Jump to content

Google Redirect w/ extra iexplore process


Recommended Posts

A few days ago, I had and seemingly killed the Data Restore Virus, but am left with a nasty Google Redirect virus w/ an extra iexplore.exe process that occasionally plays music and ads in the background, with Data Execution Prevention reporting attacks. MBAM & tdsskiller report nothing, Avira saw traces of Boot.TSS.

-----

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org

Database version: 7920

Windows 6.0.6001 Service Pack 1

Internet Explorer 8.0.6001.19088

10/10/2011 11:34:31 PM

mbam-log-2011-10-10 (23-34-31).txt

Scan type: Quick scan

Objects scanned: 232712

Time elapsed: 1 minute(s), 51 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

-----

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 8.0.6001.19088

Run by Dave at 22:29:40 on 2011-10-10

Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.6134.4456 [GMT -7:00]

.

AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}

SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\system32\Ati2evxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Program Files\Dell\DellDock\DockLogin.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\Ati2evxx.exe

C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files (x86)\Bonjour\mDNSResponder.exe

C:\Program Files\Jungle Disk Desktop\JungleDiskMonitor.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Windows\system32\SearchIndexer.exe

C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe

C:\Windows\system32\WUDFHost.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Windows\system32\taskeng.exe

C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe

C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe

C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe

C:\Windows\ehome\ehtray.exe

C:\Windows\System32\vds.exe

C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE

C:\Windows\SysWOW64\rundll32.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

C:\Windows\system32\vssvc.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Windows\System32\svchost.exe -k swprv

C:\Program Files\iPod\bin\iPodService.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\taskmgr.exe

C:\Windows\system32\wuauclt.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\REGSVR32.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\SysWOW64\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://groups.yahoo.com/

uInternet Settings,ProxyOverride = <local>;*.local

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Virtual Storage Mount Notification: {5ff49fe8-b332-4cb9-b102-fb6951629e55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll

TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll

TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File

uRun: [steam] "c:\program files (x86)\steam\steam.exe" -silent

uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe

uRun: [NCsoft Launcher] C:\Program Files (x86)\NCSoft\Launcher\NCLauncher.exe /Minimized

uRun: [Google Update] "C:\Users\Dave\AppData\Local\Google\Update\GoogleUpdate.exe" /c

mRun: [VolPanel] "C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r

mRun: [sPIRunE] Rundll32 SPIRunE.dll,RunDLLEntry

mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"

mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVXV1UtV0JEWEMtVllGTjMtUURKTUgtNDJBT0EtSzZIVTk"&"inst=NzctNzY0OTgzNDM4LVNUMTJGT0krMS1ERFQrMC1FVUxBKzEtU1QxMkZBUFArMQ"&"prod=90"&"ver=2012.0.1831"&"mid=8d24cf7e250847d193bfd16ae803e057-818c2923ce6802515d944506c03a0362d78eb0c7

mRunOnce: [Launcher] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe"

StartupFolder: C:\Users\Dave\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

LSP: C:\Windows\system32\wpclsp.dll

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {A8739816-022C-11D6-A85D-00C04F9AEAFB} - hxxp://66.15.108.249:81/csi_netcam.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 192.168.1.1 184.16.33.54

TCP: Interfaces\{34D67B82-3EBB-4CD9-87AE-5A4C98F71FD4} : DhcpNameServer = 192.168.1.1 184.16.33.54

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll

SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll

STS: Virtual Storage Mount Notification: {5ff49fe8-b332-4cb9-b102-fb6951629e55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO-X64: Virtual Storage Mount Notification: {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll

BHO-X64: Virtual Storage Mount Notification - No File

BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

BHO-X64: Search Helper - No File

BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO-X64: Windows Live Toolbar Helper: {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll

TB-X64: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll

TB-X64: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File

mRun-x64: [VolPanel] "C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r

mRun-x64: [sPIRunE] Rundll32 SPIRunE.dll,RunDLLEntry

mRun-x64: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun-x64: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"

mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"

mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRunOnce-x64: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"

mRunOnce-x64: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVXV1UtV0JEWEMtVllGTjMtUURKTUgtNDJBT0EtSzZIVTk"&"inst=NzctNzY0OTgzNDM4LVNUMTJGT0krMS1ERFQrMC1FVUxBKzEtU1QxMkZBUFArMQ"&"prod=90"&"ver=2012.0.1831"&"mid=8d24cf7e250847d193bfd16ae803e057-818c2923ce6802515d944506c03a0362d78eb0c7

mRunOnce-x64: [Launcher] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe"

SSODL-X64: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll

STS-X64: Virtual Storage Mount Notification: {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll

SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

Hosts: 127.0.0.1 www.spywareinfo.com

.

============= SERVICES / DRIVERS ===============

.

R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]

R1 avkmgr;avkmgr;C:\Windows\system32\DRIVERS\avkmgr.sys --> C:\Windows\system32\DRIVERS\avkmgr.sys [?]

R1 cbfs3;cbfs3;\??\C:\Windows\system32\drivers\cbfs3.sys --> C:\Windows\system32\drivers\cbfs3.sys [?]

R2 AntiVirSchedulerService;Avira Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2011-10-9 86224]

R2 AntiVirService;Avira Realtime Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2011-10-9 110032]

R2 avgntflt;avgntflt;C:\Windows\system32\DRIVERS\avgntflt.sys --> C:\Windows\system32\DRIVERS\avgntflt.sys [?]

R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2008-12-18 155648]

R2 JungleDiskService;JungleDiskService;C:\Program Files\Jungle Disk Desktop\JungleDiskMonitor.exe [2011-5-17 9761096]

R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2009-6-23 705856]

R3 t3;Sound Blaster X-Fi Xtreme Audio;C:\Windows\system32\drivers\t3.sys --> C:\Windows\system32\drivers\t3.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S3 Creative ALchemy AL1 Licensing Service;Creative ALchemy AL1 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL1Licensing.exe [2009-6-23 79360]

S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2009-7-1 79360]

S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]

S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-4-24 93184]

.

=============== File Associations ===============

.

JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*

.

=============== Created Last 30 ================

.

2011-10-11 05:22:13 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{43FC9731-A963-4B10-8640-E869B7C20A77}\offreg.dll

2011-10-10 05:40:04 -------- d-----w- C:\Users\Dave\AppData\Roaming\Avira

2011-10-10 05:39:37 97312 ----a-w- C:\Windows\System32\drivers\avgntflt.sys

2011-10-10 05:39:37 27760 ----a-w- C:\Windows\System32\drivers\avkmgr.sys

2011-10-10 05:39:37 -------- d-----w- C:\ProgramData\Avira

2011-10-10 05:39:37 -------- d-----w- C:\Program Files (x86)\Avira

2011-10-10 04:56:24 388096 ----a-r- C:\Users\Dave\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2011-10-10 04:35:54 -------- d--h--w- C:\ProgramData\Common Files

2011-10-10 04:33:29 -------- d-----w- C:\ProgramData\MFAData

2011-10-10 04:12:14 7680 ----a-w- C:\Program Files\Internet Explorer\iecompat.dll

2011-10-10 04:12:14 7680 ----a-w- C:\Program Files (x86)\Internet Explorer\iecompat.dll

2011-10-10 00:43:06 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy

2011-10-10 00:37:59 -------- d-sh--w- C:\$RECYCLE.BIN

2011-10-09 18:32:47 -------- d-----w- C:\ComboFix

2011-10-09 17:15:36 -------- d-----w- C:\Users\Dave\AppData\Local\temp

2011-10-09 16:27:37 98816 ----a-w- C:\Windows\sed.exe

2011-10-09 16:27:37 518144 ----a-w- C:\Windows\SWREG.exe

2011-10-09 16:27:37 256000 ----a-w- C:\Windows\PEV.exe

2011-10-09 16:27:37 208896 ----a-w- C:\Windows\MBR.exe

2011-10-08 01:05:02 9049936 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{43FC9731-A963-4B10-8640-E869B7C20A77}\mpengine.dll

2011-09-26 05:35:15 -------- d-----w- C:\Smarty

2011-09-21 03:36:55 -------- d-----w- C:\Users\Dave\AppData\Roaming\Unity

2011-09-21 03:29:55 -------- d-----w- C:\Users\Dave\AppData\Local\Unity

2011-09-21 03:29:36 -------- d-----w- C:\Users\Dave\AppData\Local\Apps

2011-09-21 03:29:34 -------- d-----w- C:\Users\Dave\AppData\Local\Deployment

.

==================== Find3M ====================

.

2011-09-25 16:38:28 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2011-09-01 00:00:50 25416 ----a-w- C:\Windows\System32\drivers\mbam.sys

.

============= FINISH: 22:38:24.13 ===============

ArkAttach.zip

Link to post
Share on other sites

  • Staff

Hi and welcome to Malwarebytes.

Please update MBAM, run a Quick Scan, and post its log.

Next, please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the contents of C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

Link to post
Share on other sites

Thanks so much! Breaking into separate posts due to exceeding reply length.

-- MBAM --

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org

Database version: 7941

Windows 6.0.6002 Service Pack 2

Internet Explorer 8.0.6001.19088

10/13/2011 6:06:56 PM

mbam-log-2011-10-13 (18-06-56).txt

Scan type: Quick scan

Objects scanned: 234147

Time elapsed: 8 minute(s), 9 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

(had to attach ComboFix log, as it's too long for the post).

--- DDS ---

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 8.0.6001.19088

Run by Dave at 19:22:12 on 2011-10-13

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.6134.3974 [GMT -7:00]

.

