Jump to content

Security Protection help please


Recommended Posts

Good evening,

My laptop was infected with the Security Protection malware so I ran MBAM and SuperAntiSpyware and removed the threat. The problem is I still have the warning that MBAM is blocking attempts for svchost.exe to connect somewhere and I recently quarantined a threat. I have ComboFix already download but I have not started since I have been reading up in this forum. It seems like some people have the same problem as me but when I check their logs it is different from mine. Any help would be great.

Sorry I didn't know it was recommended to copy and paste instead of attaching. Well here is the log:

Malwarebytes' Anti-Malware 1.51.1.1800

www.malwarebytes.org

Database version: 7640

Windows 6.1.7600

Internet Explorer 8.0.7600.16385

9/2/2011 11:05:58 PM

mbam-log-2011-09-02 (23-05-58).txt

Scan type: Quick scan

Objects scanned: 195226

Time elapsed: 4 minute(s), 35 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

c:\Windows\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.

mbam-log-2011-09-02 (20-35-19).txt

Link to post
Share on other sites

Thanks for helping out Screen. I get an error when I try to update MBAM and here's what it says : "Program_Error_Updating (5,0, create file) otherwise here are the requested logs. Again thank you for your time and patience.

Malwarebytes' Anti-Malware 1.51.1.1800

www.malwarebytes.org

Database version: 7640

Windows 6.1.7600

Internet Explorer 8.0.7600.16385

9/5/2011 12:32:27 AM

mbam-log-2011-09-05 (00-32-27).txt

Scan type: Quick scan

Objects scanned: 195948

Time elapsed: 3 minute(s), 54 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

c:\Windows\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 8.0.7600.16385

Run by Vechiga Choum at 0:33:15 on 2011-09-05

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3999.2404 [GMT -7:00]

.

AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\STacSV64.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\Hpservice.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE

C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe

C:\Program Files\LSI SoftModem\agr64svc.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files (x86)\Bonjour\mDNSResponder.exe

C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

-netsvcs

C:\Windows\system32\conhost.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Apoint2K\Apoint.exe

C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe

C:\Program Files (x86)\NetZero\exec.exe

C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Program Files\Apoint2K\ApMsgFwd.exe

C:\Program Files\Apoint2K\Apntex.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\igfxsrvc.exe

C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe

C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe

C:\Program Files (x86)\Java\jre6\bin\jusched.exe

C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\NetZero\exec.exe

C:\Program Files (x86)\Yahoo!\Messenger\ymsgr_tray.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\wbem\wmiprvse.exe

c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe

c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe

C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Windows\servicing\TrustedInstaller.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uSearch Page = hxxp://my.netzero.net/s/search?r=minisearch

uSearch Bar = Preserve

uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb

uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb

mDefault_Search_URL = hxxp://my.netzero.net/s/search?r=minisearch

mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb

mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb

mSearch Page = hxxp://my.netzero.net/s/search?r=minisearch

uInternet Settings,ProxyOverride = <local>;*.local

uSearchURL,(Default) = hxxp://my.netzero.net/s/search?r=minisearch

mSearchAssistant = hxxp://my.netzero.net/s/search?r=minisearch

uURLSearchHooks: H - No File

mWinlogon: Userinit=userinit.exe,

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: {99E00A4C-D35E-11DD-BA95-9B6A56D89593} - No File

BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll

TB: ZeroBar: {f0f8ecbe-d460-4b34-b007-56a92e8f84a7} - C:\Program Files (x86)\NetZero\Toolbar.dll

TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File

EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll

uRun: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW

uRun: [NetZero_uoltray] C:\Program Files (x86)\NetZero\exec.exe regrun

uRun: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet

uRun: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

mRun: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start

mRun: [updatePRCShortCut] "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover"

mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe

mRun: [<NO NAME>]

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"

mRun: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRun: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

uPolicies-system: WallpaperStyle = 2

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

dPolicies-system: WallpaperStyle = 2

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} - hxxps://h20364.www2.hp.com/CSMWeb/Customer/cabs/HPISDataManager.CAB

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

TCP: DhcpNameServer = 192.168.1.254

TCP: Interfaces\{3328F617-8543-49C2-817E-3AD531D39B3F} : DhcpNameServer = 192.168.1.254

TCP: Interfaces\{3328F617-8543-49C2-817E-3AD531D39B3F}\2375942554130333 : DhcpNameServer = 192.168.1.254

TCP: Interfaces\{3328F617-8543-49C2-817E-3AD531D39B3F}\34B4 : DhcpNameServer = 68.87.76.182 68.87.78.134

TCP: Interfaces\{3328F617-8543-49C2-817E-3AD531D39B3F}\34F666665656245616E675966496 : DhcpNameServer = 192.168.180.1

TCP: Interfaces\{3328F617-8543-49C2-817E-3AD531D39B3F}\9447021696E6470266275656025702B6E6F612 : DhcpNameServer = 68.87.76.182 68.87.78.134

TCP: Interfaces\{3328F617-8543-49C2-817E-3AD531D39B3F}\A716E6461676561627 : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{3328F617-8543-49C2-817E-3AD531D39B3F}\B69636B65627 : DhcpNameServer = 192.168.0.1

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"

BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO-X64: 0x1 - No File

BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

BHO-X64: HP Print Enhancer - No File

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: {99E00A4C-D35E-11DD-BA95-9B6A56D89593} - No File

BHO-X64: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

BHO-X64: HP Smart BHO Class - No File

TB-X64: Microsoft Live Search Toolbar: {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll

TB-X64: ZeroBar: {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - C:\Program Files (x86)\NetZero\Toolbar.dll

TB-X64: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File

EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File

mRun-x64: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start

mRun-x64: [updatePRCShortCut] "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover"

mRun-x64: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe

mRun-x64: [(Default)]

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"

mRun-x64: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRun-x64: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Vechiga Choum\AppData\Roaming\Mozilla\Firefox\Profiles\sj2mpdhm.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - prefs.js: network.proxy.type - 0

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\NPcol400.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll

FF - plugin: C:\Users\Vechiga Choum\AppData\Local\Yahoo!\BrowserPlus\2.9.2\Plugins\npybrowserplus_2.9.2.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

.

---- FIREFOX POLICIES ----

FF - user.js: yahoo.ytff.general.dontshowhpoffer - true);user_pref(network.protocol-handler.warn-external.dnupdate, false

============= SERVICES / DRIVERS ===============

.

R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]

R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]

R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672]

R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe [2009-10-7 89600]

R2 hpsrv;HP Service;C:\Windows\system32\Hpservice.exe --> C:\Windows\system32\Hpservice.exe [?]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-9-2 366640]

R3 Com4QLBEx;Com4QLBEx;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-8-24 227896]

R3 enecir;ENE CIR Receiver;C:\Windows\system32\DRIVERS\enecir.sys --> C:\Windows\system32\DRIVERS\enecir.sys [?]

R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;C:\Windows\system32\drivers\IntcHdmi.sys --> C:\Windows\system32\drivers\IntcHdmi.sys [?]

R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]

R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]

R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETw5s64.sys --> C:\Windows\system32\DRIVERS\NETw5s64.sys [?]

R3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]

R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S3 iscFlash;iscFlash;C:\Program Files (x86)\SP45765\iscflashx64.sys [2009-6-16 25592]

S3 JMCR;JMCR;C:\Windows\system32\DRIVERS\jmcr.sys --> C:\Windows\system32\DRIVERS\jmcr.sys [?]

S3 NETw1v64;Intel® Wireless WiFi Link 1000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\NETw1v64.sys --> C:\Windows\system32\DRIVERS\NETw1v64.sys [?]

S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]

S3 rcmirror;rcmirror;C:\Windows\system32\DRIVERS\rcmirror.sys --> C:\Windows\system32\DRIVERS\rcmirror.sys [?]

S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]

S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]

S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]

.

=============== Created Last 30 ================

.

2011-09-05 07:24:29 601424 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll

2011-09-05 07:23:24 601424 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{48937254-B1A7-42B0-ACB6-937CBDAE4710}\gapaengine.dll

2011-09-05 07:23:16 8862544 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{22D9A60D-54BA-4426-91BA-698436D345F7}\mpengine.dll

2011-09-05 01:00:18 -------- d-----w- C:\ProgramData\Tarma Installer

2011-09-03 17:41:52 0 ----a-w- C:\Windows\SysWow64\0.38720974546072595.exe

2011-09-03 17:36:34 601424 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{5CE33CA2-D90C-4C7B-B669-86A3C3109CEA}\gapaengine.dll

2011-09-03 17:36:03 8862544 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{FD84EA98-7D96-4E03-AAC0-593B91228AB4}\mpengine.dll

2011-09-03 07:33:02 -------- d-s---w- C:\ComboFix

2011-09-03 03:41:31 -------- d-----w- C:\Program Files\SUPERAntiSpyware

2011-09-03 03:26:56 -------- d-----w- C:\System Recovery

2011-09-03 03:23:33 -------- d-----w- C:\Users\Vechiga Choum\AppData\Roaming\SUPERAntiSpyware.com

2011-09-03 03:23:06 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com

2011-09-03 03:18:23 41272 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys

2011-09-03 03:18:18 25912 ----a-w- C:\Windows\System32\drivers\mbam.sys

2011-09-02 21:41:58 -------- d-----w- C:\Users\Vechiga Choum\AppData\Roaming\OpenCandy

2011-09-02 21:41:58 -------- d-----w- C:\Users\Vechiga Choum\AppData\Roaming\CBS Interactive

2011-09-02 21:06:26 -------- d--h--w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2011-09-02 19:46:51 -------- d-----w- C:\ProgramData\McAfee Security Scan

2011-09-02 19:46:05 -------- d--h--w- C:\Program Files (x86)\McAfee Security Scan

2011-09-02 14:54:26 19416 ----a-w- C:\Program Files (x86)\Mozilla Firefox\xpcom.dll

2011-09-02 14:54:26 15494104 ----a-w- C:\Program Files (x86)\Mozilla Firefox\xul.dll

2011-09-02 14:54:25 269272 ----a-w- C:\Program Files (x86)\Mozilla Firefox\updater.exe

2011-09-02 14:54:25 19416 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plds4.dll

2011-09-02 14:54:25 16856 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

2011-09-02 14:54:25 166872 ----a-w- C:\Program Files (x86)\Mozilla Firefox\softokn3.dll

2011-09-02 14:54:25 142296 ----a-w- C:\Program Files (x86)\Mozilla Firefox\ssl3.dll

2011-09-02 14:54:25 109528 ----a-w- C:\Program Files (x86)\Mozilla Firefox\smime3.dll

2011-09-01 05:35:51 -------- d-----w- C:\Users\Vechiga Choum\AppData\Roaming\Malwarebytes

2011-09-01 05:35:44 -------- d-----w- C:\ProgramData\Malwarebytes

2011-09-01 04:31:59 20480 ------w- C:\Windows\svchost.exe

2011-09-01 00:49:00 -------- d-----w- C:\36e5f8919027a9f6f2f4d656224f90

2011-08-23 20:32:06 2048 ----a-w- C:\Windows\SysWow64\tzres.dll

2011-08-23 20:32:06 2048 ----a-w- C:\Windows\System32\tzres.dll

2011-08-13 03:59:30 8862544 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2011-08-12 01:54:00 -------- d--h--w- C:\Program Files (x86)\Microsoft Security Client

2011-08-12 01:53:56 -------- d--h--w- C:\Program Files\Microsoft Security Client

.

