Jump to content

Recommended Posts

When I was browsing, suddenly I was directed to 188.229.89.120, which ask me to upgrade my browser. I installed the program it offers, and nothing happens except my connection is disconnected. Suspicious, I reset my wifi and scan with mbam to find 3 infected files. After following the solution mbam gives, now svchost.exe keep contacting 188.229.89.120 and blocked.Can anyone make svchost not contacting this IP anymore? Thank You

-MBAM scan log-

Malwarebytes' Anti-Malware 1.51.1.1800

www.malwarebytes.org

Database version: 7642

Windows 6.1.7600

Internet Explorer 8.0.7600.16385

07/09/2011 14:25:00

mbam-log-2011-09-07 (14-25-00).txt

Scan type: Quick scan

Objects scanned: 157409

Time elapsed: 13 minute(s), 9 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 3

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

c:\Users\Hanze\AppData\Local\Temp\5542.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.

c:\Users\Hanze\AppData\Local\Temp\909D.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.

c:\Users\Hanze\AppData\Local\Temp\srv1010.tmp (Trojan.FakeAlert) -> Delete on reboot.

-Hijack this log-

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 16:59:08, on 07/09/2011

Platform: Windows 7 (WinNT 6.00.3504)

MSIE: Internet Explorer v8.00 (8.00.7600.16766)

Boot mode: Normal

Running processes:

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Analog Devices\Core\smax4pnp.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Users\Hanze\Desktop\AnimusRO\Animus.exe

C:\Program Files\Windows Live\Contacts\wlcomm.exe

C:\Users\Hanze\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Hanze\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Hanze\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Hanze\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

C:\Users\Hanze\AppData\Local\Google\Chrome\Application\chrome.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MIF5BA~1\Office14\URLREDIR.DLL

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe

O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [uTorrent] "C:\Users\Hanze\Desktop\utorrent.exe"

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')

O4 - Global Startup: Orbit.lnk = C:\Program Files\Orbitdownloader\orbitdm.exe

O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201

O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204

O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203

O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MIF5BA~1\Office14\EXCEL.EXE/3000

O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MIF5BA~1\Office14\ONBttnIE.dll/105

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O17 - HKLM\System\CCS\Services\Tcpip\..\{3BE82D61-C836-4BA6-86EA-E5ADEE25F5A8}: NameServer = 8.8.8.8

O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Andrea Electronics Corporation - C:\Windows\system32\AEADISRV.EXE

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe

O23 - Service: HP Service (hpsrv) - Hewlett-Packard Company - C:\Windows\system32\Hpservice.exe

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: Remote Procedure Call (RPC) Net (rpcnet) - Absolute Software Corp. - C:\Windows\system32\rpcnet.exe

O23 - Service: Seagate Dashboard Service (SeagateDashboardService) - Memeo - C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe

--

End of file - 6484 bytes

Link to post
Share on other sites

Hello and :welcome:

We need to see some information about what is happening in your machine. Please perform the following scan:

  • Download DDS by sUBs from one of the following links. Save it to your desktop.

    [*]Double click on the DDS icon, allow it to run.

    [*]A small box will open, with an explaination about the tool. No input is needed, the scan is running.

    [*]Notepad will open with the results.

    [*]Follow the instructions that pop up for posting the results.

    [*]Close the program window, and delete the program from your desktop.

Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

Link to post
Share on other sites

Here's the DDS report, thanks for helping :)

btw, there is another thing I noticed. The startup time increased a lot, from about a minute to 3-5 minutes.

.

DDS (Ver_2011-06-23.01) - NTFSx86

Internet Explorer: 8.0.7600.16385

Run by Hanze at 22:31:00 on 2011-09-08

Microsoft Windows 7 Professional 6.1.7600.0.1252.62.1033.18.1976.1033 [GMT 7:00]

.

AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}

SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\Hpservice.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Windows\system32\AEADISRV.EXE

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\rpcnet.exe

C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe

C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Analog Devices\Core\smax4pnp.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Core Temp\Core Temp.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\System32\alg.exe

C:\Windows\system32\svchost.exe -k bthsvcs

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Windows\system32\svchost.exe -k WindowsMobile

C:\Windows\System32\svchost.exe -k secsvcs

C:\Users\Hanze\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Hanze\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Hanze\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\rundll32.exe

C:\Users\Hanze\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Hanze\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files\Orbitdownloader\orbitdm.exe

C:\Program Files\Orbitdownloader\orbitnet.exe

C:\Windows\system32\taskhost.exe

C:\Users\Hanze\AppData\Local\Google\Chrome\Application\chrome.exe

c:\program files\windows defender\MpCmdRun.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = about:blank

mSearchAssistant = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4

BHO: Octh Class: {000123b4-9b42-4900-b3f7-f4b073efc214} - c:\program files\orbitdownloader\orbitcth.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\mif5ba~1\office14\URLREDIR.DLL

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

TB: Grab Pro: {c55bbcd6-41ad-48ad-9953-3609c48eacc7} - c:\program files\orbitdownloader\GrabPro.dll

mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min

mRun: [soundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\orbit.lnk - c:\program files\orbitdownloader\orbitdm.exe

mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

IE: &Download by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/201

IE: &Grab video by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/204

IE: Do&wnload selected by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/203

IE: Down&load all by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/202

IE: E&xport to Microsoft Excel - c:\progra~1\mif5ba~1\office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~1\mif5ba~1\office14\ONBttnIE.dll/105

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll

TCP: DhcpNameServer = 192.168.1.1

TCP: Interfaces\{13C14FCF-EFEE-4E5F-8DC1-0BA9BB57BF78} : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{3BE82D61-C836-4BA6-86EA-E5ADEE25F5A8} : DhcpNameServer = 122.200.1.134

TCP: Interfaces\{3BE82D61-C836-4BA6-86EA-E5ADEE25F5A8}\243313D2530343 : DhcpNameServer = 122.200.1.134

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL

Notify: igfxcui - igfxdev.dll

.

============= SERVICES / DRIVERS ===============

.

R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [2011-9-6 16184]

R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]

R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2011-6-6 64952]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-4-10 136360]

R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2011-4-10 269480]

R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-4-10 66616]

R2 hpsrv;HP Service;c:\windows\system32\hpservice.exe [2011-5-13 26168]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-8-27 366640]

R2 SeagateDashboardService;Seagate Dashboard Service;c:\program files\seagate\seagate dashboard\SeagateDashboardService.exe [2010-4-30 14088]

R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-4-14 45736]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-8-27 22712]

R3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-11 4231168]

R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x86.sys [2009-7-14 311296]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 srv1034;srv1034;c:\windows\system32\svchost.exe -k netsvcs [2009-7-14 20992]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]

S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-8-27 41272]

S3 NETw5s32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\drivers\NETw5s32.sys [2010-1-13 6755840]

S3 NETwNs32;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\drivers\NETwNs32.sys [2010-10-18 7122944]

S3 NMgamingmsFltr;USB Optical Mouse;c:\windows\system32\drivers\NMgamingms.sys [2009-7-24 9472]

S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]

S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992]

S3 SynasUSB;SynasUSB;c:\windows\system32\drivers\synasUSB.sys [2011-5-16 18432]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-14 14336]

S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-4-10 1343400]

.

=============== Created Last 30 ================

.

