1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Solved Possible infection-Win 7- logs attached

Discussion in 'Malware and Virus Removal Archive' started by geno368, 2011/10/31.

  1. 2011/10/31
    geno368

    geno368 Well-Known Member Thread Starter

    Joined:
    2009/11/19
    Messages:
    219
    Likes Received:
    0
    Trophy Points:
    231
    Computer Experience:
    intermediate
    [Resolved] Possible infection-Win 7- logs attached

    I keep getting the error "Internet Explorer has stopped working" In another forum, the admin suggested for me to do the suggested scans and post here. I am running a Gateway pc with 6 gb ram with Windows 7 prem. I ran the Malwarebytes, AVG, Spybot and Microsoft Security Essentials. Spybot found adclick(2) but none of the others found anything. As per your instructions, I ran the othere two scans and the logs are included here:

    aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
    Run date: 2011-10-30 17:20:24
    -----------------------------
    17:20:24.133 OS Version: Windows x64 6.1.7600
    17:20:24.133 Number of processors: 2 586 0x170A
    17:20:24.134 ComputerName: DEAN-PC UserName: DEAN
    17:20:26.062 Initialize success
    17:23:16.196 AVAST engine defs: 11103001
    17:23:57.360 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
    17:23:57.364 Disk 0 Vendor: WDC_WD10 01.0 Size: 953869MB BusType: 8
    17:23:57.377 Disk 0 MBR read successfully
    17:23:57.384 Disk 0 MBR scan
    17:23:57.389 Disk 0 TDL4@MBR code has been found
    17:23:57.391 Disk 0 Windows 7 default MBR code found via API
    17:23:57.394 Disk 0 MBR hidden
    17:23:57.405 Disk 0 MBR [TDL4] **ROOTKIT**
    17:23:57.408 Disk 0 trace - called modules:
    17:23:57.415 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xfffffa80061b5254]<<
    17:23:57.418 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8005fb8060]
    17:23:57.421 3 CLASSPNP.SYS[fffff880017b343f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8005ee6050]
    17:23:57.424 \Driver\iaStor[0xfffffa8005eb1550] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> 0xfffffa80061b5254
    17:23:59.221 AVAST engine scan C:\Windows
    17:24:06.960 AVAST engine scan C:\Windows\system32
    17:26:23.445 AVAST engine scan C:\Windows\system32\drivers
    17:26:39.806 AVAST engine scan C:\Users\CRABTREE
    17:37:49.821 AVAST engine scan C:\ProgramData
    17:42:14.799 Scan finished successfully
    17:48:22.666 Disk 0 MBR has been saved successfully to "C:\Users\CRABTREE\Desktop\MBR.dat "
    17:48:22.676 The log file has been saved successfully to "C:\Users\CRABTREE\Desktop\aswMBRlog.txt "

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume2
    Install Date: 1/9/2010 10:15:14 AM
    System Uptime: 10/31/2011 2:40:12 AM (6 hours ago)
    .
    Motherboard: Acer | | EG43M
    Processor: Pentium(R) Dual-Core CPU E5300 @ 2.60GHz | CPU 1 | 2603/200mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 916 GiB total, 603.642 GiB free.
    D: is CDROM (CDFS)
    E: is FIXED (NTFS) - 298 GiB total, 48.105 GiB free.
    G: is Removable
    H: is Removable
    I: is Removable
    J: is Removable
    K: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4d36e96f-e325-11ce-bfc1-08002be10318}
    Description: Microsoft PS/2 Mouse
    Device ID: ACPI\PNP0F03\4&242CC0DB&0
    Manufacturer: Microsoft
    Name: Microsoft PS/2 Mouse
    PNP Device ID: ACPI\PNP0F03\4&242CC0DB&0
    Service: i8042prt
    .
    ==== System Restore Points ===================
    .
    RP285: 10/22/2011 7:55:44 AM - Windows Update
    RP286: 10/23/2011 9:09:36 AM - Windows Update
    RP287: 10/24/2011 10:02:34 AM - Windows Update
    RP288: 10/25/2011 10:23:08 AM - Windows Update
    RP289: 10/26/2011 1:03:33 PM - Windows Update
    RP290: 10/27/2011 5:18:44 PM - Windows Update
    RP291: 10/28/2011 8:07:31 AM - Windows Update
    RP292: 10/29/2011 1:46:52 AM - Windows Update
    RP293: 10/30/2011 12:16:19 PM - Windows Update
    .
    ==== Installed Programs ======================
    .
    µTorrent
    4500_Help
    7-Zip 4.65
    Acrobat.com
    Acronis*True*Image*Home 2011
    Adobe Download Manager
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Reader 8.1.3
    Adobe Reader 9.4.6 MUI
    Adobe Shockwave Player 11.5
    Advanced SystemCare 3
    AIO_Scan
    AnswerWorks 5.0 English Runtime
    ArcSoft Print Creations
    ArcSoft Print Creations - Album Page
    ArcSoft Print Creations - Funhouse
    ArcSoft Print Creations - Greeting Card
    ArcSoft Print Creations - Photo Book
    ArcSoft Print Creations - Photo Calendar
    ArcSoft Print Creations - Scrapbook
    ArcSoft Print Creations - Slimline Card
    AT&T Digital Directories - Gadsden-Attalla, AL
    Auslogics Duplicate File Finder
    AutoHotkey 1.0.48.05
    AutoUpdate
    bpd_scan
    BPDSoftware
    BPDSoftware_Ini
    BufferChm
    C4200
    C4200_doccd
    c4200_Help
    Camera Window DS
    Canon Camera Window DS for ZoomBrowser EX
    Canon G.726 WMP-Decoder
    Canon MovieEdit Task for ZoomBrowser EX
    Canon PhotoRecord
    Canon RAW Image Task for ZoomBrowser EX
    Canon RemoteCapture Task for ZoomBrowser EX
    Canon Utilities CameraWindow
    Canon Utilities CameraWindow DC
    Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
    Canon Utilities MyCamera
    Canon Utilities MyCamera DC
    Canon Utilities PhotoStitch 3.1
    Canon Utilities RemoteCapture DC
    Canon Utilities RemoteCapture Task for ZoomBrowser EX
    Canon Utilities ZoomBrowser EX
    Canon ZoomBrowser EX Memory Card Utility
    Choice Guard
    Compatibility Pack for the 2007 Office system
    Corel Paint Shop Pro X
    CrossLoop 2.74
    CyberLink DVD Suite Deluxe
    CyberLink PowerDirector
    DeepBurner v1.9.0.228
    Definition update for Microsoft Office 2010 (KB982726)
    Destination Component
    DeviceDiscovery
    DeviceManagementQFolder
    DivX Codec
    DivX Version Checker
    DJ_AIO_Software_min
    DocProc
    DocProcQFolder
    Dream Aquarium 1.234
    Driver Performer
    DVD Flick 1.3.0.7
    Enhanced Multimedia Keyboard Solution
    EPSON Attach To Email
    EPSON Event Manager
    EPSON File Manager
    EPSON Scan
    EPSON Scan Assistant
    eReg
    eSupportQFolder
    eUSB SCSI Adapter
    Everyone's Legal Forms 2007
    Family Lawyer 2004
    Family Lawyer 2010
    FloatLED v1.06
    FolderSizes 4
    Garmin City Navigator North America NT 2010.30
    Garmin City Navigator North America NT 2011.10 Update
    Garmin City Navigator North America NT 2011.20 Update
    Garmin City Navigator North America NT 2012.20 Update
    Garmin Communicator Plugin
    Garmin Lifetime Updater
    Garmin WebUpdater
    Gateway Games
    Gateway InfoCentre
    Gateway Photo Frame 4.2.3.10
    Gateway Recovery Management
    Google Chrome
    Google Desktop
    Google Earth
    Google Gmail Notifier
    Google Talk Plugin
    Google Update Helper
    Google Updater
    GPBaseService
    GPBaseService2
    Hewlett-Packard Active Check for Health Check
    Hewlett-Packard Asset Agent for Health Check
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    HP Active Support Library
    HP Commercial Scanjet 5590 TWAIN Driver
    HP Customer Feedback
    HP My Display
    HP Picasso Media Center Add-In
    HP Smart Web Printing
    HP Total Care Advisor
    HPProductAssistant
    HPSSupply
    HPTCSSetup
    HTC Driver Installer
    HTC Sync
    Identity Card
    ImagXpress
    IncrediMail
    IncrediMail 2.0
    Ipswitch WS_FTP Home 2007
    J4500
    Java Auto Updater
    Java(TM) 6 Update 23
    Java(TM) SE Runtime Environment 6 Update 1
    Junk Mail filter update
    LabelPrint
    LightScribe System Software
    LightScribeTemplateLabeler
    Linksys Compact Wireless-G USB Adapter Driver - WUSB54GC
    Malwarebytes' Anti-Malware version 1.51.2.1300
    Microsoft Easy Assist v2
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Enterprise 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Groove MUI (English) 2007
    Microsoft Office Groove Setup Metadata MUI (English) 2007
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office Live Add-in 1.3
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office PowerPoint Viewer 2007 (English)
    Microsoft Office Project MUI (English) 2010
    Microsoft Office Project Professional 2010
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (English) 2010
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (French) 2010
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proof (Spanish) 2010
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing (English) 2010
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared MUI (English) 2010
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2010
    Microsoft Office Standard 2007
    Microsoft Office Suite Activation Assistant
    Microsoft Office Word MUI (English) 2007
    Microsoft Office XP Professional with FrontPage
    Microsoft Primary Interoperability Assemblies 2005
    Microsoft Project Professional 2010
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
    Microsoft Works
    Mozilla Firefox 7.0 (x86 en-US)
    MSVCRT
    MSVCSetup
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB941833)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 4.0 SP2 Parser and SDK
    muvee autoProducer 6.1
    My HP Games
    My Macros 3.1
    neroxml
    palmOne
    PCmover Professional
    PCsync
    PE Builder 3.1.10a
    Photo Notifier and Animation Creator
    PhotoMail Maker
    PhotoStitch
    Picasa 3
    Power2Go
    ProductContext
    PS_AIO_ProductContext
    PS_AIO_Software
    PS_AIO_Software_min
    Python 2.5
    QuickBooks Pro 2007
    Quicken 2008
    RC_Vista.exe
    Readiris Pro 11 Mr.Underground Edition
    Realtek High Definition Audio Driver
    RemoteCapture Task 1.1
    RoboForm 7-6-2 (All Users)
    Scan
    SDK
    Security Update for 2007 Microsoft Office System (KB2288621)
    Security Update for 2007 Microsoft Office System (KB2288931)
    Security Update for 2007 Microsoft Office System (KB2289158)
    Security Update for 2007 Microsoft Office System (KB2344875)
    Security Update for 2007 Microsoft Office System (KB2345043)
    Security Update for 2007 Microsoft Office System (KB969559)
    Security Update for 2007 Microsoft Office System (KB976321)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft Office 2010 (KB2289078)
    Security Update for Microsoft Office 2010 (KB2289161)
    Security Update for Microsoft Office Access 2007 (KB979440)
    Security Update for Microsoft Office Excel 2007 (KB2345035)
    Security Update for Microsoft Office InfoPath 2007 (KB979441)
    Security Update for Microsoft Office PowerPoint 2007 (KB982158)
    Security Update for Microsoft Office PowerPoint Viewer (KB2413381)
    Security Update for Microsoft Office Publisher 2007 (KB2284697)
    Security Update for Microsoft Office system 2007 (972581)
    Security Update for Microsoft Office system 2007 (KB974234)
    Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
    Security Update for Microsoft Office Word 2007 (KB2344993)
    SierraHome Print Artist 12.0
    Skypeâ„¢ 5.3
    SolutionCenter
    Sony RAW Driver
    Speccy
    Spybot - Search & Destroy
    Status
    SupportSoft Assisted Service
    Toolbox
    Tor 0.2.1.26
    TrayApp
    Tune Tools 2
    TurboTax 2010
    TurboTax 2010 waliper
    TurboTax 2010 WinPerFedFormset
    TurboTax 2010 WinPerReleaseEngine
    TurboTax 2010 WinPerTaxSupport
    TurboTax 2010 wrapper
    UnloadSupport
    Unlocker 1.8.8
    Update for 2007 Microsoft Office System (KB2284654)
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office 2010 (KB2202188)
    Update for Microsoft Office 2010 (KB2494150)
    Update for Microsoft Office 2010 (KB2523113)
    Update for Microsoft Office Access 2007 Help (KB963663)
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office Infopath 2007 Help (KB963662)
    Update for Microsoft Office OneNote 2007 (KB980729)
    Update for Microsoft Office OneNote 2007 Help (KB963670)
    Update for Microsoft Office Outlook 2007 (KB2412171)
    Update for Microsoft Office Outlook 2007 Help (KB963677)
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Publisher 2007 Help (KB963667)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    Update for Outlook 2007 Junk Email Filter (KB2483110)
    Vidalia 0.2.9
    Visual C++ 8.0 Runtime Setup Package (x64)
    Visual Studio 2008 x64 Redistributables
    WebReg
    Welcome Center
    Windows Installer Clean Up
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Mail
    Windows Live Messenger
    Windows Live Photo Gallery
    Windows Live Sign-in Assistant
    Windows Live Sync
    Windows Live Writer
    WinRAR archiver
    WinX DVD Ripper Platinum 5.1.1
    Wireless-B Notebook Adapter Configuration Utility
    Yahoo! Widgets
    .
    ==== Event Viewer Messages From Past Week ========
    .
    10/31/2011 8:02:26 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk6\DR13.
    10/31/2011 7:38:04 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk6\DR11.
    10/31/2011 7:37:58 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk7\DR12.
    10/30/2011 7:56:19 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the lmhosts service.
    10/30/2011 4:40:59 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk6\DR8.
    10/29/2011 9:28:17 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffffa80061a87a7, 0x0000000000000000, 0x0000000077240000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 102911-67985-01.
    10/29/2011 5:35:25 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk6\DR7.
    10/29/2011 12:40:27 PM, Error: Microsoft-Windows-ResourcePublication [1002] - Element Provider\Microsoft.Base.Publication/Publication/Computer failed to publish. Ensure that both PKEY_PUBSVCS_METADATA and PKEY_PUBSVCS_TYPE are set properly on the function instance and there were no errors adding the function instance.
    10/29/2011 12:23:30 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    10/29/2011 1:48:06 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.115.831.0).
    10/29/2011 1:47:37 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.115.831.0 Update Source: Microsoft Update Server Update Stage: Install Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7801.0 Error code: 0x80070643 Error description: Fatal error during installation.
    10/29/2011 1:12:10 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk6\DR6.
    10/28/2011 7:13:21 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR16.
    10/28/2011 12:46:09 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.
    10/28/2011 12:30:56 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffffa80061b47a7, 0x0000000000000000, 0x0000000076f70000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 102811-43820-01.
    10/27/2011 12:38:02 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR13.
    10/26/2011 9:21:37 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    10/26/2011 9:21:05 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffffa80063a57a7, 0x0000000000000000, 0x0000000077540000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 102611-50279-01.
    10/26/2011 10:24:49 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR8.
    10/25/2011 9:15:10 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    10/25/2011 9:00:41 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffffa8006fbd7a7, 0x0000000000000000, 0x0000000077540000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 102511-45957-01.
    10/24/2011 4:54:28 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR9.
    .
    ==== End Of File ===========================