==================== Find3M ====================

.

2011-07-22 05:35:08 1638912 ----a-w- C:\Windows\System32\mshtml.tlb

2011-07-22 04:56:17 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2011-07-16 05:26:54 362496 ----a-w- C:\Windows\System32\wow64win.dll

2011-07-16 05:26:53 243200 ----a-w- C:\Windows\System32\wow64.dll

2011-07-16 05:26:53 13312 ----a-w- C:\Windows\System32\wow64cpu.dll

2011-07-16 05:26:18 214528 ----a-w- C:\Windows\System32\winsrv.dll

2011-07-16 05:24:09 16384 ----a-w- C:\Windows\System32\ntvdm64.dll

2011-07-16 05:21:32 422400 ----a-w- C:\Windows\System32\KernelBase.dll

2011-07-16 05:17:46 338432 ----a-w- C:\Windows\System32\conhost.exe

2011-07-16 04:36:09 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll

2011-07-16 04:32:14 44032 ----a-w- C:\Windows\apppatch\acwow64.dll

2011-07-16 04:31:50 25600 ----a-w- C:\Windows\SysWow64\setup16.exe

2011-07-16 04:30:29 5120 ----a-w- C:\Windows\SysWow64\wow32.dll

2011-07-16 04:30:27 272384 ----a-w- C:\Windows\SysWow64\KernelBase.dll

2011-07-16 02:26:12 7680 ----a-w- C:\Windows\SysWow64\instnm.exe

2011-07-16 02:26:11 2048 ----a-w- C:\Windows\SysWow64\user.exe

2011-07-16 02:21:47 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll

2011-07-16 02:21:47 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll

2011-07-16 02:21:47 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll

2011-07-16 02:21:47 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll

2011-07-09 02:44:55 287744 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys

2011-06-23 05:29:39 5507968 ----a-w- C:\Windows\System32\ntoskrnl.exe

2011-06-23 04:38:05 3957120 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2011-06-23 04:38:04 3902336 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2011-06-21 06:27:14 1896832 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2011-06-21 06:20:48 1197056 ----a-w- C:\Windows\System32\wininet.dll

2011-06-21 06:20:06 57856 ----a-w- C:\Windows\System32\licmgr10.dll

2011-06-21 05:36:36 981504 ----a-w- C:\Windows\SysWow64\wininet.dll

2011-06-21 05:35:05 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll

2011-06-21 05:05:13 482816 ----a-w- C:\Windows\System32\html.iec

2011-06-21 04:26:02 386048 ----a-w- C:\Windows\SysWow64\html.iec

2011-06-15 09:58:31 212992 ----a-w- C:\Windows\System32\odbctrac.dll

2011-06-15 09:58:31 163840 ----a-w- C:\Windows\System32\odbccp32.dll

2011-06-15 09:58:31 106496 ----a-w- C:\Windows\System32\odbccu32.dll

2011-06-15 09:58:31 106496 ----a-w- C:\Windows\System32\odbccr32.dll

2011-06-15 09:04:46 86016 ----a-w- C:\Windows\SysWow64\odbccu32.dll

2011-06-15 09:04:46 81920 ----a-w- C:\Windows\SysWow64\odbccr32.dll

2011-06-15 09:04:46 319488 ----a-w- C:\Windows\SysWow64\odbcjt32.dll

2011-06-15 09:04:46 163840 ----a-w- C:\Windows\SysWow64\odbctrac.dll

2011-06-15 09:04:46 122880 ----a-w- C:\Windows\SysWow64\odbccp32.dll

2011-06-11 02:56:44 3134464 ----a-w- C:\Windows\System32\win32k.sys

.

============= FINISH: 0:34:14.49 ===============

Link to post
Share on other sites

  • Staff

I'm going to need a little more patience from you..

It is labor day, and I do not work 24/7 today or any other day.

Please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

-screen317

Link to post
Share on other sites

Sorry about the impatience :P and thank you for helping out and being patient. Here are the requested logs:

ComboFix 11-09-06.03 - Vechiga Choum 09/06/2011 12:16:54.1.2 - x64

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3999.2863 [GMT -7:00]

Running from: c:\users\Vechiga Choum\Desktop\ComboFix.exe

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\programdata\Tarma Installer

c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.dat

c:\users\Public\videos\HP MediaSmart Demo.exe

c:\users\Vechiga Choum\AppData\Roaming\.#

c:\users\Vechiga Choum\AppData\Roaming\86D0.A76

c:\users\Vechiga Choum\Documents\~WRL0001.tmp

c:\users\Vechiga Choum\Documents\~WRL0002.tmp

c:\windows\svchost.exe

c:\windows\SysWow64\0.38720974546072595.exe

.

.

((((((((((((((((((((((((( Files Created from 2011-08-06 to 2011-09-06 )))))))))))))))))))))))))))))))

.

.

2011-09-06 19:22 . 2011-09-06 19:22 -------- d-----w- c:\users\Guest\AppData\Local\temp

2011-09-06 19:22 . 2011-09-06 19:22 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-09-03 03:41 . 2011-09-03 03:41 -------- d-----w- c:\program files\SUPERAntiSpyware

2011-09-03 03:26 . 2011-09-03 03:26 -------- d-----w- C:\System Recovery

2011-09-03 03:23 . 2011-09-03 03:23 -------- d-----w- c:\users\Vechiga Choum\AppData\Roaming\SUPERAntiSpyware.com

2011-09-03 03:23 . 2011-09-03 03:23 -------- d-----w- c:\programdata\SUPERAntiSpyware.com

2011-09-03 03:18 . 2011-07-07 02:52 41272 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys

2011-09-03 03:18 . 2011-07-07 02:52 25912 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-09-02 21:41 . 2011-09-03 03:57 -------- d-----w- c:\users\Vechiga Choum\AppData\Roaming\CBS Interactive

2011-09-02 21:41 . 2011-09-03 03:57 -------- d-----w- c:\users\Vechiga Choum\AppData\Roaming\OpenCandy

2011-09-02 21:06 . 2011-09-03 03:18 -------- d--h--w- c:\program files (x86)\Malwarebytes' Anti-Malware

2011-09-02 19:46 . 2011-09-02 22:02 -------- d-----w- c:\programdata\McAfee Security Scan

2011-09-02 19:46 . 2011-09-02 22:02 -------- d--h--w- c:\program files (x86)\McAfee Security Scan

2011-09-02 19:46 . 2011-09-02 19:46 -------- d-----w- c:\programdata\McAfee

2011-09-02 14:54 . 2011-09-03 19:03 19416 ----a-w- c:\program files (x86)\Mozilla Firefox\xpcom.dll

2011-09-02 14:54 . 2011-09-03 19:03 15494104 ----a-w- c:\program files (x86)\Mozilla Firefox\xul.dll

2011-09-02 14:54 . 2011-09-03 19:03 19416 ----a-w- c:\program files (x86)\Mozilla Firefox\plds4.dll

2011-09-02 14:54 . 2011-09-03 19:03 16856 ----a-w- c:\program files (x86)\Mozilla Firefox\plugin-container.exe

2011-09-02 14:54 . 2011-09-03 19:03 166872 ----a-w- c:\program files (x86)\Mozilla Firefox\softokn3.dll

2011-09-02 14:54 . 2011-09-03 19:03 142296 ----a-w- c:\program files (x86)\Mozilla Firefox\ssl3.dll

2011-09-02 14:54 . 2011-09-03 19:03 109528 ----a-w- c:\program files (x86)\Mozilla Firefox\smime3.dll

2011-09-02 14:54 . 2011-09-03 19:03 269272 ----a-w- c:\program files (x86)\Mozilla Firefox\updater.exe

2011-09-01 05:35 . 2011-09-01 05:35 -------- d-----w- c:\users\Vechiga Choum\AppData\Roaming\Malwarebytes

2011-09-01 05:35 . 2011-09-01 05:35 -------- d-----w- c:\programdata\Malwarebytes

2011-09-01 00:49 . 2011-09-01 00:49 -------- d-----w- C:\36e5f8919027a9f6f2f4d656224f90

2011-08-23 20:32 . 2011-07-09 05:14 2048 ----a-w- c:\windows\system32\tzres.dll

2011-08-23 20:32 . 2011-07-09 04:30 2048 ----a-w- c:\windows\SysWow64\tzres.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-07-16 04:32 . 2011-08-11 07:34 44032 ----a-w- c:\windows\apppatch\acwow64.dll

2011-07-06 02:56 . 2011-06-17 20:10 489672 ----a-w- c:\users\Vechiga Choum\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Catalina Marketing Corp\UninstallCouponActivator.exe

2011-06-11 02:56 . 2011-07-13 23:03 3134464 ----a-w- c:\windows\system32\win32k.sys

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"HPADVISOR"="c:\program files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2009-10-26 1668664]

"NetZero_uoltray"="c:\program files (x86)\NetZero\exec.exe" [2009-03-19 1720832]

"Messenger (Yahoo!)"="c:\progra~2\Yahoo!\Messenger\YahooMessenger.exe" [2010-06-01 5252408]

"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-08-12 5471104]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"QlbCtrl.exe"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2010-02-25 323640]

"UpdatePRCShortCut"="c:\program files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]

"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]

"SunJavaUpdateSched"="c:\program files (x86)\Java\jre6\bin\jusched.exe" [2009-10-11 149280]

"WirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2010-05-20 500792]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-30 421888]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-01-25 421160]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-07 449584]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]

"WallpaperStyle"= 2

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R3 iscFlash;iscFlash;c:\program files (x86)\SP45765\iscflashx64.sys [2009-06-16 25592]

R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [x]

R3 NETw1v64;Intel® Wireless WiFi Link 1000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\NETw1v64.sys [x]

R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]

R3 rcmirror;rcmirror;c:\windows\system32\DRIVERS\rcmirror.sys [x]

R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]

R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]

R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]

S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]

S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]

S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe [2009-03-02 89600]

S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-07-07 366640]

S3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2010-02-25 227896]

S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [x]

S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [x]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]

.

