788 NDIS - ok

17:26:17.0906 2788 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

17:26:17.0906 2788 NdisTapi - ok

17:26:17.0906 2788 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

17:26:17.0906 2788 Ndisuio - ok

17:26:17.0937 2788 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

17:26:17.0937 2788 NdisWan - ok

17:26:17.0984 2788 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

17:26:17.0984 2788 NDProxy - ok

17:26:17.0984 2788 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

17:26:17.0984 2788 NetBIOS - ok

17:26:18.0000 2788 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

17:26:18.0000 2788 Npfs - ok

17:26:18.0062 2788 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

17:26:18.0062 2788 Ntfs - ok

17:26:18.0078 2788 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

17:26:18.0078 2788 Null - ok

17:26:18.0281 2788 nv (bf506d232c5e6f2dae80f5c11b45c60e) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys

17:26:18.0312 2788 nv - ok

17:26:18.0390 2788 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

17:26:18.0390 2788 NwlnkFlt - ok

17:26:18.0406 2788 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

17:26:18.0406 2788 NwlnkFwd - ok

17:26:18.0406 2788 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys

17:26:18.0406 2788 Parport - ok

17:26:18.0453 2788 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

17:26:18.0453 2788 PartMgr - ok

17:26:18.0500 2788 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

17:26:18.0500 2788 ParVdm - ok

17:26:18.0531 2788 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

17:26:18.0531 2788 PCI - ok

17:26:18.0531 2788 PCIDump - ok

17:26:18.0546 2788 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

17:26:18.0546 2788 PCIIde - ok

17:26:18.0562 2788 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys

17:26:18.0562 2788 Pcmcia - ok

17:26:18.0562 2788 PDCOMP - ok

17:26:18.0562 2788 PDFRAME - ok

17:26:18.0578 2788 PDRELI - ok

17:26:18.0578 2788 PDRFRAME - ok

17:26:18.0578 2788 perc2 - ok

17:26:18.0593 2788 perc2hib - ok

17:26:18.0625 2788 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

17:26:18.0625 2788 PptpMiniport - ok

17:26:18.0625 2788 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

17:26:18.0625 2788 PSched - ok

17:26:18.0625 2788 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

17:26:18.0625 2788 Ptilink - ok

17:26:18.0656 2788 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys

17:26:18.0656 2788 PxHelp20 - ok

17:26:18.0703 2788 ql1080 - ok

17:26:18.0703 2788 Ql10wnt - ok

17:26:18.0703 2788 ql12160 - ok

17:26:18.0718 2788 ql1240 - ok

17:26:18.0718 2788 ql1280 - ok

17:26:18.0718 2788 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

17:26:18.0718 2788 RasAcd - ok

17:26:18.0734 2788 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

17:26:18.0734 2788 Rasl2tp - ok

17:26:18.0765 2788 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

17:26:18.0781 2788 RasPppoe - ok

17:26:18.0781 2788 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

17:26:18.0781 2788 Raspti - ok

17:26:18.0828 2788 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

17:26:18.0828 2788 Rdbss - ok

17:26:18.0828 2788 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

17:26:18.0828 2788 RDPCDD - ok

17:26:18.0875 2788 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys

17:26:18.0875 2788 RDPWD - ok

17:26:18.0906 2788 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

17:26:18.0906 2788 redbook - ok

17:26:18.0937 2788 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

17:26:18.0937 2788 Secdrv - ok

17:26:18.0984 2788 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

17:26:18.0984 2788 serenum - ok

17:26:19.0000 2788 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys

17:26:19.0000 2788 Serial - ok

17:26:19.0031 2788 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

17:26:19.0031 2788 Sfloppy - ok

17:26:19.0031 2788 Simbad - ok

17:26:19.0046 2788 Sparrow - ok

17:26:19.0046 2788 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

17:26:19.0046 2788 splitter - ok

17:26:19.0125 2788 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

17:26:19.0125 2788 sr - ok

17:26:19.0140 2788 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys

17:26:19.0140 2788 Srv - ok

17:26:19.0187 2788 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys

17:26:19.0187 2788 ssmdrv - ok

17:26:19.0203 2788 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

17:26:19.0203 2788 swenum - ok

17:26:19.0203 2788 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

17:26:19.0203 2788 swmidi - ok

17:26:19.0218 2788 symc810 - ok

17:26:19.0234 2788 symc8xx - ok

17:26:19.0234 2788 sym_hi - ok

17:26:19.0234 2788 sym_u3 - ok

17:26:19.0234 2788 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

17:26:19.0250 2788 sysaudio - ok

17:26:19.0281 2788 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

17:26:19.0281 2788 Tcpip - ok

17:26:19.0296 2788 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

17:26:19.0296 2788 TDPIPE - ok

17:26:19.0312 2788 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

17:26:19.0312 2788 TDTCP - ok

17:26:19.0312 2788 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

17:26:19.0312 2788 TermDD - ok

17:26:19.0328 2788 TosIde - ok

17:26:19.0343 2788 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

17:26:19.0343 2788 Udfs - ok

17:26:19.0359 2788 ultra - ok

17:26:19.0390 2788 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

17:26:19.0390 2788 Update - ok

17:26:19.0468 2788 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

17:26:19.0468 2788 usbccgp - ok

17:26:19.0468 2788 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

17:26:19.0468 2788 usbehci - ok

17:26:19.0484 2788 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

17:26:19.0484 2788 usbhub - ok

17:26:19.0531 2788 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

17:26:19.0531 2788 USBSTOR - ok

17:26:19.0562 2788 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

17:26:19.0562 2788 usbuhci - ok

17:26:19.0562 2788 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

17:26:19.0562 2788 VgaSave - ok

17:26:19.0625 2788 VIAHdAudAddService (51b24990850076f659d1d1daefbed6f1) C:\WINDOWS\system32\drivers\viahduaa.sys

17:26:19.0625 2788 VIAHdAudAddService - ok

17:26:19.0640 2788 ViaIde - ok

17:26:19.0640 2788 vkquwexg - ok

17:26:19.0703 2788 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

17:26:19.0703 2788 VolSnap - ok

17:26:19.0765 2788 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

17:26:19.0765 2788 Wanarp - ok

17:26:19.0765 2788 WDICA - ok

17:26:19.0781 2788 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

17:26:19.0781 2788 wdmaud - ok

17:26:19.0812 2788 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys

17:26:19.0812 2788 WS2IFSL - ok

17:26:19.0843 2788 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

17:26:19.0843 2788 WudfPf - ok

17:26:19.0859 2788 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

17:26:19.0859 2788 WudfRd - ok

17:26:19.0859 2788 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0

17:26:19.0921 2788 \Device\Harddisk0\DR0 - ok

17:26:19.0921 2788 MBR (0x1B8) (739b36f7a373fc81121d831231b6d311) \Device\Harddisk6\DR14

17:26:22.0046 2788 \Device\Harddisk6\DR14 - ok

17:26:22.0046 2788 Boot (0x1200) (ca4c3579d07cfe82d812ead1c58ed49a) \Device\Harddisk0\DR0\Partition0

17:26:22.0046 2788 \Device\Harddisk0\DR0\Partition0 - ok

17:26:22.0046 2788 Boot (0x1200) (cabbb75b819b0fb6ea8863fa964c8549) \Device\Harddisk6\DR14\Partition0

17:26:22.0046 2788 \Device\Harddisk6\DR14\Partition0 - ok

17:26:22.0046 2788 ============================================================

17:26:22.0046 2788 Scan finished

17:26:22.0046 2788 ============================================================

17:26:22.0046 2288 Detected object count: 0

17:26:22.0046 2288 Actual detected object count: 0

17:26:29.0046 1088 Deinitialize success

Link to post
Share on other sites

  • Staff

Hi,

Read all these directions before proceeding.