    Thank you for any help
     
  2. 2011/10/31
    Admin.

    Admin. Administrator Administrator Staff

    Joined:
    2001/12/30
    Messages:
    6,603
    Likes Received:
    85
    Trophy Points:
    743
    Location:
    Birkirkara, Malta
    Computer Experience:
    ***
    I see you have P2P software ( Azures, Limewire, BitTorrent, uTorrent etc…) installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation. This page will give you further information.

    Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares and their infections.

    References for the risk of these programs are here, and here.

    I would strongly recommend that you uninstall them, and read the links above for educational value!

    Note: Please be advised that continued use of these programs after being warned of the danger of infections from them, may result in the discontinued help of future cleaning of your system here at WindowsBBS Malware and Virus removal.

    A Malware expert will have a look at your log in due course.
     

  3. to hide this advert.

  4. 2011/10/31
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,583
    Likes Received:
    103
    Trophy Points:
    843
    Location:
    Daly City, CA
    Computer Experience:
    Experienced
    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ============================================================

    I still need DDS.txt and GMER logs.
     
  5. 2011/11/03
    geno368

    geno368 Well-Known Member Thread Starter

    Joined:
    2009/11/19
    Messages:
    219
    Likes Received:
    0
    Trophy Points:
    231
    Computer Experience:
    intermediate
    Thanks very much for your help...
    The dds.txt is in my previous message I think...the GMER is below:

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2011-11-03 10:17:03
    Windows 6.1.7600
    Running: 2tghbh4j.exe


    ---- Registry - GMER 1.0.15 ----

    Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D27CDB6E-AE6D-11CF-96B8-444553540000}\iexplore@Count 69808

    ---- Files - GMER 1.0.15 ----

    File C:\Users\CRABTREE\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\83UH14AL\adme_mevio_com[2].htm 0 bytes
    File C:\Users\CRABTREE\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\83UH14AL\opensearch_descCA4UBW55.xml 0 bytes
    File C:\Users\CRABTREE\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C7CDF7EV\afr[1].htm 0 bytes
    File C:\Users\CRABTREE\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DXJBUNNA\1844255119[1].htm 0 bytes
    File C:\Users\CRABTREE\AppData\Local\Temp\~DF64D9CF5E64E8BF65.TMP 16384 bytes
    File C:\Users\CRABTREE\AppData\Local\Temp\~DF84F45979A5223FCF.TMP 512 bytes
    File C:\Users\CRABTREE\AppData\Local\Temp\~DF2B4BB73BBE5F8012.TMP 16384 bytes
    File C:\Users\CRABTREE\AppData\Local\Temp\~DF3E2B80B9237D26B4.TMP 16384 bytes
    File C:\Users\CRABTREE\AppData\Local\Temp\~DF546148DB1C2C51DB.TMP 16384 bytes
    File C:\Users\CRABTREE\AppData\Local\Temp\~DF5D898F2431B35344.TMP 512 bytes
    File C:\Users\CRABTREE\AppData\Local\Temp\~DF9C092A4D9C85885F.TMP 16384 bytes
    File C:\Users\CRABTREE\AppData\Local\Temp\~DFB2F5DB881AB2792E.TMP 32768 bytes
    File C:\Users\CRABTREE\AppData\Local\Temp\~DFB3EA0806025FF158.TMP 32768 bytes
    File C:\Users\CRABTREE\AppData\Local\Temp\~DFBD557BF2FA41DC65.TMP 512 bytes

    ---- EOF - GMER 1.0.15 ----
     
  6. 2011/11/03
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,583
    Likes Received:
    103
    Trophy Points:
    843
    Location:
    Daly City, CA
    Computer Experience:
    Experienced
    You only posted Attach.txt part of DDS.
    I still need DDS.txt log.
     
