Jump to content

Recommended Posts

Hey,

I joined to seek guidance on the issue rather than just cause havok myself as no two cases seem the same. I believe I have the svchost.exe trojan virus. Malwarebytes detects this but cannot remove it. Everytime I start the computer in normal Windows mode I get a BSOD that provides no real information (i.e files that are involved). This happens after logging on so I imagine the malware is being executed on startup. The computer works fine in safe mode.

I would have attached the DDS logs as requested but the computer does not seem able to run it for whatever reason. I do not know if this issue is caused by safe mode. I click to run the files and nothing happens.

Hope we can still progress though?

Thanks,

Matt

Link to post
Share on other sites

RogueKiller V7.1.0 [02/15/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows Vista (6.0.6001 Service Pack 1) 64 bits version

Started in : Safe mode

User: user [Admin rights]

Mode: Scan -- Date: 02/17/2012 23:29:14

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 4 ¤¤¤

[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND

[HJ] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

[FOLDER] plugs : c:\users\user\appdata\roaming\adobe\plugs --> FOUND

[FOLDER] shed : c:\users\user\appdata\roaming\adobe\shed --> FOUND

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : Root.MBR ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

::1 localhost

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: Hitachi HDP725050GLA360 ATA Device +++++

--- User ---

[MBR] c1a2557d09c688cbb18b5d38f0887d09

[bSP] 30f7127fef31648f1e67c25e3595878e : Windows Vista MBR Code

Partition table:

0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 476937 Mo

User = LL1 ... OK!

User = LL2 ... OK!

+++++ PhysicalDrive1: Hitachi HDP725050GLA360 ATA Device +++++

--- User ---

[MBR] 0260a46f2460d31606d991d33ef2321a

[bSP] 60fff5b915ae9cc7394e56a24a4ea000 : Windows Vista MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 476938 Mo

User = LL1 ... OK!

User != LL2 ... KO!

--- LL2 ---

[MBR] 1327b7c805a1a76b5f93ffc949a3331e

[bSP] a3fd0b436a128bff543b0e11c7519532 : PiHar MBR Code!

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 476938 Mo

Finished : << RKreport[1].txt >>

RKreport[1].txt

Link to post
Share on other sites

Please download and run TDSSKiller to your desktop as outlined below:

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

tdss_1.jpg

-------------------------

Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

tdss_2.jpg

------------------------

Click the Start Scan button.

tdss_3.jpg

-----------------------

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

tdss_4.jpg

----------------------

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

tdss_5.jpg

--------------------

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

MrC

Link to post
Share on other sites

The first time I've been able to boot normally!

23:39:40.0740 0772 TDSS rootkit removing tool 2.7.13.0 Feb 15 2012 19:33:14

23:39:40.0755 0772 ============================================================

23:39:40.0755 0772 Current date / time: 2012/02/17 23:39:40.0755

23:39:40.0755 0772 SystemInfo:

23:39:40.0755 0772

23:39:40.0755 0772 OS Version: 6.0.6001 ServicePack: 1.0

23:39:40.0755 0772 Product type: Workstation

23:39:40.0755 0772 ComputerName: MATTS-PC

23:39:40.0755 0772 UserName: user

23:39:40.0755 0772 Windows directory: C:\Windows

23:39:40.0755 0772 System windows directory: C:\Windows

23:39:40.0755 0772 Running under WOW64

23:39:40.0755 0772 Processor architecture: Intel x64

23:39:40.0755 0772 Number of processors: 4

23:39:40.0755 0772 Page size: 0x1000

23:39:40.0755 0772 Boot type: Safe boot

23:39:40.0755 0772 ============================================================

23:39:42.0175 0772 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

23:39:42.0175 0772 Drive \Device\Harddisk1\DR1 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

23:39:42.0175 0772 \Device\Harddisk0\DR0:

23:39:42.0175 0772 MBR used

23:39:42.0175 0772 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x3A384800

23:39:42.0175 0772 \Device\Harddisk1\DR1:

23:39:42.0175 0772 MBR used

23:39:42.0175 0772 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x3A385000

23:39:42.0471 0772 Initialize success

23:39:42.0471 0772 ============================================================

23:40:01.0332 1336 ============================================================

23:40:01.0332 1336 Scan started

23:40:01.0332 1336 Mode: Manual; SigCheck; TDLFS;

23:40:01.0332 1336 ============================================================

23:40:02.0081 1336 ACPI (8c99ed256a889d647935a97c543b7b85) C:\Windows\system32\drivers\acpi.sys

23:40:02.0283 1336 ACPI - ok

23:40:02.0330 1336 adfs (2f0683fd2df1d92e891caca14b45a8c1) C:\Windows\system32\drivers\adfs.sys

23:40:03.0360 1336 adfs - ok

23:40:03.0485 1336 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys

23:40:03.0500 1336 adp94xx - ok

23:40:03.0547 1336 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys

23:40:03.0563 1336 adpahci - ok

23:40:03.0594 1336 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys

23:40:03.0594 1336 adpu160m - ok

23:40:03.0625 1336 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys

23:40:03.0625 1336 adpu320 - ok

23:40:03.0734 1336 AFD (9bb97042fa331a0fb4bdd98b9280a50a) C:\Windows\system32\drivers\afd.sys

23:40:03.0984 1336 AFD - ok

23:40:04.0062 1336 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys

23:40:04.0062 1336 agp440 - ok

23:40:04.0093 1336 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys

23:40:04.0109 1336 aic78xx - ok

23:40:04.0124 1336 aliide (157d0898d4b73f075ce9fa26b482df98) C:\Windows\system32\drivers\aliide.sys

23:40:04.0140 1336 aliide - ok

23:40:04.0155 1336 amdide (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys

23:40:04.0155 1336 amdide - ok

23:40:04.0171 1336 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys

23:40:04.0296 1336 AmdK8 - ok

23:40:04.0389 1336 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys

23:40:04.0405 1336 arc - ok

23:40:04.0436 1336 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys

23:40:04.0436 1336 arcsas - ok

23:40:04.0467 1336 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys

23:40:04.0530 1336 AsyncMac - ok

23:40:04.0561 1336 atapi (1898fae8e07d97f2f6c2d5326c633fac) C:\Windows\system32\drivers\atapi.sys

23:40:04.0561 1336 atapi - ok

23:40:04.0639 1336 athr (ba7d6e34aefd6969f89ddbc5955cecd1) C:\Windows\system32\DRIVERS\athrx.sys

23:40:04.0826 1336 athr - ok

23:40:04.0920 1336 automap (203369064b1593fb15902736892ca49c) C:\Windows\system32\DRIVERS\automap.sys

23:40:04.0998 1336 automap - ok

23:40:05.0060 1336 AVerFx2hbtv64 (c132236baff0402098afe3ef7e0394e1) C:\Windows\system32\drivers\AVerFx2hbtv64.sys

23:40:05.0123 1336 AVerFx2hbtv64 - ok

23:40:05.0154 1336 BIOS (00cadb1bc2d0030f0b2a1063618b6bd7) C:\Windows\system32\drivers\BIOS64.sys

23:40:05.0169 1336 BIOS - ok

23:40:05.0263 1336 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys

23:40:05.0310 1336 blbdrive - ok

23:40:05.0435 1336 bowser (f0f035fcec3554cc1b70c5611bd87951) C:\Windows\system32\DRIVERS\bowser.sys

23:40:05.0497 1336 bowser - ok

23:40:05.0528 1336 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys

23:40:05.0622 1336 BrFiltLo - ok

23:40:05.0669 1336 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys

23:40:05.0715 1336 BrFiltUp - ok

23:40:05.0793 1336 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys

23:40:05.0887 1336 Brserid - ok

23:40:05.0918 1336 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys

23:40:05.0996 1336 BrSerWdm - ok

23:40:06.0012 1336 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys

23:40:06.0105 1336 BrUsbMdm - ok

23:40:06.0137 1336 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys

23:40:06.0215 1336 BrUsbSer - ok

23:40:06.0324 1336 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys

23:40:06.0402 1336 BTHMODEM - ok

23:40:06.0495 1336 Cardex (2bd001601496ae87f7cb86f1fcd6f1ec) C:\Windows\SysWOW64\drivers\TBPANELX64.SYS