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

2010-05-19 17:36 451872 ---ha-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2009-05-15 318464]

"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2009-07-21 610872]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-01-01 165912]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-01-01 387608]

"Persistence"="c:\windows\system32\igfxpers.exe" [2010-01-01 365592]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb

mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb

mLocal Page = c:\windows\system32\blank.htm

uInternet Settings,ProxyOverride = <local>;*.local

uSearchURL,(Default) = hxxp://my.netzero.net/s/search?r=minisearch

TCP: DhcpNameServer = 192.168.1.254

FF - ProfilePath - c:\users\Vechiga Choum\AppData\Roaming\Mozilla\Firefox\Profiles\sj2mpdhm.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - prefs.js: network.proxy.type - 0

FF - user.js: yahoo.ytff.general.dontshowhpoffer - true);user_pref(network.protocol-handler.warn-external.dnupdate, false

.

- - - - ORPHANS REMOVED - - - -

.

BHO-{99E00A4C-D35E-11DD-BA95-9B6A56D89593} - (no file)

Toolbar-Locked - (no file)

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

"MSCurrentCountry"=dword:000000b5

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files (x86)\Bonjour\mDNSResponder.exe

c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe

c:\program files (x86)\CyberLink\Shared files\RichVideo.exe

c:\\.\globalroot\systemroot\svchost.exe

c:\program files (x86)\Yahoo!\Messenger\ymsgr_tray.exe

c:\program files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe

c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe

c:\program files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe

c:\\.\globalroot\systemroot\svchost.exe

c:\\.\globalroot\systemroot\svchost.exe

.

**************************************************************************

.

Completion time: 2011-09-06 12:33:53 - machine was rebooted

ComboFix-quarantined-files.txt 2011-09-06 19:33

.

Pre-Run: 236,024,332,288 bytes free

Post-Run: 235,645,616,128 bytes free

.

- - End Of File - - 482E29B9D2AE55D113856B381B1A4EB5

DDS

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 8.0.7600.16385

Run by Vechiga Choum at 12:41:10 on 2011-09-06

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3999.2656 [GMT -7:00]

.

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\STacSV64.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\Hpservice.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE

C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe

C:\Program Files\LSI SoftModem\agr64svc.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files (x86)\Bonjour\mDNSResponder.exe

C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

-netsvcs

C:\Windows\system32\conhost.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Apoint2K\Apoint.exe

C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe

C:\Windows\system32\igfxsrvc.exe

C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Apoint2K\ApMsgFwd.exe

C:\Program Files\Apoint2K\Apntex.exe

C:\Windows\system32\conhost.exe

C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe

C:\Program Files (x86)\Java\jre6\bin\jusched.exe

C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files (x86)\Yahoo!\Messenger\ymsgr_tray.exe

C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe

C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe

C:\Windows\system32\taskeng.exe

c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe

C:\Windows\system32\NOTEPAD.EXE

c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Windows\system32\sppsvc.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb

mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb

uInternet Settings,ProxyOverride = <local>;*.local

uSearchURL,(Default) = hxxp://my.netzero.net/s/search?r=minisearch

uURLSearchHooks: H - No File

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: {99E00A4C-D35E-11DD-BA95-9B6A56D89593} - No File

BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll

TB: ZeroBar: {f0f8ecbe-d460-4b34-b007-56a92e8f84a7} - C:\Program Files (x86)\NetZero\Toolbar.dll

uRun: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW

uRun: [NetZero_uoltray] C:\Program Files (x86)\NetZero\exec.exe regrun

uRun: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet

uRun: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

mRun: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start

mRun: [updatePRCShortCut] "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover"

mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"

mRun: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

dPolicies-system: WallpaperStyle = 2

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} - hxxps://h20364.www2.hp.com/CSMWeb/Customer/cabs/HPISDataManager.CAB

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

TCP: DhcpNameServer = 192.168.1.254

TCP: Interfaces\{3328F617-8543-49C2-817E-3AD531D39B3F} : DhcpNameServer = 192.168.1.254

TCP: Interfaces\{3328F617-8543-49C2-817E-3AD531D39B3F}\2375942554130333 : DhcpNameServer = 192.168.1.254

TCP: Interfaces\{3328F617-8543-49C2-817E-3AD531D39B3F}\34B4 : DhcpNameServer = 68.87.76.182 68.87.78.134

TCP: Interfaces\{3328F617-8543-49C2-817E-3AD531D39B3F}\34F666665656245616E675966496 : DhcpNameServer = 192.168.180.1

TCP: Interfaces\{3328F617-8543-49C2-817E-3AD531D39B3F}\9447021696E6470266275656025702B6E6F612 : DhcpNameServer = 68.87.76.182 68.87.78.134

TCP: Interfaces\{3328F617-8543-49C2-817E-3AD531D39B3F}\A716E6461676561627 : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{3328F617-8543-49C2-817E-3AD531D39B3F}\B69636B65627 : DhcpNameServer = 192.168.0.1

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"

BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO-X64: 0x1 - No File

BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

BHO-X64: HP Print Enhancer - No File

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: {99E00A4C-D35E-11DD-BA95-9B6A56D89593} - No File

BHO-X64: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

BHO-X64: HP Smart BHO Class - No File

TB-X64: Microsoft Live Search Toolbar: {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll

TB-X64: ZeroBar: {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - C:\Program Files (x86)\NetZero\Toolbar.dll

mRun-x64: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start

mRun-x64: [updatePRCShortCut] "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover"

mRun-x64: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"

mRun-x64: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Vechiga Choum\AppData\Roaming\Mozilla\Firefox\Profiles\sj2mpdhm.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - prefs.js: network.proxy.type - 0

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\NPcol400.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll

FF - plugin: C:\Users\Vechiga Choum\AppData\Local\Yahoo!\BrowserPlus\2.9.2\Plugins\npybrowserplus_2.9.2.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

.

---- FIREFOX POLICIES ----

FF - user.js: yahoo.ytff.general.dontshowhpoffer - true);user_pref(network.protocol-handler.warn-external.dnupdate, false

.

============= SERVICES / DRIVERS ===============

.

R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]

R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672]

R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe [2009-10-7 89600]

R2 hpsrv;HP Service;C:\Windows\system32\Hpservice.exe --> C:\Windows\system32\Hpservice.exe [?]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-9-2 366640]

R3 Com4QLBEx;Com4QLBEx;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-8-24 227896]

R3 enecir;ENE CIR Receiver;C:\Windows\system32\DRIVERS\enecir.sys --> C:\Windows\system32\DRIVERS\enecir.sys [?]

R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;C:\Windows\system32\drivers\IntcHdmi.sys --> C:\Windows\system32\drivers\IntcHdmi.sys [?]

R3 JMCR;JMCR;C:\Windows\system32\DRIVERS\jmcr.sys --> C:\Windows\system32\DRIVERS\jmcr.sys [?]

R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]

R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETw5s64.sys --> C:\Windows\system32\DRIVERS\NETw5s64.sys [?]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S3 iscFlash;iscFlash;C:\Program Files (x86)\SP45765\iscflashx64.sys [2009-6-16 25592]

S3 NETw1v64;Intel® Wireless WiFi Link 1000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\NETw1v64.sys --> C:\Windows\system32\DRIVERS\NETw1v64.sys [?]

S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]

S3 rcmirror;rcmirror;C:\Windows\system32\DRIVERS\rcmirror.sys --> C:\Windows\system32\DRIVERS\rcmirror.sys [?]

S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]

S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]

S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]

.

=============== Created Last 30 ================

.

2011-09-06 19:38:15 -------- d-sh--w- C:\$RECYCLE.BIN

2011-09-06 19:15:43 98816 ----a-w- C:\Windows\sed.exe

2011-09-06 19:15:43 518144 ----a-w- C:\Windows\SWREG.exe

2011-09-06 19:15:43 256000 ----a-w- C:\Windows\PEV.exe

2011-09-06 19:15:43 208896 ----a-w- C:\Windows\MBR.exe

2011-09-03 03:41:31 -------- d-----w- C:\Program Files\SUPERAntiSpyware

2011-09-03 03:26:56 -------- d-----w- C:\System Recovery

2011-09-03 03:23:33 -------- d-----w- C:\Users\Vechiga Choum\AppData\Roaming\SUPERAntiSpyware.com

2011-09-03 03:23:06 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com

2011-09-03 03:18:23 41272 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys

2011-09-03 03:18:18 25912 ----a-w- C:\Windows\System32\drivers\mbam.sys

2011-09-02 21:41:58 -------- d-----w- C:\Users\Vechiga Choum\AppData\Roaming\OpenCandy

2011-09-02 21:41:58 -------- d-----w- C:\Users\Vechiga Choum\AppData\Roaming\CBS Interactive

2011-09-02 21:06:26 -------- d--h--w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2011-09-02 19:46:51 -------- d-----w- C:\ProgramData\McAfee Security Scan

2011-09-02 19:46:05 -------- d--h--w- C:\Program Files (x86)\McAfee Security Scan

2011-09-02 14:54:26 19416 ----a-w- C:\Program Files (x86)\Mozilla Firefox\xpcom.dll

2011-09-02 14:54:26 15494104 ----a-w- C:\Program Files (x86)\Mozilla Firefox\xul.dll

2011-09-02 14:54:25 269272 ----a-w- C:\Program Files (x86)\Mozilla Firefox\updater.exe

2011-09-02 14:54:25 19416 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plds4.dll

2011-09-02 14:54:25 16856 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

2011-09-02 14:54:25 166872 ----a-w- C:\Program Files (x86)\Mozilla Firefox\softokn3.dll

2011-09-02 14:54:25 142296 ----a-w- C:\Program Files (x86)\Mozilla Firefox\ssl3.dll

2011-09-02 14:54:25 109528 ----a-w- C:\Program Files (x86)\Mozilla Firefox\smime3.dll

2011-09-01 05:35:51 -------- d-----w- C:\Users\Vechiga Choum\AppData\Roaming\Malwarebytes

2011-09-01 05:35:44 -------- d-----w- C:\ProgramData\Malwarebytes

2011-09-01 04:31:59 20480 ----a-w- C:\Windows\svchost.exe

2011-09-01 00:49:00 -------- d-----w- C:\36e5f8919027a9f6f2f4d656224f90

2011-08-23 20:32:06 2048 ----a-w- C:\Windows\SysWow64\tzres.dll

2011-08-23 20:32:06 2048 ----a-w- C:\Windows\System32\tzres.dll

.

==================== Find3M ====================

.