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\system32\Ati2evxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\Ati2evxx.exe

C:\Program Files\Dell\DellDock\DockLogin.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\WUDFHost.exe

C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE

C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe

C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe

C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe

C:\Windows\SysWOW64\rundll32.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Windows\system32\taskmgr.exe

C:\Windows\System32\notepad.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\REGSVR32.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\SysWOW64\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://groups.yahoo.com/

uInternet Settings,ProxyOverride = *.local;<local>

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Virtual Storage Mount Notification: {5ff49fe8-b332-4cb9-b102-fb6951629e55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll

TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll

TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File

uRun: [steam] "c:\program files (x86)\steam\steam.exe" -silent

uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe

uRun: [NCsoft Launcher] C:\Program Files (x86)\NCSoft\Launcher\NCLauncher.exe /Minimized

mRun: [VolPanel] "C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r

mRun: [sPIRunE] Rundll32 SPIRunE.dll,RunDLLEntry

mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"

mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVXV1UtV0JEWEMtVllGTjMtUURKTUgtNDJBT0EtSzZIVTk"&"inst=NzctNzY0OTgzNDM4LVNUMTJGT0krMS1ERFQrMC1FVUxBKzEtU1QxMkZBUFArMQ"&"prod=90"&"ver=2012.0.1831"&"mid=8d24cf7e250847d193bfd16ae803e057-818c2923ce6802515d944506c03a0362d78eb0c7

mRunOnce: [Launcher] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe"

StartupFolder: C:\Users\Dave\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE

mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

LSP: C:\Windows\system32\wpclsp.dll

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {A8739816-022C-11D6-A85D-00C04F9AEAFB} - hxxp://66.15.108.249:81/csi_netcam.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 192.168.1.1 184.16.33.54

TCP: Interfaces\{34D67B82-3EBB-4CD9-87AE-5A4C98F71FD4} : DhcpNameServer = 192.168.1.1 184.16.33.54

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll

SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll

STS: Virtual Storage Mount Notification: {5ff49fe8-b332-4cb9-b102-fb6951629e55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO-X64: Virtual Storage Mount Notification: {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll

BHO-X64: Virtual Storage Mount Notification - No File

BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

BHO-X64: Search Helper - No File

BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO-X64: Windows Live Toolbar Helper: {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll

TB-X64: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll

TB-X64: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File

mRun-x64: [VolPanel] "C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r

mRun-x64: [sPIRunE] Rundll32 SPIRunE.dll,RunDLLEntry

mRun-x64: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun-x64: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"

mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"

mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRunOnce-x64: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"

mRunOnce-x64: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVXV1UtV0JEWEMtVllGTjMtUURKTUgtNDJBT0EtSzZIVTk"&"inst=NzctNzY0OTgzNDM4LVNUMTJGT0krMS1ERFQrMC1FVUxBKzEtU1QxMkZBUFArMQ"&"prod=90"&"ver=2012.0.1831"&"mid=8d24cf7e250847d193bfd16ae803e057-818c2923ce6802515d944506c03a0362d78eb0c7

mRunOnce-x64: [Launcher] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe"

SSODL-X64: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll

STS-X64: Virtual Storage Mount Notification: {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll

SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

Hosts: 127.0.0.1 www.spywareinfo.com

.

============= SERVICES / DRIVERS ===============

.

R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]

R1 cbfs3;cbfs3;\??\C:\Windows\system32\drivers\cbfs3.sys --> C:\Windows\system32\drivers\cbfs3.sys [?]

R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2008-12-18 155648]

R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2009-6-23 705856]

R3 t3;Sound Blaster X-Fi Xtreme Audio;C:\Windows\system32\drivers\t3.sys --> C:\Windows\system32\drivers\t3.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S3 Creative ALchemy AL1 Licensing Service;Creative ALchemy AL1 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL1Licensing.exe [2009-6-23 79360]

S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2009-7-1 79360]

S3 JungleDiskService;JungleDiskService;C:\Program Files\Jungle Disk Desktop\JungleDiskMonitor.exe [2011-5-17 9761096]

S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]

S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2011-10-10 89920]

.

=============== File Associations ===============

.

JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*

.

=============== Created Last 30 ================

.

2011-10-14 02:22:02 -------- d-sh--w- C:\$RECYCLE.BIN

2011-10-14 01:11:55 -------- d-----w- C:\ComboFix

2011-10-13 05:05:39 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D02D7DEF-170E-436D-BA20-558E367A9199}\offreg.dll

2011-10-13 05:01:04 -------- d-----w- C:\Windows\SysWow64\vi-VN

2011-10-13 05:01:04 -------- d-----w- C:\Windows\SysWow64\eu-ES

2011-10-13 05:01:04 -------- d-----w- C:\Windows\SysWow64\ca-ES

2011-10-13 05:01:04 -------- d-----w- C:\Windows\System32\vi-VN

2011-10-13 05:01:04 -------- d-----w- C:\Windows\System32\eu-ES

2011-10-13 05:01:04 -------- d-----w- C:\Windows\System32\ca-ES

2011-10-13 04:40:49 -------- d-----w- C:\Windows\System32\EventProviders

2011-10-13 03:52:55 9049936 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D02D7DEF-170E-436D-BA20-558E367A9199}\mpengine.dll

2011-10-13 03:50:30 -------- d-----w- C:\Program Files\iPod

2011-10-13 03:50:29 -------- d-----w- C:\Program Files (x86)\iTunes

2011-10-13 03:50:28 -------- d-----w- C:\Program Files\iTunes

2011-10-13 03:44:37 -------- d-----w- C:\Program Files\Bonjour

2011-10-13 03:44:37 -------- d-----w- C:\Program Files (x86)\Bonjour

2011-10-11 03:45:59 779136 ----a-w- C:\Windows\SysWow64\PresentationNative_v0300.dll

2011-10-11 03:44:59 242176 ----a-w- C:\Windows\System32\iassam.dll

2011-10-11 03:43:59 46592 ----a-w- C:\Windows\System32\deskmon.dll

2011-10-11 03:41:37 891392 ----a-w- C:\Windows\System32\wbem\fastprox.dll

2011-10-11 03:41:37 43520 ----a-w- C:\Windows\System32\wbem\wbemprox.dll

2011-10-11 03:41:37 1172992 ----a-w- C:\Windows\System32\wbem\wbemcore.dll

2011-10-11 03:41:31 936448 ----a-w- C:\Windows\System32\SmiEngine.dll

2011-10-11 03:41:23 293888 ----a-w- C:\Windows\System32\wdscore.dll

2011-10-11 03:41:23 138752 ----a-w- C:\Windows\System32\PkgMgr.exe

2011-10-11 03:41:15 315904 ----a-w- C:\Windows\System32\drvstore.dll

2011-10-10 04:56:24 388096 ----a-r- C:\Users\Dave\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2011-10-10 04:35:54 -------- d--h--w- C:\ProgramData\Common Files

2011-10-10 04:33:29 -------- d-----w- C:\ProgramData\MFAData

2011-10-10 04:12:14 7680 ----a-w- C:\Program Files\Internet Explorer\iecompat.dll

2011-10-10 04:12:14 7680 ----a-w- C:\Program Files (x86)\Internet Explorer\iecompat.dll

2011-10-10 00:43:06 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy

2011-10-09 17:15:36 -------- d-----w- C:\Users\Dave\AppData\Local\temp

2011-10-09 16:27:37 98816 ----a-w- C:\Windows\sed.exe

2011-10-09 16:27:37 518144 ----a-w- C:\Windows\SWREG.exe

2011-10-09 16:27:37 256000 ----a-w- C:\Windows\PEV.exe

2011-10-09 16:27:37 208896 ----a-w- C:\Windows\MBR.exe

2011-09-26 05:35:15 -------- d-----w- C:\Smarty

2011-09-21 03:36:55 -------- d-----w- C:\Users\Dave\AppData\Roaming\Unity

2011-09-21 03:29:55 -------- d-----w- C:\Users\Dave\AppData\Local\Unity

2011-09-21 03:29:36 -------- d-----w- C:\Users\Dave\AppData\Local\Apps

2011-09-21 03:29:34 -------- d-----w- C:\Users\Dave\AppData\Local\Deployment

.

==================== Find3M ====================

.

2011-09-25 16:38:28 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2011-09-01 00:00:50 25416 ----a-w- C:\Windows\System32\drivers\mbam.sys

2011-08-31 06:05:32 96104 ----a-w- C:\Windows\System32\dns-sd.exe

2011-08-31 06:05:32 85864 ----a-w- C:\Windows\System32\dnssd.dll

2011-08-31 06:05:32 212840 ----a-w- C:\Windows\System32\dnssdX.dll

2011-08-31 06:05:04 83816 ----a-w- C:\Windows\SysWow64\dns-sd.exe

2011-08-31 06:05:04 73064 ----a-w- C:\Windows\SysWow64\dnssd.dll

2011-08-31 06:05:04 178536 ----a-w- C:\Windows\SysWow64\dnssdX.dll

2011-08-03 00:38:56 51712 ----a-w- C:\Windows\System32\drivers\usbaapl64.sys

2011-08-03 00:38:56 4517664 ----a-w- C:\Windows\System32\usbaaplrc.dll

.

============= FINISH: 19:30:02.97 ===============

ComboFix.txt

Link to post
Share on other sites

  • Staff

Hi,

Next, please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the ActiveX control to install
  4. Click Start
  5. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  6. Click Scan
    Wait for the scan to finish
  7. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  8. Copy and paste that log as a reply to this topic

Next, download my Security Check from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Let me know how things are running now and what issues remain.

