Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads

Password changing malware

This is a discussion on Password changing malware within the Resolved HJT Threads forums, part of the Tech Support Forum category. I am experiencing some kind of program that is changing my passwords and possibly redirecting my browser. I have Windows


 
 
Thread Tools Search this Thread
Old 11-27-2011, 04:39 PM   #1
Registered Member
 
Join Date: Nov 2011
Posts: 24
OS: xp



I am experiencing some kind of program that is changing my passwords and possibly redirecting my browser. I have Windows Defender for an antivirus checker. I have run Microsofts online virus check. I have also run another online virus check but they all say my computer is clean.

I originally noticed the problem when trying to log into my Paypal account to find that my password had been changed and my account was wiped. After resetting my password I tried to log in again only to find that the password had been changed again. I have alerted my banks but so far nothing has happened there - all the cards I used online have been cancelled.

I believe that this virus is also affecting my google email account passwords. I think it might have attached itself to the password save program. At this point I am receiving a message when I try to access google chrome " Your profile cnnot be used because it is from a newer version of Google Chrome. Some features may be unavailable. Please specifiy a different profile directory or use a newer version of Chrome." I have downloaded the latest version of Chrome twice since I started receiving this message. I am also having to reset or re-enter passwords periodically on certain accounts.

DDS txt as follows:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_29
Run by Rahn Heart at 18:17:19 on 2011-11-27
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1013.570 [GMT -6:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\MetaTrader 5\metatester.exe
C:\Program Files\MetaTrader 5\metatester.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\StartNow Toolbar\ToolbarUpdaterService.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\system32\wscntfy.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: jZip Toolbar: {1e48c56f-08cd-43aa-a6ef-c1ec891551ab} - c:\progra~1\wi83e4~1\datamngr\toolbar\jzipdtx.dll
BHO: UrlHelper Class: {41c4aa37-1ddd-4345-b8dc-734e4b38414d} - c:\progra~1\wi83e4~1\datamngr\IEBHO.dll
BHO: StartNow Toolbar Helper: {6e13d095-45c3-4271-9475-f3b48227dd9f} - c:\program files\startnow toolbar\Toolbar32.dll
BHO: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - c:\program files\search toolbar\SearchToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\progra~1\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
TB: jZip Toolbar: {1e48c56f-08cd-43aa-a6ef-c1ec891551ab} - c:\progra~1\wi83e4~1\datamngr\toolbar\jzipdtx.dll
TB: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - c:\program files\search toolbar\SearchToolbar.dll
TB: StartNow Toolbar: {5911488e-9d1e-40ec-8cbb-06b231cc153f} - c:\program files\startnow toolbar\Toolbar32.dll
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1293636134812
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 209.55.5.10 209.55.5.11
TCP: Interfaces\{7CC2ACE8-287C-4F0F-9422-CDEFD0EF1B62} : DhcpNameServer = 209.55.5.10 209.55.5.11
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\progra~1\wi83e4~1\datamngr\datamngr.dll c:\progra~1\wi83e4~1\datamngr\IEBHO.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\window~4\MpShHook.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\rahn heart\application data\mozilla\firefox\profiles\ne38lv3l.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://www.bing.com/?FORM=Z9FD1
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z204&form=ZGAADF&install_date=20111116&q=
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\documents and settings\rahn heart\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\rahn heart\application data\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\documents and settings\rahn heart\local settings\application data\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\canon\easy-photoprint ex\NPEZFFPI.DLL
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
.
============= SERVICES / DRIVERS ===============
.
R1 cdrdrv;cdrdrv;c:\windows\system32\drivers\Cdrdrv.sys [2011-2-27 47616]
R1 vobcom;vobcom;c:\windows\system32\drivers\vobcom.sys [2011-2-27 9728]
R1 vobiw;vobiw;c:\windows\system32\drivers\vobIW.sys [2011-2-27 192512]
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\seagate\seagatemanager\sync\FreeAgentService.exe [2009-12-18 189736]
R2 MetaTester-1;MetaTester-1;c:\program files\metatrader 5\metatester.exe [2011-7-1 2006672]
R2 MetaTester-2;MetaTester-2;c:\program files\metatrader 5\metatester.exe [2011-7-1 2006672]
R2 Updater Service for StartNow Toolbar;Updater Service for StartNow Toolbar;c:\program files\startnow toolbar\ToolbarUpdaterService.exe [2011-7-27 267488]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-2-20 136176]
S3 dz2kscsi;dz2kscsi;c:\windows\system32\drivers\dz2kscsi.sys [2011-2-27 10496]
S3 dz2kusb;dz2kusb;c:\windows\system32\drivers\dz2kusb.sys [2011-2-27 11264]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-2-20 136176]
S3 silabenm;Silicon Labs CP210x USB to UART Bridge Serial Port Enumerator Driver;c:\windows\system32\drivers\silabenm.sys [2011-2-20 17920]
S3 silabser;Silicon Labs CP210x USB to UART Bridge Driver;c:\windows\system32\drivers\silabser.sys [2011-2-20 60544]
.
=============== Created Last 30 ================
.
2011-11-27 14:32:41 56200 ----a-w- c:\documents and settings\all users\application data\microsoft\windows defender\definition updates\{19e46241-9192-450e-9b24-694b7191a1d3}\offreg.dll
2011-11-25 07:54:30 6668624 ----a-w- c:\documents and settings\all users\application data\microsoft\windows defender\definition updates\{19e46241-9192-450e-9b24-694b7191a1d3}\mpengine.dll
2011-11-24 08:03:27 -------- d-----w- c:\documents and settings\rahn heart\application data\QuickScan
2011-11-18 06:03:41 -------- d-----w- c:\documents and settings\rahn heart\application data\Dropbox
2011-11-16 13:21:02 -------- d-----w- c:\documents and settings\rahn heart\application data\DVDVideoSoft
2011-11-16 13:21:00 -------- d-----w- c:\program files\DVDVideoSoft
2011-11-16 13:21:00 -------- d-----w- c:\program files\common files\DVDVideoSoft
2011-11-16 13:08:16 -------- d-----w- c:\program files\StartNow Toolbar
2011-11-16 04:28:37 -------- d-----w- c:\documents and settings\all users\application data\FreeRIP
2011-11-16 04:28:32 -------- d-----w- c:\program files\Search Toolbar
2011-11-16 04:21:58 -------- d-----w- c:\documents and settings\rahn heart\application data\NCH Software
2011-11-14 18:12:19 98304 ----a-w- c:\windows\system32\CNC320I.DLL
2011-11-14 18:12:19 274432 ----a-w- c:\windows\system32\CNC320L.DLL
2011-11-14 18:12:19 192512 ----a-w- c:\windows\system32\CNC320O.DLL
2011-11-14 18:12:19 15872 ----a-w- c:\windows\system32\CNHMCA.dll
2011-11-14 18:12:18 1331200 ----a-w- c:\windows\system32\CNC320C.DLL
2011-11-14 18:12:14 32128 -c--a-w- c:\windows\system32\dllcache\usbccgp.sys
2011-11-14 18:12:14 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2011-11-14 18:05:56 69632 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\CNMPP9O.DLL
2011-11-14 18:05:56 27136 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\CNMPD9O.DLL
2011-11-14 18:05:55 236032 ----a-w- c:\windows\system32\CNMLM9O.DLL
2011-11-14 18:05:42 178176 ----a-w- c:\windows\system32\CNMIU9O.DLL
2011-11-14 17:43:43 368640 ----a-w- c:\windows\system32\ReWire.dll
2011-11-14 17:42:58 -------- d-----w- c:\program files\Cakewalk
2011-11-14 17:42:58 -------- d-----w- C:\Cakewalk Projects
2011-11-14 17:17:34 38480 ------w- c:\windows\system32\IJRMF.exe
2011-11-14 00:40:03 -------- d-----w- c:\windows\system32\wbem\repository\FS
2011-11-14 00:40:03 -------- d-----w- c:\windows\system32\wbem\Repository
2011-11-14 00:32:27 -------- d-----w- c:\program files\Bonjour
2011-11-14 00:27:46 -------- d-----w- c:\documents and settings\all users\application data\Percussion Kit
2011-11-14 00:27:40 -------- d-----w- c:\program files\Nikon
2011-11-14 00:27:33 -------- d-----w- c:\program files\common files\Ulead Systems
2011-11-13 22:53:28 -------- d-----w- c:\documents and settings\rahn heart\local settings\application data\Thunderbird
2011-11-12 02:07:14 -------- d-----w- c:\documents and settings\rahn heart\application data\Cakewalk
2011-11-12 01:53:06 -------- d-----w- c:\documents and settings\all users\application data\Cakewalk
2011-11-08 01:51:51 -------- d-----w- c:\documents and settings\rahn heart\local settings\application data\Octoshape
2011-11-08 01:51:50 -------- d-----w- c:\documents and settings\rahn heart\application data\Octoshape
2011-11-04 05:50:34 -------- d-----w- c:\program files\Windows Media Connect 2
2011-11-01 01:33:05 -------- d-----w- c:\program files\common files\CANON
2011-10-30 17:30:11 -------- d-----w- c:\documents and settings\rahn heart\local settings\application data\Mozilla
2011-10-29 14:50:37 -------- d-----w- c:\program files\NinjaTrader 7
.
==================== Find3M ====================
.
2011-11-14 23:47:41 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-10-03 1103 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-10-03 08:37:52 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-09-28 0750 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 17:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 17:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 17:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-09 09:12:13 599040 ----a-w- c:\windows\system32\crypt32(3).dll
2011-09-06 13:20:51 1858944 ----a-w- c:\windows\system32\win32k.sys
.
============= FINISH: 18:18:02.42 ===============
Attached Files
File Type: zip Attach.zip (4.0 KB, 8 views)