23:40:06.0495 1336 Cardex - ok

23:40:06.0542 1336 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys

23:40:06.0589 1336 cdfs - ok

23:40:06.0683 1336 cdrom (3b2fb35363423ed60c8fbf15fc8680bd) C:\Windows\system32\DRIVERS\cdrom.sys

23:40:06.0729 1336 cdrom - ok

23:40:06.0807 1336 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\drivers\circlass.sys

23:40:06.0885 1336 circlass - ok

23:40:06.0932 1336 CLFS (caeda2572b7042b11062f327f099251d) C:\Windows\system32\CLFS.sys

23:40:06.0948 1336 CLFS - ok

23:40:06.0995 1336 cmdide (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys

23:40:06.0995 1336 cmdide - ok

23:40:07.0010 1336 Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\drivers\compbatt.sys

23:40:07.0026 1336 Compbatt - ok

23:40:07.0088 1336 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys

23:40:07.0104 1336 crcdisk - ok

23:40:07.0182 1336 DfsC (3725c43c9e90731eca651d506cc599a3) C:\Windows\system32\Drivers\dfsc.sys

23:40:07.0244 1336 DfsC - ok

23:40:07.0307 1336 disk (2dc415fc05fb8a079f896cbbacb19324) C:\Windows\system32\drivers\disk.sys

23:40:07.0307 1336 disk - ok

23:40:07.0385 1336 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys

23:40:07.0431 1336 drmkaud - ok

23:40:07.0587 1336 dtsoftbus01 (fb9bef3401ee5ecc2603311b9c64f44a) C:\Windows\system32\DRIVERS\dtsoftbus01.sys

23:40:07.0587 1336 dtsoftbus01 - ok

23:40:07.0712 1336 DXGKrnl (412964040ce920ff83aff6b5b551bf99) C:\Windows\System32\drivers\dxgkrnl.sys

23:40:07.0806 1336 DXGKrnl - ok

23:40:07.0931 1336 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys

23:40:08.0009 1336 E1G60 - ok

23:40:08.0087 1336 eamon (6a6bdaec4df4725d22731f2736880283) C:\Windows\system32\DRIVERS\eamon.sys

23:40:08.0102 1336 eamon - ok

23:40:08.0118 1336 Ecache (7343d950a34a95dcb7441642e3e6beef) C:\Windows\system32\drivers\ecache.sys

23:40:08.0118 1336 Ecache - ok

23:40:08.0165 1336 ehdrv (00bdd2b658b8f6f35a7374cdb41efd5c) C:\Windows\system32\DRIVERS\ehdrv.sys

23:40:08.0180 1336 ehdrv - ok

23:40:08.0336 1336 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys

23:40:08.0352 1336 elxstor - ok

23:40:08.0399 1336 epfwwfpr (d1449f7c44beeba971324fea295747d3) C:\Windows\system32\DRIVERS\epfwwfpr.sys

23:40:08.0399 1336 epfwwfpr - ok

23:40:08.0461 1336 ErrDev (bc3a58e938bb277e46bf4b3003b01abd) C:\Windows\system32\drivers\errdev.sys

23:40:08.0523 1336 ErrDev - ok

23:40:08.0617 1336 exfat (2a546b9a84658b0554b1ec35cd9adaf5) C:\Windows\system32\drivers\exfat.sys

23:40:08.0695 1336 exfat - ok

23:40:08.0773 1336 fastfat (fe731d345ed9eeabbc72a59b35941834) C:\Windows\system32\drivers\fastfat.sys

23:40:08.0851 1336 fastfat - ok

23:40:08.0913 1336 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys

23:40:08.0976 1336 fdc - ok

23:40:09.0054 1336 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys

23:40:09.0069 1336 FileInfo - ok

23:40:09.0179 1336 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys

23:40:09.0210 1336 Filetrace - ok

23:40:09.0288 1336 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys

23:40:09.0350 1336 flpydisk - ok

23:40:09.0350 1336 FltMgr (7dacf1a3a4219575070c6dc7c957428a) C:\Windows\system32\drivers\fltmgr.sys

23:40:09.0366 1336 FltMgr - ok

23:40:09.0444 1336 Fs_Rec (29d99e860a1ca0a03c6a733fdd0da703) C:\Windows\system32\drivers\Fs_Rec.sys

23:40:09.0491 1336 Fs_Rec - ok

23:40:09.0569 1336 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys

23:40:09.0584 1336 gagp30kx - ok

23:40:09.0631 1336 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

23:40:09.0631 1336 GEARAspiWDM - ok

23:40:09.0709 1336 hamachi (f8f0851d336c3b88dbd7232b6348e09a) C:\Windows\system32\DRIVERS\hamachi.sys

23:40:09.0725 1336 hamachi - ok

23:40:09.0849 1336 hcmon (8895d459bf7a26445acd8512cbae1679) C:\Windows\system32\drivers\hcmon.sys

23:40:09.0849 1336 hcmon - ok

23:40:09.0912 1336 HdAudAddService (df45f8142dc6df9d18c39b3effbd0409) C:\Windows\system32\drivers\HdAudio.sys

23:40:09.0990 1336 HdAudAddService - ok

23:40:10.0052 1336 HDAudBus (0c0d0f8a3ff09ecc81963d09ec6a0a84) C:\Windows\system32\DRIVERS\HDAudBus.sys

23:40:10.0115 1336 HDAudBus - ok

23:40:10.0177 1336 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys

23:40:10.0239 1336 HidBth - ok

23:40:10.0333 1336 HidIr (4e77a77e2c986e8f88f996bb3e1ad829) C:\Windows\system32\drivers\hidir.sys

23:40:10.0380 1336 HidIr - ok

23:40:10.0411 1336 HidUsb (128e2da8483fdd4dd0c7b3f9abd6f323) C:\Windows\system32\DRIVERS\hidusb.sys

23:40:10.0458 1336 HidUsb - ok

23:40:10.0536 1336 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys

23:40:10.0536 1336 HpCISSs - ok

23:40:10.0645 1336 HTTP (e690736da6c543f5d99c8fa27bea31db) C:\Windows\system32\drivers\HTTP.sys

23:40:10.0739 1336 HTTP - ok

23:40:10.0770 1336 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys

23:40:10.0770 1336 i2omp - ok

23:40:10.0785 1336 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys

23:40:10.0832 1336 i8042prt - ok

23:40:10.0895 1336 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys

23:40:10.0910 1336 iaStorV - ok

23:40:11.0019 1336 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys

23:40:11.0019 1336 iirsp - ok

23:40:11.0113 1336 IntcAzAudAddService (e28d6b50a12bfa3df0bd7c31e19599f3) C:\Windows\system32\drivers\RTKVHD64.sys

23:40:11.0144 1336 IntcAzAudAddService - ok

23:40:11.0191 1336 intelide (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys

23:40:11.0191 1336 intelide - ok

23:40:11.0300 1336 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys

23:40:11.0363 1336 intelppm - ok

23:40:11.0503 1336 IpFilterDriver (99b821f5bebd6a3cc3fe564f802ae0fd) C:\Windows\system32\DRIVERS\ipfltdrv.sys

23:40:11.0550 1336 IpFilterDriver - ok

23:40:11.0643 1336 IpInIp - ok

23:40:11.0675 1336 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys

23:40:11.0706 1336 IPMIDRV - ok

23:40:11.0768 1336 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys

23:40:11.0815 1336 IPNAT - ok

23:40:11.0862 1336 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys

23:40:11.0940 1336 IRENUM - ok

23:40:11.0971 1336 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys

23:40:11.0971 1336 isapnp - ok

23:40:12.0033 1336 iScsiPrt (49e4ccbf74783fce5d2cc1ff6480e1f4) C:\Windows\system32\DRIVERS\msiscsi.sys