  7. 2011/11/03
    geno368

    geno368 Well-Known Member Thread Starter

    Joined:
    2009/11/19
    Messages:
    219
    Likes Received:
    0
    Trophy Points:
    231
    Computer Experience:
    intermediate
    sorry...here goes:
    .
    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_23
    Run by DEAN at 11:10:10 on 2011-11-03
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.6109.3806 [GMT -5:00]
    .
    AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
    AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
    SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
    SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
    C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
    C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
    C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
    C:\Users\CRABTREE\AppData\Local\CrossLoop\CrossLoopService.exe
    C:\Program Files (x86)\Common Files\Portrait Displays\Shared\dtsrvc.exe
    C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
    C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\Explorer.EXE
    C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
    c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\system32\WUDFHost.exe
    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    C:\Program Files\Logitech\SetPointP\SetPoint.exe
    C:\Windows\System32\igfxtray.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\System32\hkcmd.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
    C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe
    C:\Windows\System32\StikyNot.exe
    C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Program Files (x86)\Google\Gmail Notifier\gnotify.exe
    C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
    C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
    C:\Program Files (x86)\IncrediMail\Bin\ImApp.exe
    C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    C:\Users\CRABTREE\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
    C:\Windows\sysWOW64\wbem\wmiprvse.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\wbem\WmiApSrv.exe
    C:\Windows\system32\REGSVR32.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\SysWOW64\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.com/
    uDefault_Page_URL = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=dx4822&r=173601106206p0365v1j5k4871r25n
    uSearch Bar = hxxp://toolbar.inbox.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=%tb_id&%language
    mDefault_Page_URL = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=dx4822&r=173601106206p0365v1j5k4871r25n
    mStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=dx4822&r=173601106206p0365v1j5k4871r25n
    uInternet Settings,ProxyOverride = localhost
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
    BHO: RoboForm BHO: {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5825.1100\swg.dll
    BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    TB: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
    TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
    TB: {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No File
    TB: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File
    uRun: [IncrediMail] C:\Program Files (x86)\IncrediMail\bin\IncMail.exe /c
    uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
    uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    uRun: [RoboForm] "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe "
    uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe "
    mRun: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] "C:\Program Files (x86)\Google\Gmail Notifier\gnotify.exe "
    mRun: [TaskTray]
    mRun: [TrueImageMonitor.exe] "C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe "
    mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe "
    mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVZOVgtTlNWVkwtTzRCWlEtUUlNQ0wtUVREQ0gtNElKTUg "& "inst=NzctNjE0MDQ0OTAzLVhPMTArMi1RSVgxKzQtWDIwMTArMi1GMTBNMTBEKzEtTElDKzIyLUZMMTArMS1TUDErMS1TUDFUQisxLVNVRCsxLVMxSSsxLVNVMysxLUREVCsxMjM4OS1ERDEwRisxLVNUMTBGQVBQKzE "& "prod=90 "& "ver=10.0.1410
    dRun: [RoboForm] "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe "
    StartupFolder: C:\Users\CRABTREE\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\LOGITE~1.LNK - C:\Program Files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
    mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableLUA = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
    mPolicies-system: EnableLinkedConnections = 1 (0x1)
    IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200
    IE: Customize Menu - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
    IE: Fill Forms - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
    IE: RoboForm Toolbar - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    IE: Save Forms - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    IE: {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
    Trusted Zone: intuit.com\ttlc
    DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab
    DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab
    DPF: {49232000-16E4-426C-A231-62846947304B} - hxxp://ipgweb.cce.hp.com/rdqcpqdktp/downloads/sysinfo.cab
    DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} -
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
    DPF: {A27C56D2-3F58-4ABB-AA31-1168EDA6636F} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab
    DPF: {AA25A56C-B654-4356-B390-DC3594B75C63} - hxxp://65.15.154.215:81/codebase/HCNetVideoActiveX.cab
    DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    TCP: DhcpNameServer = 192.168.1.254 192.168.1.254
    TCP: Interfaces\{C7D640D0-6EAB-4A49-AC56-DD7D2F91F6FE} : DhcpNameServer = 192.168.1.254 192.168.1.254
    TCP: Interfaces\{EA8713C9-52CC-42DD-A388-B7B0CCC5398B} : DhcpNameServer = 192.168.1.254 192.168.1.254
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
    AppInit_DLLs: C:\PROGRA~2\Google\GOBCA7~1\GO36F4~1.DLL
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe "
    BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO-X64: AcroIEHelperStub - No File
    BHO-X64: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
    C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
    BHO-X64: RoboForm BHO - No File
    BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO-X64: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
    BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5825.1100\swg.dll
    BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
    BHO-X64: URLRedirectionBHO - No File
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    TB-X64: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
    TB-X64: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
    TB-X64: {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No File
    TB-X64: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File
    mRun-x64: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] "C:\Program Files (x86)\Google\Gmail Notifier\gnotify.exe "
    mRun-x64: [TaskTray]
    mRun-x64: [TrueImageMonitor.exe] "C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe "
    mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe "
    mRunOnce-x64: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVZOVgtTlNWVkwtTzRCWlEtUUlNQ0wtUVREQ0gtNElKTUg "& "inst=NzctNjE0MDQ0OTAzLVhPMTArMi1RSVgxKzQtWDIwMTArMi1GMTBNMTBEKzEtTElDKzIyLUZMMTArMS1TUDErMS1TUDFUQisxLVNVRCsxLVMxSSsxLVNVMysxLUREVCsxMjM4OS1ERDEwRisxLVNUMTBGQVBQKzE "& "prod=90 "& "ver=10.0.1410
    IE-X64: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    IE-X64: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    IE-X64: {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    AppInit_DLLs-X64: C:\PROGRA~2\Google\GOBCA7~1\GO36F4~1.DLL
    SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\CRABTREE\AppData\Roaming\Mozilla\Firefox\Profiles\xzvs5cdp.default\
    FF - prefs.js: browser.search.selectedEngine - Dogpile
    FF - prefs.js: browser.startup.homepage - hxxp://att.my.yahoo.com/?_bc=1
    FF - prefs.js: keyword.URL - hxxp://mystart.incredimail.com/?loc=ff_address_bar&a=1uwsoPxbpd9&search=
    FF - prefs.js: network.proxy.type - 4
    FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
    FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
    FF - plugin: C:\Program Files (x86)\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll
    FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.29\npGoogleOneClick8.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\Users\CRABTREE\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll
    FF - plugin: C:\Users\CRABTREE\AppData\Roaming\Mozilla\Firefox\Profiles\xzvs5cdp.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}\plugins\npGarmin.dll
    FF - plugin: C:\Users\CRABTREE\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
    FF - plugin: C:\Users\CRABTREE\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 AVGIDSEH;AVGIDSEH;C:\Windows\system32\DRIVERS\AVGIDSEH.Sys --> C:\Windows\system32\DRIVERS\AVGIDSEH.Sys [?]
    R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
    R0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);C:\Windows\system32\DRIVERS\tdrpm273.sys --> C:\Windows\system32\DRIVERS\tdrpm273.sys [?]
    R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
    R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
    R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
    R2 afcdpsrv;Acronis Nonstop Backup Service;C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2011-9-5 3246040]
    R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-8-2 192776]
    R2 CrossLoopService;CrossLoop Service;C:\Users\CRABTREE\AppData\Local\CrossLoop\CrossLoopService.exe [2011-2-9 560848]
    R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2008-11-21 1153368]
    R3 afcdp;afcdp;C:\Windows\system32\DRIVERS\afcdp.sys --> C:\Windows\system32\DRIVERS\afcdp.sys [?]
    R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;C:\Windows\system32\DRIVERS\e1y62x64.sys --> C:\Windows\system32\DRIVERS\e1y62x64.sys [?]
    R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;C:\Windows\system32\drivers\IntcHdmi.sys --> C:\Windows\system32\drivers\IntcHdmi.sys [?]
    R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]
    R3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
    R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 gupdate1c98ebdbdbb100;Google Update Service (gupdate1c98ebdbdbb100);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-1-9 135664]
    S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe [2010-2-16 30192]
    S3 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-1-9 135664]
    S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-1-9 135664]
    S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
    S3 tvnserver;TightVNC Server;C:\Users\CRABTREE\AppData\Local\CrossLoop\tvnserver.exe [2011-2-9 814080]
    S3 uvnc_service;uvnc_service; "C:\Users\CRABTREE\AppData\Local\CrossLoop\winvnc.exe" -service --> C:\Users\CRABTREE\AppData\Local\CrossLoop\winvnc.exe [?]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
    .
    =============== Created Last 30 ================
    .
    2011-11-03 14:00:06 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{D3AF03E8-9534-4880-B035-74F8AB9481E0}\offreg.dll
    2011-11-03 12:28:25 8570192 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{D3AF03E8-9534-4880-B035-74F8AB9481E0}\mpengine.dll
    2011-10-31 13:37:54 -------- d-----w- C:\X-Plane 9
    2011-10-26 18:57:27 -------- d-----w- C:\symbols
    2011-10-26 18:02:23 -------- d-----w- C:\Program Files\Debugging Tools for Windows (x64)
    2011-10-19 18:44:51 -------- d-----w- C:\Users\CRABTREE\AppData\Roaming\AVG2012
    2011-10-19 18:43:47 -------- d-----w- C:\Windows\SysWow64\drivers\AVG
    2011-10-19 18:42:12 -------- d-----w- C:\ProgramData\AVG2012
    2011-10-18 18:11:47 -------- d--h--w- C:\Users\CRABTREE\AppData\Roaming\Tydije
    2011-10-18 18:11:47 -------- d--h--w- C:\Users\CRABTREE\AppData\Roaming\Duojf
    2011-10-16 21:58:59 601424 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
    2011-10-16 21:58:49 917840 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{4F0C7EAF-53A7-4D1B-86FC-EAD9878E469B}\gapaengine.dll
    .
    ==================== Find3M ====================
    .
    2011-10-18 20:41:59 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2011-10-01 20:06:42 285280 ----a-w- C:\Windows\System32\drivers\afcdp.sys
    2011-10-01 20:06:41 1263200 ----a-w- C:\Windows\System32\drivers\tdrpm273.sys
    2011-10-01 20:06:40 970336 ----a-w- C:\Windows\System32\drivers\timntr.sys
    2011-10-01 03:21:20 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
    2011-10-01 02:59:14 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2011-09-13 11:30:08 37456 ----a-w- C:\Windows\System32\drivers\avgrkx64.sys
    2011-09-09 19:38:48 525544 ----a-w- C:\Windows\System32\deployJava1.dll
    2011-09-06 03:07:02 3134976 ----a-w- C:\Windows\System32\win32k.sys
    2011-09-05 13:13:54 277088 ----a-w- C:\Windows\System32\drivers\snapman.sys
    2011-08-27 05:40:28 861184 ----a-w- C:\Windows\System32\oleaut32.dll
    2011-08-27 05:40:28 331776 ----a-w- C:\Windows\System32\oleacc.dll
    2011-08-27 04:43:07 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
    2011-08-27 04:43:06 233472 ----a-w- C:\Windows\SysWow64\oleacc.dll
    2011-08-20 05:45:20 1197568 ----a-w- C:\Windows\System32\wininet.dll
    2011-08-20 05:41:16 57856 ----a-w- C:\Windows\System32\licmgr10.dll
    2011-08-20 04:38:10 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
    2011-08-20 04:35:20 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
    2011-08-20 04:20:23 482816 ----a-w- C:\Windows\System32\html.iec
    2011-08-20 03:26:38 386048 ----a-w- C:\Windows\SysWow64\html.iec
    2011-08-19 14:55:09 94720 ----a-w- C:\Windows\System32\antiwpa.dll
    2011-08-08 11:08:58 46672 ----a-w- C:\Windows\System32\drivers\avgmfx64.sys
    .
    ============= FINISH: 11:18:35.77 ===============
     
  8. 2011/11/03
    geno368

    geno368 Well-Known Member Thread Starter

    Joined:
    2009/11/19
    Messages:
    219
    Likes Received:
    0
    Trophy Points:
    231
    Computer Experience:
    intermediate
    and here:

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume2
    Install Date: 1/9/2010 10:15:14 AM
    System Uptime: 11/3/2011 8:59:22 AM (3 hours ago)
    .
    Motherboard: Acer | | EG43M
    Processor: Pentium(R) Dual-Core CPU E5300 @ 2.60GHz | CPU 1 | 2603/200mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 916 GiB total, 592.268 GiB free.
    D: is CDROM ()
    E: is FIXED (NTFS) - 298 GiB total, 47.87 GiB free.
    G: is Removable
    H: is Removable
    I: is Removable
    J: is Removable
    K: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4d36e96f-e325-11ce-bfc1-08002be10318}
    Description: Microsoft PS/2 Mouse
    Device ID: ACPI\PNP0F03\4&242CC0DB&0
    Manufacturer: Microsoft
    Name: Microsoft PS/2 Mouse
    PNP Device ID: ACPI\PNP0F03\4&242CC0DB&0
    Service: i8042prt
    .
    ==== System Restore Points ===================
    .
    RP288: 10/25/2011 10:23:08 AM - Windows Update
    RP289: 10/26/2011 1:03:33 PM - Windows Update
    RP290: 10/27/2011 5:18:44 PM - Windows Update
    RP291: 10/28/2011 8:07:31 AM - Windows Update
    RP292: 10/29/2011 1:46:52 AM - Windows Update
    RP293: 10/30/2011 12:16:19 PM - Windows Update
    RP294: 10/31/2011 4:27:36 PM - Windows Update
    RP296: 11/3/2011 7:28:13 AM - Windows Update
    .
    ==== Installed Programs ======================
    .
    µTorrent
    4500_Help
    7-Zip 4.65
    Acrobat.com
    Acronis*True*Image*Home 2011
    Adobe Download Manager
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Reader 8.1.3
    Adobe Reader 9.4.6 MUI
    Adobe Shockwave Player 11.5
    Advanced SystemCare 3
    AIO_Scan
    AnswerWorks 5.0 English Runtime
    ArcSoft Print Creations
    ArcSoft Print Creations - Album Page
    ArcSoft Print Creations - Funhouse
    ArcSoft Print Creations - Greeting Card
    ArcSoft Print Creations - Photo Book
    ArcSoft Print Creations - Photo Calendar
    ArcSoft Print Creations - Scrapbook
    ArcSoft Print Creations - Slimline Card
    AT&T Digital Directories - Gadsden-Attalla, AL
    Auslogics Duplicate File Finder
    AutoHotkey 1.0.48.05
    AutoUpdate
    bpd_scan
    BPDSoftware
    BPDSoftware_Ini
    BufferChm
    C4200
    C4200_doccd
    c4200_Help
    Camera Window DS
    Canon Camera Window DS for ZoomBrowser EX
    Canon G.726 WMP-Decoder
    Canon MovieEdit Task for ZoomBrowser EX
    Canon PhotoRecord
    Canon RAW Image Task for ZoomBrowser EX
    Canon RemoteCapture Task for ZoomBrowser EX
    Canon Utilities CameraWindow
    Canon Utilities CameraWindow DC
    Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
    Canon Utilities MyCamera
    Canon Utilities MyCamera DC
    Canon Utilities PhotoStitch 3.1
    Canon Utilities RemoteCapture DC
    Canon Utilities RemoteCapture Task for ZoomBrowser EX
    Canon Utilities ZoomBrowser EX
    Canon ZoomBrowser EX Memory Card Utility
    Choice Guard
    Compatibility Pack for the 2007 Office system
    Corel Paint Shop Pro X
    CrossLoop 2.74
    CyberLink DVD Suite Deluxe
    CyberLink PowerDirector
    DeepBurner v1.9.0.228
    Definition update for Microsoft Office 2010 (KB982726)
    Destination Component
    DeviceDiscovery
    DeviceManagementQFolder
    DivX Codec
    DivX Version Checker
    DJ_AIO_Software_min
    DocProc
    DocProcQFolder
    Dream Aquarium 1.234
    Driver Performer
    DVD Flick 1.3.0.7
    Enhanced Multimedia Keyboard Solution
    EPSON Attach To Email
    EPSON Event Manager
    EPSON File Manager
    EPSON Scan
    EPSON Scan Assistant
    eReg
    eSupportQFolder
    eUSB SCSI Adapter
    Everyone's Legal Forms 2007
    Family Lawyer 2004
    Family Lawyer 2010
    FloatLED v1.06
    FolderSizes 4
    Garmin City Navigator North America NT 2010.30
    Garmin City Navigator North America NT 2011.10 Update
    Garmin City Navigator North America NT 2011.20 Update
    Garmin City Navigator North America NT 2012.20 Update
    Garmin Communicator Plugin
    Garmin Lifetime Updater
    Garmin WebUpdater
    Gateway Games
    Gateway InfoCentre
    Gateway Photo Frame 4.2.3.10
    Gateway Recovery Management
    Google Chrome
    Google Desktop
    Google Earth
    Google Gmail Notifier
    Google Talk Plugin
    Google Update Helper
    Google Updater
    GPBaseService
    GPBaseService2
    Hewlett-Packard Active Check for Health Check
    Hewlett-Packard Asset Agent for Health Check
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    HP Active Support Library
    HP Commercial Scanjet 5590 TWAIN Driver
    HP Customer Feedback
    HP My Display
    HP Picasso Media Center Add-In
    HP Smart Web Printing
    HP Total Care Advisor
    HPProductAssistant
    HPSSupply
    HPTCSSetup
    HTC Driver Installer
    HTC Sync
    Identity Card
    ImagXpress
    IncrediMail
    IncrediMail 2.0
    Ipswitch WS_FTP Home 2007
    J4500
    Java Auto Updater
    Java(TM) 6 Update 23
    Java(TM) SE Runtime Environment 6 Update 1
    Junk Mail filter update
    LabelPrint
    LightScribe System Software
    LightScribeTemplateLabeler
    Linksys Compact Wireless-G USB Adapter Driver - WUSB54GC
    Malwarebytes' Anti-Malware version 1.51.2.1300
    Microsoft Easy Assist v2
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Enterprise 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Groove MUI (English) 2007
    Microsoft Office Groove Setup Metadata MUI (English) 2007
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office Live Add-in 1.3
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office PowerPoint Viewer 2007 (English)
    Microsoft Office Project MUI (English) 2010
    Microsoft Office Project Professional 2010
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (English) 2010
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (French) 2010
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proof (Spanish) 2010
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing (English) 2010
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared MUI (English) 2010
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2010
    Microsoft Office Standard 2007
    Microsoft Office Suite Activation Assistant
    Microsoft Office Word MUI (English) 2007
    Microsoft Office XP Professional with FrontPage
    Microsoft Primary Interoperability Assemblies 2005
    Microsoft Project Professional 2010
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
    Microsoft Works
    Mozilla Firefox 7.0 (x86 en-US)
    MSVCRT
    MSVCSetup
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB941833)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 4.0 SP2 Parser and SDK
    muvee autoProducer 6.1
    My HP Games
    My Macros 3.1
    neroxml
    palmOne
    PCmover Professional
    PCsync
    PE Builder 3.1.10a
    Photo Notifier and Animation Creator
    PhotoMail Maker
    PhotoStitch
    Picasa 3
    Power2Go
    ProductContext
    PS_AIO_ProductContext
    PS_AIO_Software
    PS_AIO_Software_min
    Python 2.5
    QuickBooks Pro 2007
    Quicken 2008
    RC_Vista.exe
    Readiris Pro 11 Mr.Underground Edition
    Realtek High Definition Audio Driver
    RemoteCapture Task 1.1
    RoboForm 7-6-2 (All Users)
    Scan
    SDK
    Security Update for 2007 Microsoft Office System (KB2288621)
    Security Update for 2007 Microsoft Office System (KB2288931)
    Security Update for 2007 Microsoft Office System (KB2289158)
    Security Update for 2007 Microsoft Office System (KB2344875)
    Security Update for 2007 Microsoft Office System (KB2345043)
    Security Update for 2007 Microsoft Office System (KB969559)
    Security Update for 2007 Microsoft Office System (KB976321)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft Office 2010 (KB2289078)
    Security Update for Microsoft Office 2010 (KB2289161)
    Security Update for Microsoft Office Access 2007 (KB979440)
    Security Update for Microsoft Office Excel 2007 (KB2345035)
    Security Update for Microsoft Office InfoPath 2007 (KB979441)
    Security Update for Microsoft Office PowerPoint 2007 (KB982158)
    Security Update for Microsoft Office PowerPoint Viewer (KB2413381)
    Security Update for Microsoft Office Publisher 2007 (KB2284697)
    Security Update for Microsoft Office system 2007 (972581)
    Security Update for Microsoft Office system 2007 (KB974234)
    Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
    Security Update for Microsoft Office Word 2007 (KB2344993)
    SierraHome Print Artist 12.0
    Skype™ 5.3
    SolutionCenter
    Sony RAW Driver
    Speccy
    Spybot - Search & Destroy
    Status
    SupportSoft Assisted Service
    Toolbox
    Tor 0.2.1.26
    TrayApp
    Tune Tools 2
    TurboTax 2010
    TurboTax 2010 waliper
    TurboTax 2010 WinPerFedFormset
    TurboTax 2010 WinPerReleaseEngine
    TurboTax 2010 WinPerTaxSupport
    TurboTax 2010 wrapper
    UnloadSupport
    Unlocker 1.8.8
    Update for 2007 Microsoft Office System (KB2284654)
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office 2010 (KB2202188)
    Update for Microsoft Office 2010 (KB2494150)
    Update for Microsoft Office 2010 (KB2523113)
    Update for Microsoft Office Access 2007 Help (KB963663)
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office Infopath 2007 Help (KB963662)
    Update for Microsoft Office OneNote 2007 (KB980729)
    Update for Microsoft Office OneNote 2007 Help (KB963670)
    Update for Microsoft Office Outlook 2007 (KB2412171)
    Update for Microsoft Office Outlook 2007 Help (KB963677)
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Publisher 2007 Help (KB963667)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    Update for Outlook 2007 Junk Email Filter (KB2483110)
    Vidalia 0.2.9
    Visual C++ 8.0 Runtime Setup Package (x64)
    Visual Studio 2008 x64 Redistributables
    WebReg
    Welcome Center
    Windows Installer Clean Up
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Mail
    Windows Live Messenger
    Windows Live Photo Gallery
    Windows Live Sign-in Assistant
    Windows Live Sync
    Windows Live Writer
    WinRAR archiver
    WinX DVD Ripper Platinum 5.1.1
    Wireless-B Notebook Adapter Configuration Utility
    Yahoo! Widgets
    .
    ==== Event Viewer Messages From Past Week ========
    .
    11/3/2011 9:40:39 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.
    11/3/2011 9:01:21 AM, Error: Microsoft-Windows-ResourcePublication [1002] - Element Provider\Microsoft.Base.Publication/Publication/Computer failed to publish. Ensure that both PKEY_PUBSVCS_METADATA and PKEY_PUBSVCS_TYPE are set properly on the function instance and there were no errors adding the function instance.
    11/2/2011 1:51:53 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk6\DR22.
    10/31/2011 9:51:05 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk7\DR14.
    10/31/2011 7:38:04 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk6\DR11.
    10/31/2011 7:37:58 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk7\DR12.
    10/31/2011 5:38:50 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk6\DR17.
    10/31/2011 12:48:50 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.115.904.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7801.0 Error code: 0x80240022 Error description: The program can't check for definition updates.
    10/31/2011 12:48:50 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.115.904.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7801.0 Error code: 0x80240022 Error description: The program can't check for definition updates.
    10/31/2011 11:18:36 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk6\DR13.
    10/30/2011 7:56:19 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the lmhosts service.
    10/30/2011 4:40:59 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk6\DR8.
    10/29/2011 9:28:17 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffffa80061a87a7, 0x0000000000000000, 0x0000000077240000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 102911-67985-01.
    10/29/2011 5:35:25 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk6\DR7.
    10/29/2011 12:23:30 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    10/29/2011 1:48:06 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.115.831.0).
    10/29/2011 1:47:37 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.115.831.0 Update Source: Microsoft Update Server Update Stage: Install Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7801.0 Error code: 0x80070643 Error description: Fatal error during installation.
    10/29/2011 1:12:10 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk6\DR6.
    10/28/2011 7:13:21 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR16.
    10/28/2011 12:30:56 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffffa80061b47a7, 0x0000000000000000, 0x0000000076f70000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 102811-43820-01.
    10/27/2011 12:38:02 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR13.
    .
    ==== End Of File ===========================
     
  9. 2011/11/03
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,583
    Likes Received:
    103
    Trophy Points:
    843
    Location:
    Daly City, CA
    Computer Experience:
    Experienced
    You're running two AV programs, AVG and MSE.
    One of them has to go.
    If AVG make sure to use AVG Remover to uninstall it: http://www.avg.com/us-en/utilities

    Then....

    Download TDSSKiller and save it to your desktop.
    • Doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
     