__________________
RHeart is offline  
Old 11-28-2011, 06:29 PM   #2
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 26,218
OS: XP SP3; Win7 32/64-bit



Hello and Welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

Windows Defender is not an antivirus. We will need to install one eventually. Do you have a preference, or would you like a recommendation?

------------------------------------------------------

Please uninstall the following via Start->(or My Computer)->Control Panel->Add or Remove Programs if it still exists:

Search Toolbar<<Please read this

------------------------------------------------------

Please uninstall the following via Start->(or Computer)->Control Panel->Add or Remove Programs if it still exists:

StartNow Toolbar<<Please read this

------------------------------------------------------

I need to see a gmer log in order to help you.

Download GMER Rootkit Scanner from here and Save it to your Desktop.
  • Double-click gmer.exe to run it. If asked to allow gmer.sys driver to load, please consent.
  • First, gmer will run a short, initial scan.
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.



    Click the image to enlarge it


  • In the right panel, you will see several boxes that have been checked. Ensure the following are UNCHECKED ...
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
  • Then click the Scan button & wait for it to finish.
  • Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.
  • Save it where you can easily find it, such as your desktop, and attach it to your next reply.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries


------------------------------------------------------

__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

chemist is offline  
Old 11-29-2011, 08:35 PM   #3
Registered Member
 
Join Date: Nov 2011
Posts: 24
OS: xp



Thank you.

Just as an added note - Firefox is telling me that when Google starts up I am being redirected and I am asked if I want to allow this - so far I am not allowing it.
__________________
RHeart is offline  
Old 11-29-2011, 10:43 PM   #4
Registered Member
 
Join Date: Nov 2011
Posts: 24
OS: xp



Here you go with the Gmer
Attached Files
File Type: txt Gmer.txt (33.3 KB, 9 views)
__________________
RHeart is offline  
Old 11-30-2011, 04:37 AM   #5
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 26,218
OS: XP SP3; Win7 32/64-bit



Hello RHeart. I'm not seeing anything in your logs.

When you run this tool, remember to choose 'Skip' not 'Cure' if it finds something. We just want a scan, not a fix.

Download TDSSKiller.exe and Save it to your Desktop.

Double-click TDSSKiller.exe and click 'Run'

Click 'Change parameters' then under 'Additional options' tick both boxes > OK.

Click 'Start scan'.

If no infection is found, click 'Close' and let me know.

If an infection is found, select 'Skip' from the dropdown menu under 'Cure' then click 'Continue' > 'Close' > 'Close'.

It will produce a log here > C:\TDSSKiller.2.6.21.0_date_time_log.txt

Please navigate to the file, double-click to open it, and copy/paste the contents in your next reply.