When you have the .ISO file downloaded, you need to create a bootable disk or flash drive with it, using a clean PC to do that. The .ISO file is a disk image. It should NOT be burned as a regular file. You need a program like BurnAware Free or ImgBurn that can burn an .ISO image. I think a CD is best as there is no way anything can write on it after it is made, but the USB may be more convenient and easier.

Be sure to read these:

Download Kaspersky Rescue Disk 10

How to record Kaspersky Rescue Disk 10 to an USB device and boot my computer from it?

How to record Kaspersky Rescue Disk 10 to a CD/DVD and boot my computer from the disk?

Summarizing:

  • Go to a clean PC.
  • Download the .iso image file.
  • Create a CD (or flash drive if you prefer).
  • At the infected PC: put the disk in the drive and reboot.

Follow the directions here, but you will find some differences.

Familiarize yourself with How to create a report file in Kaspersky Rescue Disk 10?

Print the following directions:

Boot from Kaspersky Rescue Disk 10:

Restart your computer and put the disk in the drive while booting.

Press any key. A loading wizard will start (you will see the menu to select the required language). If you do not press any key in 10 seconds, the computer boots from hard drive automatically.

Select the required interface language using the arrow-keys on your keyboard.

Press the Enter key on the keyboard.

In the start up wizard window that opens, select the Kaspersky Rescue Disk. Graphic Mode

Click Enter.

Click 'A' to accept the agreement.

Select operating system from dropdown menu (select Windows whatever)

Select Objects to scan: check Disk boot sectors, Hidden startup objects, C:

Click My Update Center and update if any available

Back to other tab and click Start Object Scan.

(It took 3 hours to scan my 47G)

When scan has completed save a report:

On the upper part of the Kaspersky Rescue Disk window, click on the Report link.

On the bottom right hand corner of the Protection status - Kaspersky Rescue Disk window, click on the Detailed Report button.

On the upper right hand corner of the Detailed report window, click on the Save button.

After clicking Detailed Report and 'SAVE', a browse window opens.

Double-click on the \

Click 'disks'.

All your drives will be shown and you can easily double-click C and save the report to
C:\KasperskyRescueDisk10.txt
.

Click on the Save button.

The report has been saved to the file.

Remove the disk from the drive (or disconnect USB) and reboot normally.

After that, run a fresh copy of ComboFix (delete your previous copy) and post its log in addition to a fresh DDS log.

Link to post
Share on other sites

Sorry to be such a dummy but I'm having a bit of trouble figuring out how to burn the file using the burnaware free program. I feel kind of stupid but I think I must be missing something. Should I be burning it as a a boot disk, or I am assuming I should use the "Make Boot ISO" option. When I do that and add the Kav file I have saved on the desktop it then asks me to save as. Not sure what I am doing. Thanks for any help.

Link to post
Share on other sites

  • Staff

Hi,

My apologies for the delay.

Let's try a different approach instead.

Update MBAM, run a Quick Scan, and post its log. Grab a fresh copy of ComboFix, run it, and post its log.

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) ( 511KB ) to your desktop. Double click the aswMBR.exe to run it

  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time)
  • Please post the contents of that log in your next reply.

There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.

Next, download MBRCheck.exe by a_d_13 and save it to your Desktop.

Run it; when it completes, a log will be available on your Desktop (MBRCheck xxxxxx .txt) where xxxxxx is the time it ran.

Link to post
Share on other sites

Well I'm not done yet but we have some positive progress. I'm posting from the infected PC. I have regained internet access :) . I downloaded combofix on another PC since I couldn't update MBAM without the internet, but I could download combofix on another pc and transfer it with a memory stick. I didn't notice the acquiring network icon so not expecting anything I clicked on foxfire just on the off chance it would miraculously work. To my great surprise I'm back on the net. I updated MBAM and avira and just ran the MBAM scan. Here is the log.

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org

Database version: 911122705

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

12/27/2011 8:26:17 PM

mbam-log-2011-12-27 (20-26-17).txt

Scan type: Full scan (C:\|)

Objects scanned: 235842

Time elapsed: 1 hour(s), 32 minute(s), 2 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 3

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

c:\documents and settings\ibuypower\application data\Sun\Java\deployment\cache\6.0\6\5758ec6-297e9662 (Trojan.FakeAlert) -> Quarantined and deleted successfully.

c:\documents and settings\ibuypower\my documents\5iE4oim.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

c:\Qoobox\quarantine\C\documents and settings\ibuypower\local settings\application data\vsi.exe.vir (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Thanks for your help and I wasn't expecting a reply over Christmas weekend. I'll run the combofix again along with the other program you suggested and post back (crosses fingers and knocks on wood). Probably tomorrow as I have a few thing to do tonight. Thanks again for your help.

Link to post
Share on other sites

Okay I ran combofix again before bed last night. I also updated to the new Mbam and ran that, it didn't seem to find anything. I also ran the aswmbr program, not sure about that as it appeared to just stop while other programs I have used tell you when the scan is complete. I also downloaded and ran MBR Check. Here are the logs.

Combofix

ComboFix 11-12-27.01 - IBUYPOWER 12/27/2011 23:15:41.13.2 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1507 [GMT -11:00]

Running from: C:\ComboFix.exe

AV: Avira Desktop *Disabled/Updated* {C19476D9-52BC-4E93-8AF3-CCF59F7AE8FE}

AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\windows\isRS-000.tmp

.

.

((((((((((((((((((((((((( Files Created from 2011-11-28 to 2011-12-28 )))))))))))))))))))))))))))))))

.

.