2011-09-08 15:16:22 0 ----a-w- C:\ico46A0.tmp

2011-09-08 15:12:36 0 ----a-w- C:\icoD5A6.tmp

2011-09-08 15:11:39 0 ----a-w- C:\icoF6CC.tmp

2011-09-08 12:21:33 -------- d-----w- c:\program files\Essentials Codec Pack

2011-09-08 12:16:44 232448 ----a-w- c:\windows\system32\mp3fhg.acm

2011-09-08 12:16:43 650752 ----a-w- c:\windows\system32\xvidcore.dll

2011-09-08 12:16:43 243200 ----a-w- c:\windows\system32\xvidvfw.dll

2011-09-08 12:16:43 151552 ----a-w- c:\windows\system32\ac3acm.acm

2011-09-08 12:16:41 74752 ----a-w- c:\windows\system32\ff_vfw.dll

2011-09-08 12:01:57 -------- d-----w- c:\users\hanze\appdata\roaming\Nullsoft

2011-09-08 12:01:14 0 ----a-w- C:\ico84A.tmp

2011-09-07 08:10:25 388096 ----a-r- c:\users\hanze\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe

2011-09-07 08:10:25 -------- d-----w- c:\program files\Trend Micro

2011-09-07 08:09:39 0 ----a-w- C:\ico66BE.tmp

2011-09-06 13:54:18 -------- d-----w- c:\users\hanze\appdata\roaming\IObit

2011-09-06 13:54:08 29008 ----a-w- c:\windows\system32\SmartDefragBootTime.exe

2011-09-06 13:54:08 16184 ----a-w- c:\windows\system32\drivers\SmartDefragDriver.sys

2011-09-06 13:54:04 -------- d-----w- c:\program files\IObit

2011-09-06 04:38:06 0 ----a-w- C:\ico47E8.tmp

2011-09-06 04:27:07 0 ----a-w- C:\icoECBE.tmp

2011-09-06 02:23:40 0 ----a-w- C:\icoA88D.tmp

2011-09-03 14:59:14 266714 ----a-w- c:\windows\KMSAct.exe

2011-09-03 14:38:19 -------- d-----w- c:\program files\Microsoft Analysis Services

2011-09-03 14:36:49 -------- d-----w- c:\users\hanze\appdata\local\Microsoft Help

2011-09-02 10:33:45 249856 ------w- c:\windows\Setup1.exe

2011-09-02 10:33:44 73216 ----a-w- c:\windows\ST6UNST.EXE

2011-08-30 13:21:21 53760 ----a-w- c:\windows\system32\ZlibTool.ocx

2011-08-30 13:21:21 120320 ----a-w- c:\windows\system32\zlibocx2.dll

2011-08-30 12:47:54 -------- d-----w- C:\downloads

2011-08-27 15:40:55 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-08-27 15:40:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-08-27 15:40:52 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-08-27 15:31:08 -------- d-----w- c:\users\hanze\appdata\roaming\Malwarebytes

2011-08-27 15:30:47 -------- d-----w- c:\programdata\Malwarebytes

2011-08-25 07:01:56 -------- d-----w- c:\program files\common files\Steam

2011-08-25 06:56:48 452440 ----a-w- c:\windows\system32\d3dx10_40.dll

2011-08-25 06:56:48 2036576 ----a-w- c:\windows\system32\D3DCompiler_40.dll

2011-08-25 06:56:47 4379984 ----a-w- c:\windows\system32\D3DX9_40.dll

2011-08-25 02:36:13 -------- d-----w- c:\windows\Options

2011-08-16 23:50:24 6881616 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{783c90d9-0e48-4b2c-a1f9-52177dacbe6e}\mpengine.dll

.

==================== Find3M ====================

.

2011-09-08 15:05:00 17408 ----a-w- c:\windows\system32\rpcnetp.exe

2011-09-08 15:04:58 58288 ----a-w- c:\windows\system32\rpcnet.dll

2011-09-06 14:55:01 17408 ----a-w- c:\windows\system32\rpcnetp.dll

2011-06-28 14:53:11 66616 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2011-06-11 02:37:19 2332672 ----a-w- c:\windows\system32\win32k.sys

.

============= FINISH: 22:32:37,41 ===============

Link to post
Share on other sites

Lets first do a rootkit scan.

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!

  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.

Link to post
Share on other sites

Another thing I noticed, it keep change my DNS when using wi-fi to 8.8.8.8 automatically, but I can change this manually and connect to the internet.

Rootkit scan doesn't find anything. Here's the log

2011/09/09 06:17:21.0038 3464 TDSS rootkit removing tool 2.5.20.0 Sep 7 2011 16:44:34

2011/09/09 06:17:21.0928 3464 ================================================================================

2011/09/09 06:17:21.0930 3464 SystemInfo:

2011/09/09 06:17:21.0930 3464

2011/09/09 06:17:21.0930 3464 OS Version: 6.1.7600 ServicePack: 0.0

2011/09/09 06:17:21.0930 3464 Product type: Workstation

2011/09/09 06:17:21.0930 3464 ComputerName: HANZE-PC

2011/09/09 06:17:21.0930 3464 UserName: Hanze

2011/09/09 06:17:21.0930 3464 Windows directory: C:\Windows

2011/09/09 06:17:21.0930 3464 System windows directory: C:\Windows

2011/09/09 06:17:21.0930 3464 Processor architecture: Intel x86

2011/09/09 06:17:21.0930 3464 Number of processors: 2

2011/09/09 06:17:21.0930 3464 Page size: 0x1000

2011/09/09 06:17:21.0930 3464 Boot type: Normal boot

2011/09/09 06:17:21.0930 3464 ================================================================================

2011/09/09 06:17:23.0316 3464 Initialize success

2011/09/09 06:17:25.0198 3460 ================================================================================

2011/09/09 06:17:25.0198 3460 Scan started

2011/09/09 06:17:25.0198 3460 Mode: Manual;

2011/09/09 06:17:25.0198 3460 ================================================================================

2011/09/09 06:17:26.0800 3460 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys

2011/09/09 06:17:27.0015 3460 Accelerometer (cc1f1d3d70dc13c2c281488d347d4415) C:\Windows\system32\DRIVERS\Accelerometer.sys

2011/09/09 06:17:27.0205 3460 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys

2011/09/09 06:17:27.0393 3460 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys

2011/09/09 06:17:27.0602 3460 ADIHdAudAddService (6c61bceb60c2c187e6f96001fd69493e) C:\Windows\system32\drivers\ADIHdAud.sys

2011/09/09 06:17:27.0851 3460 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys

2011/09/09 06:17:28.0067 3460 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys

2011/09/09 06:17:28.0277 3460 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys

2011/09/09 06:17:28.0503 3460 AFD (0db7a48388d54d154ebec120461a0fcd) C:\Windows\system32\drivers\afd.sys

2011/09/09 06:17:28.0716 3460 AgereSoftModem (7e10e3bb9b258ad8a9300f91214d67b9) C:\Windows\system32\DRIVERS\AGRSM.sys

2011/09/09 06:17:28.0948 3460 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys

2011/09/09 06:17:29.0401 3460 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys

2011/09/09 06:17:29.0752 3460 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys

2011/09/09 06:17:30.0090 3460 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys

2011/09/09 06:17:30.0345 3460 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys

2011/09/09 06:17:30.0561 3460 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys

2011/09/09 06:17:30.0866 3460 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys

2011/09/09 06:17:31.0045 3460 amdsata (19ce906b4cdc11fc4fef5745f33a63b6) C:\Windows\system32\drivers\amdsata.sys

2011/09/09 06:17:31.0252 3460 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys

2011/09/09 06:17:31.0437 3460 amdxata (869e67d66be326a5a9159fba8746fa70) C:\Windows\system32\drivers\amdxata.sys

2011/09/09 06:17:31.0711 3460 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys

2011/09/09 06:17:31.0935 3460 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys

2011/09/09 06:17:32.0205 3460 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys

2011/09/09 06:17:32.0579 3460 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys

2011/09/09 06:17:32.0792 3460 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys

2011/09/09 06:17:32.0972 3460 avgntflt (1e4114685de1ffa9675e09c6a1fb3f4b) C:\Windows\system32\DRIVERS\avgntflt.sys

2011/09/09 06:17:33.0144 3460 avipbb (0f78d3dae6dedd99ae54c9491c62adf2) C:\Windows\system32\DRIVERS\avipbb.sys

2011/09/09 06:17:33.0360 3460 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys

2011/09/09 06:17:33.0607 3460 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys

2011/09/09 06:17:33.0800 3460 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys

2011/09/09 06:17:33.0972 3460 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys

2011/09/09 06:17:34.0160 3460 bowser (9a5c671b7fbae4865149bb11f59b91b2) C:\Windows\system32\DRIVERS\bowser.sys

2011/09/09 06:17:34.0334 3460 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys

2011/09/09 06:17:34.0520 3460 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys

2011/09/09 06:17:34.0725 3460 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys

2011/09/09 06:17:34.0924 3460 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys

2011/09/09 06:17:35.0107 3460 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys

2011/09/09 06:17:35.0315 3460 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys

2011/09/09 06:17:35.0471 3460 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\Windows\system32\DRIVERS\BthEnum.sys

2011/09/09 06:17:35.0550 3460 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys

2011/09/09 06:17:35.0741 3460 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\Windows\system32\DRIVERS\bthpan.sys

2011/09/09 06:17:35.0885 3460 BTHPORT (4a34888e13224678dd062466afec4240) C:\Windows\system32\Drivers\BTHport.sys

2011/09/09 06:17:36.0071 3460 BTHUSB (fa04c63916fa221dbb91fce153d07a55) C:\Windows\system32\Drivers\BTHUSB.sys

2011/09/09 06:17:36.0279 3460 btusbflt (f549c3fb145a4928e40bb1518b2034dc) C:\Windows\system32\drivers\btusbflt.sys

2011/09/09 06:17:36.0442 3460 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys

2011/09/09 06:17:36.0640 3460 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys

2011/09/09 06:17:36.0849 3460 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys

2011/09/09 06:17:36.0942 3460 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys

2011/09/09 06:17:37.0156 3460 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys

2011/09/09 06:17:37.0331 3460 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys

2011/09/09 06:17:37.0510 3460 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys

2011/09/09 06:17:37.0727 3460 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys

2011/09/09 06:17:38.0096 3460 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys

2011/09/09 06:17:38.0220 3460 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys

2011/09/09 06:17:38.0359 3460 CSC (27c9490bdd0ae48911ab8cf1932591ed) C:\Windows\system32\drivers\csc.sys

2011/09/09 06:17:38.0597 3460 DfsC (83d1ecea8faae75604c0fa49ac7ad996) C:\Windows\system32\Drivers\dfsc.sys

2011/09/09 06:17:38.0761 3460 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys

2011/09/09 06:17:38.0967 3460 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys

2011/09/09 06:17:39.0092 3460 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys

2011/09/09 06:17:39.0274 3460 DXGKrnl (1679a4669326cb1a67cc95658d273234) C:\Windows\System32\drivers\dxgkrnl.sys

2011/09/09 06:17:39.0579 3460 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys

2011/09/09 06:17:39.0870 3460 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys

2011/09/09 06:17:40.0087 3460 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys

2011/09/09 06:17:40.0246 3460 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys

2011/09/09 06:17:40.0371 3460 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys

2011/09/09 06:17:40.0565 3460 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys

2011/09/09 06:17:40.0730 3460 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys

2011/09/09 06:17:40.0841 3460 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys

2011/09/09 06:17:40.0984 3460 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys

2011/09/09 06:17:41.0184 3460 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys

2011/09/09 06:17:41.0382 3460 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys

2011/09/09 06:17:41.0452 3460 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys

2011/09/09 06:17:41.0654 3460 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys

2011/09/09 06:17:41.0854 3460 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys

2011/09/09 06:17:41.0950 3460 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys

2011/09/09 06:17:42.0119 3460 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys

2011/09/09 06:17:42.0301 3460 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys

2011/09/09 06:17:42.0566 3460 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys

2011/09/09 06:17:42.0778 3460 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys

2011/09/09 06:17:42.0995 3460 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys

2011/09/09 06:17:43.0284 3460 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys

2011/09/09 06:17:43.0444 3460 hpdskflt (4ef10b866c62abbeaf7511cdd05a19be) C:\Windows\system32\DRIVERS\hpdskflt.sys

2011/09/09 06:17:43.0621 3460 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys

2011/09/09 06:17:43.0817 3460 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys

2011/09/09 06:17:44.0090 3460 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys

2011/09/09 06:17:44.0266 3460 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys

2011/09/09 06:17:44.0462 3460 iaStorV (71f1a494fedf4b33c02c4a6a28d6d9e9) C:\Windows\system32\drivers\iaStorV.sys

2011/09/09 06:17:44.0900 3460 igfx (dce0b53570703cce580d066f89ef58cd) C:\Windows\system32\DRIVERS\igdkmd32.sys

2011/09/09 06:17:45.0366 3460 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys

2011/09/09 06:17:45.0550 3460 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys

2011/09/09 06:17:45.0691 3460 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys

2011/09/09 06:17:45.0805 3460 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys

2011/09/09 06:17:45.0999 3460 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys

2011/09/09 06:17:46.0593 3460 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys

2011/09/09 06:17:47.0108 3460 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys

2011/09/09 06:17:47.0537 3460 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys

2011/09/09 06:17:47.0999 3460 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys

2011/09/09 06:17:48.0330 3460 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys

2011/09/09 06:17:48.0673 3460 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys

2011/09/09 06:17:49.0161 3460 KSecDD (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys

2011/09/09 06:17:49.0701 3460 KSecPkg (365c6154bbbc5377173f1ca7bfb6cc59) C:\Windows\system32\Drivers\ksecpkg.sys

2011/09/09 06:17:50.0337 3460 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys

2011/09/09 06:17:50.0882 3460 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys

2011/09/09 06:17:51.0485 3460 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys

2011/09/09 06:17:52.0003 3460 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys

2011/09/09 06:17:52.0382 3460 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys

2011/09/09 06:17:53.0004 3460 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys

2011/09/09 06:17:53.0546 3460 MBAMProtector (eca00eed9ab95489007b0ef84c7149de) C:\Windows\system32\drivers\mbam.sys

2011/09/09 06:17:54.0038 3460 MBAMSwissArmy (b18225739ed9caa83ba2df966e9f43e8) C:\Windows\system32\drivers\mbamswissarmy.sys

2011/09/09 06:17:54.0321 3460 mcdbus (8fd868e32459ece2a1bb0169f513d31e) C:\Windows\system32\DRIVERS\mcdbus.sys

2011/09/09 06:17:54.0566 3460 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys

2011/09/09 06:17:55.0178 3460 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys

2011/09/09 06:17:55.0700 3460 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys

2011/09/09 06:17:56.0018 3460 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys

2011/09/09 06:17:56.0363 3460 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys

2011/09/09 06:17:56.0874 3460 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys

2011/09/09 06:17:57.0262 3460 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys

2011/09/09 06:17:57.0497 3460 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys

2011/09/09 06:17:57.0680 3460 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys

2011/09/09 06:17:57.0831 3460 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys

2011/09/09 06:17:58.0034 3460 mrxsmb (ca7570e42522e24324a12161db14ec02) C:\Windows\system32\DRIVERS\mrxsmb.sys

2011/09/09 06:17:58.0212 3460 mrxsmb10 (c108952d3660375dcb716b222912e868) C:\Windows\system32\DRIVERS\mrxsmb10.sys

2011/09/09 06:17:58.0389 3460 mrxsmb20 (25c38264a3c72594dd21d355d70d7a5d) C:\Windows\system32\DRIVERS\mrxsmb20.sys

2011/09/09 06:17:58.0546 3460 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys

2011/09/09 06:17:58.0666 3460 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys

2011/09/09 06:17:58.0839 3460 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys

2011/09/09 06:17:58.0964 3460 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys

2011/09/09 06:17:59.0115 3460 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys

2011/09/09 06:17:59.0300 3460 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys

2011/09/09 06:17:59.0490 3460 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys

2011/09/09 06:17:59.0663 3460 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys

2011/09/09 06:17:59.0822 3460 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys

2011/09/09 06:17:59.0994 3460 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys

2011/09/09 06:18:00.0157 3460 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys

2011/09/09 06:18:00.0307 3460 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys

2011/09/09 06:18:00.0460 3460 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys

2011/09/09 06:18:00.0721 3460 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys

2011/09/09 06:18:00.0947 3460 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys

2011/09/09 06:18:01.0163 3460 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys

2011/09/09 06:18:01.0364 3460 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys

2011/09/09 06:18:01.0520 3460 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys

2011/09/09 06:18:01.0671 3460 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys

2011/09/09 06:18:01.0856 3460 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys

2011/09/09 06:18:02.0048 3460 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys

2011/09/09 06:18:02.0225 3460 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys

2011/09/09 06:18:02.0675 3460 NETw5s32 (5b2dfa9c5c02ddf2a113cc0f551b59df) C:\Windows\system32\DRIVERS\NETw5s32.sys