  10. 2011/11/03
    geno368

    geno368 Well-Known Member Thread Starter

    Joined:
    2009/11/19
    Messages:
    219
    Likes Received:
    0
    Trophy Points:
    231
    Computer Experience:
    intermediate
    13:37:03.0974 4636 TDSS rootkit removing tool 2.6.15.0 Nov 3 2011 17:15:49
    13:37:04.0310 4636 ============================================================
    13:37:04.0310 4636 Current date / time: 2011/11/03 13:37:04.0310
    13:37:04.0310 4636 SystemInfo:
    13:37:04.0310 4636
    13:37:04.0310 4636 OS Version: 6.1.7600 ServicePack: 0.0
    13:37:04.0310 4636 Product type: Workstation
    13:37:04.0310 4636 ComputerName: DEAN-PC
    13:37:04.0310 4636 UserName: DEAN
    13:37:04.0310 4636 Windows directory: C:\Windows
    13:37:04.0310 4636 System windows directory: C:\Windows
    13:37:04.0310 4636 Running under WOW64
    13:37:04.0310 4636 Processor architecture: Intel x64
    13:37:04.0310 4636 Number of processors: 2
    13:37:04.0310 4636 Page size: 0x1000
    13:37:04.0310 4636 Boot type: Normal boot
    13:37:04.0310 4636 ============================================================
    13:37:05.0055 4636 Initialize success
    13:37:16.0938 2708 ============================================================
    13:37:16.0938 2708 Scan started
    13:37:16.0938 2708 Mode: Manual;
    13:37:16.0938 2708 ============================================================
    13:37:17.0843 2708 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
    13:37:17.0847 2708 1394ohci - ok
    13:37:17.0957 2708 61883 (e0a8525a951addb4655bc2068566407d) C:\Windows\system32\DRIVERS\61883.sys
    13:37:17.0958 2708 61883 - ok
    13:37:18.0003 2708 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
    13:37:18.0008 2708 ACPI - ok
    13:37:18.0031 2708 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
    13:37:18.0033 2708 AcpiPmi - ok
    13:37:18.0110 2708 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
    13:37:18.0116 2708 adp94xx - ok
    13:37:18.0135 2708 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
    13:37:18.0139 2708 adpahci - ok
    13:37:18.0179 2708 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
    13:37:18.0182 2708 adpu320 - ok
    13:37:18.0233 2708 afcdp (ae1fce2cd1e99bea89183ba8cd320872) C:\Windows\system32\DRIVERS\afcdp.sys
    13:37:18.0235 2708 afcdp - ok
    13:37:18.0306 2708 AFD (6ef20ddf3172e97d69f596fb90602f29) C:\Windows\system32\drivers\afd.sys
    13:37:18.0311 2708 AFD - ok
    13:37:18.0327 2708 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
    13:37:18.0329 2708 agp440 - ok
    13:37:18.0356 2708 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
    13:37:18.0357 2708 aliide - ok
    13:37:18.0369 2708 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
    13:37:18.0371 2708 amdide - ok
    13:37:18.0387 2708 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
    13:37:18.0389 2708 AmdK8 - ok
    13:37:18.0404 2708 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
    13:37:18.0406 2708 AmdPPM - ok
    13:37:18.0443 2708 amdsata (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\DRIVERS\amdsata.sys
    13:37:18.0445 2708 amdsata - ok
    13:37:18.0470 2708 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
    13:37:18.0473 2708 amdsbs - ok
    13:37:18.0492 2708 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\DRIVERS\amdxata.sys
    13:37:18.0493 2708 amdxata - ok
    13:37:18.0538 2708 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
    13:37:18.0541 2708 AppID - ok
    13:37:18.0560 2708 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
    13:37:18.0562 2708 arc - ok
    13:37:18.0572 2708 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
    13:37:18.0576 2708 arcsas - ok
    13:37:18.0616 2708 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
    13:37:18.0617 2708 AsyncMac - ok
    13:37:18.0632 2708 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
    13:37:18.0634 2708 atapi - ok
    13:37:18.0692 2708 Avc (16fabe84916623d0607e4a975544032c) C:\Windows\system32\DRIVERS\avc.sys
    13:37:18.0693 2708 Avc - ok
    13:37:18.0760 2708 AVGIDSEH (f823d184b8e8ffb8da3ead45dbf5bd6a) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
    13:37:18.0761 2708 AVGIDSEH - ok
    13:37:18.0829 2708 Avgldx64 (dadfccfb036da99fa83e7e1d29290a6c) C:\Windows\system32\DRIVERS\avgldx64.sys
    13:37:18.0832 2708 Avgldx64 - ok
    13:37:18.0901 2708 Avgmfx64 (36b1a5843695766eac714daffc5b84d1) C:\Windows\system32\DRIVERS\avgmfx64.sys
    13:37:18.0902 2708 Avgmfx64 - ok
    13:37:18.0956 2708 Avgrkx64 (1102239fb724527f1febbbbccf6bf313) C:\Windows\system32\DRIVERS\avgrkx64.sys
    13:37:18.0957 2708 Avgrkx64 - ok
    13:37:19.0040 2708 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
    13:37:19.0049 2708 b06bdrv - ok
    13:37:19.0122 2708 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
    13:37:19.0126 2708 b57nd60a - ok
    13:37:19.0170 2708 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
    13:37:19.0172 2708 Beep - ok
    13:37:19.0224 2708 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
    13:37:19.0225 2708 blbdrive - ok
    13:37:19.0254 2708 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
    13:37:19.0256 2708 bowser - ok
    13:37:19.0271 2708 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
    13:37:19.0272 2708 BrFiltLo - ok
    13:37:19.0287 2708 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
    13:37:19.0288 2708 BrFiltUp - ok
    13:37:19.0301 2708 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
    13:37:19.0305 2708 Brserid - ok
    13:37:19.0319 2708 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
    13:37:19.0321 2708 BrSerWdm - ok
    13:37:19.0340 2708 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
    13:37:19.0342 2708 BrUsbMdm - ok
    13:37:19.0358 2708 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
    13:37:19.0359 2708 BrUsbSer - ok
    13:37:19.0367 2708 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
    13:37:19.0369 2708 BTHMODEM - ok
    13:37:19.0418 2708 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
    13:37:19.0420 2708 cdfs - ok
    13:37:19.0464 2708 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
    13:37:19.0466 2708 cdrom - ok
    13:37:19.0499 2708 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
    13:37:19.0500 2708 circlass - ok
    13:37:19.0529 2708 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
    13:37:19.0533 2708 CLFS - ok
    13:37:19.0616 2708 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
    13:37:19.0617 2708 CmBatt - ok
    13:37:19.0639 2708 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
    13:37:19.0640 2708 cmdide - ok
    13:37:19.0665 2708 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
    13:37:19.0669 2708 CNG - ok
    13:37:19.0686 2708 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
    13:37:19.0687 2708 Compbatt - ok
    13:37:19.0720 2708 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
    13:37:19.0722 2708 CompositeBus - ok
    13:37:19.0765 2708 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
    13:37:19.0766 2708 crcdisk - ok
    13:37:19.0878 2708 dc3d (26c9db5fb11aa1c90ca4b7a986cca4f3) C:\Windows\system32\DRIVERS\dc3d.sys
    13:37:19.0880 2708 dc3d - ok
    13:37:19.0928 2708 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
    13:37:19.0930 2708 DfsC - ok
    13:37:19.0950 2708 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
    13:37:19.0951 2708 discache - ok
    13:37:20.0012 2708 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
    13:37:20.0014 2708 Disk - ok
    13:37:20.0097 2708 Dot4 (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys
    13:37:20.0100 2708 Dot4 - ok
    13:37:20.0129 2708 Dot4Print (85135ad27e79b689335c08167d917cde) C:\Windows\system32\DRIVERS\Dot4Prt.sys
    13:37:20.0130 2708 Dot4Print - ok
    13:37:20.0169 2708 dot4usb (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys
    13:37:20.0171 2708 dot4usb - ok
    13:37:20.0214 2708 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
    13:37:20.0215 2708 drmkaud - ok
    13:37:20.0334 2708 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
    13:37:20.0341 2708 DXGKrnl - ok
    13:37:20.0398 2708 e1yexpress (761b9edd97a021aa1922501b7a056635) C:\Windows\system32\DRIVERS\e1y62x64.sys
    13:37:20.0401 2708 e1yexpress - ok
    13:37:20.0498 2708 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
    13:37:20.0579 2708 ebdrv - ok
    13:37:20.0801 2708 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
    13:37:20.0809 2708 elxstor - ok
    13:37:20.0831 2708 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
    13:37:20.0832 2708 ErrDev - ok
    13:37:20.0881 2708 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
    13:37:20.0884 2708 exfat - ok
    13:37:20.0907 2708 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
    13:37:20.0911 2708 fastfat - ok
    13:37:20.0957 2708 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
    13:37:20.0959 2708 fdc - ok
    13:37:20.0984 2708 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
    13:37:20.0985 2708 FileInfo - ok
    13:37:21.0000 2708 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
    13:37:21.0002 2708 Filetrace - ok
    13:37:21.0010 2708 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
    13:37:21.0012 2708 flpydisk - ok
    13:37:21.0057 2708 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
    13:37:21.0060 2708 FltMgr - ok
    13:37:21.0076 2708 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
    13:37:21.0078 2708 FsDepends - ok
    13:37:21.0100 2708 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
    13:37:21.0100 2708 Fs_Rec - ok
    13:37:21.0181 2708 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
    13:37:21.0186 2708 fvevol - ok
    13:37:21.0222 2708 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
    13:37:21.0225 2708 gagp30kx - ok
    13:37:21.0347 2708 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
    13:37:21.0348 2708 hcw85cir - ok
    13:37:21.0365 2708 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
    13:37:21.0370 2708 HdAudAddService - ok
    13:37:21.0404 2708 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
    13:37:21.0406 2708 HDAudBus - ok
    13:37:21.0426 2708 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
    13:37:21.0427 2708 HidBatt - ok
    13:37:21.0443 2708 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
    13:37:21.0445 2708 HidBth - ok
    13:37:21.0460 2708 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
    13:37:21.0461 2708 HidIr - ok
    13:37:21.0515 2708 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
    13:37:21.0516 2708 HidUsb - ok
    13:37:21.0571 2708 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
    13:37:21.0572 2708 HpSAMD - ok
    13:37:21.0618 2708 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
    13:37:21.0625 2708 HTTP - ok
    13:37:21.0641 2708 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
    13:37:21.0642 2708 hwpolicy - ok
    13:37:21.0711 2708 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
    13:37:21.0713 2708 i8042prt - ok
    13:37:21.0761 2708 iaStor (1d004cb1da6323b1f55caef7f94b61d9) C:\Windows\system32\DRIVERS\iaStor.sys
    13:37:21.0763 2708 iaStor - ok
    13:37:21.0788 2708 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys
    13:37:21.0793 2708 iaStorV - ok
    13:37:22.0059 2708 igfx (c6238c6abd6ac99f5d152da4e9439a3d) C:\Windows\system32\DRIVERS\igdkmd64.sys
    13:37:22.0214 2708 igfx - ok
    13:37:22.0299 2708 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
    13:37:22.0300 2708 iirsp - ok
    13:37:22.0387 2708 IntcAzAudAddService (bc64b75e8e0a0b8982ab773483164e72) C:\Windows\system32\drivers\RTKVHD64.sys
    13:37:22.0397 2708 IntcAzAudAddService - ok
    13:37:22.0476 2708 IntcHdmiAddService (d485d3bd3e2179aa86853a182f70699f) C:\Windows\system32\drivers\IntcHdmi.sys
    13:37:22.0478 2708 IntcHdmiAddService - ok
    13:37:22.0493 2708 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
    13:37:22.0495 2708 intelide - ok
    13:37:22.0536 2708 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
    13:37:22.0537 2708 intelppm - ok
    13:37:22.0587 2708 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    13:37:22.0589 2708 IpFilterDriver - ok
    13:37:22.0601 2708 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
    13:37:22.0603 2708 IPMIDRV - ok
    13:37:22.0613 2708 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
    13:37:22.0615 2708 IPNAT - ok
    13:37:22.0650 2708 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
    13:37:22.0652 2708 IRENUM - ok
    13:37:22.0669 2708 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
    13:37:22.0671 2708 isapnp - ok
    13:37:22.0682 2708 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
    13:37:22.0685 2708 iScsiPrt - ok
    13:37:22.0725 2708 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
    13:37:22.0726 2708 kbdclass - ok
    13:37:22.0745 2708 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
    13:37:22.0746 2708 kbdhid - ok
    13:37:22.0771 2708 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
    13:37:22.0772 2708 KSecDD - ok
    13:37:22.0799 2708 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
    13:37:22.0801 2708 KSecPkg - ok
    13:37:22.0821 2708 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
    13:37:22.0822 2708 ksthunk - ok
    13:37:22.0913 2708 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
    13:37:22.0915 2708 lltdio - ok
    13:37:22.0968 2708 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
    13:37:22.0970 2708 LSI_FC - ok
    13:37:22.0991 2708 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
    13:37:22.0993 2708 LSI_SAS - ok
    13:37:23.0014 2708 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
    13:37:23.0016 2708 LSI_SAS2 - ok
    13:37:23.0025 2708 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
    13:37:23.0027 2708 LSI_SCSI - ok
    13:37:23.0053 2708 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
    13:37:23.0055 2708 luafv - ok
    13:37:23.0083 2708 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
    13:37:23.0084 2708 megasas - ok
    13:37:23.0095 2708 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
    13:37:23.0099 2708 MegaSR - ok
    13:37:23.0144 2708 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
    13:37:23.0146 2708 Modem - ok
    13:37:23.0187 2708 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
    13:37:23.0187 2708 monitor - ok
    13:37:23.0219 2708 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
    13:37:23.0220 2708 mouclass - ok
    13:37:23.0249 2708 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
    13:37:23.0250 2708 mouhid - ok
    13:37:23.0276 2708 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
    13:37:23.0277 2708 mountmgr - ok
    13:37:23.0288 2708 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
    13:37:23.0291 2708 mpio - ok
    13:37:23.0313 2708 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
    13:37:23.0324 2708 mpsdrv - ok
    13:37:23.0336 2708 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
    13:37:23.0338 2708 MRxDAV - ok
    13:37:23.0393 2708 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
    13:37:23.0396 2708 mrxsmb - ok
    13:37:23.0438 2708 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    13:37:23.0443 2708 mrxsmb10 - ok
    13:37:23.0458 2708 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    13:37:23.0460 2708 mrxsmb20 - ok