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

chemist is offline  
Old 12-01-2011, 03:06 PM   #6
Registered Member
 
Join Date: Nov 2011
Posts: 24
OS: xp



16:59:12.0703 3372 TDSS rootkit removing tool 2.6.21.0 Nov 24 2011 12:32:44
16:59:13.0234 3372 ============================================================
16:59:13.0234 3372 Current date / time: 2011/12/01 16:59:13.0234
16:59:13.0234 3372 SystemInfo:
16:59:13.0234 3372
16:59:13.0234 3372 OS Version: 5.1.2600 ServicePack: 3.0
16:59:13.0234 3372 Product type: Workstation
16:59:13.0234 3372 ComputerName: NONE-9B9DA41B58
16:59:13.0234 3372 UserName: Rahn Heart
16:59:13.0234 3372 Windows directory: C:\WINDOWS
16:59:13.0234 3372 System windows directory: C:\WINDOWS
16:59:13.0234 3372 Processor architecture: Intel x86
16:59:13.0234 3372 Number of processors: 2
16:59:13.0234 3372 Page size: 0x1000
16:59:13.0234 3372 Boot type: Normal boot
16:59:13.0234 3372 ============================================================
16:59:14.0609 3372 Initialize success
17:00:24.0171 3284 ============================================================
17:00:24.0171 3284 Scan started
17:00:24.0171 3284 Mode: Manual; SigCheck; TDLFS;
17:00:24.0171 3284 ============================================================
17:00:25.0250 3284 Abiosdsk - ok
17:00:25.0265 3284 abp480n5 - ok
17:00:25.0296 3284 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
17:00:26.0421 3284 ACPI - ok
17:00:26.0500 3284 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
17:00:26.0671 3284 ACPIEC - ok
17:00:26.0671 3284 adpu160m - ok
17:00:26.0718 3284 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
17:00:26.0859 3284 aec - ok
17:00:26.0875 3284 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
17:00:26.0921 3284 AFD - ok
17:00:26.0937 3284 Aha154x - ok
17:00:26.0937 3284 aic78u2 - ok
17:00:26.0953 3284 aic78xx - ok
17:00:26.0953 3284 AliIde - ok
17:00:26.0968 3284 amsint - ok
17:00:26.0984 3284 asc - ok
17:00:26.0984 3284 asc3350p - ok
17:00:27.0000 3284 asc3550 - ok
17:00:27.0031 3284 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
17:00:27.0140 3284 AsyncMac - ok
17:00:27.0156 3284 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
17:00:27.0281 3284 atapi - ok
17:00:27.0281 3284 Atdisk - ok
17:00:27.0312 3284 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
17:00:27.0437 3284 Atmarpc - ok
17:00:27.0484 3284 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
17:00:27.0593 3284 audstub - ok
17:00:27.0625 3284 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
17:00:27.0750 3284 Beep - ok
17:00:27.0796 3284 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
17:00:27.0906 3284 cbidf2k - ok
17:00:27.0921 3284 cd20xrnt - ok
17:00:27.0937 3284 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
17:00:28.0046 3284 Cdaudio - ok
17:00:28.0078 3284 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
17:00:28.0203 3284 Cdfs - ok
17:00:28.0218 3284 cdrdrv (003bf3dd813230b1b9c09be6d44a6e51) C:\WINDOWS\system32\drivers\cdrdrv.sys
17:00:28.0234 3284 cdrdrv ( UnsignedFile.Multi.Generic ) - warning
17:00:28.0234 3284 cdrdrv - detected UnsignedFile.Multi.Generic (1)
17:00:28.0250 3284 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
17:00:28.0375 3284 Cdrom - ok
17:00:28.0390 3284 cercsr6 (84853b3fd012251690570e9e7e43343f) C:\WINDOWS\system32\drivers\cercsr6.sys
17:00:28.0406 3284 cercsr6 ( UnsignedFile.Multi.Generic ) - warning
17:00:28.0406 3284 cercsr6 - detected UnsignedFile.Multi.Generic (1)
17:00:28.0406 3284 Changer - ok
17:00:28.0437 3284 CmdIde - ok
17:00:28.0453 3284 Cpqarray - ok
17:00:28.0468 3284 dac2w2k - ok
17:00:28.0484 3284 dac960nt - ok
17:00:28.0500 3284 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
17:00:28.0625 3284 Disk - ok
17:00:28.0656 3284 DLABMFSM (0659e6e0a95564f958d9df7313f7701e) C:\WINDOWS\system32\DLA\DLABMFSM.SYS
17:00:28.0687 3284 DLABMFSM - ok
17:00:28.0703 3284 DLABOIOM (8691c78908f0bd66170669db268369f2) C:\WINDOWS\system32\DLA\DLABOIOM.SYS
17:00:28.0703 3284 DLABOIOM - ok
17:00:28.0718 3284 DLACDBHM (76167b5eb2dffc729edc36386876b40b) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
17:00:28.0718 3284 DLACDBHM - ok
17:00:28.0734 3284 DLADResM (5615744a1056933b90e6ac54feb86f35) C:\WINDOWS\system32\DLA\DLADResM.SYS
17:00:28.0734 3284 DLADResM - ok
17:00:28.0750 3284 DLAIFS_M (1aeca2afa5005ce4a550cf8eb55a8c88) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
17:00:28.0750 3284 DLAIFS_M - ok
17:00:28.0765 3284 DLAOPIOM (840e7f6abb885c72b9ffddb022ef5b6d) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
17:00:28.0765 3284 DLAOPIOM - ok
17:00:28.0781 3284 DLAPoolM (0294d18731ac05da80132ce88f8a876b) C:\WINDOWS\system32\DLA\DLAPoolM.SYS
17:00:28.0781 3284 DLAPoolM - ok
17:00:28.0796 3284 DLARTL_M (91886fed52a3f9966207bce46cfd794f) C:\WINDOWS\system32\Drivers\DLARTL_M.SYS
17:00:28.0796 3284 DLARTL_M - ok
17:00:28.0812 3284 DLAUDFAM (cca4e121d599d7d1706a30f603731e59) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
17:00:28.0812 3284 DLAUDFAM - ok
17:00:28.0828 3284 DLAUDF_M (7dab85c33135df24419951da4e7d38e5) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
17:00:28.0828 3284 DLAUDF_M - ok
17:00:28.0875 3284 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
17:00:29.0015 3284 dmboot - ok
17:00:29.0031 3284 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
17:00:29.0156 3284 dmio - ok
17:00:29.0171 3284 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
17:00:29.0296 3284 dmload - ok
17:00:29.0328 3284 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
17:00:29.0453 3284 DMusic - ok
17:00:29.0468 3284 dpti2o - ok
17:00:29.0484 3284 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
17:00:29.0593 3284 drmkaud - ok
17:00:29.0625 3284 DRVMCDB (c00440385cf9f3d142917c63f989e244) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
17:00:29.0640 3284 DRVMCDB - ok
17:00:29.0640 3284 DRVNDDM (6e6ab29d3c06e64ce81feacda85394b5) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
17:00:29.0656 3284 DRVNDDM - ok
17:00:29.0687 3284 dz2kscsi (c46e4bb4aa2ab6b31d90bfefbb0b921a) C:\WINDOWS\system32\DRIVERS\dz2kscsi.sys
17:00:29.0703 3284 dz2kscsi ( UnsignedFile.Multi.Generic ) - warning
17:00:29.0703 3284 dz2kscsi - detected UnsignedFile.Multi.Generic (1)
17:00:29.0718 3284 dz2kusb (b394b02829bc9c9db21844155d1a1a51) C:\WINDOWS\system32\DRIVERS\dz2kusb.sys
17:00:29.0734 3284 dz2kusb ( UnsignedFile.Multi.Generic ) - warning
17:00:29.0734 3284 dz2kusb - detected UnsignedFile.Multi.Generic (1)
17:00:29.0781 3284 e1express (34aaa3b298a852b3663e6e0d94d12945) C:\WINDOWS\system32\DRIVERS\e1e5132.sys
17:00:29.0796 3284 e1express - ok
17:00:29.0828 3284 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
17:00:29.0953 3284 Fastfat - ok
17:00:29.0968 3284 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
17:00:30.0078 3284 Fdc - ok
17:00:30.0109 3284 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
17:00:30.0234 3284 Fips - ok
17:00:30.0250 3284 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
17:00:30.0375 3284 Flpydisk - ok
17:00:30.0406 3284 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
17:00:30.0515 3284 FltMgr - ok
17:00:30.0531 3284 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
17:00:30.0640 3284 Fs_Rec - ok
17:00:30.0640 3284 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
17:00:30.0765 3284 Ftdisk - ok
17:00:30.0796 3284 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
17:00:30.0921 3284 Gpc - ok
17:00:30.0937 3284 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
17:00:31.0031 3284 HDAudBus - ok
17:00:31.0046 3284 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
17:00:31.0171 3284 hidusb - ok
17:00:31.0187 3284 hpn - ok
17:00:31.0218 3284 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
17:00:31.0265 3284 HTTP - ok
17:00:31.0281 3284 i2omgmt - ok
17:00:31.0296 3284 i2omp - ok
17:00:31.0296 3284 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\drivers\i8042prt.sys
17:00:31.0421 3284 i8042prt - ok
17:00:31.0578 3284 ialm (28423512370705aeda6a652fedb25468) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
17:00:31.0859 3284 ialm - ok
17:00:31.0937 3284 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
17:00:32.0062 3284 Imapi - ok
17:00:32.0062 3284 ini910u - ok
17:00:32.0203 3284 IntcAzAudAddService (17bbbabb21f86b650b2626045a9d016c) C:\WINDOWS\system32\drivers\RtkHDAud.sys
17:00:32.0390 3284 IntcAzAudAddService - ok
17:00:32.0437 3284 IntelIde - ok
17:00:32.0468 3284 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
17:00:32.0593 3284 intelppm - ok
17:00:32.0625 3284 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
17:00:32.0765 3284 Ip6Fw - ok
17:00:32.0796 3284 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
17:00:32.0921 3284 IpFilterDriver - ok
17:00:32.0937 3284 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
17:00:33.0062 3284 IpInIp - ok
17:00:33.0093 3284 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
17:00:33.0203 3284 IpNat - ok
17:00:33.0234 3284 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
17:00:33.0359 3284 IPSec - ok
17:00:33.0375 3284 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
17:00:33.0421 3284 IRENUM - ok
17:00:33.0453 3284 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
17:00:33.0578 3284 isapnp - ok
17:00:33.0593 3284 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
17:00:33.0734 3284 Kbdclass - ok
17:00:33.0750 3284 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
17:00:33.0859 3284 kbdhid - ok
17:00:33.0906 3284 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
17:00:34.0031 3284 kmixer - ok
17:00:34.0046 3284 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
17:00:34.0109 3284 KSecDD - ok
17:00:34.0125 3284 lbrtfdc - ok
17:00:34.0171 3284 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
17:00:34.0281 3284 mnmdd - ok
17:00:34.0296 3284 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
17:00:34.0421 3284 Modem - ok
17:00:34.0437 3284 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
17:00:34.0562 3284 Mouclass - ok
17:00:34.0593 3284 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
17:00:34.0718 3284 mouhid - ok
17:00:34.0718 3284 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
17:00:34.0828 3284 MountMgr - ok
17:00:34.0828 3284 mraid35x - ok
17:00:34.0843 3284 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
17:00:34.0953 3284 MRxDAV - ok
17:00:35.0000 3284 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
17:00:35.0062 3284 MRxSmb - ok
17:00:35.0078 3284 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
17:00:35.0218 3284 Msfs - ok
17:00:35.0250 3284 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