2011-12-28 05:23 . 2011-12-28 05:24 1918464 ----a-w- C:\aswMBR.exe

2011-12-19 00:58 . 2011-12-19 00:58 388096 ----a-r- c:\documents and settings\IBUYPOWER\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2011-12-19 00:58 . 2011-12-19 00:58 -------- d-----w- c:\program files\Trend Micro

2011-12-16 05:36 . 2011-07-15 13:29 456320 -c--a-w- c:\windows\system32\dllcache\mrxsmb.sys

2011-12-16 05:36 . 2011-07-15 13:29 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-12-14 05:11 . 2011-12-14 05:11 -------- d-----w- c:\documents and settings\IBUYPOWER\Application Data\Avira

2011-12-14 05:11 . 2011-12-14 09:12 134856 ----a-w- c:\windows\system32\drivers\avipbb.sys

2011-12-14 05:11 . 2011-12-14 05:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira

2011-12-14 05:11 . 2011-12-14 05:11 -------- d-----w- c:\program files\Avira

2011-12-14 05:11 . 2011-10-12 02:06 74640 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2011-12-14 05:11 . 2011-10-12 02:06 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys

2011-12-14 03:34 . 2008-04-14 12:00 64512 -c--a-w- c:\windows\system32\dllcache\serial.sys

2011-12-14 03:34 . 2008-04-14 12:00 64512 ----a-w- c:\windows\system32\drivers\serial.sys

2011-12-13 06:20 . 2011-12-28 10:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-12-13 06:20 . 2011-12-11 02:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-12-13 06:05 . 2008-04-14 11:10 62976 -c--a-w- c:\windows\system32\dllcache\cdrom.sys

2011-12-13 06:05 . 2008-04-14 11:10 62976 ----a-w- c:\windows\system32\drivers\cdrom.sys

2011-12-13 05:29 . 2011-12-13 05:29 -------- d-----w- c:\windows\system32\wbem\Repository

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-12-03 20:23 . 2011-07-22 00:08 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-11-23 13:25 . 2008-04-14 12:00 1859584 ----a-w- c:\windows\system32\win32k.sys

2011-11-12 22:01 . 2008-04-14 12:00 138496 ----a-w- c:\windows\system32\drivers\afd.sys

2011-11-08 03:45 . 2011-11-08 03:45 56200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{FE2C836D-6B25-4643-BCC7-B8846728E6BF}\offreg.dll

2011-11-04 19:20 . 2008-04-14 12:00 916992 ----a-w- c:\windows\system32\wininet.dll

2011-11-04 19:20 . 2008-04-14 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll

2011-11-04 19:20 . 2008-04-14 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl

2011-11-04 11:23 . 2008-04-14 12:00 385024 ----a-w- c:\windows\system32\html.iec

2011-11-01 16:07 . 2008-04-14 12:00 1288704 ----a-w- c:\windows\system32\ole32.dll

2011-10-28 05:31 . 2008-04-14 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll

2011-10-25 13:37 . 2008-04-14 12:00 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe

2011-10-25 12:52 . 2008-04-14 00:01 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe

2011-10-18 11:13 . 2008-04-14 12:00 186880 ----a-w- c:\windows\system32\encdec.dll

2011-10-10 14:22 . 2009-07-27 18:20 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-10-07 03:48 . 2011-11-06 20:01 6668624 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{FE2C836D-6B25-4643-BCC7-B8846728E6BF}\mpengine.dll

2011-10-07 03:48 . 2010-01-01 00:51 6668624 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll

2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll

.

.

((((((((((((((((((((((((((((( SnapShot_2011-12-16_05.50.22 )))))))))))))))))))))))))))))))))))))))))

.

+ 2011-12-28 10:10 . 2011-12-28 10:10 16384 c:\windows\temp\Perflib_Perfdata_640.dat

+ 2008-04-14 12:00 . 2011-12-28 10:14 68796 c:\windows\system32\perfc009.dat

- 2008-04-14 12:00 . 2011-12-16 05:53 68796 c:\windows\system32\perfc009.dat

+ 2011-12-17 22:51 . 2011-12-17 22:51 19968 c:\windows\Installer\8ef20.msi

+ 2008-04-14 12:00 . 2011-12-28 10:14 436026 c:\windows\system32\perfh009.dat

- 2008-04-14 12:00 . 2011-12-16 05:53 436026 c:\windows\system32\perfh009.dat

+ 2011-01-14 18:10 . 2011-01-14 18:10 155520 c:\windows\Installer\$PatchCache$\Managed\00004109500200000000000000F01FEC\14.0.5130\GKWORD6.DLL

+ 2011-01-14 18:10 . 2011-01-14 18:10 140160 c:\windows\Installer\$PatchCache$\Managed\00004109500200000000000000F01FEC\14.0.5130\GKEXCEL2.DLL

+ 2009-09-11 03:31 . 2011-12-22 08:38 1590688 c:\windows\system32\Restore\rstrlog.dat

+ 2011-07-21 23:34 . 2011-07-21 23:34 3456000 c:\windows\Installer\169d917.msp

+ 2011-12-19 00:58 . 2011-12-19 00:58 1094656 c:\windows\Installer\1241bbc.msi

+ 2011-01-14 18:10 . 2011-01-14 18:10 2395008 c:\windows\Installer\$PatchCache$\Managed\00004109500200000000000000F01FEC\14.0.5130\GKWORD.DLL

+ 2011-01-14 18:10 . 2011-01-14 18:10 2180992 c:\windows\Installer\$PatchCache$\Managed\00004109500200000000000000F01FEC\14.0.5130\GKPOWERPOINT.DLL

+ 2011-01-14 18:10 . 2011-01-14 18:10 3443072 c:\windows\Installer\$PatchCache$\Managed\00004109500200000000000000F01FEC\14.0.5130\GKEXCEL.DLL

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"PopUpStopperFreeEdition"="c:\progra~1\PANICW~1\POP-UP~1\PSFree.exe" [2005-03-17 536576]

"bluebirds"="c:\documents and settings\IBUYPOWER\Bluebirds\BlueBirds.exe" [2009-04-29 270336]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"nwiz"="nwiz.exe" [2009-06-10 1657376]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-06-10 86016]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-10 13758464]

"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2011-04-03 273544]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-25 460872]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-10-12 258512]

"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-12-25 981680]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

[HKLM\~\startupfolder\C:^Documents and Settings^IBUYPOWER^Start Menu^Programs^Startup^Webshots.lnk]

path=c:\documents and settings\IBUYPOWER\Start Menu\Programs\Startup\Webshots.lnk

backup=c:\windows\pss\Webshots.lnkStartup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\bluebirds]

2009-04-29 09:02 270336 ----a-r- c:\documents and settings\IBUYPOWER\Bluebirds\BlueBirds.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CrossRiderPlugin]

2011-05-15 22:01 478720 ----a-w- c:\program files\CrossriderWebApps\Crossrider.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]

2011-08-02 07:33 4910912 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HDAudDeck]

2008-08-15 03:13 30003200 ----a-r- c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]

2009-08-20 20:25 2363392 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Power DVD Player]

2007-09-06 07:28 391168 ----a-w- c:\program files\Power DVD Player\PowerDVDPlayer.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VeohPlugin]

2009-10-06 00:14 2075384 ----a-w- c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"DisableNotifications"= 1 (0x1)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"=

"c:\\Program Files\\Vietcong\\vietcong.exe"=

"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

"c:\\Program Files\\BitTorrent\\bittorrent.exe"=

"c:\\WINDOWS\\system32\\dpnsvr.exe"=

"c:\\Documents and Settings\\IBUYPOWER\\Application Data\\Macromedia\\Flash Player\\www.macromedia.com\\bin\\octoshape\\octoshape.exe"=

"c:\\Program Files\\FrostWire\\FrostWire.exe"=

.