    13:37:23.0482 2708 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
    13:37:23.0483 2708 msahci - ok
    13:37:23.0493 2708 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
    13:37:23.0495 2708 msdsm - ok
    13:37:23.0572 2708 MSDV (72949a24d37a20a54b3d4d3dadbb55e9) C:\Windows\system32\DRIVERS\msdv.sys
    13:37:23.0574 2708 MSDV - ok
    13:37:23.0600 2708 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
    13:37:23.0602 2708 Msfs - ok
    13:37:23.0640 2708 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
    13:37:23.0642 2708 mshidkmdf - ok
    13:37:23.0657 2708 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
    13:37:23.0658 2708 msisadrv - ok
    13:37:23.0697 2708 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
    13:37:23.0698 2708 MSKSSRV - ok
    13:37:23.0736 2708 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
    13:37:23.0737 2708 MSPCLOCK - ok
    13:37:23.0745 2708 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
    13:37:23.0747 2708 MSPQM - ok
    13:37:23.0778 2708 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
    13:37:23.0782 2708 MsRPC - ok
    13:37:23.0812 2708 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
    13:37:23.0812 2708 mssmbios - ok
    13:37:23.0825 2708 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
    13:37:23.0827 2708 MSTEE - ok
    13:37:23.0843 2708 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
    13:37:23.0844 2708 MTConfig - ok
    13:37:23.0883 2708 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
    13:37:23.0884 2708 Mup - ok
    13:37:23.0928 2708 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
    13:37:23.0932 2708 NativeWifiP - ok
    13:37:24.0014 2708 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
    13:37:24.0028 2708 NDIS - ok
    13:37:24.0075 2708 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
    13:37:24.0077 2708 NdisCap - ok
    13:37:24.0110 2708 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
    13:37:24.0112 2708 NdisTapi - ok
    13:37:24.0159 2708 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
    13:37:24.0161 2708 Ndisuio - ok
    13:37:24.0185 2708 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
    13:37:24.0187 2708 NdisWan - ok
    13:37:24.0205 2708 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
    13:37:24.0207 2708 NDProxy - ok
    13:37:24.0258 2708 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
    13:37:24.0260 2708 NetBIOS - ok
    13:37:24.0285 2708 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
    13:37:24.0289 2708 NetBT - ok
    13:37:24.0351 2708 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
    13:37:24.0352 2708 nfrd960 - ok
    13:37:24.0394 2708 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
    13:37:24.0395 2708 Npfs - ok
    13:37:24.0420 2708 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
    13:37:24.0421 2708 nsiproxy - ok
    13:37:24.0518 2708 Ntfs (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys
    13:37:24.0538 2708 Ntfs - ok
    13:37:24.0599 2708 NuidFltr (d4012918d3a3847b44b888d56bc095d6) C:\Windows\system32\DRIVERS\NuidFltr.sys
    13:37:24.0601 2708 NuidFltr - ok
    13:37:24.0625 2708 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
    13:37:24.0627 2708 Null - ok
    13:37:24.0649 2708 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys
    13:37:24.0653 2708 nvraid - ok
    13:37:24.0665 2708 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys
    13:37:24.0669 2708 nvstor - ok
    13:37:24.0678 2708 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
    13:37:24.0681 2708 nv_agp - ok
    13:37:24.0717 2708 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
    13:37:24.0719 2708 ohci1394 - ok
    13:37:24.0742 2708 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
    13:37:24.0745 2708 Parport - ok
    13:37:24.0765 2708 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
    13:37:24.0767 2708 partmgr - ok
    13:37:24.0786 2708 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
    13:37:24.0789 2708 pci - ok
    13:37:24.0807 2708 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
    13:37:24.0809 2708 pciide - ok
    13:37:24.0829 2708 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
    13:37:24.0832 2708 pcmcia - ok
    13:37:24.0853 2708 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
    13:37:24.0854 2708 pcw - ok
    13:37:24.0975 2708 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
    13:37:24.0983 2708 PEAUTH - ok
    13:37:25.0154 2708 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
    13:37:25.0156 2708 PptpMiniport - ok
    13:37:25.0178 2708 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
    13:37:25.0179 2708 Processor - ok
    13:37:25.0226 2708 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
    13:37:25.0228 2708 Psched - ok
    13:37:25.0286 2708 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
    13:37:25.0302 2708 ql2300 - ok
    13:37:25.0315 2708 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
    13:37:25.0317 2708 ql40xx - ok
    13:37:25.0339 2708 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
    13:37:25.0341 2708 QWAVEdrv - ok
    13:37:25.0354 2708 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
    13:37:25.0355 2708 RasAcd - ok
    13:37:25.0431 2708 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
    13:37:25.0433 2708 RasAgileVpn - ok
    13:37:25.0470 2708 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
    13:37:25.0473 2708 Rasl2tp - ok
    13:37:25.0503 2708 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
    13:37:25.0505 2708 RasPppoe - ok
    13:37:25.0557 2708 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
    13:37:25.0558 2708 RasSstp - ok
    13:37:25.0583 2708 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
    13:37:25.0587 2708 rdbss - ok
    13:37:25.0604 2708 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
    13:37:25.0606 2708 rdpbus - ok
    13:37:25.0668 2708 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
    13:37:25.0669 2708 RDPCDD - ok
    13:37:25.0717 2708 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
    13:37:25.0718 2708 RDPENCDD - ok
    13:37:25.0751 2708 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
    13:37:25.0752 2708 RDPREFMP - ok
    13:37:25.0782 2708 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
    13:37:25.0785 2708 RDPWD - ok
    13:37:25.0803 2708 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
    13:37:25.0806 2708 rdyboost - ok
    13:37:25.0878 2708 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
    13:37:25.0880 2708 rspndr - ok
    13:37:25.0924 2708 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
    13:37:25.0926 2708 sbp2port - ok
    13:37:25.0982 2708 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
    13:37:25.0984 2708 scfilter - ok
    13:37:26.0030 2708 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
    13:37:26.0050 2708 secdrv - ok
    13:37:26.0114 2708 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
    13:37:26.0115 2708 Serenum - ok
    13:37:26.0163 2708 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
    13:37:26.0166 2708 Serial - ok
    13:37:26.0210 2708 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
    13:37:26.0211 2708 sermouse - ok
    13:37:26.0281 2708 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
    13:37:26.0282 2708 sffdisk - ok
    13:37:26.0326 2708 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
    13:37:26.0327 2708 sffp_mmc - ok
    13:37:26.0368 2708 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\DRIVERS\sffp_sd.sys
    13:37:26.0370 2708 sffp_sd - ok
    13:37:26.0434 2708 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
    13:37:26.0435 2708 sfloppy - ok
    13:37:26.0494 2708 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
    13:37:26.0501 2708 SiSRaid2 - ok
    13:37:26.0516 2708 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
    13:37:26.0518 2708 SiSRaid4 - ok
    13:37:26.0552 2708 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
    13:37:26.0554 2708 Smb - ok
    13:37:26.0633 2708 snapman (10450f432811d7fda60a97fcc674d7b2) C:\Windows\system32\DRIVERS\snapman.sys
    13:37:26.0636 2708 snapman - ok
    13:37:26.0678 2708 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
    13:37:26.0679 2708 spldr - ok
    13:37:26.0740 2708 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
    13:37:26.0746 2708 srv - ok
    13:37:26.0768 2708 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
    13:37:26.0774 2708 srv2 - ok
    13:37:26.0810 2708 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
    13:37:26.0812 2708 srvnet - ok
    13:37:26.0858 2708 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
    13:37:26.0859 2708 stexstor - ok
    13:37:26.0909 2708 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
    13:37:26.0910 2708 swenum - ok
    13:37:27.0025 2708 Tcpip (b9d87c7707f058ac652a398cd28de14b) C:\Windows\system32\drivers\tcpip.sys
    13:37:27.0036 2708 Tcpip - ok
    13:37:27.0082 2708 TCPIP6 (b9d87c7707f058ac652a398cd28de14b) C:\Windows\system32\DRIVERS\tcpip.sys
    13:37:27.0094 2708 TCPIP6 - ok
    13:37:27.0133 2708 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
    13:37:27.0135 2708 tcpipreg - ok
    13:37:27.0161 2708 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
    13:37:27.0163 2708 TDPIPE - ok
    13:37:27.0231 2708 tdrpman273 (99527d49ee0a96fc25537c61b270a372) C:\Windows\system32\DRIVERS\tdrpm273.sys
    13:37:27.0244 2708 tdrpman273 - ok
    13:37:27.0277 2708 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
    13:37:27.0279 2708 TDTCP - ok
    13:37:27.0305 2708 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
    13:37:27.0307 2708 tdx - ok
    13:37:27.0326 2708 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
    13:37:27.0327 2708 TermDD - ok
    13:37:27.0404 2708 timounter (ebbaea02f0095a798000c7e06b16d41b) C:\Windows\system32\DRIVERS\timntr.sys
    13:37:27.0414 2708 timounter - ok
    13:37:27.0445 2708 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
    13:37:27.0447 2708 tssecsrv - ok
    13:37:27.0494 2708 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
    13:37:27.0496 2708 tunnel - ok
    13:37:27.0532 2708 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
    13:37:27.0534 2708 uagp35 - ok
    13:37:27.0561 2708 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
    13:37:27.0565 2708 udfs - ok
    13:37:27.0597 2708 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
    13:37:27.0599 2708 uliagpkx - ok
    13:37:27.0636 2708 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
    13:37:27.0638 2708 umbus - ok
    13:37:27.0663 2708 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
    13:37:27.0664 2708 UmPass - ok
    13:37:27.0691 2708 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys
    13:37:27.0693 2708 usbccgp - ok
    13:37:27.0722 2708 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
    13:37:27.0724 2708 usbcir - ok
    13:37:27.0762 2708 usbehci (2ea4aff7be7eb4632e3aa8595b0803b5) C:\Windows\system32\DRIVERS\usbehci.sys
    13:37:27.0764 2708 usbehci - ok
    13:37:27.0854 2708 usbhub (4c9042b8df86c1e8e6240c218b99b39b) C:\Windows\system32\DRIVERS\usbhub.sys
    13:37:27.0859 2708 usbhub - ok
    13:37:27.0883 2708 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
    13:37:27.0885 2708 usbohci - ok
    13:37:27.0919 2708 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
    13:37:27.0921 2708 usbprint - ok
    13:37:27.0968 2708 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
    13:37:27.0970 2708 usbscan - ok
    13:37:28.0036 2708 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS
    13:37:28.0037 2708 USBSTOR - ok
    13:37:28.0062 2708 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
    13:37:28.0063 2708 usbuhci - ok
    13:37:28.0163 2708 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\system32\Drivers\usbvideo.sys
    13:37:28.0166 2708 usbvideo - ok
    13:37:28.0239 2708 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
    13:37:28.0240 2708 vdrvroot - ok
    13:37:28.0279 2708 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
    13:37:28.0281 2708 vga - ok
    13:37:28.0307 2708 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
    13:37:28.0308 2708 VgaSave - ok
    13:37:28.0330 2708 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
    13:37:28.0333 2708 vhdmp - ok
    13:37:28.0352 2708 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
    13:37:28.0354 2708 viaide - ok
    13:37:28.0373 2708 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
    13:37:28.0374 2708 volmgr - ok
    13:37:28.0396 2708 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
    13:37:28.0400 2708 volmgrx - ok
    13:37:28.0416 2708 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
    13:37:28.0419 2708 volsnap - ok
    13:37:28.0444 2708 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
    13:37:28.0448 2708 vsmraid - ok
    13:37:28.0488 2708 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
    13:37:28.0490 2708 vwifibus - ok
    13:37:28.0510 2708 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
    13:37:28.0512 2708 WacomPen - ok
    13:37:28.0532 2708 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
    13:37:28.0534 2708 WANARP - ok
    13:37:28.0539 2708 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
    13:37:28.0541 2708 Wanarpv6 - ok
    13:37:28.0606 2708 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
    13:37:28.0608 2708 Wd - ok
    13:37:28.0624 2708 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
    13:37:28.0631 2708 Wdf01000 - ok
    13:37:28.0681 2708 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
    13:37:28.0682 2708 WfpLwf - ok
    13:37:28.0701 2708 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
    13:37:28.0703 2708 WIMMount - ok
    13:37:28.0826 2708 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
    13:37:28.0828 2708 WinUsb - ok
    13:37:28.0854 2708 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
    13:37:28.0855 2708 WmiAcpi - ok
    13:37:28.0891 2708 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
    13:37:28.0892 2708 ws2ifsl - ok
    13:37:28.0922 2708 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
    13:37:28.0923 2708 WudfPf - ok
    13:37:28.0942 2708 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
    13:37:28.0945 2708 WUDFRd - ok
    13:37:28.0993 2708 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
    13:37:29.0009 2708 \Device\Harddisk0\DR0 - ok
    13:37:29.0013 2708 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk1\DR7
    13:37:29.0018 2708 \Device\Harddisk1\DR7 - ok
    13:37:29.0022 2708 Boot (0x1200) (ce72ec9aee5497c42f64c6472ac6f3dc) \Device\Harddisk0\DR0\Partition0
    13:37:29.0023 2708 \Device\Harddisk0\DR0\Partition0 - ok
    13:37:29.0036 2708 Boot (0x1200) (1c1c0f551d0a9daa727eef0bb999d1dc) \Device\Harddisk0\DR0\Partition1
    13:37:29.0037 2708 \Device\Harddisk0\DR0\Partition1 - ok
    13:37:29.0040 2708 Boot (0x1200) (4744aa455f7ea4d6236531e58b726304) \Device\Harddisk1\DR7\Partition0
    13:37:29.0042 2708 \Device\Harddisk1\DR7\Partition0 - ok
    13:37:29.0043 2708 ============================================================
    13:37:29.0043 2708 Scan finished
    13:37:29.0043 2708 ============================================================
    13:37:29.0053 1916 Detected object count: 0
    13:37:29.0053 1916 Actual detected object count: 0
     