Link to post
Share on other sites

Hi Chris,

Unfortunately, I was unable to run ESET over several attempts due to one of the symptoms being that it likes to crash and restart my IE windows periodically. I even tried in safe mode w/ networking. The furthest I got was after opening a bunch of IE windows, but eventually the ESET window crashed. That last run did report six occurences of Java Agent.DT trojan.

Note on the checkup.txt: Before I created this thread, I uninstalled/reinstalled IE8, and I am unable to install the last service pack, presumably due to the virus.

Still have the same original problem. Issues are: (1) iexplore problems described in first post; (2) service pack issue described in this post; (3) certain graphical issues with one of my games; (4) the biggest pain - iTunes/MyComputer unable to pick up my iPod (I see K drive for half-a-sec after plugging in before it disappears). Thanks.

-- log.txt --- (aborted each time)

ESETSmartInstaller@High as CAB hook log:

OnlineScanner64.ocx - registred OK

OnlineScanner.ocx - registred OK

esets_scanner_update returned -1 esets_gle=53251

esets_scanner_update returned -1 esets_gle=53251

esets_scanner_update returned -1 esets_gle=53251

-- checkup.txt --

Results of screen317's Security Check version 0.99.24

Windows Vista x64 (UAC is enabled)

Out of date service pack!!

Internet Explorer 8 Out of date!

``````````````````````````````

Antivirus/Firewall Check:

Windows Firewall Enabled!

ESET Online Scanner v3

WMI entry may not exist for antivirus; attempting automatic update.

```````````````````````````````

Anti-malware/Other Utilities Check:

MVPS Hosts File

Malwarebytes' Anti-Malware

````````````````````````````````

Process Check:

objlist.exe by Laurent

Windows Defender MSMpEng.exe

Microsoft Security Essentials msseces.exe

Microsoft Security Client Antimalware MsMpEng.exe

Microsoft Security Client Antimalware NisSrv.exe

``````````End of Log````````````

Link to post
Share on other sites

Okay, I was able to run ESET via Safari. That scan is below. Six items are listed on the "Manage Quarantine" dialog, perhaps that's from last night? Also, Microsoft Security Essentials had a definition update last night (while I was trying ESET) and reported and removed several Java trojans (I can provide list if needed). But, system still has same symptoms as before. Thanks for your continued help; looks busy in here!

--- ESET ---

ESETSmartInstaller@High as CAB hook log:

OnlineScanner64.ocx - registred OK

OnlineScanner.ocx - registred OK

esets_scanner_update returned -1 esets_gle=53251

esets_scanner_update returned -1 esets_gle=53251

esets_scanner_update returned -1 esets_gle=53251

ESETSmartInstaller@High as downloader log:

all ok

# version=7

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6528

# api_version=3.0.2

# EOSSerial=2167e1453e04e74da02b270ba6e5ae64

# end=finished

# remove_checked=true

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2011-10-19 03:17:28

# local_time=2011-10-18 08:17:28 (-0800, Pacific Daylight Time)

# country="United States"

# lang=1033

# osver=6.0.6002 NT Service Pack 2

# compatibility_mode=512 16777215 100 0 0 0 0 0

# compatibility_mode=5892 16776574 100 56 0 155588557 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=209331

# found=0

# cleaned=0

# scan_time=4397

Link to post
Share on other sites

  • Staff

Hi,

Run TFC by OldTimer to clear temporary files:

  • Please download TFC from here and save it to your desktop.
  • Close any open programs and Internet browsers.
  • Double click TFC.exe to run it and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning.
  • Please be patient as clearing out temp files may take a while.
  • Once it completes you may be prompted to restart your computer, please do so.
  • Once it's finished you may delete TFC.exe from your Desktop or save it for later use for the cleaning of temporary files.

Next, it is absolutely essential that you upgrade to Windows Vista Service Pack 2. What you currently have, Service Pack 1, has vulnerabilities that leave you wide open for re-infection. To upgrade, please click Start, type in Windows Update, click Windows Update, then download all available critical updates, including Service Pack 2 and Internet Explorer 9.

Let me know how that goes and if there were any issues updating.

Link to post
Share on other sites

Thanks for sticking with me, Chris.

My latest action: I ran TFC, upgraded to IE9, then ran TFC again. Still have same symptoms as before (see below).

Note on SP2: As I hinted above, I'm unable to install Windows Vista Service Pack 2 via Windows Update. It always fails, whether I do it via Windows Update, or when I select "Install Updates and Shut Down" in the Shut Down dialog. I regularly use update. I think that something happened when I tried to uninstall/reinstall IE8 prior to creating this thread, as that's when I started getting the reports from Windows Update.

Summary of current issues: (1) google/bing redirect; (2) iexplore process respawning with ads/music playing in background, plus other symptoms described in thread; (3) unable to install Windows Vista SP2; (4) iTunes/MyComputer unable to pick up my iPod.

Link to post
Share on other sites

Are you currently connected through a router?

Short answer: Yes.

Details: This is a home PC that I connect through a wireless router provided by my ISP. Laptops that use the wireless have none of these symptoms. I can try rebooting the router and/or bypassing the router (if possible) tonight, or anything else you suggest.

Link to post
Share on other sites

MBAM and TDSS logs below; Combofix log attached due to size

=== MBAM ===

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org

Database version: 8055

Windows 6.0.6002 Service Pack 2

Internet Explorer 9.0.8112.16421

10/31/2011 6:45:51 PM

mbam-log-2011-10-31 (18-45-51).txt

Scan type: Quick scan

Objects scanned: 232864

Time elapsed: 3 minute(s), 43 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

=== TDSS ===

20:03:29.0791 5524 TDSS rootkit removing tool 2.6.14.0 Oct 28 2011 11:11:01

20:03:30.0151 5524 ============================================================

20:03:30.0151 5524 Current date / time: 2011/10/31 20:03:30.0151

20:03:30.0151 5524 SystemInfo:

20:03:30.0151 5524

20:03:30.0151 5524 OS Version: 6.0.6002 ServicePack: 2.0

20:03:30.0151 5524 Product type: Workstation

20:03:30.0151 5524 ComputerName: DAVE-PC

20:03:30.0151 5524 UserName: Dave

20:03:30.0151 5524 Windows directory: C:\Windows

20:03:30.0151 5524 System windows directory: C:\Windows

20:03:30.0151 5524 Running under WOW64

20:03:30.0151 5524 Processor architecture: Intel x64

20:03:30.0152 5524 Number of processors: 8

20:03:30.0152 5524 Page size: 0x1000

20:03:30.0152 5524 Boot type: Normal boot

20:03:30.0152 5524 ============================================================

20:03:30.0549 5524 Initialize success

20:03:44.0774 5052 ============================================================

20:03:44.0774 5052 Scan started

20:03:44.0774 5052 Mode: Manual;

20:03:44.0774 5052 ============================================================

20:03:45.0091 5052 ACPI (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys

20:03:45.0093 5052 ACPI - ok

20:03:45.0135 5052 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys

20:03:45.0138 5052 adp94xx - ok

20:03:45.0178 5052 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys

20:03:45.0179 5052 adpahci - ok

20:03:45.0204 5052 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys

20:03:45.0204 5052 adpu160m - ok

20:03:45.0235 5052 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys

20:03:45.0236 5052 adpu320 - ok

20:03:45.0319 5052 AFD (0cc146c4addea45791b18b1e2659f4a9) C:\Windows\system32\drivers\afd.sys

20:03:45.0321 5052 AFD - ok

20:03:45.0353 5052 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys

20:03:45.0354 5052 agp440 - ok

20:03:45.0384 5052 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys

20:03:45.0384 5052 aic78xx - ok

20:03:45.0402 5052 aliide (9544c2c55541c0c6bfd7b489d0e7d430) C:\Windows\system32\drivers\aliide.sys

20:03:45.0402 5052 aliide - ok

20:03:45.0417 5052 amdide (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys

20:03:45.0417 5052 amdide - ok

20:03:45.0437 5052 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys

20:03:45.0437 5052 AmdK8 - ok

20:03:45.0492 5052 Amfilter (71aff825b960731e2ae366467bc0d1f3) C:\Windows\system32\DRIVERS\Amfltx64.sys

20:03:45.0492 5052 Amfilter - ok

20:03:45.0546 5052 Amusbprt (8f1db3d133197affa3a721953eb0988c) C:\Windows\system32\DRIVERS\Amusbx64.sys

20:03:45.0546 5052 Amusbprt - ok

20:03:45.0595 5052 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys

20:03:45.0595 5052 arc - ok

20:03:45.0641 5052 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys

20:03:45.0641 5052 arcsas - ok

20:03:45.0678 5052 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys

20:03:45.0679 5052 AsyncMac - ok

20:03:45.0693 5052 atapi (f988bb0690cd660318037908e9b8dbf7) C:\Windows\system32\drivers\atapi.sys

20:03:45.0693 5052 atapi - ok

20:03:45.0811 5052 atikmdag (db96850170c9895d855463c207fbd4ad) C:\Windows\system32\DRIVERS\atikmdag.sys

20:03:45.0834 5052 atikmdag - ok

20:03:45.0855 5052 Beep - ok

20:03:45.0887 5052 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys

20:03:45.0888 5052 blbdrive - ok

20:03:45.0934 5052 bowser (2348447a80920b2493a9b582a23e81e1) C:\Windows\system32\DRIVERS\bowser.sys