17:00:35.0359 3284 MSKSSRV - ok
17:00:35.0375 3284 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
17:00:35.0500 3284 MSPCLOCK - ok
17:00:35.0515 3284 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
17:00:35.0625 3284 MSPQM - ok
17:00:35.0640 3284 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
17:00:35.0765 3284 mssmbios - ok
17:00:35.0781 3284 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
17:00:35.0828 3284 Mup - ok
17:00:35.0843 3284 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
17:00:35.0968 3284 NDIS - ok
17:00:36.0000 3284 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
17:00:36.0046 3284 NdisTapi - ok
17:00:36.0078 3284 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
17:00:36.0203 3284 Ndisuio - ok
17:00:36.0203 3284 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
17:00:36.0312 3284 NdisWan - ok
17:00:36.0343 3284 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
17:00:36.0390 3284 NDProxy - ok
17:00:36.0406 3284 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
17:00:36.0531 3284 NetBIOS - ok
17:00:36.0546 3284 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
17:00:36.0671 3284 NetBT - ok
17:00:36.0703 3284 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
17:00:36.0843 3284 Npfs - ok
17:00:36.0875 3284 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
17:00:37.0000 3284 Ntfs - ok
17:00:37.0031 3284 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
17:00:37.0140 3284 Null - ok
17:00:37.0171 3284 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
17:00:37.0281 3284 NwlnkFlt - ok
17:00:37.0281 3284 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
17:00:37.0406 3284 NwlnkFwd - ok
17:00:37.0437 3284 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
17:00:37.0531 3284 Parport - ok
17:00:37.0562 3284 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
17:00:37.0687 3284 PartMgr - ok
17:00:37.0703 3284 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
17:00:37.0828 3284 ParVdm - ok
17:00:37.0828 3284 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
17:00:37.0937 3284 PCI - ok
17:00:37.0937 3284 PCIDump - ok
17:00:37.0968 3284 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
17:00:38.0078 3284 PCIIde - ok
17:00:38.0093 3284 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
17:00:38.0203 3284 Pcmcia - ok
17:00:38.0218 3284 PDCOMP - ok
17:00:38.0218 3284 PDFRAME - ok
17:00:38.0234 3284 PDRELI - ok
17:00:38.0234 3284 PDRFRAME - ok
17:00:38.0250 3284 perc2 - ok
17:00:38.0250 3284 perc2hib - ok
17:00:38.0296 3284 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
17:00:38.0421 3284 PptpMiniport - ok
17:00:38.0437 3284 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
17:00:38.0546 3284 PSched - ok
17:00:38.0578 3284 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
17:00:38.0703 3284 Ptilink - ok
17:00:38.0718 3284 PxHelp20 (feffcfdc528764a04c8ed63d5fa6e711) C:\WINDOWS\system32\Drivers\PxHelp20.sys
17:00:38.0734 3284 PxHelp20 ( UnsignedFile.Multi.Generic ) - warning
17:00:38.0734 3284 PxHelp20 - detected UnsignedFile.Multi.Generic (1)
17:00:38.0734 3284 ql1080 - ok
17:00:38.0750 3284 Ql10wnt - ok
17:00:38.0750 3284 ql12160 - ok
17:00:38.0765 3284 ql1240 - ok
17:00:38.0765 3284 ql1280 - ok
17:00:38.0796 3284 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
17:00:38.0906 3284 RasAcd - ok
17:00:38.0921 3284 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
17:00:39.0015 3284 Rasl2tp - ok
17:00:39.0031 3284 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
17:00:39.0156 3284 RasPppoe - ok
17:00:39.0171 3284 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
17:00:39.0265 3284 Raspti - ok
17:00:39.0312 3284 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
17:00:39.0437 3284 Rdbss - ok
17:00:39.0453 3284 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
17:00:39.0562 3284 RDPCDD - ok
17:00:39.0609 3284 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
17:00:39.0640 3284 RDPWD - ok
17:00:39.0671 3284 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
17:00:39.0796 3284 redbook - ok
17:00:39.0843 3284 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
17:00:39.0890 3284 Secdrv - ok
17:00:39.0921 3284 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
17:00:40.0046 3284 Serial - ok
17:00:40.0062 3284 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
17:00:40.0171 3284 Sfloppy - ok
17:00:40.0203 3284 silabenm (c16173316918a1360dc22947c4ff6352) C:\WINDOWS\system32\DRIVERS\silabenm.sys
17:00:40.0265 3284 silabenm - ok
17:00:40.0296 3284 silabser (093c31ec727ecbcbe38992fc69657594) C:\WINDOWS\system32\DRIVERS\silabser.sys
17:00:40.0312 3284 silabser - ok
17:00:40.0312 3284 Simbad - ok
17:00:40.0328 3284 slabbus - ok
17:00:40.0328 3284 Sparrow - ok
17:00:40.0375 3284 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
17:00:40.0484 3284 splitter - ok
17:00:40.0515 3284 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
17:00:40.0578 3284 sr - ok
17:00:40.0609 3284 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
17:00:40.0687 3284 Srv - ok
17:00:40.0718 3284 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
17:00:40.0843 3284 swenum - ok
17:00:40.0875 3284 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
17:00:41.0000 3284 swmidi - ok
17:00:41.0015 3284 symc810 - ok
17:00:41.0031 3284 symc8xx - ok
17:00:41.0031 3284 sym_hi - ok
17:00:41.0046 3284 sym_u3 - ok
17:00:41.0046 3284 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
17:00:41.0156 3284 sysaudio - ok
17:00:41.0203 3284 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
17:00:41.0265 3284 Tcpip - ok
17:00:41.0296 3284 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
17:00:41.0390 3284 TDPIPE - ok
17:00:41.0406 3284 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
17:00:41.0531 3284 TDTCP - ok
17:00:41.0562 3284 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
17:00:41.0656 3284 TermDD - ok
17:00:41.0671 3284 TosIde - ok
17:00:41.0703 3284 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
17:00:41.0828 3284 Udfs - ok
17:00:41.0843 3284 ultra - ok
17:00:41.0875 3284 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
17:00:42.0000 3284 Update - ok
17:00:42.0046 3284 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
17:00:42.0171 3284 usbccgp - ok
17:00:42.0187 3284 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
17:00:42.0312 3284 usbehci - ok
17:00:42.0312 3284 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
17:00:42.0421 3284 usbhub - ok
17:00:42.0453 3284 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
17:00:42.0578 3284 usbprint - ok
17:00:42.0625 3284 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
17:00:42.0750 3284 usbscan - ok
17:00:42.0765 3284 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
17:00:42.0890 3284 USBSTOR - ok
17:00:42.0906 3284 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
17:00:43.0015 3284 usbuhci - ok
17:00:43.0046 3284 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
17:00:43.0156 3284 VgaSave - ok
17:00:43.0156 3284 ViaIde - ok
17:00:43.0187 3284 vobcom (705c36bc6e13fdb304486898d6d8512b) C:\WINDOWS\system32\drivers\vobcom.sys
17:00:43.0203 3284 vobcom ( UnsignedFile.Multi.Generic ) - warning
17:00:43.0203 3284 vobcom - detected UnsignedFile.Multi.Generic (1)
17:00:43.0234 3284 vobiw (a613d8238058d6f3c89f723d9d71306f) C:\WINDOWS\system32\drivers\vobiw.sys
17:00:43.0250 3284 vobiw ( UnsignedFile.Multi.Generic ) - warning
17:00:43.0250 3284 vobiw - detected UnsignedFile.Multi.Generic (1)
17:00:43.0265 3284 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
17:00:43.0375 3284 VolSnap - ok
17:00:43.0406 3284 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
17:00:43.0515 3284 Wanarp - ok
17:00:43.0562 3284 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
17:00:43.0593 3284 Wdf01000 - ok
17:00:43.0593 3284 WDICA - ok
17:00:43.0640 3284 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
17:00:43.0750 3284 wdmaud - ok
17:00:43.0812 3284 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
17:00:43.0968 3284 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
17:00:43.0968 3284 \Device\Harddisk0\DR0 - detected TDSS File System (1)
17:00:43.0984 3284 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR3
17:00:44.0421 3284 \Device\Harddisk1\DR3 - ok
17:00:44.0437 3284 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk2\DR29
17:00:44.0546 3284 \Device\Harddisk2\DR29 - ok
17:00:44.0578 3284 Boot (0x1200) (b5622c027d8eeb7c3e97dc6f04dabe86) \Device\Harddisk0\DR0\Partition0
17:00:44.0578 3284 \Device\Harddisk0\DR0\Partition0 - ok
17:00:44.0578 3284 Boot (0x1200) (bcded0782081a2a4259b9e571daf9b2d) \Device\Harddisk1\DR3\Partition0
17:00:44.0578 3284 \Device\Harddisk1\DR3\Partition0 - ok
17:00:44.0578 3284 Boot (0x1200) (fdb6cfe939a3f779dbae7a5cbca05e05) \Device\Harddisk2\DR29\Partition0
17:00:44.0578 3284 \Device\Harddisk2\DR29\Partition0 - ok
17:00:44.0593 3284 ============================================================
17:00:44.0593 3284 Scan finished
17:00:44.0593 3284 ============================================================
17:00:44.0703 2636 Detected object count: 8
17:00:44.0703 2636 Actual detected object count: 8
17:01:23.0625 2636 cdrdrv ( UnsignedFile.Multi.Generic ) - skipped by user
17:01:23.0625 2636 cdrdrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:01:23.0625 2636 cercsr6 ( UnsignedFile.Multi.Generic ) - skipped by user
17:01:23.0625 2636 cercsr6 ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:01:23.0625 2636 dz2kscsi ( UnsignedFile.Multi.Generic ) - skipped by user
17:01:23.0625 2636 dz2kscsi ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:01:23.0625 2636 dz2kusb ( UnsignedFile.Multi.Generic ) - skipped by user
17:01:23.0625 2636 dz2kusb ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:01:23.0625 2636 PxHelp20 ( UnsignedFile.Multi.Generic ) - skipped by user
17:01:23.0625 2636 PxHelp20 ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:01:23.0640 2636 vobcom ( UnsignedFile.Multi.Generic ) - skipped by user
17:01:23.0640 2636 vobcom ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:01:23.0640 2636 vobiw ( UnsignedFile.Multi.Generic ) - skipped by user
17:01:23.0640 2636 vobiw ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:01:23.0640 2636 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
17:01:23.0640 2636 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
17:05:44.0484 3832 Deinitialize success
__________________
RHeart is offline  
Old 12-01-2011, 06:01 PM   #7
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 26,218
OS: XP SP3; Win7 32/64-bit