23:40:12.0033 1336 iScsiPrt - ok

23:40:12.0127 1336 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys

23:40:12.0143 1336 iteatapi - ok

23:40:12.0189 1336 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys

23:40:12.0189 1336 iteraid - ok

23:40:12.0221 1336 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys

23:40:12.0236 1336 kbdclass - ok

23:40:12.0314 1336 kbdhid (bf8783a5066cfecf45095459e8010fa7) C:\Windows\system32\DRIVERS\kbdhid.sys

23:40:12.0377 1336 kbdhid - ok

23:40:12.0455 1336 KSecDD (ccdcce6224e1e207e953af826b98a9d9) C:\Windows\system32\Drivers\ksecdd.sys

23:40:12.0470 1336 KSecDD - ok

23:40:12.0501 1336 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys

23:40:12.0564 1336 ksthunk - ok

23:40:12.0704 1336 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys

23:40:12.0751 1336 lltdio - ok

23:40:12.0829 1336 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys

23:40:12.0845 1336 LSI_FC - ok

23:40:12.0876 1336 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys

23:40:12.0891 1336 LSI_SAS - ok

23:40:12.0907 1336 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys

23:40:12.0923 1336 LSI_SCSI - ok

23:40:12.0938 1336 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys

23:40:12.0985 1336 luafv - ok

23:40:13.0079 1336 lvpepf64 (3149bd8c638b89b7676862df5959e530) C:\Windows\system32\DRIVERS\lv302a64.sys

23:40:13.0094 1336 lvpepf64 - ok

23:40:13.0141 1336 LVPr2M64 (b285cb154e5dc2f52216836b883ac352) C:\Windows\system32\DRIVERS\LVPr2M64.sys

23:40:13.0141 1336 LVPr2M64 - ok

23:40:13.0157 1336 LVPr2Mon (b285cb154e5dc2f52216836b883ac352) C:\Windows\system32\DRIVERS\LVPr2M64.sys

23:40:13.0157 1336 LVPr2Mon - ok

23:40:13.0266 1336 LVRS64 (629793b929b969ea70a513ab7bc2f3a3) C:\Windows\system32\DRIVERS\lvrs64.sys

23:40:13.0297 1336 LVRS64 - ok

23:40:13.0328 1336 LVUSBS64 (f1cc5f4341df18da482531e55e0bb074) C:\Windows\system32\drivers\LVUSBS64.sys

23:40:13.0344 1336 LVUSBS64 - ok

23:40:13.0375 1336 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys

23:40:13.0375 1336 megasas - ok

23:40:13.0469 1336 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys

23:40:13.0484 1336 MegaSR - ok

23:40:13.0547 1336 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys

23:40:13.0593 1336 Modem - ok

23:40:13.0656 1336 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys

23:40:13.0671 1336 monitor - ok

23:40:13.0734 1336 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys

23:40:13.0734 1336 mouclass - ok

23:40:13.0765 1336 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys

23:40:13.0827 1336 mouhid - ok

23:40:13.0874 1336 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys

23:40:13.0890 1336 MountMgr - ok

23:40:13.0983 1336 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys

23:40:13.0999 1336 mpio - ok

23:40:14.0046 1336 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys

23:40:14.0108 1336 mpsdrv - ok

23:40:14.0186 1336 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys

23:40:14.0186 1336 Mraid35x - ok

23:40:14.0233 1336 MRxDAV (fe2706c15f8345c342820e4e4583fea0) C:\Windows\system32\drivers\mrxdav.sys

23:40:14.0311 1336 MRxDAV - ok

23:40:14.0561 1336 mrxsmb (b698eb9acc7ecd4927d99d268918f912) C:\Windows\system32\DRIVERS\mrxsmb.sys

23:40:14.0717 1336 mrxsmb - ok

23:40:14.0857 1336 mrxsmb10 (9a797e27fd28500ee13d43000c931435) C:\Windows\system32\DRIVERS\mrxsmb10.sys

23:40:14.0904 1336 mrxsmb10 - ok

23:40:14.0951 1336 mrxsmb20 (f9425d610712533107a264e2d5b2154b) C:\Windows\system32\DRIVERS\mrxsmb20.sys

23:40:14.0997 1336 mrxsmb20 - ok

23:40:15.0075 1336 msahci (1ac860612b85d8e85ee257d372e39f4d) C:\Windows\system32\drivers\msahci.sys

23:40:15.0075 1336 msahci - ok

23:40:15.0122 1336 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys

23:40:15.0138 1336 msdsm - ok

23:40:15.0216 1336 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys

23:40:15.0278 1336 Msfs - ok

23:40:15.0309 1336 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys

23:40:15.0325 1336 msisadrv - ok

23:40:15.0341 1336 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys

23:40:15.0372 1336 MSKSSRV - ok

23:40:15.0434 1336 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys

23:40:15.0497 1336 MSPCLOCK - ok

23:40:15.0559 1336 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys

23:40:15.0590 1336 MSPQM - ok

23:40:15.0668 1336 MsRPC (b8e32e6103fbba9fbb1d0c11ff0d13b5) C:\Windows\system32\drivers\MsRPC.sys

23:40:15.0668 1336 MsRPC - ok

23:40:15.0699 1336 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys

23:40:15.0699 1336 mssmbios - ok

23:40:15.0715 1336 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys

23:40:15.0809 1336 MSTEE - ok

23:40:15.0902 1336 Mup (ddf133501f68d6988a0f55dfa88637b4) C:\Windows\system32\Drivers\mup.sys

23:40:15.0918 1336 Mup - ok

23:40:16.0027 1336 NativeWifiP (73b99c98fa3a2ed1566e02d6fe1913a5) C:\Windows\system32\DRIVERS\nwifi.sys

23:40:16.0089 1336 NativeWifiP - ok

23:40:16.0121 1336 NDIS (2a2ee457af36c5c9a6808c768bd3a12b) C:\Windows\system32\drivers\ndis.sys

23:40:16.0136 1336 NDIS - ok

23:40:16.0167 1336 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys

23:40:16.0214 1336 NdisTapi - ok

23:40:16.0323 1336 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys

23:40:16.0355 1336 Ndisuio - ok

23:40:16.0479 1336 NdisWan (52e3e8e35101399be9b2938c992aa087) C:\Windows\system32\DRIVERS\ndiswan.sys

23:40:16.0526 1336 NdisWan - ok

23:40:16.0557 1336 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys

23:40:16.0620 1336 NDProxy - ok

23:40:16.0667 1336 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys

23:40:16.0713 1336 NetBIOS - ok

23:40:16.0807 1336 netbt (7a29ca243a629230799754162d80120f) C:\Windows\system32\DRIVERS\netbt.sys

23:40:16.0869 1336 netbt - ok

23:40:16.0947 1336 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys

23:40:16.0947 1336 nfrd960 - ok

23:40:16.0994 1336 Npfs (b06154e2a2c91e9be5599fca53bc4cd0) C:\Windows\system32\drivers\Npfs.sys

23:40:17.0025 1336 Npfs - ok

23:40:17.0057 1336 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys

23:40:17.0103 1336 nsiproxy - ok

23:40:17.0244 1336 Ntfs (fe86ba5ac3b50e2ca911e9c60c07b638) C:\Windows\system32\drivers\Ntfs.sys

23:40:17.0291 1336 Ntfs - ok

23:40:17.0353 1336 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys

23:40:17.0415 1336 Null - ok

23:40:17.0525 1336 NVENETFD (99ed33f7fe39026a477893d92aea5ef0) C:\Windows\system32\DRIVERS\nvmfdx64.sys

23:40:17.0571 1336 NVENETFD - ok

23:40:17.0930 1336 nvlddmkm (920d4925cd55c988723a0c88b9897cce) C:\Windows\system32\DRIVERS\nvlddmkm.sys