20:03:45.0935 5052 bowser - ok

20:03:45.0960 5052 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys

20:03:45.0960 5052 BrFiltLo - ok

20:03:45.0978 5052 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys

20:03:45.0978 5052 BrFiltUp - ok

20:03:45.0996 5052 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys

20:03:45.0997 5052 Brserid - ok

20:03:46.0017 5052 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys

20:03:46.0017 5052 BrSerWdm - ok

20:03:46.0030 5052 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys

20:03:46.0030 5052 BrUsbMdm - ok

20:03:46.0042 5052 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys

20:03:46.0042 5052 BrUsbSer - ok

20:03:46.0055 5052 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys

20:03:46.0056 5052 BTHMODEM - ok

20:03:46.0157 5052 catchme - ok

20:03:46.0233 5052 cbfs3 (b9f9b339e3996a28a37b55b1c74e1d66) C:\Windows\system32\drivers\cbfs3.sys

20:03:46.0235 5052 cbfs3 - ok

20:03:46.0243 5052 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys

20:03:46.0244 5052 cdfs - ok

20:03:46.0296 5052 cdrom (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys

20:03:46.0298 5052 cdrom - ok

20:03:46.0323 5052 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\DRIVERS\circlass.sys

20:03:46.0324 5052 circlass - ok

20:03:46.0375 5052 CLFS (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys

20:03:46.0377 5052 CLFS - ok

20:03:46.0417 5052 cmdide (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys

20:03:46.0418 5052 cmdide - ok

20:03:46.0435 5052 Compbatt (34a6aa82aa36c87fc8816f2097efa345) C:\Windows\system32\drivers\compbatt.sys

20:03:46.0435 5052 Compbatt - ok

20:03:46.0444 5052 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys

20:03:46.0445 5052 crcdisk - ok

20:03:46.0527 5052 DfsC (8b722ba35205c71e7951cdc4cdbade19) C:\Windows\system32\Drivers\dfsc.sys

20:03:46.0528 5052 DfsC - ok

20:03:46.0588 5052 disk (b0107e40ecdb5fa692ebf832f295d905) C:\Windows\system32\drivers\disk.sys

20:03:46.0589 5052 disk - ok

20:03:46.0636 5052 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys

20:03:46.0637 5052 drmkaud - ok

20:03:46.0691 5052 DXGKrnl (b8e554e502d5123bc111f99d6a2181b4) C:\Windows\System32\drivers\dxgkrnl.sys

20:03:46.0696 5052 DXGKrnl - ok

20:03:46.0726 5052 e1express (17d40652ef3e55eeae187a89df40965a) C:\Windows\system32\DRIVERS\e1e6032e.sys

20:03:46.0728 5052 e1express - ok

20:03:46.0775 5052 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys

20:03:46.0776 5052 E1G60 - ok

20:03:46.0821 5052 Ecache (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys

20:03:46.0822 5052 Ecache - ok

20:03:46.0861 5052 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys

20:03:46.0863 5052 elxstor - ok

20:03:46.0893 5052 ErrDev (991fab6aa066e1214efb5b496fb7959a) C:\Windows\system32\drivers\errdev.sys

20:03:46.0893 5052 ErrDev - ok

20:03:46.0944 5052 exfat (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys

20:03:46.0946 5052 exfat - ok

20:03:46.0979 5052 fastfat (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys

20:03:46.0980 5052 fastfat - ok

20:03:47.0015 5052 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys

20:03:47.0015 5052 fdc - ok

20:03:47.0027 5052 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys

20:03:47.0028 5052 FileInfo - ok

20:03:47.0044 5052 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys

20:03:47.0044 5052 Filetrace - ok

20:03:47.0063 5052 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys

20:03:47.0063 5052 flpydisk - ok

20:03:47.0117 5052 FltMgr (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys

20:03:47.0119 5052 FltMgr - ok

20:03:47.0144 5052 Fs_Rec (29d99e860a1ca0a03c6a733fdd0da703) C:\Windows\system32\drivers\Fs_Rec.sys

20:03:47.0144 5052 Fs_Rec - ok

20:03:47.0167 5052 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys

20:03:47.0168 5052 gagp30kx - ok

20:03:47.0205 5052 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

20:03:47.0205 5052 GEARAspiWDM - ok

20:03:47.0269 5052 HdAudAddService (68e732382b32417ff61fd663259b4b09) C:\Windows\system32\drivers\HdAudio.sys

20:03:47.0271 5052 HdAudAddService - ok

20:03:47.0331 5052 HDAudBus (f942c5820205f2fb453243edfec82a3d) C:\Windows\system32\DRIVERS\HDAudBus.sys

20:03:47.0336 5052 HDAudBus - ok

20:03:47.0351 5052 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys

20:03:47.0352 5052 HidBth - ok

20:03:47.0378 5052 HidIr (5f47839455d01ff6403b008d481a6f5b) C:\Windows\system32\DRIVERS\hidir.sys

20:03:47.0378 5052 HidIr - ok

20:03:47.0409 5052 HidUsb (443bdd2d30bb4f00795c797e2cf99edf) C:\Windows\system32\DRIVERS\hidusb.sys

20:03:47.0409 5052 HidUsb - ok

20:03:47.0436 5052 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys

20:03:47.0437 5052 HpCISSs - ok

20:03:47.0503 5052 HTTP (098f1e4e5c9cb5b0063a959063631610) C:\Windows\system32\drivers\HTTP.sys

20:03:47.0507 5052 HTTP - ok

20:03:47.0527 5052 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys

20:03:47.0527 5052 i2omp - ok

20:03:47.0570 5052 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys

20:03:47.0570 5052 i8042prt - ok

20:03:47.0601 5052 iaStor (fc28e90f2204d8fd147fa9bfa8a51c01) C:\Windows\system32\drivers\iastor.sys

20:03:47.0604 5052 iaStor - ok

20:03:47.0628 5052 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys

20:03:47.0630 5052 iaStorV - ok

20:03:47.0649 5052 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys

20:03:47.0650 5052 iirsp - ok

20:03:47.0680 5052 intelide (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys

20:03:47.0681 5052 intelide - ok

20:03:47.0689 5052 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys

20:03:47.0690 5052 intelppm - ok

20:03:47.0733 5052 IpFilterDriver (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys

20:03:47.0734 5052 IpFilterDriver - ok

20:03:47.0744 5052 IpInIp - ok

20:03:47.0777 5052 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys

20:03:47.0778 5052 IPMIDRV - ok

20:03:47.0800 5052 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys

20:03:47.0801 5052 IPNAT - ok

20:03:47.0838 5052 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys

20:03:47.0838 5052 IRENUM - ok

20:03:47.0852 5052 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys

20:03:47.0853 5052 isapnp - ok

20:03:47.0901 5052 iScsiPrt (e4fdf99599f27ec25d2cf6d754243520) C:\Windows\system32\DRIVERS\msiscsi.sys

20:03:47.0902 5052 iScsiPrt - ok

20:03:47.0920 5052 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys

20:03:47.0921 5052 iteatapi - ok

20:03:47.0934 5052 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys

20:03:47.0935 5052 iteraid - ok

20:03:47.0972 5052 JRAID (db85fe8d6cbaa2047cb4da1b2c193d76) C:\Windows\system32\drivers\jraid.sys

20:03:47.0973 5052 JRAID - ok

20:03:48.0002 5052 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys

20:03:48.0003 5052 kbdclass - ok

20:03:48.0036 5052 kbdhid (dbdf75d51464fbc47d0104ec3d572c05) C:\Windows\system32\DRIVERS\kbdhid.sys

20:03:48.0036 5052 kbdhid - ok

20:03:48.0117 5052 KMWDFILTER (4e76398aef64cb6d782cfeb99b4eae55) C:\Windows\system32\DRIVERS\KMWDFILTER.sys

20:03:48.0118 5052 KMWDFILTER - ok

20:03:48.0179 5052 KSecDD (476e2c1dcea45895994bef11c2a98715) C:\Windows\system32\Drivers\ksecdd.sys

20:03:48.0183 5052 KSecDD - ok

20:03:48.0191 5052 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys

20:03:48.0191 5052 ksthunk - ok

20:03:48.0222 5052 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys

20:03:48.0222 5052 lltdio - ok

20:03:48.0255 5052 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys

20:03:48.0256 5052 LSI_FC - ok

20:03:48.0278 5052 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys

20:03:48.0279 5052 LSI_SAS - ok

20:03:48.0304 5052 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys

20:03:48.0305 5052 LSI_SCSI - ok

20:03:48.0336 5052 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys

20:03:48.0337 5052 luafv - ok

20:03:48.0367 5052 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys

20:03:48.0368 5052 megasas - ok

20:03:48.0397 5052 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys

20:03:48.0399 5052 MegaSR - ok

20:03:48.0432 5052 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys

20:03:48.0432 5052 Modem - ok

20:03:48.0453 5052 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys

20:03:48.0453 5052 monitor - ok

20:03:48.0471 5052 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys

20:03:48.0471 5052 mouclass - ok

20:03:48.0479 5052 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys

20:03:48.0479 5052 mouhid - ok

20:03:48.0492 5052 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys

20:03:48.0493 5052 MountMgr - ok

20:03:48.0542 5052 MpFilter (c177a7ebf5e8a0b596f618870516cab8) C:\Windows\system32\DRIVERS\MpFilter.sys

20:03:48.0543 5052 MpFilter - ok

20:03:48.0562 5052 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys

20:03:48.0563 5052 mpio - ok

20:03:48.0571 5052 MpNWMon (8fbf6b31fe8af1833d93c5913d5b4d55) C:\Windows\system32\DRIVERS\MpNWMon.sys