R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [12/13/2011 6:11 PM 36000]

R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [9/4/2011 12:47 AM 232512]

R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [12/13/2011 6:11 PM 86224]

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [12/12/2011 7:20 PM 652872]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [12/12/2011 7:20 PM 20464]

R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [7/27/2009 7:54 AM 845184]

S2 AntiVirMailService;Avira Mail Protection;c:\program files\Avira\AntiVir Desktop\avmailc.exe [12/13/2011 6:11 PM 342480]

S2 AntiVirWebService;Avira Web Protection;c:\program files\Avira\AntiVir Desktop\avwebgrd.exe [12/13/2011 6:11 PM 463824]

.

--- Other Services/Drivers In Memory ---

.

*Deregistered* - MBAMSwissArmy

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

2009-08-20 20:24 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe

.

Contents of the 'Scheduled Tasks' folder

.

2011-12-28 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1935655697-796845957-682003330-1004.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-01-24 21:25]

.

2011-12-28 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1935655697-796845957-682003330-1004.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-01-24 21:25]

.

.

------- Supplementary Scan -------

.

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 167.206.254.1 167.206.254.2

FF - ProfilePath - c:\documents and settings\IBUYPOWER\Application Data\Mozilla\Firefox\Profiles\ekruw1do.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=

FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

FF - Ext: Veehd Plugin: {3DB5ABE1-407D-458F-AD5D-8D89BD625CCC} - %profile%\extensions\{3DB5ABE1-407D-458F-AD5D-8D89BD625CCC}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff

FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext

FF - Ext: Premiumplay Codec-C: crossriderapp435@crossrider.com - c:\documents and settings\All Users\Application Data\CodecCheck\firefox

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-12-27 23:21

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

Completion time: 2011-12-27 23:22:42

ComboFix-quarantined-files.txt 2011-12-28 10:22

ComboFix2.txt 2011-12-28 05:44

ComboFix3.txt 2011-12-23 03:35

ComboFix4.txt 2011-12-22 06:40

ComboFix5.txt 2011-12-28 10:14

.

Pre-Run: 211,279,257,600 bytes free

Post-Run: 211,272,589,312 bytes free

.

- - End Of File - - D61A4C44216280525DD9D07B79EE7B54

Latest Mbam log

Malwarebytes Anti-Malware 1.60.0.1800

www.malwarebytes.org

Database version: v2011.12.24.05

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

IBUYPOWER :: IBUYPOWE-18F1F5 [administrator]

Protection: Enabled

12/28/2011 4:28:44 PM

mbam-log-2011-12-28 (16-28-44).txt

Scan type: Full scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 235559

Time elapsed: 1 hour(s), 39 minute(s), 36 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Link to post
Share on other sites

ASW Log, I'm not sure this ran completely?

aswMBR version 0.9.9.1120 Copyright© 2011 AVAST Software

Run date: 2011-12-28 18:25:17

-----------------------------

18:25:17.718 OS Version: Windows 5.1.2600 Service Pack 3

18:25:17.718 Number of processors: 2 586 0x170A

18:25:17.718 ComputerName: IBUYPOWE-18F1F5 UserName: IBUYPOWER

18:25:18.578 Initialize success

18:34:10.062 AVAST engine defs: 11122801

18:36:28.406 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-10

18:36:28.406 Disk 0 Vendor: Hitachi_HDT721032SLA360 ST2OA3AA Size: 305245MB BusType: 3

18:36:30.421 Disk 0 MBR read successfully

18:36:30.421 Disk 0 MBR scan

18:36:30.453 Disk 0 Windows XP default MBR code

18:36:30.453 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 305234 MB offset 63

18:36:30.468 Disk 0 scanning sectors +625121280

18:36:30.546 Disk 0 scanning C:\WINDOWS\system32\drivers

18:36:37.515 Service scanning

18:36:38.281 Modules scanning

18:36:54.109 Disk 0 trace - called modules:

18:36:54.109 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS

18:36:54.109 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x89ddcab8]

18:36:54.109 3 CLASSPNP.SYS[b80e8fd7] -> nt!IofCallDriver -> \Device\00000064[0x89e23030]

18:36:54.109 5 ACPI.sys[b7f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP3T0L0-10[0x89de2d98]

18:36:54.734 AVAST engine scan C:\WINDOWS

18:37:13.812 AVAST engine scan C:\WINDOWS\system32

18:39:16.937 AVAST engine scan C:\WINDOWS\system32\drivers

18:39:24.984 AVAST engine scan C:\Documents and Settings\IBUYPOWER

18:48:41.406 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\IBUYPOWER\Desktop\MBR.dat"

18:48:41.406 The log file has been saved successfully to "C:\Documents and Settings\IBUYPOWER\Desktop\aswMBR.txt"

Also attached is the mbr.dat

MBR.zip

Link to post
Share on other sites

And the MBRcheck log.

MBRCheck, version 1.2.3

© 2010, AD

Command-line:

Windows Version: Windows XP Home Edition

Windows Information: Service Pack 3 (build 2600)

Logical Drives Mask: 0x000007fd

Kernel Drivers (total 119):