2011-07-22 05:35:08 1638912 ----a-w- C:\Windows\System32\mshtml.tlb

2011-07-22 04:56:17 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2011-07-16 05:26:54 362496 ----a-w- C:\Windows\System32\wow64win.dll

2011-07-16 05:26:53 243200 ----a-w- C:\Windows\System32\wow64.dll

2011-07-16 05:26:53 13312 ----a-w- C:\Windows\System32\wow64cpu.dll

2011-07-16 05:26:18 214528 ----a-w- C:\Windows\System32\winsrv.dll

2011-07-16 05:24:09 16384 ----a-w- C:\Windows\System32\ntvdm64.dll

2011-07-16 05:21:32 422400 ----a-w- C:\Windows\System32\KernelBase.dll

2011-07-16 05:17:46 338432 ----a-w- C:\Windows\System32\conhost.exe

2011-07-16 04:36:09 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll

2011-07-16 04:32:14 44032 ----a-w- C:\Windows\apppatch\acwow64.dll

2011-07-16 04:31:50 25600 ----a-w- C:\Windows\SysWow64\setup16.exe

2011-07-16 04:30:29 5120 ----a-w- C:\Windows\SysWow64\wow32.dll

2011-07-16 04:30:27 272384 ----a-w- C:\Windows\SysWow64\KernelBase.dll

2011-07-16 02:26:12 7680 ----a-w- C:\Windows\SysWow64\instnm.exe

2011-07-16 02:26:11 2048 ----a-w- C:\Windows\SysWow64\user.exe

2011-07-16 02:21:47 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll

2011-07-16 02:21:47 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll

2011-07-16 02:21:47 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll

2011-07-16 02:21:47 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll

2011-07-09 02:44:55 287744 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys

2011-06-23 05:29:39 5507968 ----a-w- C:\Windows\System32\ntoskrnl.exe

2011-06-23 04:38:05 3957120 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2011-06-23 04:38:04 3902336 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2011-06-21 06:27:14 1896832 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2011-06-21 06:20:48 1197056 ----a-w- C:\Windows\System32\wininet.dll

2011-06-21 06:20:06 57856 ----a-w- C:\Windows\System32\licmgr10.dll

2011-06-21 05:36:36 981504 ----a-w- C:\Windows\SysWow64\wininet.dll

2011-06-21 05:35:05 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll

2011-06-21 05:05:13 482816 ----a-w- C:\Windows\System32\html.iec

2011-06-21 04:26:02 386048 ----a-w- C:\Windows\SysWow64\html.iec

2011-06-15 09:58:31 212992 ----a-w- C:\Windows\System32\odbctrac.dll

2011-06-15 09:58:31 163840 ----a-w- C:\Windows\System32\odbccp32.dll

2011-06-15 09:58:31 106496 ----a-w- C:\Windows\System32\odbccu32.dll

2011-06-15 09:58:31 106496 ----a-w- C:\Windows\System32\odbccr32.dll

2011-06-15 09:04:46 86016 ----a-w- C:\Windows\SysWow64\odbccu32.dll

2011-06-15 09:04:46 81920 ----a-w- C:\Windows\SysWow64\odbccr32.dll

2011-06-15 09:04:46 319488 ----a-w- C:\Windows\SysWow64\odbcjt32.dll

2011-06-15 09:04:46 163840 ----a-w- C:\Windows\SysWow64\odbctrac.dll

2011-06-15 09:04:46 122880 ----a-w- C:\Windows\SysWow64\odbccp32.dll

2011-06-11 02:56:44 3134464 ----a-w- C:\Windows\System32\win32k.sys

.

============= FINISH: 12:42:21.48 ===============

Link to post
Share on other sites

  • Staff

Hi,

Next, please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the ActiveX control to install
  4. Click Start
  5. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  6. Click Scan
    Wait for the scan to finish
  7. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  8. Copy and paste that log as a reply to this topic

Next, download my Security Check from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Let me know how things are running now and what issues remain.

Link to post
Share on other sites

Here are the requested logs. Thank you for helping.

ESET LOG

ESETSmartInstaller@High as CAB hook log:

OnlineScanner64.ocx - registred OK

OnlineScanner.ocx - registred OK

# version=7

# iexplore.exe=8.00.7600.16385 (win7_rtm.090713-1255)

# OnlineScanner.ocx=1.0.0.6528

# api_version=3.0.2

# EOSSerial=458bad8ef1c80b4cb1422c7a8a44cc83

# end=finished

# remove_checked=true

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2011-09-08 02:05:14

# local_time=2011-09-07 07:05:14 (-0800, Pacific Daylight Time)

# country="United States"

# lang=9

# osver=6.1.7600 NT

# compatibility_mode=5893 16776574 100 94 0 66979858 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=280896

# found=6

# cleaned=6

# scan_time=11106

C:\Users\Vechiga Choum\AppData\Local\Google\Chrome\User Data\Default\Default\amnkhifbknhjhddehndfadpfhgjmliae\contentscript.js Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Users\Vechiga Choum\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14\691e0a8e-5c3df355 probably a variant of Java/Agent.BR trojan (deleted - quarantined) 00000000000000000000000000000000 C

C:\Users\Vechiga Choum\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15\472bdecf-4fd85507 a variant of Java/Agent.BR trojan (deleted - quarantined) 00000000000000000000000000000000 C

C:\Users\Vechiga Choum\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47\425712ef-6aafdb4c Java/Agent.BH trojan (deleted - quarantined) 00000000000000000000000000000000 C

C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2\76b5d642-358508a2 Java/Agent.DM trojan (deleted - quarantined) 00000000000000000000000000000000 C

C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21\108c3895-1590a7a7 Java/Agent.DJ trojan (deleted - quarantined) 00000000000000000000000000000000

SECURITY CHECK

Results of screen317's Security Check version 0.99.18

Windows 7 (UAC is disabled!)

Internet Explorer 8

``````````````````````````````

Antivirus/Firewall Check:

Windows Firewall Enabled!

ESET Online Scanner v3

WMI entry may not exist for antivirus; attempting automatic update.

```````````````````````````````

Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware

CCleaner

Java 6 Update 27

Adobe Flash Player 10.3.183.7

````````````````````````````````

Process Check:

objlist.exe by Laurent

Windows Defender MSMpEng.exe

Malwarebytes' Anti-Malware mbamservice.exe

Malwarebytes' Anti-Malware mbamgui.exe

Microsoft Security Essentials msseces.exe

Microsoft Security Client Antimalware MsMpEng.exe

Microsoft Security Client Antimalware NisSrv.exe

``````````End of Log````````````

Link to post
Share on other sites

  • Staff

Hi,

Navigate to Start --> Run, and type Combofix /uninstall in the box that appears. Click OK afterward. Notice the space between the X and the /uninstall

This uninstalls all of ComboFix's components.

Delete SecurityCheck.

Please download ATF Cleaner by Atribune from here, and save it to your Desktop.

Double click ATF-Cleaner.exe to run the program.

Check the boxes to the left of:

Windows Temp

Current User Temp

All Users Temp

Temporary Internet Files

Java Cache

The rest are optional - if you want to remove the whole lot, check Select All.

Finally click Empty Selected. When you get the "Done Cleaning" message, click OK.

After that, navigate to Start --> Control Panel --> Add or Remove Programs, and uninstall the following program(s) (if present):

ESET Online Scanner v3

Restart your computer.

Let me know what issues remain.

-screen317

Link to post
Share on other sites

Good to hear from you again screen. As requested:

ComboFix 11-09-13.04 - Vechiga Choum 09/13/2011 16:43:04.2.2 - x64

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3999.2521 [GMT -7:00]

Running from: c:\users\Vechiga Choum\Desktop\ComboFix.exe

AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\Vechiga Choum\Documents\~WRL0001.tmp

c:\users\Vechiga Choum\Documents\~WRL3322.tmp

c:\windows\svchost.exe

c:\windows\SysWow64\0.38720974546072595.exe

c:\windows\SysWow64\0.4597331532274671.exe

.

.

((((((((((((((((((((((((( Files Created from 2011-08-13 to 2011-09-13 )))))))))))))))))))))))))))))))

.

.

2011-09-13 23:48 . 2011-09-13 23:48 -------- d-----w- c:\users\Guest\AppData\Local\temp

2011-09-13 23:48 . 2011-09-13 23:48 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-09-13 23:39 . 2011-08-12 04:10 8862544 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1EC70AF9-4535-4DEC-9B74-D3F504F675B2}\mpengine.dll

2011-09-10 02:22 . 2011-09-10 02:22 -------- d-----w- c:\users\Vechiga Choum\AppData\Local\Adobe

2011-09-09 01:21 . 2011-09-09 01:21 -------- d-----w- c:\users\Vechiga Choum\AppData\Local\Apple

2011-09-09 01:20 . 2011-09-09 01:20 -------- d-----w- c:\users\Vechiga Choum\AppData\Local\Apple Computer

2011-09-08 19:24 . 2011-09-07 05:57 601424 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll

2011-09-08 19:24 . 2011-09-07 05:57 601424 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9024F62C-A79A-4D86-A07E-3DE6F5ACC8A8}\gapaengine.dll

2011-09-08 19:24 . 2011-08-12 04:10 8862544 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2011-09-07 05:56 . 2011-09-07 05:56 -------- d-----w- c:\program files (x86)\Microsoft Security Client

2011-09-07 05:56 . 2011-09-07 05:56 -------- d-----w- c:\program files\Microsoft Security Client

2011-09-07 02:00 . 2011-07-19 12:05 476904 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

2011-09-07 02:00 . 2011-07-19 12:05 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll

2011-09-07 01:07 . 2011-09-07 01:07 13983976 ----a-w- c:\program files\Firefox Setup 6.0.2.exe

2011-09-07 01:01 . 2011-09-07 01:01 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2011-09-03 03:41 . 2011-09-07 06:22 -------- d-----w- c:\program files\SUPERAntiSpyware

2011-09-03 03:26 . 2011-09-03 03:26 -------- d-----w- C:\System Recovery

2011-09-03 03:23 . 2011-09-03 03:23 -------- d-----w- c:\users\Vechiga Choum\AppData\Roaming\SUPERAntiSpyware.com

2011-09-03 03:23 . 2011-09-03 03:23 -------- d-----w- c:\programdata\SUPERAntiSpyware.com

2011-09-03 03:18 . 2011-07-07 02:52 41272 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys

2011-09-03 03:18 . 2011-07-07 02:52 25912 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-09-02 21:41 . 2011-09-03 03:57 -------- d-----w- c:\users\Vechiga Choum\AppData\Roaming\CBS Interactive

2011-09-02 21:41 . 2011-09-03 03:57 -------- d-----w- c:\users\Vechiga Choum\AppData\Roaming\OpenCandy

2011-09-02 21:06 . 2011-09-03 03:18 -------- d--h--w- c:\program files (x86)\Malwarebytes' Anti-Malware

2011-09-02 19:46 . 2011-09-02 22:02 -------- d-----w- c:\programdata\McAfee Security Scan

2011-09-02 19:46 . 2011-09-02 22:02 -------- d--h--w- c:\program files (x86)\McAfee Security Scan

2011-09-02 19:46 . 2011-09-02 19:46 -------- d-----w- c:\programdata\McAfee

2011-09-01 05:35 . 2011-09-01 05:35 -------- d-----w- c:\users\Vechiga Choum\AppData\Roaming\Malwarebytes

2011-09-01 05:35 . 2011-09-01 05:35 -------- d-----w- c:\programdata\Malwarebytes