23:40:18.0258 1336 nvlddmkm - ok

23:40:18.0383 1336 NvnUsbAudio (4cb891301e4339f8652a0ed6b1b50ef7) C:\Windows\system32\DRIVERS\nvnusbaudio.sys

23:40:18.0383 1336 NvnUsbAudio - ok

23:40:18.0445 1336 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys

23:40:18.0461 1336 nvraid - ok

23:40:18.0476 1336 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys

23:40:18.0492 1336 nvstor - ok

23:40:18.0507 1336 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys

23:40:18.0523 1336 nv_agp - ok

23:40:18.0523 1336 NwlnkFlt - ok

23:40:18.0539 1336 NwlnkFwd - ok

23:40:18.0585 1336 ohci1394 (7b58953e2f263421fdbb09a192712a85) C:\Windows\system32\drivers\ohci1394.sys

23:40:18.0632 1336 ohci1394 - ok

23:40:18.0773 1336 Parport (4c6a7fd04ddf4db88791048382e3edb1) C:\Windows\system32\DRIVERS\parport.sys

23:40:18.0819 1336 Parport - ok

23:40:18.0897 1336 partmgr (5ab40c36894f4c06bdab0c9a2fba282d) C:\Windows\system32\drivers\partmgr.sys

23:40:18.0897 1336 partmgr - ok

23:40:18.0960 1336 pci (2a5b2a51559066ea84742909b5b2cd69) C:\Windows\system32\drivers\pci.sys

23:40:18.0975 1336 pci - ok

23:40:18.0991 1336 pciide (8d618c829034479985a9ed56106cc732) C:\Windows\system32\drivers\pciide.sys

23:40:18.0991 1336 pciide - ok

23:40:19.0022 1336 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys

23:40:19.0038 1336 pcmcia - ok

23:40:19.0131 1336 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys

23:40:19.0241 1336 PEAUTH - ok

23:40:19.0381 1336 PID_PEPI (1ac686da6f4eeaf70d7719d672badbe8) C:\Windows\system32\DRIVERS\LV302V64.SYS

23:40:19.0443 1336 PID_PEPI - ok

23:40:19.0599 1336 PptpMiniport (f5739f2c6db2534c384ad5150808e8f5) C:\Windows\system32\DRIVERS\raspptp.sys

23:40:19.0646 1336 PptpMiniport - ok

23:40:19.0677 1336 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\drivers\processr.sys

23:40:19.0693 1336 Processor - ok

23:40:19.0787 1336 PSched (0e0e205a296095fe4c631e6a4775ad6c) C:\Windows\system32\DRIVERS\pacer.sys

23:40:19.0880 1336 PSched - ok

23:40:20.0021 1336 PxHlpa64 (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys

23:40:20.0021 1336 PxHlpa64 - ok

23:40:20.0223 1336 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys

23:40:20.0255 1336 ql2300 - ok

23:40:20.0348 1336 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys

23:40:20.0348 1336 ql40xx - ok

23:40:20.0379 1336 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys

23:40:20.0379 1336 QWAVEdrv - ok

23:40:20.0442 1336 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys

23:40:20.0504 1336 RasAcd - ok

23:40:20.0535 1336 Rasl2tp (3b9085f91ef00abd15a6f36570e90e12) C:\Windows\system32\DRIVERS\rasl2tp.sys

23:40:20.0567 1336 Rasl2tp - ok

23:40:20.0613 1336 RasPppoe (2ce1703c27196094fb6e4c6e439f2c21) C:\Windows\system32\DRIVERS\raspppoe.sys

23:40:20.0629 1336 RasPppoe - ok

23:40:20.0660 1336 RasSstp (fcd04fa67e8b40fa0ad361dd38593942) C:\Windows\system32\DRIVERS\rassstp.sys

23:40:20.0723 1336 RasSstp - ok

23:40:20.0754 1336 rdbss (33fa5b6136d92ee0f53f021c79091300) C:\Windows\system32\DRIVERS\rdbss.sys

23:40:20.0832 1336 rdbss - ok

23:40:20.0863 1336 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys

23:40:20.0894 1336 RDPCDD - ok

23:40:20.0988 1336 rdpdr (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys

23:40:21.0050 1336 rdpdr - ok

23:40:21.0128 1336 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys

23:40:21.0159 1336 RDPENCDD - ok

23:40:21.0222 1336 RDPWD (7747082f672aa2846235c9cea42e2e72) C:\Windows\system32\drivers\RDPWD.sys

23:40:21.0269 1336 RDPWD - ok

23:40:21.0331 1336 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys

23:40:21.0362 1336 rspndr - ok

23:40:21.0471 1336 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys

23:40:21.0471 1336 sbp2port - ok

23:40:21.0627 1336 SBRE (7e07d2a5b910c71d6474e9aa0eaa1825) C:\Windows\system32\drivers\SBREdrv.sys

23:40:21.0627 1336 SBRE - ok

23:40:21.0690 1336 SCDEmu (7fb7a7448d6d3609724c3e5bd7a90f8e) C:\Windows\system32\drivers\SCDEmu.sys

23:40:21.0705 1336 SCDEmu - ok

23:40:21.0752 1336 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

23:40:21.0830 1336 secdrv - ok

23:40:21.0893 1336 Serenum (2449316316411d65bd2c761a6ffb2ce2) C:\Windows\system32\DRIVERS\serenum.sys

23:40:21.0986 1336 Serenum - ok

23:40:22.0064 1336 Serial (4b438170be2fc8e0bd35ee87a960f84f) C:\Windows\system32\DRIVERS\serial.sys

23:40:22.0111 1336 Serial - ok

23:40:22.0189 1336 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys

23:40:22.0251 1336 sermouse - ok

23:40:22.0329 1336 sffdisk (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\drivers\sffdisk.sys

23:40:22.0376 1336 sffdisk - ok

23:40:22.0407 1336 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys

23:40:22.0470 1336 sffp_mmc - ok

23:40:22.0532 1336 sffp_sd (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\drivers\sffp_sd.sys

23:40:22.0563 1336 sffp_sd - ok

23:40:22.0641 1336 sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys

23:40:22.0719 1336 sfloppy - ok

23:40:22.0813 1336 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys

23:40:22.0813 1336 SiSRaid2 - ok

23:40:22.0891 1336 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys

23:40:22.0907 1336 SiSRaid4 - ok

23:40:23.0063 1336 Smb (41eb2e8e005feedcafce301983eff932) C:\Windows\system32\DRIVERS\smb.sys

23:40:23.0094 1336 Smb - ok

23:40:23.0156 1336 spldr (f9cb0672162f7f04248e2b82c1ff4617) C:\Windows\system32\drivers\spldr.sys

23:40:23.0172 1336 spldr - ok

23:40:23.0250 1336 sptd (88e5162e58c8919cc873f5d8946197cf) C:\Windows\system32\Drivers\sptd.sys

23:40:23.0250 1336 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 88e5162e58c8919cc873f5d8946197cf

23:40:23.0281 1336 sptd ( LockedFile.Multi.Generic ) - warning

23:40:23.0281 1336 sptd - detected LockedFile.Multi.Generic (1)

23:40:23.0359 1336 srv (a8abd7d0d907b45cf3831f4dd8644349) C:\Windows\system32\DRIVERS\srv.sys

23:40:23.0453 1336 srv - ok

23:40:23.0531 1336 srv2 (6c72eea39e1c37b436a6d1532999f9ec) C:\Windows\system32\DRIVERS\srv2.sys

23:40:23.0609 1336 srv2 - ok

23:40:23.0640 1336 srvnet (7f69bcf9e6fa3d93c82ee6b87812666d) C:\Windows\system32\DRIVERS\srvnet.sys

23:40:23.0671 1336 srvnet - ok

23:40:23.0843 1336 StillCam (14b4db4381e4a55f570d8bb699b791d6) C:\Windows\system32\DRIVERS\serscan.sys