0x804D7000 \WINDOWS\system32\ntkrnlpa.exe

0x806E5000 \WINDOWS\system32\hal.dll

0xB85A8000 \WINDOWS\system32\KDCOM.DLL

0xB84B8000 \WINDOWS\system32\BOOTVID.dll

0xB7F79000 ACPI.sys

0xB85AA000 \WINDOWS\system32\DRIVERS\WMILIB.SYS

0xB7F68000 pci.sys

0xB80A8000 isapnp.sys

0xB8670000 pciide.sys

0xB8328000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS

0xB80B8000 MountMgr.sys

0xB7F49000 ftdisk.sys

0xB8330000 PartMgr.sys

0xB80C8000 VolSnap.sys

0xB7F31000 atapi.sys

0xB80D8000 disk.sys

0xB80E8000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS

0xB7F11000 fltMgr.sys

0xB7EFF000 sr.sys

0xB80F8000 PxHelp20.sys

0xB7EE8000 KSecDD.sys

0xB7E5B000 Ntfs.sys

0xB7E2E000 NDIS.sys

0xB7E14000 Mup.sys

0xB82F8000 \SystemRoot\system32\DRIVERS\intelppm.sys

0xB6F54000 \SystemRoot\system32\DRIVERS\nv4_mini.sys

0xB6F40000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS

0xB6F18000 \SystemRoot\system32\DRIVERS\HDAudBus.sys

0xB8308000 \SystemRoot\system32\DRIVERS\l1e51x86.sys

0xB83E8000 \SystemRoot\system32\DRIVERS\usbuhci.sys

0xB6EF4000 \SystemRoot\system32\DRIVERS\USBPORT.SYS

0xB83F0000 \SystemRoot\system32\DRIVERS\usbehci.sys

0xB83F8000 \SystemRoot\system32\DRIVERS\fdc.sys

0xB6EE0000 \SystemRoot\system32\DRIVERS\parport.sys

0xB85CA000 \SystemRoot\system32\DRIVERS\ASACPI.sys

0xB8400000 \SystemRoot\system32\DRIVERS\kbdclass.sys

0xB8408000 \SystemRoot\system32\DRIVERS\mouclass.sys

0xB8168000 \SystemRoot\system32\DRIVERS\serial.sys

0xB8594000 \SystemRoot\system32\DRIVERS\serenum.sys

0xB8178000 \SystemRoot\system32\DRIVERS\imapi.sys

0xB8188000 \SystemRoot\system32\DRIVERS\cdrom.sys

0xB8198000 \SystemRoot\system32\DRIVERS\redbook.sys

0xB6EBD000 \SystemRoot\system32\DRIVERS\ks.sys

0xB8728000 \SystemRoot\system32\DRIVERS\audstub.sys

0xB81A8000 \SystemRoot\system32\DRIVERS\rasl2tp.sys

0xB859C000 \SystemRoot\system32\DRIVERS\ndistapi.sys

0xB6EA6000 \SystemRoot\system32\DRIVERS\ndiswan.sys

0xB81B8000 \SystemRoot\system32\DRIVERS\raspppoe.sys

0xB81C8000 \SystemRoot\system32\DRIVERS\raspptp.sys

0xB8410000 \SystemRoot\system32\DRIVERS\TDI.SYS

0xB6DF5000 \SystemRoot\system32\DRIVERS\psched.sys

0xB81D8000 \SystemRoot\system32\DRIVERS\msgpc.sys

0xB8418000 \SystemRoot\system32\DRIVERS\ptilink.sys

0xB8420000 \SystemRoot\system32\DRIVERS\raspti.sys

0xB81E8000 \SystemRoot\system32\DRIVERS\termdd.sys

0xB85CC000 \SystemRoot\system32\DRIVERS\swenum.sys

0xB6D97000 \SystemRoot\system32\DRIVERS\update.sys

0xB7DF0000 \SystemRoot\system32\DRIVERS\mssmbios.sys

0xB6D5A000 \SystemRoot\system32\DRIVERS\dtsoftbus01.sys

0xB81F8000 \SystemRoot\System32\Drivers\NDProxy.SYS

0xB2A0D000 \SystemRoot\system32\drivers\viahduaa.sys

0xB29E9000 \SystemRoot\system32\drivers\portcls.sys

0xB8218000 \SystemRoot\system32\drivers\drmk.sys

0xB2895000 \SystemRoot\system32\drivers\monfilt.sys

0xB8228000 \SystemRoot\system32\DRIVERS\usbhub.sys

0xB85D2000 \SystemRoot\system32\DRIVERS\USBD.SYS

0xB8430000 \SystemRoot\system32\DRIVERS\flpydisk.sys

0xB85D4000 \SystemRoot\System32\Drivers\Fs_Rec.SYS

0xB8683000 \SystemRoot\System32\Drivers\Null.SYS

0xB85D6000 \SystemRoot\System32\Drivers\Beep.SYS

0xB8440000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS

0xB8448000 \SystemRoot\System32\drivers\vga.sys

0xB85D8000 \SystemRoot\System32\Drivers\mnmdd.SYS

0xB85DA000 \SystemRoot\System32\DRIVERS\RDPCDD.sys

0xB8450000 \SystemRoot\System32\Drivers\Msfs.SYS

0xB8458000 \SystemRoot\System32\Drivers\Npfs.SYS

0xB853C000 \SystemRoot\system32\DRIVERS\rasacd.sys

0xB27FA000 \SystemRoot\system32\DRIVERS\ipsec.sys

0xB27A1000 \SystemRoot\system32\DRIVERS\tcpip.sys

0xB2779000 \SystemRoot\system32\drivers\netbt.sys

0xB2753000 \SystemRoot\system32\DRIVERS\ipnat.sys

0xB8248000 \SystemRoot\system32\DRIVERS\wanarp.sys

0xB8548000 \SystemRoot\System32\drivers\ws2ifsl.sys

0xB2709000 \SystemRoot\System32\drivers\afd.sys

0xB8258000 \SystemRoot\system32\DRIVERS\netbios.sys

0xB8460000 \SystemRoot\system32\DRIVERS\ssmdrv.sys

0xB26DE000 \SystemRoot\system32\DRIVERS\rdbss.sys

0xB8268000 \SystemRoot\System32\Drivers\Fips.SYS

0xB8278000 \SystemRoot\system32\DRIVERS\avkmgr.sys

0xB2619000 \SystemRoot\system32\DRIVERS\avipbb.sys

0xB855C000 \SystemRoot\system32\DRIVERS\hidusb.sys

0xB8288000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS

0xB8468000 \SystemRoot\system32\DRIVERS\usbccgp.sys

0xB8470000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS

0xB8560000 \SystemRoot\system32\DRIVERS\mouhid.sys

0xB8568000 \SystemRoot\system32\DRIVERS\kbdhid.sys

0xB82C8000 \SystemRoot\System32\Drivers\Cdfs.SYS

0xB2601000 \SystemRoot\System32\Drivers\dump_atapi.sys

0xB85E2000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS

0xBF800000 \SystemRoot\System32\win32k.sys

0xB2849000 \SystemRoot\System32\drivers\Dxapi.sys

0xB84B0000 \SystemRoot\System32\watchdog.sys

0xBD000000 \SystemRoot\System32\drivers\dxg.sys

0xB8705000 \SystemRoot\System32\drivers\dxgthk.sys

0xBD012000 \SystemRoot\System32\nv4_disp.dll

0xBD5B5000 \SystemRoot\System32\ATMFD.DLL

0xB22A8000 \SystemRoot\system32\DRIVERS\avgntflt.sys

0xB232D000 \??\C:\WINDOWS\system32\drivers\mbam.sys

0xB22D5000 \SystemRoot\system32\DRIVERS\ndisuio.sys

0xB1F9B000 \SystemRoot\system32\drivers\wdmaud.sys

0xB26CE000 \SystemRoot\system32\drivers\sysaudio.sys

0xB1CA6000 \SystemRoot\system32\DRIVERS\mrxdav.sys

0xB8604000 \SystemRoot\System32\Drivers\ParVdm.SYS

0xB1B0E000 \SystemRoot\system32\DRIVERS\srv.sys

0xB0D3F000 \SystemRoot\System32\Drivers\HTTP.sys

0xB2248000 \SystemRoot\system32\DRIVERS\ipfltdrv.sys

0xAF36A000 \SystemRoot\system32\drivers\kmixer.sys

0xAF051000 \??\C:\DOCUME~1\IBUYPO~1\LOCALS~1\Temp\aswMBR.sys

0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 33):