  11. 2011/11/03
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,583
    Likes Received:
    103
    Trophy Points:
    843
    Location:
    Daly City, CA
    Computer Experience:
    Experienced
    Your MBR is infected with TDL rootkit.
    We have to reset MBR.

    Please Boot to the System Recovery Options
    If you have Windows 7 installation disc, just insert a DVD to the drive, restart computer and it should load automatically (option two presented in the article).
    It's possible also that your computer has a pre-installed recovery partition instead - in such a case use a method one (by pressing F8 before Windows starts loading)...

    On the System Recovery Options menu you will get the following options:

    • Startup Repair
    • System Restore
    • Windows Complete PC Restore
    • Windows Memory Diagnostic Tool
    • Command Prompt

    Choose Command Prompt
    You should see X:\SOURCES>...

    Execute the following commands in bold.
    Press Enter after every one of them.

    bootrec /fixmbr (<--- there is a "space" after "bootrec ")

    exit

    Restart computer.

    Post new aswMBR log.
     
  12. 2011/11/03
    geno368

    geno368 Well-Known Member Thread Starter

    Joined:
    2009/11/19
    Messages:
    219
    Likes Received:
    0
    Trophy Points:
    231
    Computer Experience:
    intermediate
    I go to safe mode with command prompt and get "c:\windows\system32" prompt. I typed in what you suggested and I got the error that it was not a recognized command or batch command(I think that was what it said.) I then went back to root and got the same error.
    What did I do wrong? I don't have a cd..it is in a partition...
    Thanks again...
     
  13. 2011/11/03
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,583
    Likes Received:
    103
    Trophy Points:
    843
    Location:
    Daly City, CA
    Computer Experience:
    Experienced
    This is not what my instructions say.
    Please re-read my instructions and be very careful.
    If you mess up MBR we'll have a problem.
     
  14. 2011/11/04
    geno368

    geno368 Well-Known Member Thread Starter

    Joined:
    2009/11/19
    Messages:
    219
    Likes Received:
    0
    Trophy Points:
    231
    Computer Experience:
    intermediate
    sorry bout that...I had to select "repair my computer" to get there..
    I followed your instruction and after typing in the command, I got an explaination of the commands that were available. I had already typed in the "bootrec fixmbr, so I typed in exit and rebooted. here is the log but it still shows problems I think.

    aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
    Run date: 2011-11-04 16:19:17
    -----------------------------
    16:19:17.836 OS Version: Windows x64 6.1.7600
    16:19:17.836 Number of processors: 2 586 0x170A
    16:19:17.837 ComputerName: DEAN-PC UserName: DEAN
    16:19:20.514 Initialize success
    16:19:33.546 AVAST engine defs: 11103001
    16:19:49.385 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
    16:19:49.388 Disk 0 Vendor: WDC_WD10 01.0 Size: 953869MB BusType: 8
    16:19:49.404 Disk 0 MBR read successfully
    16:19:49.406 Disk 0 MBR scan
    16:19:49.410 Disk 0 MBR:Alureon-I [Rtk]
    16:19:49.415 Disk 0 TDL4@MBR code has been found
    16:19:49.417 Disk 0 Windows 7 default MBR code found via API
    16:19:49.420 Disk 0 MBR hidden
    16:19:49.423 Disk 0 MBR [TDL4] **ROOTKIT**
    16:19:49.426 Disk 0 trace - called modules:
    16:19:49.432 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xfffffa8006169254]<<
    16:19:49.435 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8005fa1060]
    16:19:49.439 3 CLASSPNP.SYS[fffff8800188743f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8005ed5050]
    16:19:49.772 \Driver\iaStor[0xfffffa8005e26060] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> 0xfffffa8006169254
    16:19:52.337 AVAST engine scan C:\Windows
    16:20:05.804 AVAST engine scan C:\Windows\system32
    16:22:02.639 AVAST engine scan C:\Windows\system32\drivers
    16:22:16.550 AVAST engine scan C:\Users\CRABTREE
    16:29:32.506 AVAST engine scan C:\ProgramData
    16:32:23.440 Scan finished successfully
    16:33:00.667 Disk 0 MBR has been saved successfully to "C:\Users\CRABTREE\Desktop\MBR.dat "
    16:33:00.672 The log file has been saved successfully to "C:\Users\CRABTREE\Desktop\aswMBR.txt "
     
  15. 2011/11/04
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,583
    Likes Received:
    103
    Trophy Points:
    843
    Location:
    Daly City, CA
    Computer Experience:
    Experienced
    You're definitely doing something wrong.

    You need to boot to System Recovery.
    Please go to the link I posted and read it very carefully.

    Then the command is NOT
    bootrec fixmbr
    but
    bootrec /fixmbr

    I can't really help you unless you follow my instructions to a dot.
     
  16. 2011/11/05
    geno368

    geno368 Well-Known Member Thread Starter

    Joined:
    2009/11/19
    Messages:
    219
    Likes Received:
    0
    Trophy Points:
    231
    Computer Experience:
    intermediate
    I apologize...here goes:

    aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
    Run date: 2011-11-05 08:59:50
    -----------------------------
    08:59:50.748 OS Version: Windows x64 6.1.7600
    08:59:50.748 Number of processors: 2 586 0x170A
    08:59:50.748 ComputerName: DEAN-PC UserName: DEAN
    08:59:52.324 Initialize success
    09:00:10.983 AVAST engine defs: 11103001
    09:00:14.556 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
    09:00:14.556 Disk 0 Vendor: WDC_WD10 01.0 Size: 953869MB BusType: 8
    09:00:14.571 Disk 0 MBR read successfully
    09:00:14.571 Disk 0 MBR scan
    09:00:14.571 Disk 0 Windows 7 default MBR code
    09:00:14.587 Service scanning
    09:00:17.395 Modules scanning
    09:00:17.395 Disk 0 trace - called modules:
    09:00:17.426 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
    09:00:17.426 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800641c060]
    09:00:17.426 3 CLASSPNP.SYS[fffff880013d043f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8005efa050]
    09:00:19.017 AVAST engine scan C:\Windows
    09:00:23.026 AVAST engine scan C:\Windows\system32
    09:01:38.749 AVAST engine scan C:\Windows\system32\drivers
    09:01:46.986 AVAST engine scan C:\Users\CRABTREE
    09:07:27.066 AVAST engine scan C:\ProgramData
    09:10:00.415 Scan finished successfully
    09:13:48.955 Disk 0 MBR has been saved successfully to "C:\Users\CRABTREE\Desktop\MBR.dat "
    09:13:48.955 The log file has been saved successfully to "C:\Users\CRABTREE\Desktop\aswMBR.txt "
     
  17. 2011/11/05
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,583
    Likes Received:
    103
    Trophy Points:
    843
    Location:
    Daly City, CA
    Computer Experience:
    Experienced
    Now you're talking :)

    Please download ComboFix from [color= "Red"]Here[/color] or [color= "#FF0000"]Here[/color] to your Desktop.

    [color= "Blue"]**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**[/color]
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".
      • Click on [color= "Red"]this link[/color] to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • [color= "Red"]WARNING:[/color] Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results ". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion ", restart computer to fix the issue.



    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode (How to...)

    2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  18. 2011/11/05
    geno368