23:40:23.0889 1336 StillCam - ok

23:40:23.0952 1336 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys

23:40:23.0952 1336 swenum - ok

23:40:24.0186 1336 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys

23:40:24.0186 1336 Symc8xx - ok

23:40:24.0607 1336 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys

23:40:24.0623 1336 Sym_hi - ok

23:40:24.0701 1336 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys

23:40:24.0716 1336 Sym_u3 - ok

23:40:24.0825 1336 SynUSB64 (7c24fa401c5bbfea8553abc4db983e83) C:\Windows\system32\DRIVERS\SynUSB64.sys

23:40:24.0825 1336 SynUSB64 - ok

23:40:24.0888 1336 TBPanel - ok

23:40:24.0966 1336 Tcpip (7d86275fb640011b372fd566c0eafa8d) C:\Windows\system32\drivers\tcpip.sys

23:40:24.0997 1336 Tcpip - ok

23:40:25.0137 1336 Tcpip6 (7d86275fb640011b372fd566c0eafa8d) C:\Windows\system32\DRIVERS\tcpip.sys

23:40:25.0184 1336 Tcpip6 - ok

23:40:25.0325 1336 tcpipreg (c29d4b3b08ad0b7e8564814e4ff6a57b) C:\Windows\system32\drivers\tcpipreg.sys

23:40:25.0371 1336 tcpipreg - ok

23:40:25.0418 1336 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys

23:40:25.0449 1336 TDPIPE - ok

23:40:25.0481 1336 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys

23:40:25.0543 1336 TDTCP - ok

23:40:25.0559 1336 tdx (8c39c72e0e853de04748c0337d9b9216) C:\Windows\system32\DRIVERS\tdx.sys

23:40:25.0621 1336 tdx - ok

23:40:25.0730 1336 TermDD (3f0ebf6ee609f2a276c0d5faf244ec90) C:\Windows\system32\DRIVERS\termdd.sys

23:40:25.0730 1336 TermDD - ok

23:40:25.0995 1336 Tpkd (35513b8b4f7a93b0616bcfc606b468bb) C:\Windows\system32\drivers\Tpkd.sys

23:40:26.0011 1336 Tpkd - ok

23:40:26.0245 1336 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys

23:40:26.0292 1336 tssecsrv - ok

23:40:26.0323 1336 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys

23:40:26.0385 1336 tunmp - ok

23:40:26.0479 1336 tunnel (2dc2c423572946e9a3131425bda73cb6) C:\Windows\system32\DRIVERS\tunnel.sys

23:40:26.0541 1336 tunnel - ok

23:40:26.0651 1336 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys

23:40:26.0651 1336 uagp35 - ok

23:40:26.0775 1336 udfs (eca6629e33f122afff18a2ab7c3eb033) C:\Windows\system32\DRIVERS\udfs.sys

23:40:26.0807 1336 udfs - ok

23:40:26.0963 1336 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys

23:40:26.0963 1336 uliagpkx - ok

23:40:26.0994 1336 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys

23:40:27.0009 1336 uliahci - ok

23:40:27.0134 1336 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys

23:40:27.0150 1336 UlSata - ok

23:40:27.0212 1336 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys

23:40:27.0228 1336 ulsata2 - ok

23:40:27.0243 1336 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys

23:40:27.0306 1336 umbus - ok

23:40:27.0415 1336 UMPass (01abe05c401e70795b43a8933b44831e) C:\Windows\system32\DRIVERS\umpass.sys

23:40:27.0446 1336 UMPass - ok

23:40:27.0555 1336 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys

23:40:27.0618 1336 USBAAPL64 - ok

23:40:27.0665 1336 usbaudio (c899fb269be4740dbe2801b204cd71d4) C:\Windows\system32\drivers\usbaudio.sys

23:40:27.0696 1336 usbaudio - ok

23:40:27.0758 1336 usbccgp (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys

23:40:27.0805 1336 usbccgp - ok

23:40:27.0899 1336 usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys

23:40:27.0977 1336 usbcir - ok

23:40:28.0008 1336 usbehci (da6d8d8ed0a53c63ac6f4bd40fe83fbe) C:\Windows\system32\DRIVERS\usbehci.sys

23:40:28.0039 1336 usbehci - ok

23:40:28.0086 1336 usbhub (99045369ae3216216573d0775fd7ed56) C:\Windows\system32\DRIVERS\usbhub.sys

23:40:28.0148 1336 usbhub - ok

23:40:28.0195 1336 usbohci (540b622da0949695c40cdc9d5d497a8b) C:\Windows\system32\DRIVERS\usbohci.sys

23:40:28.0257 1336 usbohci - ok

23:40:28.0320 1336 usbprint (acfee697af477021bb3ec78c5431fed2) C:\Windows\system32\drivers\usbprint.sys

23:40:28.0367 1336 usbprint - ok

23:40:28.0413 1336 USBSTOR (586d9876a4945779c8eea926c0d16889) C:\Windows\system32\DRIVERS\USBSTOR.SYS

23:40:28.0429 1336 USBSTOR - ok

23:40:28.0491 1336 usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys

23:40:28.0538 1336 usbuhci - ok

23:40:28.0601 1336 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys

23:40:28.0663 1336 vga - ok

23:40:28.0694 1336 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys

23:40:28.0757 1336 VgaSave - ok

23:40:28.0819 1336 viaide (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys

23:40:28.0835 1336 viaide - ok

23:40:28.0881 1336 vmci (8df03c05fe2456c8ec1a026d74543a63) C:\Windows\system32\drivers\vmci.sys

23:40:28.0881 1336 vmci - ok

23:40:28.0975 1336 vmkbd (a3ca226c5a3e026649102ad6e7bd3784) C:\Windows\system32\drivers\VMkbd.sys

23:40:28.0975 1336 vmkbd - ok

23:40:29.0022 1336 VMnetAdapter (3c37a81c995aee1802c9d8dd9ea0e835) C:\Windows\system32\DRIVERS\vmnetadapter.sys

23:40:29.0037 1336 VMnetAdapter - ok

23:40:29.0069 1336 VMnetBridge (d3b25ed3a6796fe3078475d8cfcd6024) C:\Windows\system32\DRIVERS\vmnetbridge.sys

23:40:29.0069 1336 VMnetBridge - ok

23:40:29.0100 1336 VMnetuserif (ed4444485be1da3cb769041c624f500b) C:\Windows\system32\drivers\vmnetuserif.sys

23:40:29.0100 1336 VMnetuserif - ok

23:40:29.0131 1336 VMparport (4559964caa0709f28305c1bcbdd66984) C:\Windows\system32\drivers\VMparport.sys

23:40:29.0131 1336 VMparport - ok

23:40:29.0162 1336 vmx86 (8ff09da54eb03dba277a550055f1356c) C:\Windows\system32\drivers\vmx86.sys

23:40:29.0162 1336 vmx86 - ok

23:40:29.0240 1336 volmgr (793d9b32a1c462c91f6f70358283ac97) C:\Windows\system32\drivers\volmgr.sys

23:40:29.0240 1336 volmgr - ok

23:40:29.0334 1336 volmgrx (5aa217da5dc4ff5b9ac9ab86563b3223) C:\Windows\system32\drivers\volmgrx.sys

23:40:29.0349 1336 volmgrx - ok

23:40:29.0396 1336 volsnap (de4307412d98050239026e56a7dff3c0) C:\Windows\system32\drivers\volsnap.sys

23:40:29.0412 1336 volsnap - ok

23:40:29.0505 1336 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys

23:40:29.0521 1336 vsmraid - ok

23:40:29.0661 1336 vstor2-ws60 (bb0cebbcb75f1a2d790f9235edfe5052) C:\Program Files (x86)\VMware\VMware Workstation\vstor2-ws60.sys

23:40:29.0677 1336 vstor2-ws60 - ok

23:40:29.0802 1336 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys

23:40:29.0849 1336 WacomPen - ok

23:40:29.0880 1336 Wanarp (aea75207e443c8623c36b8d03596f84f) C:\Windows\system32\DRIVERS\wanarp.sys