Hello again, RHeart. YOu didn't answer my question about an antivirus.

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by a helper.

------------------------------------------------------

Please download ComboFix and Save it to your Desktop.

**Note: It is important that it is saved directly to your desktop**

First, we need to install the Windows Recovery Console.

The Windows Recovery Console will allow you to boot up into a special recovery(repair) mode, if needed. This allows us to help you in the case that your computer has a problem after an attempted removal of malware. Also, ComboFix will not address certain types of malware unless the RC is installed. It is a simple procedure that will only take a few moments of your time.

Download the file from this Microsoft page:

Download: Windows XP Home Edition with Service Pack 2 Utility: Setup Disks for Floppy Boot Install - Microsoft Download Center - Download Details

Do not be concerned that this file is for SP2 if you have SP3. It will work just fine on your system.

Save it as it is originally named to your Desktop.

Now close all open windows and programs, including all antivirus and antispyware programs. Get help here



Then drag the setup package onto ComboFix.exe and drop it. Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Recovery Console.

As part of installing the Recovery Console, ComboFix will begin to run. Your desktop may disappear. This is normal. It will return.

ComboFix will now automatically install the Windows Recovery Console onto your computer, which will show up as a new option when booting up your computer. Do not select the Windows Recovery Console option when you start your computer unless requested to by a helper.

Once the Recovery Console is installed, this blue window will appear:



Please continue as follows:
  • Close/disable all antivirus and antispyware programs so they do not interfere with the running of ComboFix. Get help here
  • Please click Yes to continue scanning for malware.
  • Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
When the tool is finished, it will produce a log for you.

Please post that log, C:\ComboFix.txt, in your next reply.

Please re-enable your antivirus before posting the ComboFix.txt log.

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

chemist is offline  
Old 12-02-2011, 12:14 AM   #8
Registered Member
 
Join Date: Nov 2011
Posts: 24
OS: xp



You said to tell you if it said there was no virus. There were 8 warnings - I don't know if that means there is a virus or they are something else???
__________________
RHeart is offline  
Old 12-02-2011, 12:37 AM   #9
Registered Member
 