20:03:48.0571 5052 MpNWMon - ok

20:03:48.0587 5052 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys

20:03:48.0587 5052 mpsdrv - ok

20:03:48.0607 5052 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys

20:03:48.0608 5052 Mraid35x - ok

20:03:48.0637 5052 MRxDAV (7c1de4aa96dc0c071611f9e7de02a68d) C:\Windows\system32\drivers\mrxdav.sys

20:03:48.0638 5052 MRxDAV - ok

20:03:48.0685 5052 mrxsmb (1485811b320ff8c7edad1caebb1c6c2b) C:\Windows\system32\DRIVERS\mrxsmb.sys

20:03:48.0686 5052 mrxsmb - ok

20:03:48.0713 5052 mrxsmb10 (3b929a60c833fc615fd97fba82bc7632) C:\Windows\system32\DRIVERS\mrxsmb10.sys

20:03:48.0714 5052 mrxsmb10 - ok

20:03:48.0740 5052 mrxsmb20 (c64ab3e1f53b4f5b5bb6d796b2d7bec3) C:\Windows\system32\DRIVERS\mrxsmb20.sys

20:03:48.0741 5052 mrxsmb20 - ok

20:03:48.0754 5052 msahci (730b784962d22d2c6481eae2370e7c8c) C:\Windows\system32\drivers\msahci.sys

20:03:48.0755 5052 msahci - ok

20:03:48.0783 5052 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys

20:03:48.0784 5052 msdsm - ok

20:03:48.0818 5052 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys

20:03:48.0818 5052 Msfs - ok

20:03:48.0841 5052 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys

20:03:48.0841 5052 msisadrv - ok

20:03:48.0869 5052 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys

20:03:48.0869 5052 MSKSSRV - ok

20:03:48.0888 5052 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys

20:03:48.0889 5052 MSPCLOCK - ok

20:03:48.0897 5052 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys

20:03:48.0897 5052 MSPQM - ok

20:03:48.0930 5052 MsRPC (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys

20:03:48.0932 5052 MsRPC - ok

20:03:48.0959 5052 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys

20:03:48.0960 5052 mssmbios - ok

20:03:48.0967 5052 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys

20:03:48.0968 5052 MSTEE - ok

20:03:48.0987 5052 Mup (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys

20:03:48.0988 5052 Mup - ok

20:03:49.0053 5052 NativeWifiP (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS\nwifi.sys

20:03:49.0054 5052 NativeWifiP - ok

20:03:49.0111 5052 NDIS (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers\ndis.sys

20:03:49.0115 5052 NDIS - ok

20:03:49.0131 5052 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys

20:03:49.0132 5052 NdisTapi - ok

20:03:49.0147 5052 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys

20:03:49.0147 5052 Ndisuio - ok

20:03:49.0165 5052 NdisWan (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS\ndiswan.sys

20:03:49.0166 5052 NdisWan - ok

20:03:49.0239 5052 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys

20:03:49.0240 5052 NDProxy - ok

20:03:49.0248 5052 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys

20:03:49.0248 5052 NetBIOS - ok

20:03:49.0306 5052 netbt (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS\netbt.sys

20:03:49.0307 5052 netbt - ok

20:03:49.0329 5052 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys

20:03:49.0329 5052 nfrd960 - ok

20:03:49.0390 5052 NisDrv (5f7d72cbcdd025af1f38fdeee5646968) C:\Windows\system32\DRIVERS\NisDrvWFP.sys

20:03:49.0391 5052 NisDrv - ok

20:03:49.0421 5052 Npfs (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys

20:03:49.0421 5052 Npfs - ok

20:03:49.0453 5052 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys

20:03:49.0453 5052 nsiproxy - ok

20:03:49.0529 5052 Ntfs (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys

20:03:49.0536 5052 Ntfs - ok

20:03:49.0548 5052 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys

20:03:49.0548 5052 Null - ok

20:03:49.0565 5052 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys

20:03:49.0565 5052 nvraid - ok

20:03:49.0581 5052 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys

20:03:49.0582 5052 nvstor - ok

20:03:49.0599 5052 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys

20:03:49.0600 5052 nv_agp - ok

20:03:49.0606 5052 NwlnkFlt - ok

20:03:49.0614 5052 NwlnkFwd - ok

20:03:49.0656 5052 ohci1394 (b5b1ce65ac15bbd11c0619e3ef7cfc28) C:\Windows\system32\DRIVERS\ohci1394.sys

20:03:49.0657 5052 ohci1394 - ok

20:03:49.0700 5052 Parport (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys

20:03:49.0701 5052 Parport - ok

20:03:49.0758 5052 partmgr (f9b5eda4c17a2be7663f064dbf0fe254) C:\Windows\system32\drivers\partmgr.sys

20:03:49.0758 5052 partmgr - ok

20:03:49.0790 5052 pci (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys

20:03:49.0791 5052 pci - ok

20:03:49.0808 5052 pciide (8d618c829034479985a9ed56106cc732) C:\Windows\system32\drivers\pciide.sys

20:03:49.0809 5052 pciide - ok

20:03:49.0841 5052 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys

20:03:49.0842 5052 pcmcia - ok

20:03:49.0878 5052 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys

20:03:49.0882 5052 PEAUTH - ok

20:03:49.0952 5052 PptpMiniport (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys

20:03:49.0953 5052 PptpMiniport - ok

20:03:49.0969 5052 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\drivers\processr.sys

20:03:49.0970 5052 Processor - ok

20:03:50.0021 5052 PSched (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys

20:03:50.0022 5052 PSched - ok

20:03:50.0054 5052 PxHlpa64 (46851bc18322da70f3f2299a1007c479) C:\Windows\system32\Drivers\PxHlpa64.sys

20:03:50.0055 5052 PxHlpa64 - ok

20:03:50.0098 5052 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys

20:03:50.0104 5052 ql2300 - ok

20:03:50.0125 5052 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys

20:03:50.0126 5052 ql40xx - ok

20:03:50.0152 5052 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys

20:03:50.0152 5052 QWAVEdrv - ok

20:03:50.0263 5052 R300 (db96850170c9895d855463c207fbd4ad) C:\Windows\system32\DRIVERS\atikmdag.sys

20:03:50.0288 5052 R300 - ok

20:03:50.0314 5052 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys

20:03:50.0315 5052 RasAcd - ok

20:03:50.0343 5052 Rasl2tp (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys

20:03:50.0344 5052 Rasl2tp - ok

20:03:50.0395 5052 RasPppoe (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys

20:03:50.0395 5052 RasPppoe - ok

20:03:50.0448 5052 RasSstp (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys

20:03:50.0449 5052 RasSstp - ok

20:03:50.0497 5052 rdbss (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\Windows\system32\DRIVERS\rdbss.sys

20:03:50.0499 5052 rdbss - ok

20:03:50.0515 5052 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys

20:03:50.0516 5052 RDPCDD - ok

20:03:50.0543 5052 rdpdr (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys

20:03:50.0544 5052 rdpdr - ok

20:03:50.0552 5052 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys

20:03:50.0552 5052 RDPENCDD - ok

20:03:50.0573 5052 RDPWD (b1d741c87cea8d7282146366cc9c3f81) C:\Windows\system32\drivers\RDPWD.sys

20:03:50.0574 5052 RDPWD - ok

20:03:50.0603 5052 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys

20:03:50.0604 5052 rspndr - ok

20:03:50.0628 5052 RTL8169 (8b91737da75add21cb1554b38089196a) C:\Windows\system32\DRIVERS\Rtlh64.sys

20:03:50.0629 5052 RTL8169 - ok

20:03:50.0660 5052 RTSTOR (0851174830dafad4eacc4dd818d803d1) C:\Windows\system32\drivers\RTSTOR64.SYS

20:03:50.0660 5052 RTSTOR - ok

20:03:50.0688 5052 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys

20:03:50.0689 5052 sbp2port - ok

20:03:50.0736 5052 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

20:03:50.0736 5052 secdrv - ok

20:03:50.0754 5052 Serenum (f71bfe7ac6c52273b7c82cbf1bb2a222) C:\Windows\system32\drivers\serenum.sys

20:03:50.0755 5052 Serenum - ok

20:03:50.0781 5052 Serial (e62fac91ee288db29a9696a9d279929c) C:\Windows\system32\drivers\serial.sys

20:03:50.0782 5052 Serial - ok

20:03:50.0802 5052 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys

20:03:50.0803 5052 sermouse - ok

20:03:50.0824 5052 sffdisk (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\drivers\sffdisk.sys

20:03:50.0824 5052 sffdisk - ok

20:03:50.0839 5052 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys

20:03:50.0839 5052 sffp_mmc - ok

20:03:50.0851 5052 sffp_sd (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\drivers\sffp_sd.sys

20:03:50.0851 5052 sffp_sd - ok

20:03:50.0863 5052 sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys

20:03:50.0864 5052 sfloppy - ok

20:03:50.0887 5052 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys

20:03:50.0887 5052 SiSRaid2 - ok

20:03:50.0900 5052 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys

20:03:50.0900 5052 SiSRaid4 - ok

20:03:50.0951 5052 Smb (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys

20:03:50.0952 5052 Smb - ok

20:03:51.0020 5052 spldr (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys

20:03:51.0020 5052 spldr - ok

20:03:51.0074 5052 srv (880a57fccb571ebd063d4dd50e93e46d) C:\Windows\system32\DRIVERS\srv.sys

20:03:51.0076 5052 srv - ok

20:03:51.0126 5052 srv2 (a1ad14a6d7a37891fffeca35ebbb0730) C:\Windows\system32\DRIVERS\srv2.sys