2011/09/09 06:18:03.0708 3460 netw5v32 (58218ec6b61b1169cf54aab0d00f5fe2) C:\Windows\system32\DRIVERS\netw5v32.sys

2011/09/09 06:18:04.0151 3460 NETwNs32 (83553135ad346d247c482f1b8aca921f) C:\Windows\system32\DRIVERS\NETwNs32.sys

2011/09/09 06:18:04.0539 3460 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys

2011/09/09 06:18:04.0737 3460 NMgamingmsFltr (dd0216110ae219f333d0f99079a4be42) C:\Windows\system32\drivers\NMgamingms.sys

2011/09/09 06:18:04.0902 3460 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys

2011/09/09 06:18:05.0085 3460 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys

2011/09/09 06:18:05.0201 3460 Ntfs (187002ce05693c306f43c873f821381f) C:\Windows\system32\drivers\Ntfs.sys

2011/09/09 06:18:05.0413 3460 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys

2011/09/09 06:18:05.0579 3460 nvraid (f1b0bed906f97e16f6d0c3629d2f21c6) C:\Windows\system32\drivers\nvraid.sys

2011/09/09 06:18:05.0778 3460 nvstor (4520b63899e867f354ee012d34e11536) C:\Windows\system32\drivers\nvstor.sys

2011/09/09 06:18:05.0931 3460 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys

2011/09/09 06:18:06.0110 3460 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys

2011/09/09 06:18:06.0346 3460 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys

2011/09/09 06:18:06.0524 3460 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys

2011/09/09 06:18:06.0681 3460 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys

2011/09/09 06:18:06.0841 3460 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys

2011/09/09 06:18:07.0013 3460 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys

2011/09/09 06:18:07.0165 3460 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys

2011/09/09 06:18:07.0367 3460 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys

2011/09/09 06:18:07.0564 3460 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys

2011/09/09 06:18:07.0997 3460 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys

2011/09/09 06:18:08.0070 3460 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys

2011/09/09 06:18:08.0258 3460 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys

2011/09/09 06:18:08.0416 3460 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys

2011/09/09 06:18:08.0687 3460 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys

2011/09/09 06:18:08.0861 3460 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys

2011/09/09 06:18:09.0100 3460 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys

2011/09/09 06:18:09.0178 3460 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys

2011/09/09 06:18:09.0364 3460 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys

2011/09/09 06:18:09.0557 3460 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys

2011/09/09 06:18:09.0722 3460 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys

2011/09/09 06:18:09.0896 3460 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys

2011/09/09 06:18:10.0082 3460 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys

2011/09/09 06:18:10.0237 3460 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys

2011/09/09 06:18:10.0408 3460 RDPDR (c5ff95883ffef704d50c40d21cfb3ab5) C:\Windows\system32\drivers\rdpdr.sys

2011/09/09 06:18:10.0668 3460 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys

2011/09/09 06:18:11.0096 3460 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys

2011/09/09 06:18:11.0540 3460 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys

2011/09/09 06:18:11.0935 3460 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys

2011/09/09 06:18:12.0348 3460 RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\Windows\system32\DRIVERS\rfcomm.sys

2011/09/09 06:18:12.0568 3460 RimUsb (0f6756ef8bda6dfa7be50465c83132bb) C:\Windows\system32\Drivers\RimUsb.sys

2011/09/09 06:18:12.0945 3460 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys

2011/09/09 06:18:13.0129 3460 s3cap (5423d8437051e89dd34749f242c98648) C:\Windows\system32\DRIVERS\vms3cap.sys

2011/09/09 06:18:13.0353 3460 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys

2011/09/09 06:18:13.0537 3460 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys

2011/09/09 06:18:13.0749 3460 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys

2011/09/09 06:18:13.0959 3460 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys

2011/09/09 06:18:14.0199 3460 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys

2011/09/09 06:18:14.0574 3460 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys

2011/09/09 06:18:14.0781 3460 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys

2011/09/09 06:18:14.0958 3460 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys

2011/09/09 06:18:15.0193 3460 sffp_sd (a0708bbd07d245c06ff9de549ca47185) C:\Windows\system32\drivers\sffp_sd.sys

2011/09/09 06:18:15.0349 3460 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys

2011/09/09 06:18:15.0515 3460 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys

2011/09/09 06:18:16.0121 3460 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys

2011/09/09 06:18:16.0300 3460 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys

2011/09/09 06:18:16.0532 3460 SmartDefragDriver (4aa2772a355226e9ac96d01ba431d253) C:\Windows\system32\Drivers\SmartDefragDriver.sys

2011/09/09 06:18:16.0734 3460 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys

2011/09/09 06:18:16.0938 3460 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys

2011/09/09 06:18:17.0141 3460 srv (c4a027b8c0bd3fc0699f41fa5e9e0c87) C:\Windows\system32\DRIVERS\srv.sys

2011/09/09 06:18:17.0346 3460 srv2 (414bb592cad8a79649d01f9d94318fb3) C:\Windows\system32\DRIVERS\srv2.sys

2011/09/09 06:18:17.0516 3460 srvnet (ff207d67700aa18242aaf985d3e7d8f4) C:\Windows\system32\DRIVERS\srvnet.sys

2011/09/09 06:18:17.0714 3460 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys

2011/09/09 06:18:17.0889 3460 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys

2011/09/09 06:18:18.0085 3460 storflt (957e346ca948668f2496a6ccf6ff82cc) C:\Windows\system32\DRIVERS\vmstorfl.sys

2011/09/09 06:18:18.0274 3460 storvsc (d5751969dc3e4b88bf482ac8ec9fe019) C:\Windows\system32\DRIVERS\storvsc.sys

2011/09/09 06:18:18.0435 3460 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys

2011/09/09 06:18:18.0629 3460 SynasUSB (418bd80a7fefaa3fcbd3dcfc021cb294) C:\Windows\system32\drivers\SynasUSB.sys

2011/09/09 06:18:18.0831 3460 SynTP (0e8676fb3bb95aa40fdf7a4a31018c8b) C:\Windows\system32\DRIVERS\SynTP.sys

2011/09/09 06:18:19.0118 3460 Tcpip (0158d5e9982e9d6a90dfc802f618e130) C:\Windows\system32\drivers\tcpip.sys

2011/09/09 06:18:19.0418 3460 TCPIP6 (0158d5e9982e9d6a90dfc802f618e130) C:\Windows\system32\DRIVERS\tcpip.sys

2011/09/09 06:18:19.0588 3460 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys

2011/09/09 06:18:19.0772 3460 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys

2011/09/09 06:18:19.0948 3460 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys

2011/09/09 06:18:20.0335 3460 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys

2011/09/09 06:18:20.0546 3460 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys

2011/09/09 06:18:20.0791 3460 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys

2011/09/09 06:18:20.0992 3460 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys

2011/09/09 06:18:21.0370 3460 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys

2011/09/09 06:18:21.0597 3460 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys

2011/09/09 06:18:21.0894 3460 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys

2011/09/09 06:18:22.0079 3460 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys

2011/09/09 06:18:22.0157 3460 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys

2011/09/09 06:18:22.0295 3460 UnlockerDriver5 (bb879dcfd22926efbeb3298129898cbb) C:\Program Files\Unlocker\UnlockerDriver5.sys

2011/09/09 06:18:22.0449 3460 usbccgp (c31ae588e403042632dc796cf09e30b0) C:\Windows\system32\DRIVERS\usbccgp.sys

2011/09/09 06:18:22.0641 3460 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys

2011/09/09 06:18:22.0799 3460 usbehci (e4c436d914768ce965d5e659ba7eebd8) C:\Windows\system32\DRIVERS\usbehci.sys

2011/09/09 06:18:22.0989 3460 usbhub (bdcd7156ec37448f08633fd899823620) C:\Windows\system32\DRIVERS\usbhub.sys

2011/09/09 06:18:23.0258 3460 usbohci (eb2d819a639015253c871cda09d91d58) C:\Windows\system32\drivers\usbohci.sys

2011/09/09 06:18:23.0542 3460 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys

2011/09/09 06:18:23.0734 3460 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys

2011/09/09 06:18:23.0892 3460 USBSTOR (1c4287739a93594e57e2a9e6a3ed7353) C:\Windows\system32\DRIVERS\USBSTOR.SYS

2011/09/09 06:18:24.0055 3460 usbuhci (22480bf4e5a09192e5e30ba4dde79fa4) C:\Windows\system32\DRIVERS\usbuhci.sys

2011/09/09 06:18:24.0230 3460 usbvideo (b5f6a992d996282b7fae7048e50af83a) C:\Windows\system32\Drivers\usbvideo.sys

2011/09/09 06:18:24.0403 3460 usb_rndisx (d82f43d15fdaa666856c0190cb73e7c9) C:\Windows\system32\DRIVERS\usb8023x.sys

2011/09/09 06:18:24.0570 3460 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys

2011/09/09 06:18:24.0788 3460 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys

2011/09/09 06:18:24.0963 3460 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys

2011/09/09 06:18:25.0100 3460 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys

2011/09/09 06:18:25.0304 3460 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys

2011/09/09 06:18:25.0799 3460 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys

2011/09/09 06:18:25.0947 3460 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys

2011/09/09 06:18:26.0129 3460 vmbus (379b349f65f453d2a6e75ea6b7448e49) C:\Windows\system32\DRIVERS\vmbus.sys

2011/09/09 06:18:26.0304 3460 VMBusHID (ec2bbab4b84d0738c6c83d2234dc36fe) C:\Windows\system32\DRIVERS\VMBusHID.sys

2011/09/09 06:18:26.0403 3460 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys

2011/09/09 06:18:26.0568 3460 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys

2011/09/09 06:18:26.0698 3460 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys

2011/09/09 06:18:26.0843 3460 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys

2011/09/09 06:18:26.0950 3460 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys

2011/09/09 06:18:27.0089 3460 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys

2011/09/09 06:18:27.0293 3460 vwifimp (a3f04cbea6c2a10e6cb01f8b47611882) C:\Windows\system32\DRIVERS\vwifimp.sys

2011/09/09 06:18:27.0530 3460 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys

2011/09/09 06:18:27.0774 3460 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys

2011/09/09 06:18:27.0804 3460 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys

2011/09/09 06:18:28.0207 3460 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys

2011/09/09 06:18:28.0757 3460 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys

2011/09/09 06:18:29.0089 3460 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys

2011/09/09 06:18:29.0154 3460 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys

2011/09/09 06:18:29.0503 3460 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys

2011/09/09 06:18:29.0868 3460 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys

2011/09/09 06:18:30.0080 3460 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys

2011/09/09 06:18:30.0287 3460 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys

2011/09/09 06:18:30.0433 3460 yukonw7 (b07c5b7efdf936ff93d4f540938725be) C:\Windows\system32\DRIVERS\yk62x86.sys

2011/09/09 06:18:30.0568 3460 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0

2011/09/09 06:18:30.0602 3460 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR1

2011/09/09 06:18:30.0629 3460 Boot (0x1200) (4913ffe61293753ef76db82e56e2a0ce) \Device\Harddisk0\DR0\Partition0

2011/09/09 06:18:30.0677 3460 Boot (0x1200) (38c091528949c3a29064bd06c21ea845) \Device\Harddisk0\DR0\Partition1

2011/09/09 06:18:30.0729 3460 Boot (0x1200) (c2b7ef22a8a65d2a97d9e7eef7fee05c) \Device\Harddisk0\DR0\Partition2

2011/09/09 06:18:30.0764 3460 Boot (0x1200) (4279189a4701b2fa35bdd1dfa6eca023) \Device\Harddisk1\DR1\Partition0

2011/09/09 06:18:30.0780 3460 ================================================================================

2011/09/09 06:18:30.0780 3460 Scan finished

2011/09/09 06:18:30.0780 3460 ================================================================================

2011/09/09 06:18:30.0800 3796 Detected object count: 0

2011/09/09 06:18:30.0800 3796 Actual detected object count: 0

Link to post
Share on other sites

Hi again,

COMBOFIX

---------------

Please download ComboFix from one of these locations:


Bleepingcomputer
ForoSpyware

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Query_RC.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC_successful.gif

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\Combofix.txt in your next reply.

Link to post
Share on other sites

After finished combofix, I cant run any program. It said something like illegal operation on registry that going to be deleted. I need to reboot. Is it normal?

-Combo fix log-

ComboFix 11-09-09.01 - Hanze 09/09/2011 18:24:06.1.2 - x86

Microsoft Windows 7 Professional 6.1.7600.0.1252.62.1033.18.1976.1300 [GMT 7:00]

Running from: c:\users\Hanze\Desktop\ComboFix.exe

AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}

SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}

SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\ico3F40.tmp

C:\ico46A0.tmp

C:\ico47E8.tmp

C:\ico647C.tmp

C:\ico66BE.tmp

C:\ico84A.tmp

C:\icoA591.tmp

C:\icoA88D.tmp

C:\icoAC07.tmp

C:\icoD5A6.tmp

C:\icoECBE.tmp

C:\icoF6CC.tmp

c:\users\Hanze\AppData\Local\ApplicationHistory

c:\users\Hanze\AppData\Local\ApplicationHistory\Launcher.exe.45bf0154.ini.inuse

c:\users\Hanze\AppData\Local\ApplicationHistory\Launcher.exe.74629957.ini.inuse

c:\users\Hanze\Desktop\AnimusRO\AI\USER_AI\_desktop.ini

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Service_srv1034

.

.

((((((((((((((((((((((((( Files Created from 2011-08-09 to 2011-09-09 )))))))))))))))))))))))))))))))

.

.

2011-09-09 11:36 . 2011-09-09 11:36 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-09-09 07:42 . 2011-09-09 07:42 -------- d-----w- c:\users\Hanze\AppData\Local\ElevatedDiagnostics

2011-09-09 07:27 . 2011-09-09 07:27 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard

2011-09-08 12:21 . 2011-09-08 12:22 -------- d-----w- c:\program files\Essentials Codec Pack

2011-09-08 12:16 . 2006-10-18 18:05 232448 ----a-w- c:\windows\system32\mp3fhg.acm

2011-09-08 12:16 . 2011-07-16 14:17 151552 ----a-w- c:\windows\system32\ac3acm.acm

2011-09-08 12:16 . 2011-06-24 14:44 243200 ----a-w- c:\windows\system32\xvidvfw.dll

2011-09-08 12:16 . 2011-06-24 14:28 650752 ----a-w- c:\windows\system32\xvidcore.dll

2011-09-08 12:16 . 2011-08-29 08:00 74752 ----a-w- c:\windows\system32\ff_vfw.dll

2011-09-08 12:01 . 2011-09-08 12:01 -------- d-----w- c:\users\Hanze\AppData\Roaming\Nullsoft

2011-09-07 08:10 . 2011-09-07 08:10 388096 ----a-r- c:\users\Hanze\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2011-09-07 08:10 . 2011-09-07 08:10 -------- d-----w- c:\program files\Trend Micro

2011-09-06 13:54 . 2011-09-06 13:54 -------- d-----w- c:\users\Hanze\AppData\Roaming\IObit

2011-09-06 13:54 . 2011-02-23 09:50 16184 ----a-w- c:\windows\system32\drivers\SmartDefragDriver.sys

2011-09-06 13:54 . 2011-02-23 09:50 29008 ----a-w- c:\windows\system32\SmartDefragBootTime.exe

2011-09-06 13:54 . 2011-09-06 13:54 -------- d-----w- c:\program files\IObit

2011-09-03 14:59 . 2010-06-20 17:23 266714 ----a-w- c:\windows\KMSAct.exe

2011-09-03 14:38 . 2011-09-03 14:38 -------- d-----w- c:\program files\Microsoft Analysis Services

2011-09-03 14:36 . 2011-09-03 14:36 -------- d-----w- c:\users\Hanze\AppData\Local\Microsoft Help

2011-09-03 14:36 . 2011-09-03 14:53 -------- d-----w- c:\programdata\Microsoft Help