0 System Idle Process

4 System

372 C:\WINDOWS\system32\smss.exe

420 csrss.exe

448 C:\WINDOWS\system32\winlogon.exe

492 C:\WINDOWS\system32\services.exe

504 C:\WINDOWS\system32\lsass.exe

680 C:\WINDOWS\system32\nvsvc32.exe

708 C:\WINDOWS\system32\svchost.exe

760 svchost.exe

828 C:\WINDOWS\system32\svchost.exe

900 svchost.exe

968 svchost.exe

1156 C:\WINDOWS\system32\spoolsv.exe

1204 C:\Program Files\Avira\AntiVir Desktop\sched.exe

1416 C:\WINDOWS\explorer.exe

1448 svchost.exe

1604 C:\WINDOWS\system32\rundll32.exe

1568 C:\Program Files\Real\RealPlayer\Update\realsched.exe

1380 C:\Program Files\Common Files\Java\Java Update\jusched.exe

408 C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

1408 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

1028 C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe

1548 C:\Documents and Settings\IBUYPOWER\Bluebirds\BlueBirds.exe

1644 C:\Program Files\Avira\AntiVir Desktop\avguard.exe

1732 C:\Program Files\Java\jre6\bin\jqs.exe

1764 C:\Program Files\Common Files\LightScribe\LSSrvc.exe

1816 C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

2060 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

4064 alg.exe

2692 C:\Program Files\Mozilla Firefox\firefox.exe

2512 C:\Program Files\Mozilla Firefox\plugin-container.exe

2396 C:\Documents and Settings\IBUYPOWER\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: HitachiHDT721032SLA360, Rev: ST2OA3AA

Size Device Name MBR Status

--------------------------------------------

298 GB \\.\PhysicalDrive0 Windows XP MBR code detected

SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A

Done!

Thanks again for all your help.

Link to post
Share on other sites

  • Staff

Hi,

I notice that you are using more than one antivirus program (Avira and Microsoft). This is very dangerous, as multiple AVs can interfere with one another and actually allow MORE viruses to get through. I strongly suggest you go to Start -> Control Panel -> Add or Remove Programs and uninstall all but one antivirus program.

Grab a fresh copy of ComboFix, run it, and post its log.

Next, please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the ActiveX control to install
  4. Click Start
  5. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  6. Click Scan
    Wait for the scan to finish
  7. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  8. Copy and paste that log as a reply to this topic

Next, download my Security Check from here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Let me know how things are running now and what issues remain.

-screen317

Link to post
Share on other sites

Thanks for the reply. I removed microsoft security essentials a while ago (I think) but it still shows up when combofix runs. It doesn't show in the Add/remove section. I'm not sure what is going on there.

There are still some problems with the PC but at least I can get online and what not. Earlier today Mbam had an alert about something trying to install itself so I ran another scan and it came up with 5 infections. Also it keeps turning off the firewall and automatic updates feature. I can turn the firewall back on but it won't let me turn on the automatic updates. I tried going to control panel and the auto updates but it doesn't work. The Eset scanner found a couple of things so who knows. Anyway thanks again for your help.

Here is the combo fix log.

ComboFix 11-12-30.02 - IBUYPOWER 12/30/2011 22:38:01.14.2 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1430 [GMT -11:00]

Running from: c:\documents and settings\IBUYPOWER\Desktop\ComboFix.exe

AV: Avira Desktop *Disabled/Updated* {C19476D9-52BC-4E93-8AF3-CCF59F7AE8FE}

AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

.

.

((((((((((((((((((((((((( Files Created from 2011-11-28 to 2011-12-31 )))))))))))))))))))))))))))))))

.

.

2011-12-19 00:58 . 2011-12-19 00:58 388096 ----a-r- c:\documents and settings\IBUYPOWER\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2011-12-19 00:58 . 2011-12-19 00:58 -------- d-----w- c:\program files\Trend Micro

2011-12-16 05:36 . 2011-07-15 13:29 456320 -c--a-w- c:\windows\system32\dllcache\mrxsmb.sys

2011-12-16 05:36 . 2011-07-15 13:29 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-12-14 05:11 . 2011-12-14 05:11 -------- d-----w- c:\documents and settings\IBUYPOWER\Application Data\Avira

2011-12-14 05:11 . 2011-12-14 09:12 134856 ----a-w- c:\windows\system32\drivers\avipbb.sys

2011-12-14 05:11 . 2011-12-14 05:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira

2011-12-14 05:11 . 2011-12-14 05:11 -------- d-----w- c:\program files\Avira

2011-12-14 05:11 . 2011-10-12 02:06 74640 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2011-12-14 05:11 . 2011-10-12 02:06 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys

2011-12-14 03:34 . 2008-04-14 12:00 64512 -c--a-w- c:\windows\system32\dllcache\serial.sys

2011-12-14 03:34 . 2008-04-14 12:00 64512 ----a-w- c:\windows\system32\drivers\serial.sys

2011-12-13 06:20 . 2011-12-29 06:01 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-12-13 06:20 . 2011-12-11 02:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-12-13 06:05 . 2008-04-14 11:10 62976 -c--a-w- c:\windows\system32\dllcache\cdrom.sys

2011-12-13 06:05 . 2008-04-14 11:10 62976 ----a-w- c:\windows\system32\drivers\cdrom.sys

2011-12-13 05:29 . 2011-12-13 05:29 -------- d-----w- c:\windows\system32\wbem\Repository

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-12-03 20:23 . 2011-07-22 00:08 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-11-23 13:25 . 2008-04-14 12:00 1859584 ----a-w- c:\windows\system32\win32k.sys

2011-11-12 22:01 . 2008-04-14 12:00 138496 ----a-w- c:\windows\system32\drivers\afd.sys

2011-11-08 03:45 . 2011-11-08 03:45 56200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{FE2C836D-6B25-4643-BCC7-B8846728E6BF}\offreg.dll

2011-11-04 19:20 . 2008-04-14 12:00 916992 ----a-w- c:\windows\system32\wininet.dll

2011-11-04 19:20 . 2008-04-14 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll

2011-11-04 19:20 . 2008-04-14 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl

2011-11-04 11:23 . 2008-04-14 12:00 385024 ----a-w- c:\windows\system32\html.iec

2011-11-01 16:07 . 2008-04-14 12:00 1288704 ----a-w- c:\windows\system32\ole32.dll

2011-10-28 05:31 . 2008-04-14 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll

2011-10-25 13:37 . 2008-04-14 12:00 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe

2011-10-25 12:52 . 2008-04-14 00:01 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe

2011-10-18 11:13 . 2008-04-14 12:00 186880 ----a-w- c:\windows\system32\encdec.dll

2011-10-10 14:22 . 2009-07-27 18:20 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-10-07 03:48 . 2011-11-06 20:01 6668624 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{FE2C836D-6B25-4643-BCC7-B8846728E6BF}\mpengine.dll

2011-10-07 03:48 . 2010-01-01 00:51 6668624 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll

2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll

.

.

((((((((((((((((((((((((((((( SnapShot_2011-12-16_05.50.22 )))))))))))))))))))))))))))))))))))))))))

.