2011-09-01 04:31 . 2009-07-14 01:14 20480 ----a-w- c:\windows\svchost.exe

2011-09-01 00:49 . 2011-09-01 00:49 -------- d-----w- C:\36e5f8919027a9f6f2f4d656224f90

2011-08-23 20:32 . 2011-07-09 05:14 2048 ----a-w- c:\windows\system32\tzres.dll

2011-08-23 20:32 . 2011-07-09 04:30 2048 ----a-w- c:\windows\SysWow64\tzres.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-07-22 05:35 . 2011-08-11 07:32 1638912 ----a-w- c:\windows\system32\mshtml.tlb

2011-07-22 04:56 . 2011-08-11 07:32 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb

2011-07-16 05:26 . 2011-08-11 07:34 362496 ----a-w- c:\windows\system32\wow64win.dll

2011-07-16 05:26 . 2011-08-11 07:34 243200 ----a-w- c:\windows\system32\wow64.dll

2011-07-16 05:26 . 2011-08-11 07:34 13312 ----a-w- c:\windows\system32\wow64cpu.dll

2011-07-16 05:26 . 2011-08-11 07:34 214528 ----a-w- c:\windows\system32\winsrv.dll

2011-07-16 05:24 . 2011-08-11 07:34 16384 ----a-w- c:\windows\system32\ntvdm64.dll

2011-07-16 05:21 . 2011-08-11 07:34 422400 ----a-w- c:\windows\system32\KernelBase.dll

2011-07-16 05:17 . 2011-08-11 07:34 338432 ----a-w- c:\windows\system32\conhost.exe

2011-07-16 05:04 . 2011-08-11 07:34 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll

2011-07-16 05:04 . 2011-08-11 07:34 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll

2011-07-16 05:04 . 2011-08-11 07:34 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll

2011-07-16 05:04 . 2011-08-11 07:34 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll

2011-07-16 05:04 . 2011-08-11 07:34 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll

2011-07-16 05:04 . 2011-08-11 07:34 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll

2011-07-16 05:04 . 2011-08-11 07:34 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll

2011-07-16 05:04 . 2011-08-11 07:34 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll

2011-07-16 05:04 . 2011-08-11 07:34 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll

2011-07-16 05:04 . 2011-08-11 07:34 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll

2011-07-16 05:04 . 2011-08-11 07:34 3584 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll

2011-07-16 05:04 . 2011-08-11 07:34 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll

2011-07-16 05:04 . 2011-08-11 07:34 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll

2011-07-16 05:04 . 2011-08-11 07:34 3584 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll

2011-07-16 05:04 . 2011-08-11 07:34 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll

2011-07-16 05:04 . 2011-08-11 07:34 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll

2011-07-16 05:04 . 2011-08-11 07:34 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll

2011-07-16 05:04 . 2011-08-11 07:34 3072 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll

2011-07-16 05:04 . 2011-08-11 07:34 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll

2011-07-16 05:04 . 2011-08-11 07:34 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll

2011-07-16 05:04 . 2011-08-11 07:34 3072 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll

2011-07-16 05:04 . 2011-08-11 07:34 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll

2011-07-16 05:04 . 2011-08-11 07:34 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll

2011-07-16 05:04 . 2011-08-11 07:34 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll

2011-07-16 05:04 . 2011-08-11 07:34 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll

2011-07-16 05:04 . 2011-08-11 07:34 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll

2011-07-16 05:04 . 2011-08-11 07:34 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll

2011-07-16 05:04 . 2011-08-11 07:34 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll

2011-07-16 04:36 . 2011-08-11 07:34 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll

2011-07-16 04:32 . 2011-08-11 07:34 44032 ----a-w- c:\windows\apppatch\acwow64.dll

2011-07-16 04:31 . 2011-08-11 07:34 25600 ----a-w- c:\windows\SysWow64\setup16.exe

2011-07-16 04:30 . 2011-08-11 07:34 5120 ----a-w- c:\windows\SysWow64\wow32.dll

2011-07-16 04:30 . 2011-08-11 07:34 272384 ----a-w- c:\windows\SysWow64\KernelBase.dll

2011-07-16 04:19 . 2011-08-11 07:34 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll

2011-07-16 04:19 . 2011-08-11 07:34 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll

2011-07-16 04:19 . 2011-08-11 07:34 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll

2011-07-16 04:19 . 2011-08-11 07:34 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll

2011-07-16 04:19 . 2011-08-11 07:34 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll

2011-07-16 04:19 . 2011-08-11 07:34 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll

2011-07-16 04:19 . 2011-08-11 07:34 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll

2011-07-16 04:19 . 2011-08-11 07:34 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll

2011-07-16 04:19 . 2011-08-11 07:34 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll

2011-07-16 04:19 . 2011-08-11 07:34 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll

2011-07-16 04:19 . 2011-08-11 07:34 5120 ---ha-w- c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll

2011-07-16 04:19 . 2011-08-11 07:34 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll

2011-07-16 04:19 . 2011-08-11 07:34 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll

2011-07-16 04:19 . 2011-08-11 07:34 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll

2011-07-16 04:19 . 2011-08-11 07:34 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll

2011-07-16 04:19 . 2011-08-11 07:34 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll

2011-07-16 04:19 . 2011-08-11 07:34 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll

2011-07-16 04:19 . 2011-08-11 07:34 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll

2011-07-16 04:19 . 2011-08-11 07:34 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll

2011-07-16 04:19 . 2011-08-11 07:34 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll

2011-07-16 04:19 . 2011-08-11 07:34 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll

2011-07-16 04:19 . 2011-08-11 07:34 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll

2011-07-16 04:19 . 2011-08-11 07:34 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll

2011-07-16 04:19 . 2011-08-11 07:34 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-console-l1-1-0.dll

2011-07-16 02:26 . 2011-08-11 07:34 7680 ----a-w- c:\windows\SysWow64\instnm.exe

2011-07-16 02:26 . 2011-08-11 07:34 2048 ----a-w- c:\windows\SysWow64\user.exe

2011-07-16 02:21 . 2011-08-11 07:34 6144 ---ha-w- c:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll

2011-07-16 02:21 . 2011-08-11 07:34 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll

2011-07-16 02:21 . 2011-08-11 07:34 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll

2011-07-16 02:21 . 2011-08-11 07:34 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll

2011-07-09 02:44 . 2011-08-11 07:34 287744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys

2011-07-06 02:56 . 2011-06-17 20:10 489672 ----a-w- c:\users\Vechiga Choum\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Catalina Marketing Corp\UninstallCouponActivator.exe

2011-06-23 05:29 . 2011-08-11 07:32 5507968 ----a-w- c:\windows\system32\ntoskrnl.exe

2011-06-23 04:38 . 2011-08-11 07:32 3957120 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2011-06-23 04:38 . 2011-08-11 07:32 3902336 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2011-06-21 06:27 . 2011-08-11 07:34 1896832 ----a-w- c:\windows\system32\drivers\tcpip.sys

2011-06-21 06:20 . 2011-08-11 07:32 1197056 ----a-w- c:\windows\system32\wininet.dll

2011-06-21 06:20 . 2011-08-11 07:32 57856 ----a-w- c:\windows\system32\licmgr10.dll

2011-06-21 05:36 . 2011-08-11 07:32 981504 ----a-w- c:\windows\SysWow64\wininet.dll

2011-06-21 05:35 . 2011-08-11 07:32 44544 ----a-w- c:\windows\SysWow64\licmgr10.dll

2011-06-21 05:05 . 2011-08-11 07:32 482816 ----a-w- c:\windows\system32\html.iec

2011-06-21 04:26 . 2011-08-11 07:32 386048 ----a-w- c:\windows\SysWow64\html.iec

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"HPADVISOR"="c:\program files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2009-10-26 1668664]

"Messenger (Yahoo!)"="c:\progra~2\Yahoo!\Messenger\YahooMessenger.exe" [2010-06-01 5252408]

"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-08-12 5471104]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"QlbCtrl.exe"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2010-02-25 323640]

"UpdatePRCShortCut"="c:\program files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]

"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]

"WirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2010-05-20 500792]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-30 421888]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-01-25 421160]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-07 449584]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]

"WallpaperStyle"= 2

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R3 iscFlash;iscFlash;c:\program files (x86)\SP45765\iscflashx64.sys [2009-06-16 25592]

R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [x]

R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]

R3 NETw1v64;Intel® Wireless WiFi Link 1000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\NETw1v64.sys [x]

R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]

R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-28 288272]

R3 rcmirror;rcmirror;c:\windows\system32\DRIVERS\rcmirror.sys [x]

R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]

R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]

R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]

S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]

S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]

S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe [2009-03-02 89600]

S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-07-07 366640]

S3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2010-02-25 227896]

S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [x]

S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [x]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]

.

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

2010-05-19 17:36 451872 ---ha-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2009-05-15 318464]

"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2009-07-21 610872]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-01-01 165912]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-01-01 387608]

"Persistence"="c:\windows\system32\igfxpers.exe" [2010-01-01 365592]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb

mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb

mLocal Page = c:\windows\system32\blank.htm

uInternet Settings,ProxyOverride = <local>;*.local

TCP: DhcpNameServer = 192.168.1.254

.

- - - - ORPHANS REMOVED - - - -

.

BHO-{99E00A4C-D35E-11DD-BA95-9B6A56D89593} - (no file)

Toolbar-Locked - (no file)

Wow6432Node-HKLM-Run-SunJavaUpdateSched - c:\program files (x86)\Java\jre6\bin\jusched.exe

Wow6432Node-HKLM-Run-volmgr - c:\windows\system32\config\systemprofile\AppData\Local\volmgr.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

"MSCurrentCountry"=dword:000000b5

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\\.\globalroot\systemroot\svchost.exe

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files (x86)\Bonjour\mDNSResponder.exe

c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe

c:\program files (x86)\CyberLink\Shared files\RichVideo.exe

c:\program files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe

c:\program files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe

c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe

c:\\.\globalroot\systemroot\svchost.exe

.

**************************************************************************

.

Completion time: 2011-09-13 16:57:03 - machine was rebooted

ComboFix-quarantined-files.txt 2011-09-13 23:57

ComboFix2.txt 2011-09-06 19:33

.

Pre-Run: 243,557,580,800 bytes free

Post-Run: 243,666,747,392 bytes free

.