2011-09-02 10:33 . 2011-09-02 10:33 249856 ------w- c:\windows\Setup1.exe

2011-09-02 10:33 . 2011-09-02 10:33 73216 ----a-w- c:\windows\ST6UNST.EXE

2011-08-30 13:21 . 2009-10-22 01:46 120320 ----a-w- c:\windows\system32\zlibocx2.dll

2011-08-30 13:21 . 1996-06-13 14:24 53760 ----a-w- c:\windows\system32\ZlibTool.ocx

2011-08-30 12:47 . 2011-08-30 12:47 -------- d-----w- C:\downloads

2011-08-27 15:40 . 2011-07-06 12:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-08-27 15:40 . 2011-08-27 15:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-08-27 15:40 . 2011-07-06 12:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-08-27 15:31 . 2011-08-27 15:31 -------- d-----w- c:\users\Hanze\AppData\Roaming\Malwarebytes

2011-08-27 15:30 . 2011-08-27 15:30 -------- d-----w- c:\programdata\Malwarebytes

2011-08-25 07:01 . 2011-08-25 07:01 -------- d-----w- c:\program files\Common Files\Steam

2011-08-25 06:56 . 2008-10-14 23:22 452440 ----a-w- c:\windows\system32\d3dx10_40.dll

2011-08-25 06:56 . 2008-10-14 23:22 2036576 ----a-w- c:\windows\system32\D3DCompiler_40.dll

2011-08-25 06:56 . 2008-10-14 23:22 4379984 ----a-w- c:\windows\system32\D3DX9_40.dll

2011-08-25 02:36 . 2011-08-25 02:36 -------- d-----w- c:\windows\Options

2011-08-16 23:50 . 2011-07-13 03:39 6881616 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{783C90D9-0E48-4B2C-A1F9-52177DACBE6E}\mpengine.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-09-09 11:38 . 2011-04-10 05:47 17408 ----a-w- c:\windows\system32\rpcnetp.exe

2011-09-09 11:38 . 2011-04-09 04:41 58288 ----a-w- c:\windows\system32\rpcnet.dll

2011-09-09 08:10 . 2011-04-10 05:48 17408 ----a-w- c:\windows\system32\rpcnetp.dll

2011-08-08 03:53 . 2011-08-08 03:53 65536 ----a-r- c:\users\Hanze\AppData\Roaming\Microsoft\Installer\{64893225-ADBA-469E-B114-F3B2C1FBBA77}\NewShortcut7_64893225ADBA469EB114F3B2C1FBBA77.exe

2011-08-08 03:53 . 2011-08-08 03:53 65536 ----a-r- c:\users\Hanze\AppData\Roaming\Microsoft\Installer\{64893225-ADBA-469E-B114-F3B2C1FBBA77}\NewShortcut4_64893225ADBA469EB114F3B2C1FBBA77.exe

2011-08-08 03:53 . 2011-08-08 03:53 65536 ----a-r- c:\users\Hanze\AppData\Roaming\Microsoft\Installer\{64893225-ADBA-469E-B114-F3B2C1FBBA77}\Manual_UK_64893225ADBA469EB114F3B2C1FBBA77.exe

2011-08-08 03:53 . 2011-08-08 03:53 65536 ----a-r- c:\users\Hanze\AppData\Roaming\Microsoft\Installer\{64893225-ADBA-469E-B114-F3B2C1FBBA77}\Manual_FR_64893225ADBA469EB114F3B2C1FBBA77.exe

2011-08-08 03:53 . 2011-08-08 03:53 65536 ----a-r- c:\users\Hanze\AppData\Roaming\Microsoft\Installer\{64893225-ADBA-469E-B114-F3B2C1FBBA77}\Manual_DE_64893225ADBA469EB114F3B2C1FBBA77.exe

2011-08-08 03:53 . 2011-08-08 03:53 45056 ----a-r- c:\users\Hanze\AppData\Roaming\Microsoft\Installer\{64893225-ADBA-469E-B114-F3B2C1FBBA77}\S11Launcher.exeE_64893225ADBA469EB114F3B2C1FBBA77.exe

2011-08-08 03:53 . 2011-08-08 03:53 45056 ----a-r- c:\users\Hanze\AppData\Roaming\Microsoft\Installer\{64893225-ADBA-469E-B114-F3B2C1FBBA77}\S11Launcher.exe_64893225ADBA469EB114F3B2C1FBBA77.exe

2011-08-05 05:32 . 2011-08-05 05:32 112832 ----a-w- c:\programdata\Microsoft\VCExpress\10.0\1033\ResourceCache.dll

2011-06-28 14:53 . 2011-04-09 17:41 66616 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2011-06-28 14:53 . 2011-04-09 17:41 138192 ----a-w- c:\windows\system32\drivers\avipbb.sys

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-04-12 281768]

"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2009-05-18 1314816]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Orbit.lnk - c:\program files\Orbitdownloader\orbitdm.exe [2011-4-9 1843000]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk /r \??\C:\0autocheck autochk *

.

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Orbit.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Orbit.lnk

backup=c:\windows\pss\Orbit.lnk.CommonStartup

backupExtension=.CommonStartup

.

[HKLM\~\startupfolder\C:^Users^Hanze^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MagicDisc.lnk]

path=c:\users\Hanze\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk

backup=c:\windows\pss\MagicDisc.lnk.Startup

backupExtension=.Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2011-06-06 05:55 937920 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]

2011-04-09 04:35 136176 ----atw- c:\users\Hanze\AppData\Local\Google\Update\GoogleUpdate.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]

2011-02-11 12:26 171032 ----a-w- c:\windows\System32\hkcmd.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]

2011-02-11 12:26 137752 ----a-w- c:\windows\System32\igfxtray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]

2011-07-06 12:52 449584 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]

2010-04-16 15:12 3872080 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NUSB3MON]

2009-11-20 12:17 106496 ----a-w- c:\program files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]

2011-02-11 12:26 172568 ----a-w- c:\windows\System32\igfxpers.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Seagate Dashboard]

2010-04-30 14:47 79112 ----a-w- c:\program files\Seagate\Seagate Dashboard\MemeoLauncher.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2011-04-08 05:59 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]

2010-06-03 19:17 1791272 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]

2011-04-14 02:16 399736 ----a-w- c:\users\Hanze\Desktop\utorrent.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Mobile-based device management]

2007-05-31 09:21 648072 ----a-w- c:\windows\WindowsMobile\wmdcBase.exe

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R3 ALSysIO;ALSysIO;c:\users\Hanze\AppData\Local\Temp\ALSysIO.sys [x]

R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-04-13 45736]

R3 NETw5s32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\DRIVERS\NETw5s32.sys [2010-01-13 6755840]

R3 NETwNs32;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\DRIVERS\NETwNs32.sys [2010-10-17 7122944]

R3 NMgamingmsFltr;USB Optical Mouse;c:\windows\system32\drivers\NMgamingms.sys [2009-07-24 9472]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]

R3 SynasUSB;SynasUSB;c:\windows\system32\drivers\SynasUSB.sys [2006-11-23 18432]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-04-10 1343400]

S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [2011-02-23 16184]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]

S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-04-28 136360]

S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2011-05-13 26168]

S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-07-06 366640]

S2 SeagateDashboardService;Seagate Dashboard Service;c:\program files\Seagate\Seagate Dashboard\SeagateDashboardService.exe [2010-04-30 14088]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-07-06 22712]

S3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]

S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-07-13 311296]

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

WindowsMobile REG_MULTI_SZ wcescomm rapimgr

LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr

.

Contents of the 'Scheduled Tasks' folder

.

2011-09-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4113285704-1550277208-1062095880-1001Core.job

- c:\users\Hanze\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-09 04:35]

.

2011-09-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4113285704-1550277208-1062095880-1001UA.job

- c:\users\Hanze\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-09 04:35]

.

.

------- Supplementary Scan -------

.

uStart Page = about:blank

IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201

IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204

IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203

IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202

IE: E&xport to Microsoft Excel - c:\progra~1\MIF5BA~1\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~1\MIF5BA~1\Office14\ONBttnIE.dll/105

TCP: DhcpNameServer = 122.200.1.134

.

- - - - ORPHANS REMOVED - - - -

.

MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe

MSConfigStartUp-Memeo Instant Backup - c:\program files\Memeo\AutoBackup\MemeoLauncher2.exe

AddRemove-RiseOfNations 1.0 - j:\games\RoN\UNINSTAL.EXE

AddRemove-RiseofNationsExpansion 1.0 - j:\games\RoN\UNINSTLX.EXE

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

"MSCurrentCountry"=dword:000000b5

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'Explorer.exe'(2976)

c:\program files\Essentials Codec Pack\Haali\splitter.ax

c:\program files\Essentials Codec Pack\Haali\mkzlib.dll

c:\program files\Essentials Codec Pack\Haali\mkunicode.dll

c:\program files\Essentials Codec Pack\Haali\mkx.dll

c:\program files\Essentials Codec Pack\FFDShow\ffdshow.ax

c:\program files\Essentials Codec Pack\VSFilter.dll

c:\windows\system32\DDRAW.dll

c:\program files\Essentials Codec Pack\FLVSplitter.ax

c:\program files\K-Lite Codec Pack\Filters\vp7dec.ax

c:\program files\Essentials Codec Pack\Mpeg2DecFilter.ax

c:\program files\K-Lite Codec Pack\Filters\madFlac.ax

c:\program files\K-Lite Codec Pack\Filters\libFlac.dll

c:\program files\Essentials Codec Pack\RealMediaSplitter.ax

c:\program files\K-Lite Codec Pack\Filters\mmamr.ax

c:\program files\K-Lite Codec Pack\Filters\mmmpcdmx.ax

c:\program files\K-Lite Codec Pack\Filters\WavPackDSSplitter.ax

c:\program files\K-Lite Codec Pack\Filters\WavPackDSDecoder.ax

c:\program files\K-Lite Codec Pack\Filters\mmmpcdec.ax

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\AEADISRV.EXE

c:\program files\Avira\AntiVir Desktop\avguard.exe

c:\program files\Avira\AntiVir Desktop\avshadow.exe

c:\windows\system32\conhost.exe

c:\windows\system32\rpcnet.exe

c:\windows\system32\taskhost.exe

c:\windows\System32\chkdsk.exe

c:\windows\system32\conhost.exe

c:\windows\system32\conhost.exe

c:\windows\system32\sppsvc.exe

c:\program files\Windows Media Player\wmpnetwk.exe

.

**************************************************************************

.

Completion time: 2011-09-09 18:45:11 - machine was rebooted

ComboFix-quarantined-files.txt 2011-09-09 11:45

.

Pre-Run: 129.820.119.040 bytes free

Post-Run: 129.584.328.704 bytes free

.

- - End Of File - - 408B0ADD3FABEFDA5F7D79EA339FFA41

Link to post
Share on other sites

It seems now it stops connecting to that IP after combofix, but I still need to check at university (there's where I got the malware and use wifi). I don't think when I use cable it tries to connect that IP.

DDS log:

.

DDS (Ver_2011-06-23.01) - NTFSx86

Internet Explorer: 8.0.7600.16385

Run by Hanze at 23:17:16 on 2011-09-09

Microsoft Windows 7 Professional 6.1.7600.0.1252.62.1033.18.1976.754 [GMT 7:00]

.

AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}

SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\Hpservice.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Windows\system32\AEADISRV.EXE

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\rpcnet.exe

C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe

C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files\Analog Devices\Core\smax4pnp.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\Orbitdownloader\orbitdm.exe

C:\Program Files\Orbitdownloader\orbitnet.exe

C:\Windows\System32\alg.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Windows\system32\svchost.exe -k WindowsMobile

C:\Windows\System32\svchost.exe -k secsvcs

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Windows Live\Contacts\wlcomm.exe

C:\Program Files\Core Temp\Core Temp.exe

C:\Windows\Explorer.exe

C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

C:\Users\Hanze\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Hanze\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Hanze\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Hanze\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Hanze\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Hanze\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files\K-Lite Codec Pack\Media Player Classic\mpc-hc.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = about:blank

BHO: Octh Class: {000123b4-9b42-4900-b3f7-f4b073efc214} - c:\program files\orbitdownloader\orbitcth.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\mif5ba~1\office14\URLREDIR.DLL

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

TB: Grab Pro: {c55bbcd6-41ad-48ad-9953-3609c48eacc7} - c:\program files\orbitdownloader\GrabPro.dll

uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background

mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min

mRun: [soundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\orbit.lnk - c:\program files\orbitdownloader\orbitdm.exe

mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

IE: &Download by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/201

IE: &Grab video by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/204

IE: Do&wnload selected by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/203

IE: Down&load all by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/202

IE: E&xport to Microsoft Excel - c:\progra~1\mif5ba~1\office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~1\mif5ba~1\office14\ONBttnIE.dll/105

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll

DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

TCP: DhcpNameServer = 192.168.1.1

TCP: Interfaces\{13C14FCF-EFEE-4E5F-8DC1-0BA9BB57BF78} : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{9433AFEE-0D1C-4064-A415-A9B87CE23EE9} : DhcpNameServer = 122.200.1.134

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL

Notify: igfxcui - igfxdev.dll

.

============= SERVICES / DRIVERS ===============

.

R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-4-10 66616]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]

S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-4-14 45736]

.

=============== Created Last 30 ================

.

2011-09-09 11:52:35 0 ----a-w- C:\icoF17F.tmp

2011-09-09 11:44:26 -------- d-sh--w- C:\$RECYCLE.BIN

2011-09-09 08:27:50 98816 ----a-w- c:\windows\sed.exe

2011-09-09 08:27:50 518144 ----a-w- c:\windows\SWREG.exe

2011-09-09 08:27:50 256000 ----a-w- c:\windows\PEV.exe

2011-09-09 08:27:50 208896 ----a-w- c:\windows\MBR.exe

2011-09-09 07:42:43 -------- d-----w- c:\users\hanze\appdata\local\ElevatedDiagnostics

2011-09-08 12:21:33 -------- d-----w- c:\program files\Essentials Codec Pack

2011-09-08 12:01:57 -------- d-----w- c:\users\hanze\appdata\roaming\Nullsoft

2011-09-07 08:10:25 -------- d-----w- c:\program files\Trend Micro

2011-09-06 13:54:18 -------- d-----w- c:\users\hanze\appdata\roaming\IObit

2011-09-06 13:54:08 29008 ----a-w- c:\windows\system32\SmartDefragBootTime.exe

2011-09-06 13:54:08 16184 ----a-w- c:\windows\system32\drivers\SmartDefragDriver.sys

2011-09-06 13:54:04 -------- d-----w- c:\program files\IObit

2011-09-03 14:59:14 266714 ----a-w- c:\windows\KMSAct.exe

2011-09-03 14:38:19 -------- d-----w- c:\program files\Microsoft Analysis Services

2011-09-03 14:36:49 -------- d-----w- c:\users\hanze\appdata\local\Microsoft Help

2011-09-02 10:33:45 249856 ------w- c:\windows\Setup1.exe

2011-09-02 10:33:44 73216 ----a-w- c:\windows\ST6UNST.EXE

2011-08-30 13:21:21 53760 ----a-w- c:\windows\system32\ZlibTool.ocx

2011-08-30 13:21:21 120320 ----a-w- c:\windows\system32\zlibocx2.dll

2011-08-30 12:47:54 -------- d-----w- C:\downloads

2011-08-27 15:40:55 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-08-27 15:40:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-08-27 15:40:52 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-08-27 15:31:08 -------- d-----w- c:\users\hanze\appdata\roaming\Malwarebytes

2011-08-27 15:30:47 -------- d-----w- c:\programdata\Malwarebytes

2011-08-25 07:01:56 -------- d-----w- c:\program files\common files\Steam

2011-08-25 06:56:48 452440 ----a-w- c:\windows\system32\d3dx10_40.dll

2011-08-25 06:56:48 2036576 ----a-w- c:\windows\system32\D3DCompiler_40.dll

2011-08-25 06:56:47 4379984 ----a-w- c:\windows\system32\D3DX9_40.dll

2011-08-25 02:36:13 -------- d-----w- c:\windows\Options

2011-08-16 23:50:24 6881616 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{783c90d9-0e48-4b2c-a1f9-52177dacbe6e}\mpengine.dll

.

==================== Find3M ====================

.