20:03:51.0127 5052 srv2 - ok

20:03:51.0243 5052 srvnet (4bed62f4fa4d8300973f1151f4c4d8a7) C:\Windows\system32\DRIVERS\srvnet.sys

20:03:51.0244 5052 srvnet - ok

20:03:51.0268 5052 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys

20:03:51.0269 5052 swenum - ok

20:03:51.0287 5052 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys

20:03:51.0288 5052 Symc8xx - ok

20:03:51.0305 5052 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys

20:03:51.0305 5052 Sym_hi - ok

20:03:51.0319 5052 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys

20:03:51.0319 5052 Sym_u3 - ok

20:03:51.0380 5052 t3 (6b153e518dbe6ef59191152e1ecf7ed4) C:\Windows\system32\drivers\t3.sys

20:03:51.0384 5052 t3 - ok

20:03:51.0454 5052 Tcpip (19a7321e3a5f1ddb215d2815dcc8f8e4) C:\Windows\system32\drivers\tcpip.sys

20:03:51.0461 5052 Tcpip - ok

20:03:51.0496 5052 Tcpip6 (19a7321e3a5f1ddb215d2815dcc8f8e4) C:\Windows\system32\DRIVERS\tcpip.sys

20:03:51.0503 5052 Tcpip6 - ok

20:03:51.0563 5052 tcpipreg (2aa1b7ebc271e995f3358c1fa7a1d35b) C:\Windows\system32\drivers\tcpipreg.sys

20:03:51.0564 5052 tcpipreg - ok

20:03:51.0579 5052 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys

20:03:51.0580 5052 TDPIPE - ok

20:03:51.0597 5052 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys

20:03:51.0598 5052 TDTCP - ok

20:03:51.0646 5052 tdx (458919c8c42e398dc4802178d5ffee27) C:\Windows\system32\DRIVERS\tdx.sys

20:03:51.0647 5052 tdx - ok

20:03:51.0693 5052 TermDD (8c19678d22649ec002ef2282eae92f98) C:\Windows\system32\DRIVERS\termdd.sys

20:03:51.0693 5052 TermDD - ok

20:03:51.0722 5052 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys

20:03:51.0723 5052 tssecsrv - ok

20:03:51.0749 5052 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys

20:03:51.0750 5052 tunmp - ok

20:03:51.0791 5052 tunnel (30a9b3f45ad081bffc3bcaa9c812b609) C:\Windows\system32\DRIVERS\tunnel.sys

20:03:51.0791 5052 tunnel - ok

20:03:51.0826 5052 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys

20:03:51.0827 5052 uagp35 - ok

20:03:51.0875 5052 udfs (faf2640a2a76ed03d449e443194c4c34) C:\Windows\system32\DRIVERS\udfs.sys

20:03:51.0877 5052 udfs - ok

20:03:51.0896 5052 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys

20:03:51.0897 5052 uliagpkx - ok

20:03:51.0918 5052 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys

20:03:51.0920 5052 uliahci - ok

20:03:51.0945 5052 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys

20:03:51.0946 5052 UlSata - ok

20:03:51.0978 5052 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys

20:03:51.0979 5052 ulsata2 - ok

20:03:52.0010 5052 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys

20:03:52.0011 5052 umbus - ok

20:03:52.0064 5052 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys

20:03:52.0065 5052 USBAAPL64 - ok

20:03:52.0126 5052 usbccgp (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys

20:03:52.0127 5052 usbccgp - ok

20:03:52.0152 5052 usbcir (8c39d53e1a343f4c47ee8f3c052126d8) C:\Windows\system32\DRIVERS\usbcir.sys

20:03:52.0153 5052 usbcir - ok

20:03:52.0165 5052 usbehci (827e44de934a736ea31e91d353eb126f) C:\Windows\system32\DRIVERS\usbehci.sys

20:03:52.0165 5052 usbehci - ok

20:03:52.0224 5052 usbhub (bb35cd80a2ececfadc73569b3d70c7d1) C:\Windows\system32\DRIVERS\usbhub.sys

20:03:52.0226 5052 usbhub - ok

20:03:52.0246 5052 usbohci (eba14ef0c07cec233f1529c698d0d154) C:\Windows\system32\drivers\usbohci.sys

20:03:52.0247 5052 usbohci - ok

20:03:52.0298 5052 usbprint (28b693b6d31e7b9332c1bdcefef228c1) C:\Windows\system32\DRIVERS\usbprint.sys

20:03:52.0298 5052 usbprint - ok

20:03:52.0364 5052 usbscan (ea0bf666868964fbe8cb10e50c97b9f1) C:\Windows\system32\DRIVERS\usbscan.sys

20:03:52.0364 5052 usbscan - ok

20:03:52.0417 5052 USBSTOR (b854c1558fca0c269a38663e8b59b581) C:\Windows\system32\DRIVERS\USBSTOR.SYS

20:03:52.0418 5052 USBSTOR - ok

20:03:52.0427 5052 usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys

20:03:52.0427 5052 usbuhci - ok

20:03:52.0450 5052 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys

20:03:52.0450 5052 vga - ok

20:03:52.0468 5052 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys

20:03:52.0469 5052 VgaSave - ok

20:03:52.0488 5052 viaide (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys

20:03:52.0489 5052 viaide - ok

20:03:52.0511 5052 volmgr (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys

20:03:52.0511 5052 volmgr - ok

20:03:52.0568 5052 volmgrx (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys

20:03:52.0571 5052 volmgrx - ok

20:03:52.0627 5052 volsnap (5280aada24ab36b01a84a6424c475c8d) C:\Windows\system32\drivers\volsnap.sys

20:03:52.0629 5052 volsnap - ok

20:03:52.0657 5052 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys

20:03:52.0658 5052 vsmraid - ok

20:03:52.0687 5052 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys

20:03:52.0687 5052 WacomPen - ok

20:03:52.0754 5052 Wanarp (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys

20:03:52.0755 5052 Wanarp - ok

20:03:52.0759 5052 Wanarpv6 (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys

20:03:52.0760 5052 Wanarpv6 - ok

20:03:52.0785 5052 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys

20:03:52.0785 5052 Wd - ok

20:03:52.0819 5052 Wdf01000 (d02e7e4567da1e7582fbf6a91144b0df) C:\Windows\system32\drivers\Wdf01000.sys

20:03:52.0825 5052 Wdf01000 - ok

20:03:52.0883 5052 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\DRIVERS\wmiacpi.sys

20:03:52.0884 5052 WmiAcpi - ok

20:03:52.0950 5052 WpdUsb (5e2401b3fc1089c90e081291357371a9) C:\Windows\system32\DRIVERS\wpdusb.sys

20:03:52.0951 5052 WpdUsb - ok

20:03:52.0962 5052 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys

20:03:52.0963 5052 ws2ifsl - ok

20:03:53.0007 5052 WUDFRd (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys

20:03:53.0008 5052 WUDFRd - ok

20:03:53.0045 5052 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0

20:03:53.0062 5052 \Device\Harddisk0\DR0 - ok

20:03:53.0071 5052 Boot (0x1200) (572a1db5fa162e3798dd1d551d825e5e) \Device\Harddisk0\DR0\Partition0

20:03:53.0072 5052 \Device\Harddisk0\DR0\Partition0 - ok

20:03:53.0075 5052 Boot (0x1200) (1777ceac2fbe57bd51a082039982c76b) \Device\Harddisk0\DR0\Partition1

20:03:53.0076 5052 \Device\Harddisk0\DR0\Partition1 - ok

20:03:53.0077 5052 ============================================================

20:03:53.0077 5052 Scan finished

20:03:53.0077 5052 ============================================================

20:03:53.0085 3904 Detected object count: 0

20:03:53.0085 3904 Actual detected object count: 0

ComboFixLog.txt

Link to post
Share on other sites

  • Staff

Hi,

My apologies for the extended delay.

Even though you said other laptops connected aren't affected, I'd like you to try these steps:

1. Very important: First disconnect your computers from the Internet.

2. Router Reset: Next you must reset the router to its default configuration. This can be done by inserting something tiny like a paper clip end or pencil tip into the small hole labeled Reset located on the back of the router. Press and hold down the small button inside until the lights on the front of the router blink off and then on again (usually about 30 seconds).

3. Reset the IP/DNS settings of your Internet connection on each computer connected:

  • Go to Start -> Control Panel -> Double click on Network Connections.
  • Right click on your default connection (usually Local Area Connection or Wireless Network Connection) and select Properties.
  • Select the General tab.
  • Double click on Internet Protocol (TCP/IP).
    • Under General tab:
      • Select "Obtain an IP address automatically".
      • Select "Obtain DNS server address automatically".

    [*]Click OK twice to save the settings.

    [*]Reboot if you had to change any setting.

4. Flush the DNS cache:

  • Click the Start logo in the bottom left corner of the screen
  • Click on Run
  • In the command window copy/paste the following:
    ipconfig /flushdns


  • Then hit enter.
  • Exit the command window.

5. Reconnect: Once you have followed all the above steps you can reconnect your computer to the internet.

Link to post
Share on other sites

Hi,

FYI, I had tried most of those steps before. In any case, I followed your instructions to the letter (the DNS settings were already correct), and no change. Same symptoms as before.

Other notes: I tested for the symptoms while they were still disconnected from the Internet. Same problems as before. The rogue iexplore process didn't launch until I reconnected to the Internet, but perhaps the rogue whatever is testing for a connection...

Link to post
Share on other sites

  • Staff

Hi,

You may have a new variant of this infection.

Next, download MBRCheck.exe by a_d_13 and save it to your Desktop.