Join Date: Nov 2011
Posts: 24
OS: xp



ComboFix 11-12-01.03 - Rahn Heart 12/02/2011 2:24.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1013.112 [GMT -6:00]
Running from: c:\documents and settings\Rahn Heart\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Rahn Heart\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Rahn Heart\Application Data\Mozilla\Firefox\Profiles\ne38lv3l.default\searchplugins\bing-zugo.xml
c:\documents and settings\Rahn Heart\Application Data\PriceGong
c:\documents and settings\Rahn Heart\Application Data\PriceGong\Data\1.xml
c:\documents and settings\Rahn Heart\Application Data\PriceGong\Data\a.xml
c:\documents and settings\Rahn Heart\Application Data\PriceGong\Data\b.xml
c:\documents and settings\Rahn Heart\Application Data\PriceGong\Data\c.xml
c:\documents and settings\Rahn Heart\Application Data\PriceGong\Data\d.xml
c:\documents and settings\Rahn Heart\Application Data\PriceGong\Data\e.xml
c:\documents and settings\Rahn Heart\Application Data\PriceGong\Data\f.xml
c:\documents and settings\Rahn Heart\Application Data\PriceGong\Data\g.xml
c:\documents and settings\Rahn Heart\Application Data\PriceGong\Data\h.xml
c:\documents and settings\Rahn Heart\Application Data\PriceGong\Data\i.xml
c:\documents and settings\Rahn Heart\Application Data\PriceGong\Data\J.xml
c:\documents and settings\Rahn Heart\Application Data\PriceGong\Data\k.xml
c:\documents and settings\Rahn Heart\Application Data\PriceGong\Data\l.xml
c:\documents and settings\Rahn Heart\Application Data\PriceGong\Data\m.xml
c:\documents and settings\Rahn Heart\Application Data\PriceGong\Data\mru.xml
c:\documents and settings\Rahn Heart\Application Data\PriceGong\Data\n.xml
c:\documents and settings\Rahn Heart\Application Data\PriceGong\Data\o.xml
c:\documents and settings\Rahn Heart\Application Data\PriceGong\Data\p.xml
c:\documents and settings\Rahn Heart\Application Data\PriceGong\Data\q.xml
c:\documents and settings\Rahn Heart\Application Data\PriceGong\Data\r.xml
c:\documents and settings\Rahn Heart\Application Data\PriceGong\Data\s.xml
c:\documents and settings\Rahn Heart\Application Data\PriceGong\Data\t.xml
c:\documents and settings\Rahn Heart\Application Data\PriceGong\Data\u.xml
c:\documents and settings\Rahn Heart\Application Data\PriceGong\Data\v.xml
c:\documents and settings\Rahn Heart\Application Data\PriceGong\Data\w.xml
c:\documents and settings\Rahn Heart\Application Data\PriceGong\Data\x.xml
c:\documents and settings\Rahn Heart\Application Data\PriceGong\Data\y.xml
c:\documents and settings\Rahn Heart\Application Data\PriceGong\Data\z.xml
c:\documents and settings\Rahn Heart\WINDOWS
c:\windows\system32\usmt\migwiz_a.exe
E:\Autorun.inf
E:\Setup.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_METATESTER-1
-------\Service_MetaTester-1
.
.
((((((((((((((((((((((((( Files Created from 2011-11-02 to 2011-12-02 )))))))))))))))))))))))))))))))
.
.
2011-12-02 07:45 . 2011-11-21 10:47 6823496 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{4D555E3A-BFA1-49EA-92BD-18B497FEEA13}\mpengine.dll
2011-11-24 08:03 . 2011-11-24 08:03 -------- d-----w- c:\documents and settings\Rahn Heart\Application Data\QuickScan
2011-11-20 21:58 . 2011-11-20 21:58 -------- d-----w- c:\program files\Common Files\Adobe
2011-11-18 06:03 . 2011-11-20 02:55 -------- d-----w- c:\documents and settings\Rahn Heart\Application Data\Dropbox
2011-11-16 13:21 . 2011-11-16 13:21 -------- d-----w- c:\documents and settings\Rahn Heart\Application Data\DVDVideoSoft
2011-11-16 13:21 . 2011-11-16 13:21 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
2011-11-16 13:21 . 2011-11-16 13:21 -------- d-----w- c:\program files\DVDVideoSoft
2011-11-16 04:28 . 2011-11-16 04:28 -------- d-----w- c:\documents and settings\All Users\Application Data\FreeRIP
2011-11-16 04:21 . 2011-11-16 04:21 -------- d-----w- c:\documents and settings\Rahn Heart\Application Data\NCH Software
2011-11-14 18:12 . 2009-06-16 17:35 98304 ----a-w- c:\windows\system32\CNC320I.DLL
2011-11-14 18:12 . 2009-02-19 19:19 274432 ----a-w- c:\windows\system32\CNC320L.DLL
2011-11-14 18:12 . 2008-08-26 00:02 15872 ----a-w- c:\windows\system32\CNHMCA.dll
2011-11-14 18:12 . 2008-07-16 15:39 192512 ----a-w- c:\windows\system32\CNC320O.DLL
2011-11-14 18:12 . 2009-06-16 17:36 1331200 ----a-w- c:\windows\system32\CNC320C.DLL
2011-11-14 18:12 . 2008-04-13 18:45 32128 -c--a-w- c:\windows\system32\dllcache\usbccgp.sys
2011-11-14 18:12 . 2008-04-13 18:45 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2011-11-14 18:05 . 2009-04-25 11:00 69632 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\CNMPP9O.DLL
2011-11-14 18:05 . 2009-04-25 11:00 27136 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\CNMPD9O.DLL
2011-11-14 18:05 . 2009-04-25 11:00 236032 ----a-w- c:\windows\system32\CNMLM9O.DLL
2011-11-14 18:05 . 2011-11-14 18:05 -------- d--h--w- c:\windows\system32\CanonIJ Uninstaller Information
2011-11-14 18:05 . 2008-09-11 09:39 178176 ----a-w- c:\windows\system32\CNMIU9O.DLL
2011-11-14 17:43 . 2006-11-30 21:49 368640 ----a-w- c:\windows\system32\ReWire.dll
2011-11-14 17:42 . 2011-11-14 17:54 -------- d-----w- C:\Cakewalk Projects
2011-11-14 17:42 . 2011-11-14 17:43 -------- d-----w- c:\program files\Cakewalk
2011-11-14 17:17 . 2006-09-05 19:28 38480 ------w- c:\windows\system32\IJRMF.exe
2011-11-14 00:40 . 2011-11-14 00:40 -------- d-----w- c:\windows\system32\wbem\Repository
2011-11-14 00:32 . 2011-11-14 00:32 -------- d-----w- c:\program files\Bonjour
2011-11-14 00:27 . 2011-11-14 00:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Percussion Kit
2011-11-14 00:27 . 2011-11-14 00:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Nikon
2011-11-14 00:27 . 2011-11-14 00:27 -------- d-----w- c:\program files\Nikon
2011-11-14 00:27 . 2011-11-14 00:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Ulead Systems
2011-11-14 00:27 . 2011-11-14 00:27 -------- d-----w- c:\program files\Common Files\Ulead Systems
2011-11-14 00:27 . 2011-11-14 00:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2011-11-13 22:53 . 2011-11-14 00:27 -------- d-----w- c:\documents and settings\Rahn Heart\Application Data\Thunderbird
2011-11-13 22:53 . 2011-11-13 22:53 -------- d-----w- c:\documents and settings\Rahn Heart\Local Settings\Application Data\Thunderbird
2011-11-12 02:07 . 2011-11-12 02:07 -------- d-----w- c:\documents and settings\Rahn Heart\Application Data\Cakewalk
2011-11-12 01:53 . 2011-11-12 01:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Cakewalk
2011-11-08 01:51 . 2011-11-08 01:51 -------- d-----w- c:\documents and settings\Rahn Heart\Local Settings\Application Data\Octoshape
2011-11-08 01:51 . 2011-11-08 01:51 -------- d-----w- c:\documents and settings\Rahn Heart\Application Data\Octoshape
2011-11-08 01:05 . 2011-11-08 01:05 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2011-11-04 05:50 . 2011-11-14 17:07 -------- d-----w- c:\program files\Windows Media Connect 2
2011-11-04 05:49 . 2011-11-14 00:30 -------- d-----w- c:\windows\system32\drivers\UMDF
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-14 23:47 . 2011-06-05 01:06 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-18 07:28 . 2010-12-30 06:58 6668624 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2011-10-10 14:22 . 2010-12-29 13:27 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-10-03 11:06 . 2011-02-17 09:28 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-10-03 08:37 . 2011-02-17 09:28 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-09-28 07:06 . 2004-08-04 10:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 17:41 . 2008-07-30 01:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 17:41 . 2004-08-04 10:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 17:41 . 2004-08-04 10:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-09 09:12 . 2004-08-04 10:00 599040 ----a-w- c:\windows\system32\crypt32(3).dll