23:40:29.0927 1336 Wanarp - ok

23:40:29.0927 1336 Wanarpv6 (aea75207e443c8623c36b8d03596f84f) C:\Windows\system32\DRIVERS\wanarp.sys

23:40:29.0958 1336 Wanarpv6 - ok

23:40:29.0973 1336 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys

23:40:29.0989 1336 Wd - ok

23:40:30.0020 1336 Wdf01000 (d02e7e4567da1e7582fbf6a91144b0df) C:\Windows\system32\drivers\Wdf01000.sys

23:40:30.0051 1336 Wdf01000 - ok

23:40:30.0239 1336 WmBEnum (680a7846370000d20d7e74917d5b7936) C:\Windows\system32\drivers\WmBEnum.sys

23:40:30.0254 1336 WmBEnum - ok

23:40:30.0317 1336 WmFilter (14c35ba8189c6f65d839163aa285e954) C:\Windows\system32\drivers\WmFilter.sys

23:40:30.0332 1336 WmFilter - ok

23:40:30.0348 1336 WmHidLo (ac4331af118a720f13c9c5cabbfe27bd) C:\Windows\system32\drivers\WmHidLo.sys

23:40:30.0348 1336 WmHidLo - ok

23:40:30.0379 1336 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\drivers\wmiacpi.sys

23:40:30.0426 1336 WmiAcpi - ok

23:40:30.0473 1336 WmVirHid (8488dd91a3ee54a8e29f02ad7bb8201e) C:\Windows\system32\drivers\WmVirHid.sys

23:40:30.0473 1336 WmVirHid - ok

23:40:30.0504 1336 WmXlCore (14802b3a30aa849c97cb968ccc813bf3) C:\Windows\system32\drivers\WmXlCore.sys

23:40:30.0504 1336 WmXlCore - ok

23:40:30.0566 1336 WpdUsb (6329d1990db931073b86ab5946d8e317) C:\Windows\system32\DRIVERS\wpdusb.sys

23:40:30.0613 1336 WpdUsb - ok

23:40:30.0691 1336 WPRO_40_1340 - ok

23:40:30.0722 1336 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys

23:40:30.0785 1336 ws2ifsl - ok

23:40:30.0831 1336 WSDPrintDevice (de5f5212ab34221dd1618b5fefe8db6c) C:\Windows\system32\DRIVERS\WSDPrint.sys

23:40:30.0878 1336 WSDPrintDevice - ok

23:40:30.0972 1336 WSDScan (e8b0a94c055e07f42f339b4a7c467954) C:\Windows\system32\DRIVERS\WSDScan.sys

23:40:31.0003 1336 WSDScan - ok

23:40:31.0034 1336 WUDFRd (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys

23:40:31.0081 1336 WUDFRd - ok

23:40:31.0190 1336 xnacc (da1c23f65ef1894ab5b6ff79d81f544a) C:\Windows\system32\DRIVERS\xnacc.sys

23:40:31.0284 1336 xnacc - ok

23:40:31.0331 1336 xusb21 (47aea795c67b7440e60d1f7542cb3d38) C:\Windows\system32\DRIVERS\xusb21.sys

23:40:31.0362 1336 xusb21 - ok

23:40:31.0362 1336 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0

23:40:31.0409 1336 \Device\Harddisk0\DR0 - ok

23:40:31.0455 1336 MBR (0x1B8) (4bf077b4df3f4f5483a79d4ce511c7f3) \Device\Harddisk1\DR1

23:40:31.0487 1336 \Device\Harddisk1\DR1 ( Rootkit.Boot.Pihar.b ) - infected

23:40:31.0487 1336 \Device\Harddisk1\DR1 - detected Rootkit.Boot.Pihar.b (0)

23:40:31.0502 1336 \Device\Harddisk1\DR1 ( TDSS File System ) - warning

23:40:31.0502 1336 \Device\Harddisk1\DR1 - detected TDSS File System (1)

23:40:31.0502 1336 Boot (0x1200) (5374b772c187de368d0e8b13a5a3f483) \Device\Harddisk0\DR0\Partition0

23:40:31.0518 1336 \Device\Harddisk0\DR0\Partition0 - ok

23:40:31.0549 1336 Boot (0x1200) (31a5e299aac2486dbef939e684879ef7) \Device\Harddisk1\DR1\Partition0

23:40:31.0549 1336 \Device\Harddisk1\DR1\Partition0 - ok

23:40:31.0549 1336 ============================================================

23:40:31.0549 1336 Scan finished

23:40:31.0549 1336 ============================================================

23:40:31.0565 1408 Detected object count: 3

23:40:31.0565 1408 Actual detected object count: 3

23:41:14.0043 1408 sptd ( LockedFile.Multi.Generic ) - skipped by user

23:41:14.0043 1408 sptd ( LockedFile.Multi.Generic ) - User select action: Skip

23:41:14.0262 1408 \Device\Harddisk1\DR1\# - copied to quarantine

23:41:14.0262 1408 \Device\Harddisk1\DR1 - copied to quarantine

23:41:14.0309 1408 \Device\Harddisk1\DR1\TDLFS\ph.dll - copied to quarantine

23:41:14.0309 1408 \Device\Harddisk1\DR1\TDLFS\phx.dll - copied to quarantine

23:41:14.0309 1408 \Device\Harddisk1\DR1\TDLFS\sub.dll - copied to quarantine

23:41:14.0309 1408 \Device\Harddisk1\DR1\TDLFS\subx.dll - copied to quarantine

23:41:14.0309 1408 \Device\Harddisk1\DR1\TDLFS\phd - copied to quarantine

23:41:14.0324 1408 \Device\Harddisk1\DR1\TDLFS\phdx - copied to quarantine

23:41:14.0324 1408 \Device\Harddisk1\DR1\TDLFS\phs - copied to quarantine

23:41:14.0324 1408 \Device\Harddisk1\DR1\TDLFS\phdata - copied to quarantine

23:41:14.0324 1408 \Device\Harddisk1\DR1\TDLFS\phld - copied to quarantine

23:41:14.0324 1408 \Device\Harddisk1\DR1\TDLFS\phln - copied to quarantine

23:41:14.0324 1408 \Device\Harddisk1\DR1\TDLFS\phlx - copied to quarantine

23:41:14.0324 1408 \Device\Harddisk1\DR1\TDLFS\phm - copied to quarantine

23:41:14.0371 1408 \Device\Harddisk1\DR1 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot

23:41:14.0371 1408 \Device\Harddisk1\DR1 - ok

23:41:38.0317 1408 \Device\Harddisk1\DR1 ( Rootkit.Boot.Pihar.b ) - User select action: Cure

23:41:38.0317 1408 \Device\Harddisk1\DR1 ( TDSS File System ) - skipped by user

23:41:38.0317 1408 \Device\Harddisk1\DR1 ( TDSS File System ) - User select action: Skip

23:41:42.0966 1156 Deinitialize success

Link to post
Share on other sites

Good...We're getting there...this is a nasty infection!

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingc...to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Make sure you run ComboFix from your desktop.

Please include the C:\ComboFix.txt in your next reply for further review.

MrC

Link to post
Share on other sites

Would be with the week I'm having haha!