- - End Of File - - 120F77B876ADEAB86C07848A7B935732

MBAM LOG

6:30:55 Vechiga Choum MESSAGE Protection started successfully

16:30:59 Vechiga Choum MESSAGE IP Protection started successfully

16:32:03 Vechiga Choum IP-BLOCK 188.229.89.121 (Type: outgoing, Port: 49171, Process: svchost.exe)

16:32:03 Vechiga Choum IP-BLOCK 95.64.48.38 (Type: outgoing, Port: 49170, Process: svchost.exe)

16:32:11 Vechiga Choum IP-BLOCK 208.87.33.151 (Type: outgoing, Port: 49391, Process: svchost.exe)

16:32:11 Vechiga Choum IP-BLOCK 208.87.33.151 (Type: outgoing, Port: 49392, Process: svchost.exe)

16:32:11 Vechiga Choum IP-BLOCK 208.87.33.151 (Type: outgoing, Port: 49408, Process: svchost.exe)

16:32:11 Vechiga Choum IP-BLOCK 208.87.33.151 (Type: outgoing, Port: 49409, Process: svchost.exe)

16:32:27 Vechiga Choum IP-BLOCK 208.87.33.151 (Type: outgoing, Port: 49527, Process: svchost.exe)

16:32:27 Vechiga Choum IP-BLOCK 208.87.33.151 (Type: outgoing, Port: 49528, Process: svchost.exe)

16:32:36 Vechiga Choum IP-BLOCK 208.87.33.151 (Type: outgoing, Port: 49662, Process: svchost.exe)

16:32:36 Vechiga Choum IP-BLOCK 208.87.33.151 (Type: outgoing, Port: 49663, Process: svchost.exe)

16:32:44 Vechiga Choum IP-BLOCK 109.236.82.48 (Type: outgoing, Port: 49733, Process: svchost.exe)

16:32:52 Vechiga Choum IP-BLOCK 208.87.33.151 (Type: outgoing, Port: 49788, Process: svchost.exe)

16:32:52 Vechiga Choum IP-BLOCK 208.87.33.151 (Type: outgoing, Port: 49789, Process: svchost.exe)

16:32:52 Vechiga Choum IP-BLOCK 208.87.33.151 (Type: outgoing, Port: 49830, Process: svchost.exe)

16:32:52 Vechiga Choum IP-BLOCK 208.87.33.151 (Type: outgoing, Port: 49831, Process: svchost.exe)

16:32:52 Vechiga Choum IP-BLOCK 208.87.33.151 (Type: outgoing, Port: 49851, Process: svchost.exe)

16:32:52 Vechiga Choum IP-BLOCK 208.87.33.151 (Type: outgoing, Port: 49852, Process: svchost.exe)

16:33:09 Vechiga Choum IP-BLOCK 208.87.33.151 (Type: outgoing, Port: 50028, Process: svchost.exe)

16:33:09 Vechiga Choum IP-BLOCK 208.87.33.151 (Type: outgoing, Port: 50032, Process: svchost.exe)

16:33:25 Vechiga Choum IP-BLOCK 208.87.33.151 (Type: outgoing, Port: 50203, Process: svchost.exe)

16:33:25 Vechiga Choum IP-BLOCK 208.87.33.151 (Type: outgoing, Port: 50205, Process: svchost.exe)

16:41:23 Vechiga Choum DETECTION C:\Windows\svchost.exe Trojan.Agent ALLOW

16:41:23 Vechiga Choum DETECTION C:\WINDOWS\SVCHOST.EXE Trojan.Agent ALLOW

16:41:25 Vechiga Choum DETECTION C:\Windows\svchost.exe Trojan.Agent ALLOW

16:41:25 Vechiga Choum DETECTION C:\WINDOWS\SVCHOST.EXE Trojan.Agent ALLOW

16:41:34 Vechiga Choum DETECTION C:\WINDOWS\SVCHOST.EXE Trojan.Agent ALLOW

16:41:35 Vechiga Choum DETECTION C:\WINDOWS\SVCHOST.EXE Trojan.Agent ALLOW

16:41:38 Vechiga Choum DETECTION C:\WINDOWS\SVCHOST.EXE Trojan.Agent ALLOW

16:41:38 Vechiga Choum DETECTION C:\WINDOWS\SVCHOST.EXE Trojan.Agent ALLOW

16:41:43 Vechiga Choum DETECTION C:\Windows\svchost.exe Trojan.Agent ALLOW

16:41:44 Vechiga Choum DETECTION C:\WINDOWS\SVCHOST.EXE Trojan.Agent ALLOW

16:41:55 Vechiga Choum DETECTION C:\WINDOWS\SVCHOST.EXE Trojan.Agent ALLOW

16:42:11 Vechiga Choum MESSAGE IP Protection stopped

16:43:05 Vechiga Choum DETECTION C:\WINDOWS\SVCHOST.EXE Trojan.Agent ALLOW

16:43:05 Vechiga Choum DETECTION C:\WINDOWS\SVCHOST.EXE Trojan.Agent ALLOW

16:43:06 Vechiga Choum DETECTION C:\WINDOWS\SVCHOST.EXE Trojan.Agent ALLOW

16:46:09 Vechiga Choum DETECTION C:\WINDOWS\SVCHOST.EXE Trojan.Agent ALLOW

16:48:18 Vechiga Choum DETECTION C:\Windows\svchost.exe Trojan.Agent ALLOW

16:48:18 Vechiga Choum DETECTION C:\WINDOWS\SVCHOST.EXE Trojan.Agent ALLOW

16:53:04 Vechiga Choum MESSAGE Protection started successfully

16:53:09 Vechiga Choum MESSAGE IP Protection started successfully

16:56:46 Vechiga Choum DETECTION C:\WINDOWS\SVCHOST.EXE Trojan.Agent QUARANTINE

16:56:48 Vechiga Choum ERROR Quarantine failed: DeleteFile failed with error code 5

16:57:03 Vechiga Choum DETECTION C:\WINDOWS\SVCHOST.EXE Trojan.Agent DENY

17:01:03 Vechiga Choum IP-BLOCK 95.64.48.39 (Type: outgoing, Port: 49345, Process: svchost.exe)

Link to post
Share on other sites

  • Staff

Hi,

Update MBAM and reboot. Ensure that you're using version 1.51.2.

  • Download the file TDSSKiller.zip and extract it into a folder on the infected PC.
  • Execute the file TDSSKiller.exe by double-clicking on it.
  • Wait for the scan and disinfection process to be over.
  • When its work is over, the utility prompts for a reboot to complete the disinfection.

By default, the utility outputs runtime log into the system disk root directory (the disk where the operating system is installed, C:\ as a rule).

The log is like UtilityName.Version_Date_Time_log.txt.

for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt.

Please post that log here.

Link to post
Share on other sites

Hi Screen,

On the note about updating MBAM i get this error "program_error_updating (5, 0, create file) acces is denied" so I'm unable to update but here is the log from TDS and everything seems fine so far.

2011/09/17 19:29:02.0188 4828 TDSS rootkit removing tool 2.5.22.0 Sep 13 2011 15:55:17

2011/09/17 19:29:03.0202 4828 ================================================================================

2011/09/17 19:29:03.0202 4828 SystemInfo:

2011/09/17 19:29:03.0202 4828

2011/09/17 19:29:03.0202 4828 OS Version: 6.1.7600 ServicePack: 0.0

2011/09/17 19:29:03.0202 4828 Product type: Workstation

2011/09/17 19:29:03.0202 4828 ComputerName: VECHIGACHOUM-PC

2011/09/17 19:29:03.0202 4828 UserName: Vechiga Choum

2011/09/17 19:29:03.0202 4828 Windows directory: C:\Windows

2011/09/17 19:29:03.0202 4828 System windows directory: C:\Windows

2011/09/17 19:29:03.0202 4828 Running under WOW64

2011/09/17 19:29:03.0202 4828 Processor architecture: Intel x64

2011/09/17 19:29:03.0202 4828 Number of processors: 2

2011/09/17 19:29:03.0202 4828 Page size: 0x1000

2011/09/17 19:29:03.0202 4828 Boot type: Normal boot

2011/09/17 19:29:03.0202 4828 ================================================================================

2011/09/17 19:29:04.0247 4828 Initialize success

2011/09/17 19:29:09.0301 3972 ================================================================================

2011/09/17 19:29:09.0301 3972 Scan started

2011/09/17 19:29:09.0301 3972 Mode: Manual;

2011/09/17 19:29:09.0301 3972 ================================================================================

2011/09/17 19:29:12.0343 3972 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys

2011/09/17 19:29:12.0437 3972 Accelerometer (a768c6f605bc395d3b57fa0dc3ac3457) C:\Windows\system32\DRIVERS\Accelerometer.sys

2011/09/17 19:29:12.0484 3972 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys

2011/09/17 19:29:12.0531 3972 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys

2011/09/17 19:29:12.0593 3972 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys

2011/09/17 19:29:12.0687 3972 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys

2011/09/17 19:29:12.0749 3972 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys

2011/09/17 19:29:12.0874 3972 AFD (6ef20ddf3172e97d69f596fb90602f29) C:\Windows\system32\drivers\afd.sys

2011/09/17 19:29:13.0123 3972 AgereSoftModem (c98356d813b581e9c425b42a5d146ce0) C:\Windows\system32\DRIVERS\agrsm64.sys

2011/09/17 19:29:13.0233 3972 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys

2011/09/17 19:29:13.0295 3972 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys

2011/09/17 19:29:13.0326 3972 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys

2011/09/17 19:29:13.0435 3972 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys

2011/09/17 19:29:13.0482 3972 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys

2011/09/17 19:29:13.0560 3972 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys

2011/09/17 19:29:13.0623 3972 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys

2011/09/17 19:29:13.0654 3972 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys

2011/09/17 19:29:13.0747 3972 ApfiltrService (05f1a0a81a98cf27e3f028213fb6c36a) C:\Windows\system32\DRIVERS\Apfiltr.sys

2011/09/17 19:29:13.0872 3972 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys

2011/09/17 19:29:14.0013 3972 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys

2011/09/17 19:29:14.0044 3972 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys

2011/09/17 19:29:14.0153 3972 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys

2011/09/17 19:29:14.0278 3972 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys

2011/09/17 19:29:14.0387 3972 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys

2011/09/17 19:29:14.0449 3972 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys

2011/09/17 19:29:14.0543 3972 BCM43XX (9e84a931dbee0292e38ed672f6293a99) C:\Windows\system32\DRIVERS\bcmwl664.sys

2011/09/17 19:29:14.0605 3972 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys

2011/09/17 19:29:14.0683 3972 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys

2011/09/17 19:29:14.0777 3972 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys

2011/09/17 19:29:14.0871 3972 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys

2011/09/17 19:29:14.0886 3972 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys

2011/09/17 19:29:14.0964 3972 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys

2011/09/17 19:29:14.0995 3972 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys

2011/09/17 19:29:15.0027 3972 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys

2011/09/17 19:29:15.0105 3972 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys

2011/09/17 19:29:15.0729 3972 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys

2011/09/17 19:29:16.0087 3972 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys

2011/09/17 19:29:16.0150 3972 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys

2011/09/17 19:29:16.0181 3972 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys

2011/09/17 19:29:16.0212 3972 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys

2011/09/17 19:29:16.0337 3972 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys

2011/09/17 19:29:16.0384 3972 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys

2011/09/17 19:29:16.0431 3972 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys

2011/09/17 19:29:16.0524 3972 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys

2011/09/17 19:29:16.0633 3972 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys

2011/09/17 19:29:16.0680 3972 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys

2011/09/17 19:29:16.0789 3972 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys

2011/09/17 19:29:16.0836 3972 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys

2011/09/17 19:29:17.0008 3972 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys

2011/09/17 19:29:17.0117 3972 dot4 (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys

2011/09/17 19:29:17.0211 3972 Dot4Print (85135ad27e79b689335c08167d917cde) C:\Windows\system32\DRIVERS\Dot4Prt.sys

2011/09/17 19:29:17.0351 3972 Dot4Scan (488669cd1cd3bdcfdd9a5fda72209069) C:\Windows\system32\DRIVERS\Dot4Scan.sys

2011/09/17 19:29:17.0445 3972 dot4usb (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys

2011/09/17 19:29:17.0554 3972 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys

2011/09/17 19:29:17.0616 3972 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys

2011/09/17 19:29:17.0850 3972 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys

2011/09/17 19:29:18.0022 3972 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys

2011/09/17 19:29:18.0131 3972 enecir (a9ec08727c64d985678f5b64c03823f0) C:\Windows\system32\DRIVERS\enecir.sys

2011/09/17 19:29:18.0162 3972 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys

2011/09/17 19:29:18.0256 3972 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys

2011/09/17 19:29:18.0287 3972 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys

2011/09/17 19:29:18.0381 3972 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys

2011/09/17 19:29:18.0443 3972 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys

2011/09/17 19:29:18.0474 3972 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys

2011/09/17 19:29:18.0521 3972 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys

2011/09/17 19:29:18.0552 3972 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys

2011/09/17 19:29:18.0599 3972 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys

2011/09/17 19:29:18.0630 3972 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys

2011/09/17 19:29:18.0755 3972 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys

2011/09/17 19:29:18.0833 3972 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys

2011/09/17 19:29:18.0927 3972 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

2011/09/17 19:29:18.0973 3972 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys

2011/09/17 19:29:19.0114 3972 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys

2011/09/17 19:29:19.0176 3972 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys

2011/09/17 19:29:19.0207 3972 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys

2011/09/17 19:29:19.0254 3972 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys

2011/09/17 19:29:19.0317 3972 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys

2011/09/17 19:29:19.0363 3972 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys

2011/09/17 19:29:19.0457 3972 hpdskflt (4bebf72764caa516119a9c1287eda930) C:\Windows\system32\DRIVERS\hpdskflt.sys

2011/09/17 19:29:19.0488 3972 HpqKbFiltr (9af482d058be59cc28bce52e7c4b747c) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys

2011/09/17 19:29:19.0660 3972 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys

2011/09/17 19:29:19.0769 3972 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys

2011/09/17 19:29:19.0816 3972 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys

2011/09/17 19:29:19.0956 3972 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys

2011/09/17 19:29:20.0081 3972 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys

2011/09/17 19:29:20.0346 3972 igfx (3c3f27002abc69c5afe29cbe6cf7addf) C:\Windows\system32\DRIVERS\igdkmd64.sys

2011/09/17 19:29:20.0518 3972 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys

2011/09/17 19:29:20.0643 3972 IntcHdmiAddService (88a20fa54c73ded4e8dac764e9130ae9) C:\Windows\system32\drivers\IntcHdmi.sys

2011/09/17 19:29:20.0783 3972 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys

2011/09/17 19:29:20.0861 3972 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys

2011/09/17 19:29:20.0892 3972 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys

2011/09/17 19:29:21.0033 3972 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys

2011/09/17 19:29:21.0157 3972 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys

2011/09/17 19:29:21.0251 3972 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys

2011/09/17 19:29:21.0282 3972 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys

2011/09/17 19:29:21.0423 3972 iscFlash (8aafaab3e2a8d5354b4bb2980fbe58ba) C:\Program Files (x86)\SP45765\iscflashx64.sys

2011/09/17 19:29:21.0454 3972 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys

2011/09/17 19:29:21.0516 3972 JMCR (f8844b00c10e386c704c610e95a9847d) C:\Windows\system32\DRIVERS\jmcr.sys

2011/09/17 19:29:21.0547 3972 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys

2011/09/17 19:29:21.0657 3972 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys

2011/09/17 19:29:21.0719 3972 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys

2011/09/17 19:29:21.0766 3972 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys

2011/09/17 19:29:21.0781 3972 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys

2011/09/17 19:29:21.0891 3972 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys

2011/09/17 19:29:21.0953 3972 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys

2011/09/17 19:29:21.0984 3972 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys

2011/09/17 19:29:22.0000 3972 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys

2011/09/17 19:29:22.0078 3972 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys

2011/09/17 19:29:22.0093 3972 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys

2011/09/17 19:29:22.0171 3972 MBAMProtector (9c4fb231b6e02f84580de2f00f3c5293) C:\Windows\system32\drivers\mbam.sys

2011/09/17 19:29:22.0218 3972 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys

2011/09/17 19:29:22.0296 3972 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys

2011/09/17 19:29:22.0327 3972 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys

2011/09/17 19:29:22.0374 3972 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys

2011/09/17 19:29:22.0452 3972 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys

2011/09/17 19:29:22.0515 3972 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys

2011/09/17 19:29:22.0546 3972 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys

2011/09/17 19:29:22.0655 3972 MpFilter (c177a7ebf5e8a0b596f618870516cab8) C:\Windows\system32\DRIVERS\MpFilter.sys

2011/09/17 19:29:22.0686 3972 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys

2011/09/17 19:29:22.0733 3972 MpNWMon (8fbf6b31fe8af1833d93c5913d5b4d55) C:\Windows\system32\DRIVERS\MpNWMon.sys

2011/09/17 19:29:22.0764 3972 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys

2011/09/17 19:29:22.0811 3972 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys

2011/09/17 19:29:22.0858 3972 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys

2011/09/17 19:29:22.0936 3972 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys

2011/09/17 19:29:22.0967 3972 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys

2011/09/17 19:29:22.0998 3972 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys

2011/09/17 19:29:23.0045 3972 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys

2011/09/17 19:29:23.0092 3972 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys

2011/09/17 19:29:23.0123 3972 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys

2011/09/17 19:29:23.0154 3972 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys

2011/09/17 19:29:23.0217 3972 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys

2011/09/17 19:29:23.0310 3972 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys

2011/09/17 19:29:23.0373 3972 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys

2011/09/17 19:29:23.0419 3972 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys

2011/09/17 19:29:23.0466 3972 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys

2011/09/17 19:29:23.0482 3972 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys

2011/09/17 19:29:23.0513 3972 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys

2011/09/17 19:29:23.0575 3972 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys

2011/09/17 19:29:23.0622 3972 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys

2011/09/17 19:29:23.0700 3972 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys

2011/09/17 19:29:23.0747 3972 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys

2011/09/17 19:29:23.0778 3972 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys

2011/09/17 19:29:23.0841 3972 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys

2011/09/17 19:29:23.0872 3972 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys

2011/09/17 19:29:23.0903 3972 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys

2011/09/17 19:29:23.0981 3972 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys

2011/09/17 19:29:24.0012 3972 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys

2011/09/17 19:29:24.0231 3972 NETw1v64 (e72f4522801ffb8f0456924fb0017bff) C:\Windows\system32\DRIVERS\NETw1v64.sys

2011/09/17 19:29:24.0574 3972 NETw5s64 (39ede676d17f37af4573c2b33ec28aca) C:\Windows\system32\DRIVERS\NETw5s64.sys

2011/09/17 19:29:24.0870 3972 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys

2011/09/17 19:29:25.0011 3972 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys

2011/09/17 19:29:25.0073 3972 NisDrv (5f7d72cbcdd025af1f38fdeee5646968) C:\Windows\system32\DRIVERS\NisDrvWFP.sys

2011/09/17 19:29:25.0135 3972 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys

2011/09/17 19:29:25.0167 3972 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys

2011/09/17 19:29:25.0260 3972 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys

2011/09/17 19:29:25.0323 3972 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys

2011/09/17 19:29:25.0369 3972 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys

2011/09/17 19:29:25.0401 3972 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys

2011/09/17 19:29:25.0447 3972 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys

2011/09/17 19:29:25.0525 3972 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys

2011/09/17 19:29:25.0588 3972 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys

2011/09/17 19:29:25.0619 3972 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys

2011/09/17 19:29:25.0728 3972 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys

2011/09/17 19:29:25.0806 3972 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys

2011/09/17 19:29:25.0869 3972 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys

2011/09/17 19:29:25.0962 3972 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys

2011/09/17 19:29:26.0056 3972 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys

2011/09/17 19:29:26.0321 3972 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys

2011/09/17 19:29:26.0477 3972 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys

2011/09/17 19:29:26.0586 3972 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys

2011/09/17 19:29:26.0633 3972 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys

2011/09/17 19:29:26.0711 3972 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys

2011/09/17 19:29:26.0742 3972 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys

2011/09/17 19:29:26.0773 3972 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys

2011/09/17 19:29:26.0820 3972 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys

2011/09/17 19:29:26.0898 3972 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys

2011/09/17 19:29:26.0992 3972 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys

2011/09/17 19:29:27.0039 3972 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys

2011/09/17 19:29:27.0117 3972 rcmirror (96597c96d5acf4a3ef0b24d396853879) C:\Windows\system32\DRIVERS\rcmirror.sys

2011/09/17 19:29:27.0179 3972 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys

2011/09/17 19:29:27.0257 3972 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys

2011/09/17 19:29:27.0288 3972 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys

2011/09/17 19:29:27.0351 3972 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys

2011/09/17 19:29:27.0397 3972 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys

2011/09/17 19:29:27.0429 3972 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys

2011/09/17 19:29:27.0507 3972 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys

2011/09/17 19:29:27.0600 3972 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys

2011/09/17 19:29:27.0694 3972 RTL8167 (b49dc435ae3695bac5623dd94b05732d) C:\Windows\system32\DRIVERS\Rt64win7.sys

2011/09/17 19:29:27.0834 3972 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS

2011/09/17 19:29:27.0881 3972 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS

2011/09/17 19:29:27.0912 3972 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys

2011/09/17 19:29:27.0959 3972 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys

2011/09/17 19:29:28.0068 3972 sdbus (2c8d162efaf73abd36d8bcbb6340cae7) C:\Windows\system32\DRIVERS\sdbus.sys

2011/09/17 19:29:28.0084 3972 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