Run it; when it completes, a log will be available on your Desktop (MBRCheck xxxxxx .txt) where xxxxxx is the time it ran.

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) ( 511KB ) to your desktop. Double click the aswMBR.exe to run it

  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time)
  • Please post the contents of that log in your next reply.

There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.

Link to post
Share on other sites

Thanks, Chris. Looks like these are reporting something... hopefully meaningful.

==

MBRCheck, version 1.2.3

© 2010, AD

Command-line:

Windows Version: Windows Vista Home Premium Edition

Windows Information: Service Pack 2 (build 6002), 64-bit

Base Board Manufacturer: DELL Inc.

BIOS Manufacturer: DELL INC.

System Manufacturer: DELL Inc.

System Product Name: Studio XPS 435T

Logical Drives Mask: 0x000003fc

Kernel Drivers (total 145):

0x01E07000 \SystemRoot\system32\ntoskrnl.exe

0x0231F000 \SystemRoot\system32\hal.dll

0x00607000 \SystemRoot\system32\kdcom.dll

0x0060A000 \SystemRoot\system32\mcupdate_GenuineIntel.dll

0x00645000 \SystemRoot\system32\PSHED.dll

0x00659000 \SystemRoot\system32\CLFS.SYS

0x006B6000 \SystemRoot\system32\CI.dll

0x00801000 \SystemRoot\system32\drivers\Wdf01000.sys

0x008DB000 \SystemRoot\system32\drivers\WDFLDR.SYS

0x008E9000 \SystemRoot\system32\drivers\acpi.sys

0x0093F000 \SystemRoot\system32\drivers\WMILIB.SYS

0x00948000 \SystemRoot\system32\drivers\msisadrv.sys

0x00952000 \SystemRoot\system32\drivers\pci.sys

0x00982000 \SystemRoot\System32\drivers\partmgr.sys

0x00997000 \SystemRoot\system32\drivers\volmgr.sys

0x00768000 \SystemRoot\System32\drivers\volmgrx.sys

0x009AB000 \SystemRoot\System32\drivers\mountmgr.sys

0x00A0C000 \SystemRoot\system32\drivers\iastor.sys

0x00B26000 \SystemRoot\system32\drivers\jraid.sys

0x00B41000 \SystemRoot\system32\drivers\SCSIPORT.SYS

0x00B6F000 \SystemRoot\system32\drivers\fltmgr.sys

0x00BB6000 \SystemRoot\system32\drivers\fileinfo.sys

0x00BCA000 \SystemRoot\System32\Drivers\PxHlpa64.sys

0x00C02000 \SystemRoot\System32\Drivers\ksecdd.sys

0x00E07000 \SystemRoot\system32\drivers\ndis.sys

0x00C89000 \SystemRoot\system32\drivers\msrpc.sys

0x00CD9000 \SystemRoot\system32\drivers\NETIO.SYS

0x01008000 \SystemRoot\System32\drivers\tcpip.sys

0x0117C000 \SystemRoot\System32\drivers\fwpkclnt.sys

0x01205000 \SystemRoot\System32\Drivers\Ntfs.sys

0x01385000 \SystemRoot\system32\drivers\volsnap.sys

0x013C9000 \SystemRoot\System32\Drivers\spldr.sys

0x013D1000 \SystemRoot\System32\Drivers\mup.sys

0x011A8000 \SystemRoot\System32\drivers\ecache.sys

0x013E3000 \SystemRoot\system32\drivers\disk.sys

0x011D4000 \SystemRoot\system32\drivers\CLASSPNP.SYS

0x00FCA000 \SystemRoot\system32\drivers\crcdisk.sys

0x02F1F000 \SystemRoot\system32\DRIVERS\tunnel.sys

0x02F2C000 \SystemRoot\system32\DRIVERS\tunmp.sys

0x02F35000 \SystemRoot\system32\DRIVERS\intelppm.sys

0x0300B000 \SystemRoot\system32\DRIVERS\atikmdag.sys

0x03609000 \SystemRoot\System32\drivers\dxgkrnl.sys

0x036EC000 \SystemRoot\System32\drivers\watchdog.sys

0x036FC000 \SystemRoot\system32\DRIVERS\HDAudBus.sys

0x037E9000 \SystemRoot\system32\DRIVERS\usbuhci.sys

0x03565000 \SystemRoot\system32\DRIVERS\USBPORT.SYS

0x035AB000 \SystemRoot\system32\DRIVERS\usbehci.sys

0x035BC000 \SystemRoot\system32\DRIVERS\Rtlh64.sys

0x035EA000 \SystemRoot\system32\DRIVERS\ohci1394.sys

0x02F48000 \SystemRoot\system32\DRIVERS\1394BUS.SYS

0x02F58000 \SystemRoot\system32\DRIVERS\cdrom.sys

0x02F74000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys

0x037F5000 \SystemRoot\system32\DRIVERS\wmiacpi.sys

0x02F81000 \SystemRoot\system32\DRIVERS\msiscsi.sys

0x00D32000 \SystemRoot\system32\DRIVERS\storport.sys

0x02FBA000 \SystemRoot\system32\DRIVERS\TDI.SYS

0x02FC7000 \SystemRoot\system32\DRIVERS\rasl2tp.sys

0x02FEA000 \SystemRoot\system32\DRIVERS\ndistapi.sys

0x00D8F000 \SystemRoot\system32\DRIVERS\ndiswan.sys

0x00FE2000 \SystemRoot\system32\DRIVERS\raspppoe.sys

0x00DC0000 \SystemRoot\system32\DRIVERS\raspptp.sys

0x00DDE000 \SystemRoot\system32\DRIVERS\rassstp.sys

0x00BD6000 \SystemRoot\system32\DRIVERS\termdd.sys

0x00FF2000 \SystemRoot\system32\DRIVERS\kbdclass.sys

0x00BE9000 \SystemRoot\system32\DRIVERS\mouclass.sys

0x037FE000 \SystemRoot\system32\DRIVERS\swenum.sys

0x009BE000 \SystemRoot\system32\DRIVERS\ks.sys

0x007CE000 \SystemRoot\system32\DRIVERS\circlass.sys

0x03000000 \SystemRoot\system32\DRIVERS\mssmbios.sys

0x007DF000 \SystemRoot\system32\DRIVERS\umbus.sys

0x03803000 \SystemRoot\system32\DRIVERS\usbhub.sys

0x0384B000 \SystemRoot\System32\Drivers\NDProxy.SYS

0x0385F000 \SystemRoot\system32\drivers\HdAudio.sys

0x038A8000 \SystemRoot\system32\drivers\portcls.sys

0x038E3000 \SystemRoot\system32\drivers\drmk.sys

0x03906000 \SystemRoot\system32\drivers\ksthunk.sys

0x0390C000 \SystemRoot\system32\drivers\t3.sys

0x039AB000 \SystemRoot\system32\DRIVERS\MpFilter.sys

0x039DC000 \SystemRoot\System32\Drivers\Fs_Rec.SYS

0x039E6000 \SystemRoot\System32\Drivers\Null.SYS

0x03600000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS

0x039EF000 \SystemRoot\system32\DRIVERS\Amfltx64.sys

0x009F2000 \SystemRoot\System32\drivers\vga.sys

0x04A0F000 \SystemRoot\System32\drivers\VIDEOPRT.SYS

0x04A34000 \SystemRoot\System32\DRIVERS\RDPCDD.sys

0x04A3D000 \SystemRoot\system32\drivers\rdpencdd.sys

0x04A46000 \SystemRoot\System32\Drivers\Msfs.SYS

0x04A51000 \SystemRoot\System32\Drivers\Npfs.SYS

0x04A62000 \SystemRoot\System32\DRIVERS\rasacd.sys

0x04A6B000 \SystemRoot\system32\DRIVERS\tdx.sys

0x04A88000 \SystemRoot\system32\DRIVERS\smb.sys

0x04AA3000 \SystemRoot\System32\DRIVERS\netbt.sys

0x04AE7000 \SystemRoot\system32\drivers\afd.sys

0x04B52000 \SystemRoot\system32\drivers\ws2ifsl.sys

0x04B5D000 \SystemRoot\system32\DRIVERS\pacer.sys

0x04B7B000 \SystemRoot\system32\DRIVERS\netbios.sys

0x04B8A000 \SystemRoot\system32\DRIVERS\wanarp.sys

0x04BA5000 \SystemRoot\system32\DRIVERS\rdbss.sys

0x04BF2000 \SystemRoot\system32\drivers\nsiproxy.sys

0x04C0D000 \SystemRoot\System32\Drivers\dfsc.sys

0x04C2A000 \??\C:\Windows\system32\drivers\cbfs3.sys

0x04C7D000 \SystemRoot\system32\DRIVERS\udfs.sys

0x04CCB000 \SystemRoot\system32\DRIVERS\KMWDFILTER.sys

0x04CD6000 \SystemRoot\system32\DRIVERS\hidusb.sys

0x04CDF000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS

0x04CF1000 \SystemRoot\system32\DRIVERS\USBD.SYS

0x04CF3000 \SystemRoot\system32\DRIVERS\Amusbx64.sys

0x04CFC000 \SystemRoot\system32\drivers\RTSTOR64.SYS

0x04D10000 \SystemRoot\system32\DRIVERS\usbcir.sys

0x04D2A000 \SystemRoot\system32\DRIVERS\usbccgp.sys

0x04D46000 \SystemRoot\system32\DRIVERS\kbdhid.sys

0x04D51000 \SystemRoot\system32\DRIVERS\hidir.sys

0x04D5C000 \SystemRoot\system32\DRIVERS\mouhid.sys

0x04D67000 \SystemRoot\System32\Drivers\crashdmp.sys

0x02E00000 \SystemRoot\System32\Drivers\dump_iaStor.sys

0x00090000 \SystemRoot\System32\win32k.sys

0x04D75000 \SystemRoot\System32\drivers\Dxapi.sys

0x04D81000 \SystemRoot\system32\DRIVERS\monitor.sys

0x00410000 \SystemRoot\System32\TSDDD.dll

0x04D94000 \SystemRoot\system32\drivers\luafv.sys

0x06402000 \SystemRoot\system32\drivers\spsys.sys

0x0649C000 \SystemRoot\system32\DRIVERS\lltdio.sys

0x064B0000 \SystemRoot\system32\DRIVERS\rspndr.sys

0x064C8000 \SystemRoot\system32\drivers\HTTP.sys

0x0656B000 \SystemRoot\System32\DRIVERS\srvnet.sys

0x06594000 \SystemRoot\system32\DRIVERS\bowser.sys

0x065B2000 \SystemRoot\System32\drivers\mpsdrv.sys

0x065CC000 \SystemRoot\system32\drivers\mrxdav.sys

0x04DB6000 \SystemRoot\system32\DRIVERS\mrxsmb.sys

0x07001000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys

0x0704A000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys

0x07069000 \SystemRoot\System32\DRIVERS\srv2.sys

0x0709B000 \SystemRoot\System32\DRIVERS\srv.sys

0x0712E000 \SystemRoot\system32\drivers\peauth.sys

0x071E4000 \SystemRoot\System32\Drivers\secdrv.SYS

0x071EF000 \SystemRoot\System32\drivers\tcpipreg.sys

0x04DDF000 \SystemRoot\system32\DRIVERS\WUDFRd.sys

0x07C0C000 \SystemRoot\system32\DRIVERS\WUDFPf.sys

0x07C22000 \SystemRoot\System32\Drivers\fastfat.SYS