ComboFix 12-02-17.02 - user 18/02/2012 0:14.1.4 - x64

Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.44.1033.18.4094.1501 [GMT 0:00]

Running from: c:\users\user\Desktop\ComboFix.exe

AV: ESET NOD32 Antivirus 4.0 *Disabled/Outdated* {CB0F8167-5331-BA19-698E-64816B6801A5}

SP: ESET NOD32 Antivirus 4.0 *Disabled/Outdated* {706E6083-750B-B597-533E-5FF310EF4B18}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\program files (x86)\Mozilla Firefox\components\AskHPRFF.js

c:\users\user\AppData\Local\Temp\~D8D3.tmp

c:\users\user\AppData\Local\Windows Server

c:\users\user\AppData\Local\Windows Server\server.dat

c:\users\user\AppData\Roaming\Adobe\plugs

c:\users\user\AppData\Roaming\Adobe\shed

c:\users\user\Max5_41767.exe

c:\users\user\pdfextract.exe

c:\windows\iun6002.exe

c:\windows\svchost.exe

c:\windows\SwSys1.bmp

c:\windows\SwSys2.bmp

c:\windows\system\VI30AUT.DLL

c:\windows\system32\GroupPolicy\Machine\Registry.pol

c:\windows\SysWow64\lsprst7.dll

c:\windows\SysWow64\pthreadVC.dll

c:\windows\SysWow64\ssprs.dll

c:\windows\SysWow64\tmp35F4.tmp

c:\windows\SysWow64\tmp375C.tmp

c:\windows\SysWow64\tmp4D66.tmp

c:\windows\SysWow64\tmp4FC8.tmp

c:\windows\SysWow64\tmpEA32.tmp

c:\windows\SysWow64\tmpEA62.tmp

c:\windows\SysWow64\WPRO_40_1340woem.tmp

E:\install.exe

.

.

((((((((((((((((((((((((( Files Created from 2012-01-18 to 2012-02-18 )))))))))))))))))))))))))))))))

.

.

2012-02-18 00:44 . 2012-02-18 00:44 -------- d-----w- c:\users\Mcx2\AppData\Local\temp

2012-02-18 00:44 . 2012-02-18 00:44 -------- d-----w- c:\users\Mcx1\AppData\Local\temp

2012-02-18 00:44 . 2012-02-18 00:44 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-02-17 23:41 . 2012-02-17 23:41 -------- d-----w- C:\TDSSKiller_Quarantine

2012-02-16 12:44 . 2012-02-16 12:44 -------- d-----w- c:\program files (x86)\LogMeIn Hamachi

2012-02-14 14:52 . 2010-11-09 13:56 49752 ----a-w- c:\windows\system32\drivers\SBREDrv.sys

2012-02-14 14:52 . 2010-11-09 13:56 27472 ----a-w- c:\windows\system32\sbbd.exe

2012-02-14 14:51 . 2012-02-15 07:34 -------- d-----w- C:\VIPRERESCUE

2012-02-12 00:14 . 2012-02-12 13:42 -------- d-----w- c:\users\user\AppData\Local\FontCreator

2012-02-12 00:14 . 2012-02-12 18:13 -------- d-----w- c:\users\user\AppData\Roaming\FontCreator

2012-02-09 20:52 . 2012-02-09 20:52 -------- d-----w- c:\users\user\AppData\Roaming\SumatraPDF

2012-02-09 20:52 . 2012-02-09 20:52 -------- d-----w- c:\program files (x86)\SumatraPDF

2012-02-09 15:17 . 2012-02-15 16:55 -------- d-----w- c:\users\user\AppData\Local\sysPadplugin

2012-02-05 23:47 . 2011-02-08 15:51 -------- d-----w- c:\users\user\AppData\Roaming\StreamTorrent

2012-02-05 23:40 . 2012-02-05 23:40 -------- d-----w- C:\StreamTorrent NE 1.0

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-01-27 00:52 . 2009-10-03 12:03 279656 ------w- c:\windows\system32\MpSigStub.exe

2012-01-06 05:15 . 2012-02-18 00:17 8602168 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5AC61E5B-4F4B-4071-A138-9E429621FFC6}\mpengine.dll

2011-12-14 18:01 . 2011-12-14 18:01 784144 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll

2011-12-10 15:24 . 2010-02-21 14:30 23152 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-12-01 16:06 . 2011-08-12 20:28 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]

2008-09-29 17:24 325000 ----a-w- c:\program files (x86)\AskBarDis\bar\bin\askBar.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]

"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files (x86)\AskBarDis\bar\bin\askBar.dll" [2008-09-29 325000]

.

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]

[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"GAINWARD"="c:\program files (x86)\EXPERTool\TBPanel.exe" [2008-07-03 2177576]

"Power2GoExpress"="c:\program files (x86)\CyberLink\Power2Go\Power2GoExpress.exe" [2006-09-21 2445312]

"Steam"="c:\program files (x86)\Steam\steam.exe" [2011-08-02 1242448]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]

"Raptr"="c:\progra~2\Raptr\raptrstub.exe" [2011-12-20 53160]

"AdobeUpdater"="c:\program files (x86)\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2009-05-26 2356088]

"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]

"WebcamMaxAutoRun"="e:\webcammax\WebcamMax.exe" [2011-08-12 6046960]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"RemoteControl"="c:\program files (x86)\CyberLink\PowerDVD\PDVDServ.exe" [2007-03-14 71216]

"LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD\Language\Language.exe" [2007-01-08 52256]

"LGODDFU"="c:\program files (x86)\lg_fwupdate\fwupdate.exe" [2011-10-22 557056]

"PWRISOVM.EXE"="c:\program files (x86)\PowerISO\PWRISOVM.EXE" [2008-11-02 167936]

"vmware-tray"="c:\program files (x86)\VMware\VMware Workstation\vmware-tray.exe" [2008-10-28 96816]

"LogitechQuickCamRibbon"="c:\program files (x86)\Logitech\QuickCam\Quickcam.exe" [2008-12-20 2656528]

"AdobeCS4ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]

"EEventManager"="c:\progra~2\EPSONS~1\EVENTM~1\EEventManager.exe" [2008-05-07 591696]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2007-05-10 624248]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]

"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2009-11-18 54576]

"MSN Toolbar"="c:\program files (x86)\MSN Toolbar\Platform\4.0.0357.1\mswinext.exe" [2009-11-16 240992]

"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-10-09 421736]

"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]

"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2009-01-05 413696]

"Malwarebytes Anti-Malware (reboot)"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbam.exe" [2012-01-13 981680]

"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-02-07 1987976]

.

c:\users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Logitech . Product Registration.lnk - c:\program files (x86)\Logitech\QuickCam\eReg.exe [2008-11-7 517384]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

GamersFirst LIVE!.lnk - c:\program files (x86)\GamersFirst\LIVE!\Live.exe [2011-8-15 2589808]

HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"midi1"=myokent.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

Contents of the 'Scheduled Tasks' folder

.

2012-02-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2790436359-4213474054-4083771430-1000Core.job

- c:\users\user\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-09 18:43]

.

2012-02-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2790436359-4213474054-4083771430-1000UA.job

- c:\users\user\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-09 18:43]

.

2012-02-18 c:\windows\Tasks\User_Feed_Synchronization-{6C3F70D3-5D08-4102-AD7F-A6C3D9898FBF}.job

- c:\windows\system32\msfeedssync.exe [2008-01-21 02:50]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="RAVCpl64.exe" [2007-12-17 5453824]

"Skytel"="Skytel.exe" [2007-11-20 1826816]

"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-02-06 2680696]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-27 16141344]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-03-27 82464]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-18 170496]

"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2010-06-14 190536]

"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.google.co.uk/

mLocal Page = %SystemRoot%\system32\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: Append to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert link target to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert link target to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert selected links to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert selected links to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Convert selection to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert selection to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xport to Microsoft Excel - c:\progra~2\MI1933~1\OFFICE11\EXCEL.EXE/3000

IE: Free YouTube Download - c:\users\user\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm

IE: Free YouTube to Mp3 Converter - c:\users\user\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm

LSP: c:\program files (x86)\VMware\VMware Workstation\vsocklib.dll

TCP: DhcpNameServer = 194.168.4.100 194.168.8.100

CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll

FF - ProfilePath - c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\34t6gnqq.default\

FF - prefs.js: browser.startup.homepage - hxxp://uk.msn.com/?ocid=iehp

FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101761&gct=&gc=1&q=

FF - prefs.js: network.proxy.ftp - 82.204.37.210

FF - prefs.js: network.proxy.ftp_port - 8080

FF - prefs.js: network.proxy.gopher - 82.204.37.210

FF - prefs.js: network.proxy.gopher_port - 8080

FF - prefs.js: network.proxy.http - 82.204.37.210

FF - prefs.js: network.proxy.http_port - 8080

FF - prefs.js: network.proxy.socks - 82.204.37.210

FF - prefs.js: network.proxy.socks_port - 8080

FF - prefs.js: network.proxy.ssl - 82.204.37.210

FF - prefs.js: network.proxy.ssl_port - 8080

FF - prefs.js: network.proxy.type - 0

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

FF - Ext: Adobe DLM (powered by getPlus®): {E2883E8F-472F-4fb0-9522-AC9BF37916A7} - %profile%\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}

FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

FF - Ext: Free YouTube Download (Free Studio) Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - %profile%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}

FF - Ext: 20-20 3D Viewer - IKEA: 2020Player_IKEA@2020Technologies.com - %profile%\extensions\2020Player_IKEA@2020Technologies.com

FF - Ext: Battlefield Play4Free: battlefieldplay4free@ea.com - %profile%\extensions\battlefieldplay4free@ea.com

FF - Ext: ActiveGS: activegs@freetoolsassociation.com - %profile%\extensions\activegs@freetoolsassociation.com

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

.