2011-09-06 13:20 . 2004-08-04 10:00 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-11-05 06:53 . 2011-11-14 22:06 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02 94208 ----a-w- c:\documents and settings\Rahn Heart\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02 94208 ----a-w- c:\documents and settings\Rahn Heart\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02 94208 ----a-w- c:\documents and settings\Rahn Heart\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02 94208 ----a-w- c:\documents and settings\Rahn Heart\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NkbMonitor.exe.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\NkbMonitor.exe.lnk
backup=c:\windows\pss\NkbMonitor.exe.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Rahn Heart^Start Menu^Programs^Startup^Dropbox.lnk]
path=c:\documents and settings\Rahn Heart\Start Menu\Programs\Startup\Dropbox.lnk
backup=c:\windows\pss\Dropbox.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-06-06 18:55 937920 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-09-05 17:04 35736 ----a-w- c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2005-05-04 00:43 69632 ----a-w- c:\windows\Alcmtr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
2009-07-07 01:07 1848648 ----a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu]
2008-12-12 01:31 722256 ----a-w- c:\program files\Canon\SolutionMenu\CNSLMAIN.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DATAMNGR]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-06-01 12:13 136176 ----atw- c:\documents and settings\Rahn Heart\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2007-04-17 01:51 162584 ----a-w- c:\windows\system32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2007-04-17 01:51 142104 ----a-w- c:\windows\system32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2004-07-27 22:50 221184 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2004-07-27 22:50 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IW Controlcenter]
2001-10-18 15:46 876544 ----a-w- c:\progra~1\VOB\INSTAN~1\iwctrl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MaxMenuMgr]
2009-12-18 17:24 197928 ----a-w- c:\program files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2010-06-01 16:17 5252408 ----a-w- c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
2003-06-07 11:32 50688 ----a-w- c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv]
2007-09-17 17:56 124200 ------w- c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2007-04-17 01:51 138008 ----a-w- c:\windows\system32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
2006-08-17 15:00 1116920 ----a-w- c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2007-04-26 20:27 16132608 ----a-w- c:\windows\RTHDCPL.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-06-09 19:06 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2006-11-04 01:20 866584 ----a-w- c:\program files\Windows Defender\MSASCui.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD DX\\PowerDVD.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD DX\\PDVDDXSrv.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Documents and Settings\\Rahn Heart\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Documents and Settings\\Rahn Heart\\Application Data\\Macromedia\\Flash Player\\www.macromedia.com\\bin\\octoshape\\octoshape.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Program Files\\Windows jZip Toolbar\\Datamngr\\ToolBar\\dtUser.exe"=
"c:\\Program Files\\MetaTrader 5\\metatester.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\SIGTrader 5\\metatester.exe"=
"c:\\Documents and Settings\\Rahn Heart\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
.
R1 cdrdrv;cdrdrv;c:\windows\system32\drivers\Cdrdrv.sys [2/27/2011 4:34 PM 47616]
R1 vobcom;vobcom;c:\windows\system32\drivers\vobcom.sys [2/27/2011 4:34 PM 9728]
R1 vobiw;vobiw;c:\windows\system32\drivers\vobIW.sys [2/27/2011 4:34 PM 192512]
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [12/18/2009 11:25 AM 189736]
R2 MetaTester-2;MetaTester-2;c:\program files\MetaTrader 5\metatester.exe [7/1/2011 9:55 PM 2006672]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/20/2011 1:03 AM 136176]
S3 dz2kscsi;dz2kscsi;c:\windows\system32\drivers\dz2kscsi.sys [2/27/2011 4:40 PM 10496]
S3 dz2kusb;dz2kusb;c:\windows\system32\drivers\dz2kusb.sys [2/27/2011 4:39 PM 11264]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2/20/2011 1:03 AM 136176]
S3 silabenm;Silicon Labs CP210x USB to UART Bridge Serial Port Enumerator Driver;c:\windows\system32\drivers\silabenm.sys [2/20/2011 12:04 AM 17920]
S3 silabser;Silicon Labs CP210x USB to UART Bridge Driver;c:\windows\system32\drivers\silabser.sys [2/20/2011 12:04 AM 60544]
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-26 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 22:57]
.
2011-12-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-20 07:02]
.
2011-12-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-20 07:02]
.
2011-12-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1292428093-573735546-682003330-1004Core.job
- c:\documents and settings\Rahn Heart\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-01 12:13]
.
2011-12-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1292428093-573735546-682003330-1004UA.job
- c:\documents and settings\Rahn Heart\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-01 12:13]
.
2011-12-02 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 01:20]
.
2011-11-30 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2010-11-18 15:13]
.
2011-12-01 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\pcdrcui.exe [2010-11-18 15:13]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 209.55.5.10 209.55.5.11
FF - ProfilePath - c:\documents and settings\Rahn Heart\Application Data\Mozilla\Firefox\Profiles\ne38lv3l.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://www.bing.com/?FORM=Z9FD1
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z204&form=ZGAADF&install_date=20111116&q=
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-10 - (no file)
MSConfigStartUp-CarboniteSetupLite - c:\program files\Carbonite\CarbonitePreinstaller.exe
MSConfigStartUp-DellSupportCenter - c:\program files\Dell Support Center\bin\sprtcmd.exe
MSConfigStartUp-dscactivate - c:\program files\Dell Support Center\gs_agent\custom\dsca.exe
MSConfigStartUp-iTunesHelper - c:\program files\iTunes\iTunesHelper.exe
MSConfigStartUp-Lexmark 1200 Series - c:\program files\Lexmark 1200 Series\lxczbmgr.exe
MSConfigStartUp-QuickTime Task - c:\program files\QuickTime\QTTask.exe
MSConfigStartUp-StartNowToolbarHelper - c:\program files\StartNow Toolbar\ToolbarHelper.exe
MSConfigStartUp-UIUCU - c:\docume~1\RAHNHE~1\LOCALS~1\Temp\UIUCU.EXE
AddRemove-SLABCOMM&10C4&EA60 - c:\windows\system32\Silabs\DriverUninstaller.exe VCP CP210x Cardinal\SLABCOMM&10C4&EA60
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2011-12-02 02:29
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MetaTester-2]
"ImagePath"="\"c:\program files\MetaTrader 5\metatester.exe\" /run /address:0.0.0.0:2001 /password:MetaTester"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(1964)
c:\windows\system32\WININET.dll
c:\documents and settings\Rahn Heart\Application Data\Dropbox\bin\DropboxExt.14.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2011-12-02 02:31:56 - machine was rebooted
ComboFix-quarantined-files.txt 2011-12-02 08:31
.
Pre-Run: 119,802,941,440 bytes free
Post-Run: 120,663,732,224 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - ADD29E9A31089C7EF2BF6B3CFEDB3061
__________________
RHeart is offline  
Old 12-02-2011, 04:44 AM   #10
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 26,218
OS: XP SP3; Win7 32/64-bit