    geno368 Well-Known Member Thread Starter

    Joined:
    2009/11/19
    Messages:
    219
    Likes Received:
    0
    Trophy Points:
    231
    Computer Experience:
    intermediate
    ComboFix 11-11-05.03 - DEAN 11/05/2011 16:21:23.1.2 - x64
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.6109.4339 [GMT -5:00]
    Running from: c:\users\CRABTREE\Desktop\ComboFix.exe
    SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\programdata\Tarma Installer
    c:\programdata\Tarma Installer\{108A39BF-4ED1-4293-B11A-06BD521FB8F7}\_Setup.dll
    c:\programdata\Tarma Installer\{108A39BF-4ED1-4293-B11A-06BD521FB8F7}\20101219140954.log
    c:\programdata\Tarma Installer\{108A39BF-4ED1-4293-B11A-06BD521FB8F7}\20110125091409.log
    c:\programdata\Tarma Installer\{108A39BF-4ED1-4293-B11A-06BD521FB8F7}\Cache\_Default.tiz
    c:\programdata\Tarma Installer\{108A39BF-4ED1-4293-B11A-06BD521FB8F7}\Cache\AxInterop.ImageEnXLibrary_1.9000.0.0_L_75236aeec3d51fd0_MSIL.tiz
    c:\programdata\Tarma Installer\{108A39BF-4ED1-4293-B11A-06BD521FB8F7}\Cache\CFToolkit_4.1.0.0_a87e673e9ecb6e8e_MSIL.tiz
    c:\programdata\Tarma Installer\{108A39BF-4ED1-4293-B11A-06BD521FB8F7}\Cache\DROPPED_20100101190241.tiz
    c:\programdata\Tarma Installer\{108A39BF-4ED1-4293-B11A-06BD521FB8F7}\Cache\DROPPED_20100101190244.tiz
    c:\programdata\Tarma Installer\{108A39BF-4ED1-4293-B11A-06BD521FB8F7}\Cache\DROPPED_20100101190312.tiz
    c:\programdata\Tarma Installer\{108A39BF-4ED1-4293-B11A-06BD521FB8F7}\Cache\FreeOCR_2.1.0.8_L_075a6c69191ec1db_x86.tiz
    c:\programdata\Tarma Installer\{108A39BF-4ED1-4293-B11A-06BD521FB8F7}\Cache\Interop.ImageLibrary_1.9000.0.0_L_8cdfa8b955dbb1c7_MSIL.tiz
    c:\programdata\Tarma Installer\{108A39BF-4ED1-4293-B11A-06BD521FB8F7}\Cache\Interop.PDFAX0717_7.17.0.0_L_3d5fa783dbb69c0f_MSIL.tiz
    c:\programdata\Tarma Installer\{108A39BF-4ED1-4293-B11A-06BD521FB8F7}\Setup.dat
    c:\programdata\Tarma Installer\{108A39BF-4ED1-4293-B11A-06BD521FB8F7}\Setup.exe
    c:\programdata\Tarma Installer\{108A39BF-4ED1-4293-B11A-06BD521FB8F7}\Setup.ico
    c:\users\Gene\Documents\iexplore.exe
    c:\users\Gene\Documents\Readiris.DUS
    c:\windows\system32\AutoRun.inf
    c:\windows\SysWow64\jucheck.exe
    c:\windows\SysWow64\jusched.exe
    c:\windows\SysWow64\Thumbs.db
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-10-05 to 2011-11-05 )))))))))))))))))))))))))))))))
    .
    .
    2011-11-05 21:30 . 2011-11-05 21:30 -------- d-----w- c:\users\Gene\AppData\Local\temp
    2011-10-31 13:37 . 2011-10-31 14:42 -------- d-----w- C:\X-Plane 9
    2011-10-26 18:57 . 2011-10-26 18:57 -------- d-----w- C:\symbols
    2011-10-26 18:02 . 2011-10-26 18:57 -------- d-----w- c:\program files\Debugging Tools for Windows (x64)
    2011-10-26 18:02 . 2011-10-26 18:02 -------- d-----w- c:\program files\Microsoft SDKs
    2011-10-19 18:44 . 2011-10-19 18:44 -------- d-----w- c:\users\CRABTREE\AppData\Roaming\AVG2012
    2011-10-19 18:42 . 2011-11-05 21:11 -------- d-----w- c:\programdata\AVG2012
    2011-10-18 18:11 . 2011-10-18 22:27 -------- d--h--w- c:\users\CRABTREE\AppData\Roaming\Duojf
    2011-10-18 18:11 . 2011-10-18 18:18 -------- d--h--w- c:\users\CRABTREE\AppData\Roaming\Tydije
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-10-18 20:41 . 2011-06-21 15:47 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2011-10-01 20:06 . 2011-10-01 20:06 285280 ----a-w- c:\windows\system32\drivers\afcdp.sys
    2011-10-01 20:06 . 2011-07-15 22:23 1263200 ----a-w- c:\windows\system32\drivers\tdrpm273.sys
    2011-10-01 20:06 . 2011-10-01 20:06 970336 ----a-w- c:\windows\system32\drivers\timntr.sys
    2011-09-09 19:38 . 2011-09-09 19:38 525544 ----a-w- c:\windows\system32\deployJava1.dll
    2011-09-05 13:13 . 2011-09-05 13:13 277088 ----a-w- c:\windows\system32\drivers\snapman.sys
    2011-08-19 14:55 . 2011-08-19 14:57 94720 ----a-w- c:\windows\system32\antiwpa.dll
    2011-08-11 20:49 . 2011-08-11 20:49 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
    2011-08-11 20:49 . 2011-08-11 20:49 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
    2011-08-11 20:48 . 2011-08-11 20:48 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
    2011-08-11 20:48 . 2011-08-11 20:48 539968 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IncrediMail "= "c:\program files (x86)\IncrediMail\bin\IncMail.exe" [2011-09-26 366024]
    "ehTray.exe "= "c:\windows\ehome\ehTray.exe" [2009-07-14 163328]
    "Sidebar "= "c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
    "RoboForm "= "c:\program files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2011-10-29 107000]
    "swg "= "c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-08-08 39408]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "{0228e555-4f9c-4e35-a3ec-b109a192b4c2} "= "c:\program files (x86)\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232]
    "TrueImageMonitor.exe "= "c:\program files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe" [2011-09-23 5550984]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "RoboForm "= "c:\program files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2011-10-29 107000]
    .
    c:\users\CRABTREE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Logitech . Product Registration.lnk - c:\program files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe [2009-11-16 517384]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin "= 0 (0x0)
    "ConsentPromptBehaviorUser "= 3 (0x3)
    "EnableLUA "= 0 (0x0)
    "EnableUIADesktopToggle "= 0 (0x0)
    "PromptOnSecureDesktop "= 0 (0x0)
    "EnableLinkedConnections "= 1 (0x1)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs "=c:\progra~2\Google\GOBCA7~1\GoogleDesktopNetwork3.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "aux "=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=" "
    .
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 gupdate1c98ebdbdbb100;Google Update Service (gupdate1c98ebdbdbb100);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-09 135664]
    R3 dc3d;MS Hardware Device Detection Driver (HID);c:\windows\system32\DRIVERS\dc3d.sys [x]
    R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files (x86)\Google\Google Desktop Search\GoogleDesktop.exe [2010-08-21 30192]
    R3 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-09 135664]
    R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-09 135664]
    R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
    R3 tvnserver;TightVNC Server;c:\users\CRABTREE\AppData\Local\CrossLoop\tvnserver.exe [2010-07-21 814080]
    R3 uvnc_service;uvnc_service;c:\users\CRABTREE\AppData\Local\CrossLoop\winvnc.exe [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
    S0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);c:\windows\system32\DRIVERS\tdrpm273.sys [x]
    S2 afcdpsrv;Acronis Nonstop Backup Service;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2011-09-05 3246040]
    S2 CrossLoopService;CrossLoop Service;c:\users\CRABTREE\AppData\Local\CrossLoop\CrossLoopService.exe [2010-08-18 560848]
    S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
    S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [x]
    S3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y62x64.sys [x]
    S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [x]
    .
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
    getPlusHelper REG_MULTI_SZ getPlusHelper
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
    2009-06-17 17:11 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-02-06 c:\windows\Tasks\AWC Startup.job
    - c:\program files (x86)\IObit\Advanced SystemCare 3\AWC.exe [2009-07-12 22:19]
    .
    2011-11-05 c:\windows\Tasks\Google Software Updater.job
    - c:\program files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-08-27 20:41]
    .
    2011-11-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-09 22:04]
    .
    2011-11-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-09 22:04]
    .
    2011-11-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2570443451-2467324081-1727471922-1000Core.job
    - c:\users\CRABTREE\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-02 12:39]
    .
    2011-11-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2570443451-2467324081-1727471922-1000UA.job
    - c:\users\CRABTREE\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-02 12:39]
    .
    .
    --------- x86-64 -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RtHDVCpl "= "c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-20 7981088]
    "EvtMgr6 "= "c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-10-28 1680976]
    "NvCplDaemon "= "c:\windows\system32\NvCpl.dll" [2008-05-23 15851040]
    "NvMediaCenter "= "c:\windows\system32\NvMcTray.dll" [2008-05-23 82464]
    "IgfxTray "= "c:\windows\system32\igfxtray.exe" [2011-02-12 162328]
    "HotKeysCmds "= "c:\windows\system32\hkcmd.exe" [2011-02-12 386584]
    "Persistence "= "c:\windows\system32\igfxpers.exe" [2011-02-12 417304]
    "Acronis Scheduler2 Service "= "c:\program files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" [2011-02-02 390720]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs "=0x0
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/
    uLocal Page = c:\windows\system32\blank.htm
    mStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=dx4822&r=173601106206p0365v1j5k4871r25n
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = localhost
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: Customize Menu - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
    IE: Fill Forms - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
    IE: RoboForm Toolbar - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    IE: Save Forms - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    Trusted Zone: intuit.com\ttlc
    TCP: DhcpNameServer = 192.168.1.254 192.168.1.254
    DPF: {A27C56D2-3F58-4ABB-AA31-1168EDA6636F} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab
    DPF: {AA25A56C-B654-4356-B390-DC3594B75C63} - hxxp://65.15.154.215:81/codebase/HCNetVideoActiveX.cab
    FF - ProfilePath - c:\users\CRABTREE\AppData\Roaming\Mozilla\Firefox\Profiles\xzvs5cdp.default\
    FF - prefs.js: browser.search.selectedEngine - Dogpile
    FF - prefs.js: browser.startup.homepage - hxxp://att.my.yahoo.com/?_bc=1
    FF - prefs.js: keyword.URL - hxxp://mystart.incredimail.com/?loc=ff_address_bar&a=1uwsoPxbpd9&search=
    FF - prefs.js: network.proxy.type - 4
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-Locked - (no file)
    Wow6432Node-HKCU-Run-RESTART_STICKY_NOTES - c:\windows\System32\StikyNot.exe
    Wow6432Node-HKLM-Run-TaskTray - (no file)
    Notify-GoToAssist - (no file)
    Toolbar-Locked - (no file)
    AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
    AddRemove-FloatLED_is1 - c:\program files (x86)\FloatLED\unins000.exe
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
    @Denied: (2) (LocalSystem)
    "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977 "=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,1f,1b,63,ed,c3,54,34,4c,a0,61,08,\
    "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81 "=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,1f,1b,63,ed,c3,54,34,4c,a0,61,08,\
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @= "FlashBroker "
    "LocalizedString "= "@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10w_ActiveX.exe,-101 "
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled "=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @= "c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10w_ActiveX.exe "
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @= "Shockwave Flash Object "
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @= "c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx "
    "ThreadingModel "= "Apartment "
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @= "0 "
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @= "ShockwaveFlash.ShockwaveFlash.10 "
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @= "c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx, 1 "
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @= "{D27CDB6B-AE6D-11cf-96B8-444553540000} "
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @= "1.0 "
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @= "ShockwaveFlash.ShockwaveFlash "
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @= "Macromedia Flash Factory Object "
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @= "c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx "
    "ThreadingModel "= "Apartment "
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @= "FlashFactory.FlashFactory.1 "
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @= "c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx, 1 "
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @= "{D27CDB6B-AE6D-11cf-96B8-444553540000} "
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @= "1.0 "
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @= "FlashFactory.FlashFactory "
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @= "IFlashBroker4 "
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @= "{00020424-0000-0000-C000-000000000046} "
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "
    "Version "= "1.0 "
    .
    [HKEY_LOCAL_MACHINE\software\McAfee]
    "SymbolicLinkValue "=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
    00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
    @Denied: (A) (Everyone)
    "Solution "= "{15727DE6-F92D-4E46-ACB4-0E2C58B31A18} "
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
    @Denied: (A) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
    "Key "= "ActionsPane3 "
    "Location "= "c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd "
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Enum\DISPLAY\ACR0007\4&2e65fa43&0&UID16843008\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}]
    @DACL=(02 0000)
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Enum\DISPLAY\ACR0007\4&2e65fa43&0&UID16843008\Properties\{83da6326-97a6-4088-9453-a1923f573b29}]
    @DACL=(02 0000)
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Enum\DISPLAY\ACR0007\4&2e65fa43&0&UID16843008\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}]
    @DACL=(02 0000)
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Enum\DISPLAY\Default_Monitor\4&2e65fa43&0&UID16843008\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}]
    @DACL=(02 0000)
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Enum\DISPLAY\Default_Monitor\4&2e65fa43&0&UID16843008\Properties\{83da6326-97a6-4088-9453-a1923f573b29}]
    @DACL=(02 0000)
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Enum\DISPLAY\Default_Monitor\4&2e65fa43&0&UID16843008\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}]
    @DACL=(02 0000)
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Enum\DISPLAY\DELF003\4&2e65fa43&0&UID16843008\Device Parameters\MODES]
    @DACL=(02 0000)
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Enum\DISPLAY\DELF003\4&2e65fa43&0&UID16843008\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}]
    @DACL=(02 0000)
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Enum\DISPLAY\DELF003\4&2e65fa43&0&UID16843008\Properties\{83da6326-97a6-4088-9453-a1923f573b29}]
    @DACL=(02 0000)
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Enum\DISPLAY\DELF003\4&2e65fa43&0&UID16843008\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}]
    @DACL=(02 0000)
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Enum\DISPLAY\HWP26A2\4&2e65fa43&0&UID16843008\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}]
    @DACL=(02 0000)
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Enum\DISPLAY\HWP26A2\4&2e65fa43&0&UID16843008\Properties\{83da6326-97a6-4088-9453-a1923f573b29}]
    @DACL=(02 0000)
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Enum\DISPLAY\HWP26A2\4&2e65fa43&0&UID16843008\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}]
    @DACL=(02 0000)
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Enum\DISPLAY\SAM016B\4&2e65fa43&0&UID16843008\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}]
    @DACL=(02 0000)
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Enum\DISPLAY\SAM016B\4&2e65fa43&0&UID16843008\Properties\{83da6326-97a6-4088-9453-a1923f573b29}]
    @DACL=(02 0000)
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Enum\DISPLAY\SAM016B\4&2e65fa43&0&UID16843008\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}]
    @DACL=(02 0000)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    c:\program files (x86)\Common Files\Portrait Displays\Shared\dtsrvc.exe
    c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
    c:\program files (x86)\IncrediMail\Bin\ImApp.exe
    c:\program files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
    .
    **************************************************************************
    .
    Completion time: 2011-11-05 16:39:35 - machine was rebooted
    ComboFix-quarantined-files.txt 2011-11-05 21:39
    .
    Pre-Run: 650,206,040,064 bytes free
    Post-Run: 652,180,041,728 bytes free
    .
    - - End Of File - - 2103B0F82B44F0D541BF3C0F66F231B8
     
  19. 2011/11/05
    geno368

    geno368 Well-Known Member Thread Starter

    Joined:
    2009/11/19
    Messages:
    219
    Likes Received:
    0
    Trophy Points:
    231
    Computer Experience:
    intermediate
    This log file is located at C:\rkill.log.
    Please post this only if requested to by the person helping you.
    Otherwise you can close this log when you wish.

    Rkill was run on 11/05/2011 at 16:47:22.
    Operating System: Windows 7 Home Premium


    Processes terminated by Rkill or while it was running:

    C:\Users\CRABTREE\AppData\Local\CrossLoop\CrossLoopService.exe
    C:\Windows\SysWOW64\rundll32.exe


    Rkill completed on 11/05/2011 at 16:47:34.
     
  20. 2011/11/05
    geno368

    geno368 Well-Known Member Thread Starter

    Joined:
    2009/11/19
    Messages:
    219
    Likes Received:
    0
    Trophy Points:
    231
    Computer Experience:
    intermediate
    FYI, crossloop is a program that is safe and I have used it for years...If it deleted it I can re-install.
    Thanks again for your help
     
  21. 2011/11/05
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,583
    Likes Received:
    103
    Trophy Points:
    843
    Location:
    Daly City, CA
    Computer Experience:
    Experienced
    rKill doesn't delete anything.

    How is computer doing?

    1. Please open Notepad
    • Click Start , then Run
    • Type notepad .exe in the Run Box
    • Click OK
    Windows Vista/7 users: click Start, in "Start search" type notepad and press Enter.

    2. Now copy/paste the entire content of the codebox below into the Notepad window:

    Code:
    Folder::
    c:\users\CRABTREE\AppData\Roaming\Duojf
    c:\users\CRABTREE\AppData\Roaming\Tydije
    

    3. Save the above as CFScript.txt

    4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

    5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

    [​IMG]


    6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
    • Combofix.txt
     

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.