+ 2011-12-31 06:23 . 2011-12-31 06:23 16384 c:\windows\temp\Perflib_Perfdata_3a4.dat

+ 2008-04-14 12:00 . 2011-12-31 06:27 68796 c:\windows\system32\perfc009.dat

- 2008-04-14 12:00 . 2011-12-16 05:53 68796 c:\windows\system32\perfc009.dat

+ 2011-12-17 22:51 . 2011-12-17 22:51 19968 c:\windows\Installer\8ef20.msi

+ 2008-04-14 12:00 . 2011-12-31 06:27 436026 c:\windows\system32\perfh009.dat

- 2008-04-14 12:00 . 2011-12-16 05:53 436026 c:\windows\system32\perfh009.dat

+ 2011-01-14 18:10 . 2011-01-14 18:10 155520 c:\windows\Installer\$PatchCache$\Managed\00004109500200000000000000F01FEC\14.0.5130\GKWORD6.DLL

+ 2011-01-14 18:10 . 2011-01-14 18:10 140160 c:\windows\Installer\$PatchCache$\Managed\00004109500200000000000000F01FEC\14.0.5130\GKEXCEL2.DLL

+ 2009-09-11 03:31 . 2011-12-22 08:38 1590688 c:\windows\system32\Restore\rstrlog.dat

+ 2011-07-21 23:34 . 2011-07-21 23:34 3456000 c:\windows\Installer\169d917.msp

+ 2011-12-19 00:58 . 2011-12-19 00:58 1094656 c:\windows\Installer\1241bbc.msi

+ 2011-01-14 18:10 . 2011-01-14 18:10 2395008 c:\windows\Installer\$PatchCache$\Managed\00004109500200000000000000F01FEC\14.0.5130\GKWORD.DLL

+ 2011-01-14 18:10 . 2011-01-14 18:10 2180992 c:\windows\Installer\$PatchCache$\Managed\00004109500200000000000000F01FEC\14.0.5130\GKPOWERPOINT.DLL

+ 2011-01-14 18:10 . 2011-01-14 18:10 3443072 c:\windows\Installer\$PatchCache$\Managed\00004109500200000000000000F01FEC\14.0.5130\GKEXCEL.DLL

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"PopUpStopperFreeEdition"="c:\progra~1\PANICW~1\POP-UP~1\PSFree.exe" [2005-03-17 536576]

"bluebirds"="c:\documents and settings\IBUYPOWER\Bluebirds\BlueBirds.exe" [2009-04-29 270336]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"nwiz"="nwiz.exe" [2009-06-10 1657376]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-06-10 86016]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-10 13758464]

"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2011-04-03 273544]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-25 460872]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-10-12 258512]

"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-12-25 981680]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

[HKLM\~\startupfolder\C:^Documents and Settings^IBUYPOWER^Start Menu^Programs^Startup^Webshots.lnk]

path=c:\documents and settings\IBUYPOWER\Start Menu\Programs\Startup\Webshots.lnk

backup=c:\windows\pss\Webshots.lnkStartup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\bluebirds]

2009-04-29 09:02 270336 ----a-r- c:\documents and settings\IBUYPOWER\Bluebirds\BlueBirds.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CrossRiderPlugin]

2011-05-15 22:01 478720 ----a-w- c:\program files\CrossriderWebApps\Crossrider.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]

2011-08-02 07:33 4910912 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HDAudDeck]

2008-08-15 03:13 30003200 ----a-r- c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]

2009-08-20 20:25 2363392 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Power DVD Player]

2007-09-06 07:28 391168 ----a-w- c:\program files\Power DVD Player\PowerDVDPlayer.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VeohPlugin]

2009-10-06 00:14 2075384 ----a-w- c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"DisableNotifications"= 1 (0x1)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"=

"c:\\Program Files\\Vietcong\\vietcong.exe"=

"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

"c:\\Program Files\\BitTorrent\\bittorrent.exe"=

"c:\\WINDOWS\\system32\\dpnsvr.exe"=

"c:\\Documents and Settings\\IBUYPOWER\\Application Data\\Macromedia\\Flash Player\\www.macromedia.com\\bin\\octoshape\\octoshape.exe"=

"c:\\Program Files\\FrostWire\\FrostWire.exe"=

.

R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [12/13/2011 6:11 PM 36000]

R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [9/4/2011 12:47 AM 232512]

R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [12/13/2011 6:11 PM 86224]

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [12/12/2011 7:20 PM 652872]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [12/12/2011 7:20 PM 20464]

R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [7/27/2009 7:54 AM 845184]

S2 AntiVirMailService;Avira Mail Protection;c:\program files\Avira\AntiVir Desktop\avmailc.exe [12/13/2011 6:11 PM 342480]

S2 AntiVirWebService;Avira Web Protection;c:\program files\Avira\AntiVir Desktop\avwebgrd.exe [12/13/2011 6:11 PM 463824]

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

2009-08-20 20:24 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe

.

Contents of the 'Scheduled Tasks' folder

.

2011-12-31 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1935655697-796845957-682003330-1004.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-01-24 21:25]

.

2011-12-31 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1935655697-796845957-682003330-1004.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-01-24 21:25]

.

.

------- Supplementary Scan -------

.

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 167.206.254.2 167.206.254.1

FF - ProfilePath - c:\documents and settings\IBUYPOWER\Application Data\Mozilla\Firefox\Profiles\ekruw1do.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=

FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

FF - Ext: Veehd Plugin: {3DB5ABE1-407D-458F-AD5D-8D89BD625CCC} - %profile%\extensions\{3DB5ABE1-407D-458F-AD5D-8D89BD625CCC}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff

FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext

FF - Ext: Premiumplay Codec-C: crossriderapp435@crossrider.com - c:\documents and settings\All Users\Application Data\CodecCheck\firefox

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-12-30 22:43

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'explorer.exe'(3936)

c:\windows\system32\WININET.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

Completion time: 2011-12-30 22:45:39

ComboFix-quarantined-files.txt 2011-12-31 09:45

ComboFix2.txt 2011-12-28 10:22

ComboFix3.txt 2011-12-28 05:44

ComboFix4.txt 2011-12-23 03:35

ComboFix5.txt 2011-12-31 09:37

.

Pre-Run: 210,630,881,280 bytes free

Post-Run: 210,722,750,464 bytes free

.

- - End Of File - - 23358E8D3BA975100B31D8B1BCA8E12F

And the Eset Log

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

# version=7

# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=7dcaf0cbe82cc94694ebb6bd1d0ad20f

# end=finished

# remove_checked=true

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2011-12-31 10:56:27

# local_time=2011-12-30 11:56:27 (-1100, UTC-11)

# country="United States"

# lang=9

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=512 16777215 100 0 147269 147269 0 0

# compatibility_mode=1024 16777215 100 0 67627393 67627393 0 0

# compatibility_mode=1792 16777175 100 0 564117 564117 0 0

# compatibility_mode=5891 16776534 42 75 3679669 6444291 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=95233

# found=3

# cleaned=3

# scan_time=3809

C:\Documents and Settings\IBUYPOWER\My Documents\Downloads\SoftonicDownloader9686(2).exe a variant of Win32/SoftonicDownloader.A application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\IBUYPOWER\My Documents\Downloads\SoftonicDownloader9686.exe a variant of Win32/SoftonicDownloader.A application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\IBUYPOWER\My Documents\My Videos\Veoh\VeohWebPlayerSetup_eng.exe a variant of Win32/Toolbar.Zugo application (deleted - quarantined) 00000000000000000000000000000000 C

And the Security Check.