- - - - ORPHANS REMOVED - - - -

.

WebBrowser-{3041D03E-FD4B-44E0-B742-2D9B88305F98} - (no file)

HKLM-Run-Windows Defender - c:\program files (x86)\Windows Defender\MSASCui.exe

AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe

AddRemove-ATR_72500 - c:\windows\iun6002.exe

AddRemove-DAEMON Tools Toolbar - c:\program files (x86)\DAEMON Tools Toolbar\uninst.exe

AddRemove-Driving Simulator 2009_is1 - c:\program files (x86)\Driving Simulator 2009\unins000.exe

AddRemove-Fraps - c:\fraps\uninstall.exe

AddRemove-Lennar Digital Sylenth VSTi v1.2.1 - c:\progra~2\VSTPLU~1\Sylenth1\UNINST~1\UNWISE.EXE

AddRemove-rFactor - e:\rfactor\F1RS2011v2-uninstall.exe

AddRemove-{0886900B-B2F3-452C-B580-60F1253F7F80} - c:\programdata\{0CC51CB2-911C-40BB-BC1B-BD3CAC590222}\Controller Editor Setup.exe

AddRemove-{C7FAFC98-5ECC-40FC-B440-A5D5FE3A6A6E} - c:\programdata\{D69A48BF-7653-4AA8-94BC-5847522A4573}\Guitar Rig 4 Setup PC.exe

.

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\MySQL]

"ImagePath"="\"c:\program files\MySQL\MySQL Server 5.5\bin\mysqld\" --defaults-file=\"c:\program files\MySQL\MySQL Server 5.5\my.ini\" MySQL"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-2790436359-4213474054-4083771430-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{F5B4D387-C6E0-1391-25D2-54B2C95B9128}*]

"iampoibddcbgofgpah"=hex:6b,61,64,63,6a,6f,63,65,64,66,64,64,65,64,66,6b,62,70,

65,66,65,62,00,00

"hagpefgajilpmpei"=hex:6b,61,64,63,6a,6f,63,65,64,66,64,64,65,64,66,6b,62,70,

65,66,65,62,00,00

"iaabodifofgalbmpgh"=hex:63,61,70,63,61,6f,00,7e

.

[HKEY_USERS\S-1-5-21-2790436359-4213474054-4083771430-1000\Software\SecuROM\License information*]

"datasecu"=hex:17,18,0d,de,ec,cf,7a,fe,64,28,56,92,dd,9a,59,b2,a8,09,9a,f8,17,

ef,f0,9f,89,5b,8d,76,1a,96,46,c0,3d,12,44,46,a1,74,c9,70,d9,33,4e,62,7e,b8,\

"rkeysecu"=hex:31,51,b9,12,86,1f,27,89,1e,9e,11,cd,8f,dc,e9,d9

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]

"Version"=hex:50,4c,13,b8,13,f1,58,3f,9f,88,51,72,18,19,69,ec,bd,70,1e,c4,f9,

13,ad,07,4d,6e,e0,5c,54,c1,98,71,d5,9a,cf,d0,9d,5e,e4,8f,0e,7d,a6,93,93,fc,\

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10v_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10v_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]

"Version"=hex:af,49,10,4e,33,a1,c2,a4,97,3f,20,2e,4a,f0,9b,77,89,03,b2,36,6f,

22,85,23,06,cd,70,19,27,07,4f,f8,ce,74,cc,95,6a,a6,8f,0a,21,64,1f,56,09,0b,\

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]

@Denied: (A 2) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]

@="Shockwave Flash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]

@Denied: (A 2) (Everyone)

@=""

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]

@="FlashBroker"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]

"Version"=hex:50,4c,13,b8,13,f1,58,3f,9f,88,51,72,18,19,69,ec,bd,70,1e,c4,f9,

13,ad,07,4d,6e,e0,5c,54,c1,98,71,d5,9a,cf,d0,9d,5e,e4,8f,0e,7d,a6,93,93,fc,\

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]

"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,

00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]

"Version"=hex:19,7e,da,59,99,6b,f6,89,e8,16,20,c5,bf,3b,6b,27,88,b9,78,e0,00,

b8,be,d1,78,1f,23,2a,60,51,df,cb,52,9e,ac,ff,a6,8b,ee,73,26,e6,52,eb,40,12,\

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe

c:\programdata\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe

c:\program files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

c:\program files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe

c:\windows\SysWOW64\PnkBstrA.exe

c:\windows\SysWOW64\PnkBstrB.exe

c:\program files (x86)\CyberLink\Shared Files\RichVideo.exe

c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

c:\windows\SysWOW64\vmnat.exe

c:\program files (x86)\VMware\VMware Workstation\vmware-authd.exe

c:\windows\SysWOW64\vmnetdhcp.exe

c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe

c:\program files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe

c:\program files (x86)\Pando Networks\Media Booster\PMB.exe

c:\program files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe

c:\program files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

c:\progra~2\Raptr\raptr.exe

c:\program files (x86)\HP\Digital Imaging\bin\hpqbam08.exe

c:\progra~2\Raptr\raptr_im.exe

c:\program files (x86)\Common Files\Java\Java Update\jucheck.exe

c:\program files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe

.

**************************************************************************

.

Completion time: 2012-02-18 01:17:31 - machine was rebooted

ComboFix-quarantined-files.txt 2012-02-18 01:17

.

Pre-Run: 8,234,074,112 bytes free

Post-Run: 29,245,390,848 bytes free

.

- - End Of File - - 1D8DBE8A46A6D1A2E989A026FB4F1E32

Link to post
Share on other sites

Everything seems to be back to normal as far as I can tell my end. Just how nasty was this infection from the logs?

Malwarebytes Anti-Malware 1.60.1.1000

www.malwarebytes.org

Database version: v2012.02.18.01

Windows Vista Service Pack 1 x64 NTFS

Internet Explorer 7.0.6001.18000

user :: MATTS-PC [administrator]

18/02/2012 01:32:15

mbam-log-2012-02-18 (01-32-15).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 237990

Time elapsed: 7 minute(s), 11 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Link to post
Share on other sites

Well you had a....

¤¤ Infection : Root.MBR ¤¤¤ <---Mater Boot Kit infection

Rootkit.Boot.Pihar.b <---rootkit infection

-----------------------------

A little clean up to do.

Please Uninstall ComboFix:

Press the Windows logo key + R to bring up the "run box"

Copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /

cf2.jpg

Then hit enter.

This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

------------------------

Please download OTL from one of the links below:

http://oldtimer.geekstogo.com/OTL.exe

http://oldtimer.geekstogo.com/OTL.com

Save it to your desktop.

Run OTL and hit the CleanUp button. (This will cleanup the tools and logs used including itself)

Any questions...please post back.

If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.

Take a look at My Preventive Maintenance to avoid being infected again.

Good Luck and Thanks for using the forum, MrC

Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.