0x07C57000 \SystemRoot\system32\DRIVERS\MpNWMon.sys

0x07C67000 \SystemRoot\system32\DRIVERS\NisDrvWFP.sys

0x07C7F000 \SystemRoot\system32\DRIVERS\cdfs.sys

0x07C9B000 \SystemRoot\system32\DRIVERS\asyncmac.sys

0x00680000 \SystemRoot\System32\cdd.dll

0x77070000 \Windows\System32\ntdll.dll

Processes (total 67):

0 System Idle Process

4 System

464 C:\Windows\System32\smss.exe

548 csrss.exe

604 C:\Windows\System32\wininit.exe

660 C:\Windows\System32\services.exe

700 C:\Windows\System32\lsass.exe

708 C:\Windows\System32\lsm.exe

892 C:\Windows\System32\svchost.exe

952 C:\Windows\System32\svchost.exe

1012 C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe

384 C:\Windows\System32\Ati2evxx.exe

524 C:\Windows\System32\svchost.exe

552 C:\Windows\System32\svchost.exe

788 C:\Windows\System32\svchost.exe

1028 C:\Windows\System32\audiodg.exe

1048 C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe

1060 C:\Windows\System32\svchost.exe

1076 C:\Windows\System32\SLsvc.exe

1128 C:\Windows\System32\svchost.exe

1188 C:\Program Files\Dell\DellDock\DockLogin.exe

1236 C:\Windows\System32\svchost.exe

1496 C:\Windows\System32\spoolsv.exe

1524 C:\Windows\System32\svchost.exe

2060 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

2280 C:\Windows\System32\svchost.exe

2292 C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

2336 C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe

2372 C:\Windows\System32\svchost.exe

2444 C:\Windows\System32\svchost.exe

2468 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

2524 C:\Windows\System32\SearchIndexer.exe

2624 C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe

2700 WUDFHost.exe

2972 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE

3480 C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe

2888 C:\Windows\System32\svchost.exe

3956 C:\Program Files\iPod\bin\iPodService.exe

4440 C:\Windows\System32\taskeng.exe

5820 csrss.exe

4544 C:\Windows\System32\winlogon.exe

5288 C:\Windows\System32\Ati2evxx.exe

2992 C:\Windows\System32\dwm.exe

5056 C:\Windows\System32\taskeng.exe

5012 C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe

4896 C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe

2360 C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe

3284 C:\Program Files\Microsoft Security Client\msseces.exe

6012 C:\Windows\ehome\ehtray.exe

4580 C:\Program Files (x86)\NCSoft\Launcher\NCLauncher.exe

364 C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE

5072 C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe

5540 C:\Windows\SysWOW64\rundll32.exe

4076 C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe

5564 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

5032 C:\Program Files (x86)\iTunes\iTunesHelper.exe

3564 C:\Windows\ehome\ehmsas.exe

4692 C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe

3832 C:\Windows\System32\wuauclt.exe

4028 C:\Windows\explorer.exe

4308 C:\Windows\System32\SearchFilterHost.exe

7012 C:\Windows\System32\taskmgr.exe

4616 C:\Windows\System32\SearchProtocolHost.exe

6292 C:\Windows\System32\notepad.exe

6008 dllhost.exe

6440 dllhost.exe

6932 C:\Users\Dave\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000003`c4700000 (NTFS)

\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000000`04700000 (NTFS)

PhysicalDrive0 Model Number: WDCWD7501AALS-75J7B0, Rev: 05.00K05

Size Device Name MBR Status

--------------------------------------------

698 GB \\.\PhysicalDrive0 MBR Code Faked!

SHA1: 38BE7869FCCF026F920DA4A541B12E68993C36ED

Found non-standard or infected MBR.

Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Options:

[1] Dump the MBR of a physical disk to file.

[2] Restore the MBR of a physical disk with a standard boot code.

[3] Exit.

Enter your choice:

Done!

==

aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software

Run date: 2011-11-12 22:06:53

-----------------------------

22:06:53.625 OS Version: Windows x64 6.0.6002 Service Pack 2

22:06:53.625 Number of processors: 8 586 0x1A04

22:06:53.625 ComputerName: DAVE-PC UserName: Dave

22:06:55.731 Initialize success

22:07:35.639 AVAST engine defs: 11111201

22:07:42.534 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-2

22:07:42.534 Disk 0 Vendor: WDC_WD75 05.0 Size: 715404MB BusType: 3

22:07:42.550 Disk 0 MBR read successfully

22:07:42.550 Disk 0 MBR scan

22:07:42.565 Disk 0 TDL4@MBR code has been found

22:07:42.565 Disk 0 Windows VISTA default MBR code found via API

22:07:42.565 Disk 0 MBR hidden

22:07:42.565 Disk 0 MBR [TDL4] **ROOTKIT**

22:07:42.565 Disk 0 trace - called modules:

22:07:42.581 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xfffffa80085ee254]<<

22:07:42.581 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80083fd790]

22:07:42.581 3 CLASSPNP.SYS[fffffa60011d5c33] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-2[0xfffffa8006600050]

22:07:42.581 \Driver\iaStor[0xfffffa8006579580] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> 0xfffffa80085ee254

22:07:47.464 AVAST engine scan C:\Windows

22:07:54.952 AVAST engine scan C:\Windows\system32

22:10:27.582 AVAST engine scan C:\Windows\system32\drivers

22:10:42.184 AVAST engine scan C:\Users\Dave

22:11:10.997 Disk 0 MBR has been saved successfully to "C:\Users\Dave\Desktop\MBR.dat"

22:11:11.012 The log file has been saved successfully to "C:\Users\Dave\Desktop\aswMBR.txt"

MBR.zip

Link to post
Share on other sites

  • Staff

Hi,

Okay looks like we have to take this out manually. First let's confirm its presence:

Do the following:

  1. Click on the Start button and then choose Control Panel.
  2. Click on the System and Security link.
    Note: If you're viewing the Large icons or Small icons view of Control Panel, you won't see this link so just click on the Administrative Tools icon and skip to Step 4.
  3. In the System and Security window, click on the Administrative Tools heading located near the bottom of the window.
  4. In the Administrative Tools window, double-click on the Computer Management icon.
  5. When Computer Management opens, click on Disk Management on the left side of the window, located under Storage.
    After a brief loading period, Disk Management should now appear on the right side of the Computer Management window.
    Note: If you don't see Disk Management listed, you may need to click on the |> icon to the left of the Storage icon.

Take a screen Shot of the Disk Management Window and attach the screen shot to your reply.

Link to post
Share on other sites

  • Staff

Hi,

This is incredibly odd.

You're not showing symptoms of the new infection which I thought you had.

Though the other computers on the network are not affected, please try the following steps:

1. Very important: First disconnect your computers from the Internet.

2. Router Reset: Next you must reset the router to its default configuration. This can be done by inserting something tiny like a paper clip end or pencil tip into the small hole labeled Reset located on the back of the router. Press and hold down the small button inside until the lights on the front of the router blink off and then on again (usually about 30 seconds).

3. Reset the IP/DNS settings of your Internet connection on each computer connected:

  • Go to Start -> Control Panel -> Double click on Network Connections.
  • Right click on your default connection (usually Local Area Connection or Wireless Network Connection) and select Properties.
  • Select the General tab.
  • Double click on Internet Protocol (TCP/IP).
    • Under General tab:
      • Select "Obtain an IP address automatically".
      • Select "Obtain DNS server address automatically".

    [*]Click OK twice to save the settings.

    [*]Reboot if you had to change any setting.

4. Flush the DNS cache:

  • Click the Start logo in the bottom left corner of the screen
  • Click on Run
  • In the command window copy/paste the following:
    ipconfig /flushdns


  • Then hit enter.
  • Exit the command window.

5. Reconnect: Once you have followed all the above steps you can reconnect your computer to the internet.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.