2011/09/17 19:29:28.0177 3972 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys

2011/09/17 19:29:28.0209 3972 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys

2011/09/17 19:29:28.0240 3972 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys

2011/09/17 19:29:28.0318 3972 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys

2011/09/17 19:29:28.0380 3972 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys

2011/09/17 19:29:28.0427 3972 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\DRIVERS\sffp_sd.sys

2011/09/17 19:29:28.0443 3972 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys

2011/09/17 19:29:28.0505 3972 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys

2011/09/17 19:29:28.0521 3972 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys

2011/09/17 19:29:28.0583 3972 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys

2011/09/17 19:29:28.0739 3972 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys

2011/09/17 19:29:28.0895 3972 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys

2011/09/17 19:29:28.0957 3972 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys

2011/09/17 19:29:29.0098 3972 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS

2011/09/17 19:29:29.0238 3972 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS

2011/09/17 19:29:29.0347 3972 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS

2011/09/17 19:29:29.0394 3972 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys

2011/09/17 19:29:29.0503 3972 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys

2011/09/17 19:29:29.0628 3972 STHDA (ed1722f43ce61409ef68340402d6267d) C:\Windows\system32\DRIVERS\stwrt64.sys

2011/09/17 19:29:29.0753 3972 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys

2011/09/17 19:29:29.0878 3972 Tcpip (b9d87c7707f058ac652a398cd28de14b) C:\Windows\system32\drivers\tcpip.sys

2011/09/17 19:29:29.0971 3972 TCPIP6 (b9d87c7707f058ac652a398cd28de14b) C:\Windows\system32\DRIVERS\tcpip.sys

2011/09/17 19:29:30.0049 3972 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys

2011/09/17 19:29:30.0081 3972 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys

2011/09/17 19:29:30.0096 3972 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys

2011/09/17 19:29:30.0127 3972 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys

2011/09/17 19:29:30.0159 3972 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys

2011/09/17 19:29:30.0205 3972 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys

2011/09/17 19:29:30.0252 3972 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys

2011/09/17 19:29:30.0299 3972 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys

2011/09/17 19:29:30.0315 3972 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys

2011/09/17 19:29:30.0377 3972 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys

2011/09/17 19:29:30.0408 3972 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys

2011/09/17 19:29:30.0439 3972 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys

2011/09/17 19:29:30.0502 3972 USBAAPL64 (f724b03c3dfaacf08d17d38bf3333583) C:\Windows\system32\Drivers\usbaapl64.sys

2011/09/17 19:29:30.0549 3972 usbccgp (7b6a127c93ee590e4d79a5f2a76fe46f) C:\Windows\system32\DRIVERS\usbccgp.sys

2011/09/17 19:29:30.0611 3972 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys

2011/09/17 19:29:30.0658 3972 usbehci (92969ba5ac44e229c55a332864f79677) C:\Windows\system32\DRIVERS\usbehci.sys

2011/09/17 19:29:30.0705 3972 usbhub (e7df1cfd28ca86b35ef5add0735ceef3) C:\Windows\system32\DRIVERS\usbhub.sys

2011/09/17 19:29:30.0751 3972 usbohci (f1bb1e55f1e7a65c5839ccc7b36d773e) C:\Windows\system32\drivers\usbohci.sys

2011/09/17 19:29:30.0783 3972 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys

2011/09/17 19:29:30.0845 3972 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys

2011/09/17 19:29:30.0907 3972 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\DRIVERS\USBSTOR.SYS

2011/09/17 19:29:30.0970 3972 usbuhci (bc3070350a491d84b518d7cca9abd36f) C:\Windows\system32\DRIVERS\usbuhci.sys

2011/09/17 19:29:31.0032 3972 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\System32\Drivers\usbvideo.sys

2011/09/17 19:29:31.0079 3972 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys

2011/09/17 19:29:31.0251 3972 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys

2011/09/17 19:29:32.0358 3972 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys

2011/09/17 19:29:32.0452 3972 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys

2011/09/17 19:29:32.0530 3972 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys

2011/09/17 19:29:32.0561 3972 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys

2011/09/17 19:29:32.0608 3972 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys

2011/09/17 19:29:32.0655 3972 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys

2011/09/17 19:29:32.0717 3972 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys

2011/09/17 19:29:32.0795 3972 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys

2011/09/17 19:29:32.0873 3972 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys

2011/09/17 19:29:32.0904 3972 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys

2011/09/17 19:29:32.0967 3972 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys

2011/09/17 19:29:32.0998 3972 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys

2011/09/17 19:29:33.0029 3972 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys

2011/09/17 19:29:33.0107 3972 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys

2011/09/17 19:29:33.0232 3972 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys

2011/09/17 19:29:33.0450 3972 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys

2011/09/17 19:29:33.0513 3972 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys

2011/09/17 19:29:33.0591 3972 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys

2011/09/17 19:29:33.0653 3972 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys

2011/09/17 19:29:33.0715 3972 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys

2011/09/17 19:29:33.0825 3972 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys

2011/09/17 19:29:33.0871 3972 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys

2011/09/17 19:29:33.0934 3972 yukonw7 (b3eeacf62445e24fbb2cd4b0fb4db026) C:\Windows\system32\DRIVERS\yk62x64.sys

2011/09/17 19:29:34.0074 3972 MBR (0x1B8) (6f20ced9219879cbbc30325d2e9f5814) \Device\Harddisk0\DR0

2011/09/17 19:29:34.0074 3972 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.a (0)

2011/09/17 19:29:34.0121 3972 Boot (0x1200) (6c292a2967e9a6ca2d3409d3a05e7eff) \Device\Harddisk0\DR0\Partition0

2011/09/17 19:29:34.0183 3972 Boot (0x1200) (abada037868de784d05a63d64f933390) \Device\Harddisk0\DR0\Partition1

2011/09/17 19:29:34.0230 3972 Boot (0x1200) (81ec70d18c1b1c5056820b3c37a80002) \Device\Harddisk0\DR0\Partition2

2011/09/17 19:29:34.0230 3972 ================================================================================

2011/09/17 19:29:34.0230 3972 Scan finished

2011/09/17 19:29:34.0230 3972 ================================================================================

2011/09/17 19:29:34.0246 2704 Detected object count: 1

2011/09/17 19:29:34.0246 2704 Actual detected object count: 1

2011/09/17 19:30:14.0041 2704 \Device\Harddisk0\DR0 (Rootkit.Boot.Pihar.a) - will be cured after reboot

2011/09/17 19:30:14.0041 2704 \Device\Harddisk0\DR0 - ok

2011/09/17 19:30:14.0041 2704 Rootkit.Boot.Pihar.a(\Device\Harddisk0\DR0) - User select action: Cure

2011/09/17 19:30:19.0907 1456 Deinitialize success

Link to post
Share on other sites

  • Staff

Hi,

Next, please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the ActiveX control to install
  4. Click Start
  5. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  6. Click Scan
    Wait for the scan to finish
  7. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  8. Copy and paste that log as a reply to this topic

Next, download my Security Check from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Let me know how things are running now and what issues remain.

-screen317

Link to post
Share on other sites

ESETSmartInstaller@High as CAB hook log:

OnlineScanner64.ocx - registred OK

OnlineScanner.ocx - registred OK

# version=7

# iexplore.exe=8.00.7600.16385 (win7_rtm.090713-1255)

# OnlineScanner.ocx=1.0.0.6528

# api_version=3.0.2

# EOSSerial=458bad8ef1c80b4cb1422c7a8a44cc83

# end=finished

# remove_checked=true

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2011-09-21 03:11:02

# local_time=2011-09-20 08:11:02 (-0800, Pacific Daylight Time)

# country="United States"

# lang=9

# osver=6.1.7600 NT

# compatibility_mode=5893 16776574 100 94 620984 68109045 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=277190

# found=3

# cleaned=3

# scan_time=9066

C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10\a8769ca-5e408894 a variant of Java/Agent.DM trojan (deleted - quarantined) 00000000000000000000000000000000 C

C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23\6bb5d6d7-6cb79c47 a variant of Java/Agent.DN trojan (deleted - quarantined) 00000000000000000000000000000000 C

C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55\3724fdb7-3b357222 a variant of Java/Agent.DM trojan (deleted - quarantined) 00000000000000000000000000000000 C

Results of screen317's Security Check version 0.99.18

Windows 7 (UAC is disabled!)

Internet Explorer 8

``````````````````````````````

Antivirus/Firewall Check:

Windows Firewall Enabled!

ESET Online Scanner v3

WMI entry may not exist for antivirus; attempting automatic update.

```````````````````````````````

Anti-malware/Other Utilities Check:

CCleaner

Java 6 Update 27

Adobe Flash Player 10.3.183.7

````````````````````````````````

Process Check:

objlist.exe by Laurent

Windows Defender MSMpEng.exe

Microsoft Security Essentials msseces.exe

Microsoft Security Client Antimalware MsMpEng.exe

Microsoft Security Client Antimalware NisSrv.exe

``````````End of Log````````````

Everything seems to be running fine as of right now. Thanks again.

Link to post
Share on other sites

  • Staff

Hi,

Please download ATF Cleaner by Atribune from here, and save it to your Desktop.

Double click ATF-Cleaner.exe to run the program.

Check the boxes to the left of:

Windows Temp

Current User Temp

All Users Temp

Temporary Internet Files

Java Cache

The rest are optional - if you want to remove the whole lot, check Select All.

Finally click Empty Selected. When you get the "Done Cleaning" message, click OK.

Navigate to Start --> Run, and type Combofix /uninstall in the box that appears. Click OK afterward. Notice the space between the X and the /uninstall

This uninstalls all of ComboFix's components.

Delete SecurityCheck.

After that, navigate to Start --> Control Panel --> Add or Remove Programs, and uninstall the following program(s) (if present):

ESET Online Scanner v3

Restart your computer.

If there are no remaining issues, then I highly recommend the PRO version of MBAM; with it, it's likely that this issue would have been prevented in the first place.

Now that your computer seems to be in proper working order, please take the following steps to help prevent reinfection:

1) Download and install Javacool's SpywareBlaster, which will prevent malware from being installed on your computer. A tutorial on it can be found here.

2) Go to Windows Update frequently to get all of the latest updates (security or otherwise) for Windows.

3) Make sure your programs are up to date! Older versions may contain security risks. To find out what programs need to be updated, please run Secunia's Software Inspector.

4) WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:

  • Green to go
  • Yellow for caution
  • Red to stop

WOT has an addon available for both Firefox and IE.

5) Be sure to update your Antivirus and Antispyware programs often!

Finally, please also take the time to read Tony Klein's excellent article on: So How Did I Get Infected in the First Place?

Safe surfing,

-screen317

Link to post
Share on other sites

  • 3 weeks later...
  • Staff

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.