2011-09-09 11:51:01 17408 ----a-w- c:\windows\system32\rpcnetp.exe

2011-09-09 11:50:58 58288 ----a-w- c:\windows\system32\rpcnet.dll

2011-09-09 08:10:36 17408 ----a-w- c:\windows\system32\rpcnetp.dll

2011-06-28 14:53:11 66616 ----a-w- c:\windows\system32\drivers\avgntflt.sys

.

============= FINISH: 23:20:27,65 ===============

attach.zip

Link to post
Share on other sites

If it only happens when you connect at the university wifi network it may indicate that that network is compromised/insecure.

P2P WARNING

-------------------

Going over your logs I noticed that you have uTorrent installed.

  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.

It is pretty much certain that if you continue to use P2P programs, you will get infected again.

I would recommend that you uninstall uTorrent, however that choice is up to you. If you choose to remove these programs, you can do so via Start > Control Panel > Add/Remove Programs.

If you wish to keep it, please do not use it until your computer is cleaned.

Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.

  • Download the latest version of Java Runtime Environment (JRE) Version 7.
  • Look for "JDK 7 (JDK or JRE).
  • Click the "Download JRE" button at the right.
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
    • Select "Windows x86 Offline" and click on jre-7-windows-i586.exe

    [*]Save it to your desktop

    [*]Close any programs you may have running - especially your web browser.

    [*]Uninstall all older versions of Java (any item with Java Runtime Environment, JRE or J2SE in the name).

    [*]Reboot your computer once all Java components are removed.

    [*]Install the newest version by double clicking (run as Administrator for Windows Vista/Seven) the downloaded file.

Please launch MBAM, update it and run a full scan. Post me the resulting log.

Link to post
Share on other sites

full scan log:

Malwarebytes' Anti-Malware 1.51.1.1800

www.malwarebytes.org

Database version: 7694

Windows 6.1.7600

Internet Explorer 8.0.7600.16385

12/09/2011 11:33:58

mbam-log-2011-09-12 (11-33-58).txt

Scan type: Full scan (C:\|D:\|F:\|)

Objects scanned: 324810

Time elapsed: 2 hour(s), 5 minute(s), 28 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Thank you Elise, I think the problem is solved :)

Link to post
Share on other sites

The problem is not really finished I think.

I was connecting to university wifi for few hours and there's no blocked connection notice at all. I can connect normally. However, after I left the laptop for an hour, it went sleep. When I turn it on again, there's the same notice and I can't access internet at all. I haven't run utorrent at all, and DNS auto changing is not happened.

Link to post
Share on other sites

Glad to hear that! Lets do one last scan.

ESET ONLINE SCANNER

----------------------------

I'd like us to scan your machine with ESET OnlineScan

  1. Hold down Control and click on this link to open ESET OnlineScan in a new window.
  2. Click the esetonlinebtn.png button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

    1. Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the esetsmartinstaller_enu.png
      icon on your desktop.

    3. Check "YES, I accept the Terms of Use."
    4. Click the Start button.
    5. Accept any security warnings from your browser.
    6. Under scan settings, check "Scan Archives" and "Remove found threats"
    7. Click Advanced settings and select the following:
      • Scan potentially unwanted applications
      • Scan for potentially unsafe applications
      • Enable Anti-Stealth technology

[*]ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.

[*]When the scan completes, click List Threats

[*]Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.

[*]Click the Back button.

[*]Click the Finish button.

Link to post
Share on other sites

Glad to hear that! Lets do one last scan.

ESET ONLINE SCANNER

----------------------------

I'd like us to scan your machine with ESET OnlineScan

  1. Hold down Control and click on this link to open ESET OnlineScan in a new window.
  2. Click the esetonlinebtn.png button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

    1. Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the esetsmartinstaller_enu.png
      icon on your desktop.

    3. Check "YES, I accept the Terms of Use."
    4. Click the Start button.
    5. Accept any security warnings from your browser.
    6. Under scan settings, check "Scan Archives" and "Remove found threats"
    7. Click Advanced settings and select the following:
      • Scan potentially unwanted applications
      • Scan for potentially unsafe applications
      • Enable Anti-Stealth technology

[*]ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.

[*]When the scan completes, click List Threats

[*]Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.

[*]Click the Back button.

[*]Click the Finish button.

first time run it, the scanner found 4 threats (7hrs, about 30-40% completed). However, before it finished accidentally my laptop is turned off (plugged off). When I repeat the scan, it finished faster (4hrs) and no threat at all, and I cant export.

Should I repeat the scan once more?

Link to post
Share on other sites

No need to, most likely there were some remnants or quarantined items, if the scan is clean now, it is okay. :)

ALL CLEAN

--------------

Your machine appears to be clean, please take the time to read below on how to secure the machine and take the necessary steps to keep it clean :)

Please do the following to remove the remaining programs from your PC:

  • Delete the tools used during the disinfection:
    • Click start > run and type combofix /uninstall, press enter. This will remove Combofix from your computer.

Please read these advices, in order to prevent reinfecting your PC:

  1. Install and update the following programs regularly:
    • an outbound firewall. If you are connected to the internet through a router, you are already behind a hardware firewall and as such you do not need an extra software firewall.
      A comprehensive tutorial and a list of possible firewalls can be found here.
    • an AntiVirus Software
      It is imperative that you update your AntiVirus Software on regular basis.If you do not update your AntiVirus Software then it will not be able to catch the latest threats.
    • an Anti-Spyware program
      Malware Byte's Anti Malware is an excellent Anti-Spyware scanner. It's scan times are usually under ten minutes, and has excellent detection and removal rates.
      SUPERAntiSpyware is another good scanner with high detection and removal rates.
      Both programs are free for non commercial home use but provide a resident and do not nag if you purchase the paid versions.
    • Spyware Blaster
      A tutorial for Spywareblaster can be found here. If you wish, the commercial version provides automatic updating.

[*]Keep Windows (and your other Microsoft software) up to date!

I cannot stress how important this is enough. Often holes are found in Internet Explorer or Windows itself that require patching. Sometimes these holes will allow an attacker unrestricted access to your computer.

Therefore, please, visit the Microsoft Update Website and follow the on screen instructions to setup Microsoft Update. Also follow the instructions to update your system. Please REBOOT and repeat this process until there are no more updates to install!!

[*]Keep your other software up to date as well

Software does not need to be made by Microsoft to be insecure. You can use the Secunia Online Software occasionally to help you check for out of date software on yourmachine.

[*]Stay up to date!

The MOST IMPORTANT part of any security setup is keeping the software up to date. Malware writers release new variants every single day. If your software updates don't keep up, then the malware will always be one step ahead. Not a good thing.

Some more links you might find of interest:

Please reply to this topic if you have read the above information. If your computer is working fine, this topic will be closed afterwards.

Link to post
Share on other sites

Thank you for your help :)

I'll check for updates and few useful freeware there.

I have few last questions, which unrelated with the malware. Before my laptop infected (until now), I can't do checkdisk by right clicking properties for drive C:

it keep saying in use. I tried to schedule it, but when I reboot, nothing happened (no checkdisk at all, just normal startup straight to windows). What's wrong with checkdisk?

second question: after doing these scans, I see 3 new folders in drive C. They are: MSOCache (with lock icon), Qoobox, and Recovery (with lock icon too) can I delete those?

Link to post
Share on other sites

They are: MSOCache (with lock icon), Qoobox, and Recovery (with lock icon too) can I delete those?
These are legit, but indicate you have not yet uninstalled combofix. :)

As for checkdisk, press Windows key + R, type chkdsk /r and press enter. Type Y and press enter to schedule the disk check for the next reboot.

Restart your computer and let the disk check run unhindered.

Link to post
Share on other sites

As for checkdisk, press Windows key + R, type chkdsk /r and press enter. Type Y and press enter to schedule the disk check for the next reboot.

Restart your computer and let the disk check run unhindered.

I tried this, but what actually should show up? My laptop just startup like usual (no special screen showing check disk process or something)

Link to post
Share on other sites

Actually, I am not sure how Windows 7 shows this, I know that it runs a lot faster than on XP.

What you can try is, restart your computer and tap F8 until the advanced boot options menu comes up.

Select Repair Windows and press enter.

Once the recover environment is loaded, click on Command Prompt.

At the command prompt type the following lines and press enter after each of them.

c:

chkdsk /r

Link to post
Share on other sites

  • 4 weeks later...
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.