Results of screen317's Security Check version 0.99.30

Windows XP Service Pack 3 x86

Internet Explorer 8

``````````````````````````````

Antivirus/Firewall Check:

Windows Firewall Enabled!

Avira Antivirus Premium 2012

ESET Online Scanner v3

Avira successfully updated!

```````````````````````````````

Anti-malware/Other Utilities Check:

Java 6 Update 26

Java version out of date!

Adobe Flash Player 11.1.102.55

Adobe Reader 9 Adobe Reader out of date!

Mozilla Firefox (3.6.25) Firefox out of Date!

````````````````````````````````

Process Check:

objlist.exe by Laurent

Malwarebytes' Anti-Malware mbamservice.exe

Malwarebytes' Anti-Malware mbamgui.exe

Avira Antivir avgnt.exe

Avira Antivir avguard.exe

``````````End of Log````````````

Link to post
Share on other sites

  • Staff

Hi,

Use the Microsoft "Fix it" tool here to remove the remnants:

http://support.microsoft.com/kb/2435760

Reboot.

Run DDS again; post DDS.txt and attach.txt in your reply.

Also, in update Firefox; the latest version is version 9.

After that, navigate to Start --> Control Panel --> Add or Remove Programs, and uninstall the following programs (if present):

ESET Online Scanner v3

Java™ 6 Update 26

Adobe Reader 9

Restart your computer.

Get the latest version of Java and Adobe Reader.

Update MBAM, run a Quick Scan, and post its log.

Link to post
Share on other sites

Thanks again for replying. Things have been a lot better. There are still some problems and i keep getting warnings from MBAM about things trying to install themselves but I think I'm much better off than when I started this thread.

Hear is the DDS log

dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 167.206.254.2 167.206.254.1

TCP: Interfaces\{FC2C204E-46B6-4D62-947E-E26DC8662302} : DhcpNameServer = 167.206.254.2 167.206.254.1

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\ibuypower\application data\mozilla\firefox\profiles\ekruw1do.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=

FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/

FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll

FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordlegacyext.dll

FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll

FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\veetle\player\npvlc.dll

FF - plugin: c:\program files\veetle\plugins\npVeetle.dll

FF - plugin: c:\program files\veoh networks\veohwebplayer\npWebPlayerVideoPluginATL.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

FF - Ext: Veehd Plugin: {3DB5ABE1-407D-458F-AD5D-8D89BD625CCC} - %profile%\extensions\{3DB5ABE1-407D-458F-AD5D-8D89BD625CCC}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension

FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff

FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\Ext

FF - Ext: Premiumplay Codec-C: crossriderapp435@crossrider.com - c:\documents and settings\all users\application data\codeccheck\firefox

.

============= SERVICES / DRIVERS ===============

.

R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2011-12-13 36000]

R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2011-9-4 232512]

R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-12-13 86224]

R2 AntiVirService;Avira Realtime Protection;c:\program files\avira\antivir desktop\avguard.exe [2011-12-13 110032]

R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-12-13 74640]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-12-12 652872]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-12-12 20464]

R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2009-7-27 845184]

S1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\mpfilter.sys --> c:\windows\system32\drivers\MpFilter.sys [?]

S2 AntiVirMailService;Avira Mail Protection;c:\program files\avira\antivir desktop\avmailc.exe [2011-12-13 342480]

S2 AntiVirWebService;Avira Web Protection;c:\program files\avira\antivir desktop\avwebgrd.exe [2011-12-13 463824]

.

=============== Created Last 30 ================

.

2012-01-06 05:55:31 21394 ----a-w- C:\FixitRegBackup.reg

2011-12-31 09:49:57 -------- d-----w- c:\program files\ESET

2011-12-19 00:58:29 388096 ----a-r- c:\documents and settings\ibuypower\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe

2011-12-19 00:58:29 -------- d-----w- c:\program files\Trend Micro

2011-12-16 05:36:49 456320 -c--a-w- c:\windows\system32\dllcache\mrxsmb.sys

2011-12-16 05:36:49 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-12-14 05:11:31 -------- d-----w- c:\documents and settings\ibuypower\application data\Avira

2011-12-14 05:11:01 74640 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2011-12-14 05:11:01 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys

2011-12-14 05:11:01 -------- d-----w- c:\program files\Avira

2011-12-14 05:11:01 -------- d-----w- c:\documents and settings\all users\application data\Avira

2011-12-14 03:34:43 64512 -c--a-w- c:\windows\system32\dllcache\serial.sys

2011-12-14 03:34:43 64512 ----a-w- c:\windows\system32\drivers\serial.sys

2011-12-13 06:20:00 20464 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-12-13 06:20:00 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-12-13 06:05:22 62976 -c--a-w- c:\windows\system32\dllcache\cdrom.sys

2011-12-13 06:05:22 62976 ----a-w- c:\windows\system32\drivers\cdrom.sys

2011-12-13 05:50:39 98816 ----a-w- c:\windows\sed.exe

2011-12-13 05:50:39 518144 ----a-w- c:\windows\SWREG.exe

2011-12-13 05:50:39 256000 ----a-w- c:\windows\PEV.exe

2011-12-13 05:50:39 208896 ----a-w- c:\windows\MBR.exe

2011-12-13 05:29:38 -------- d-----w- c:\windows\system32\wbem\repository\FS

2011-12-13 05:29:38 -------- d-----w- c:\windows\system32\wbem\Repository

.

==================== Find3M ====================

.

2011-12-03 20:23:01 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-11-23 13:25:32 1859584 ----a-w- c:\windows\system32\win32k.sys

2011-11-12 22:01:38 138496 ----a-w- c:\windows\system32\drivers\afd.sys

2011-11-04 19:20:51 916992 ----a-w- c:\windows\system32\wininet.dll

2011-11-04 19:20:51 43520 ----a-w- c:\windows\system32\licmgr10.dll

2011-11-04 19:20:51 1469440 ------w- c:\windows\system32\inetcpl.cpl

2011-11-04 11:23:59 385024 ----a-w- c:\windows\system32\html.iec

2011-11-01 16:07:10 1288704 ----a-w- c:\windows\system32\ole32.dll

2011-10-28 05:31:48 33280 ----a-w- c:\windows\system32\csrsrv.dll

2011-10-25 13:37:08 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe

2011-10-25 12:52:02 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe

2011-10-18 11:13:22 186880 ----a-w- c:\windows\system32\encdec.dll

2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll

.

============= FINISH: 19:08:14.29 ===============

I'm update those programs and run the MBAM and post again later. Thanks again for your help.

Link to post
Share on other sites

I deleted and then re downloaded the programs and ran another MBAM scan. Nothing found. Here is the log.

Malwarebytes Anti-Malware 1.60.0.1800

www.malwarebytes.org

Database version: v2012.01.06.01

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

IBUYPOWER :: IBUYPOWE-18F1F5 [administrator]

Protection: Enabled

1/5/2012 8:50:32 PM

mbam-log-2012-01-05 (20-50-32).txt

Scan type: Full scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 239582

Time elapsed: 1 hour(s), 30 minute(s), 40 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Thanks again for your help.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.