Hello again, RHeart.

Quote:
You said to tell you if it said there was no virus. There were 8 warnings - I don't know if that means there is a virus or they are something else???
I said Windows Defender is not an antivirus program. You need one installed.

It appears you once had McAfee installed. Do you have a preference, or would you like a recommendation?

What said there were 8 warnings?

------------------------------------------------------

Please go to: VirusTotal
  • Click the Browse button.
  • Please copy/paste the following bolded text into the 'File name:' box:

    C:\Qoobox\Quarantine\C\windows\system32\usmt\migwiz_a.exe.vir

  • Click Open then click the Send File button just below.
  • This will scan the file. Please be patient.
  • If you get a message saying File already submitted: click Reanalyse
  • Once scanned, copy and paste the URL from your browser address bar in your next reply.
------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

chemist is offline  
Old 12-02-2011, 05:18 PM   #11
Registered Member
 
Join Date: Nov 2011
Posts: 24
OS: xp



I supposed I should tell you that my computer is not slowing down in any way. I have complete access to everything - it is just doing a lot of strange stuff. Is there supposed to be weird music on this site and the sites you refer me to? I belong to a music site called Kompoz. Everyone else can move music files on there song mixing but that prompt is not available for me.
__________________
RHeart is offline  
Old 12-02-2011, 07:56 PM   #12
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 26,218
OS: XP SP3; Win7 32/64-bit



Hello again, RHeart. No, you shouldn't be hearing music on this site, or any sites I refer you to.

You aren't answering my questions, and didn't follow my last instruction. Please do so we can move forward.

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

chemist is offline  
Old 12-07-2011, 06:31 AM   #13
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 26,218
OS: XP SP3; Win7 32/64-bit



Still with us, RHeart? I generally unsubscribe from threads after 3 days of inactivity. If you do not reply within 24 hours, this thread will be closed.

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

chemist is offline  
Old 12-07-2011, 11:48 PM   #14
Registered Member
 
Join Date: Nov 2011
Posts: 24
OS: xp



I am still here. Another development. Periodically, when I use start to turn the computer off the program manager has to shut down a "terminal.exe" program. Don't know if that means anything
__________________
RHeart is offline  
Old 12-08-2011, 01:55 PM   #15
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 26,218
OS: XP SP3; Win7 32/64-bit



Hello again, RHeart. While I understand real life is most important, it's difficult to work on your issue with your replies so far apart. It also keeps me from helping others, as I don't take on an unlimited number of threads at one time. Please try to be more prompt in your replies, so we can resolve this issue in a more rapid fashion. Thanks.

------------------------------------------------------

You still aren't answering my questions. Do you have a preference for an antivirus, or would you like a recommendation?

------------------------------------------------------

terminal.exe has to do with MetaTrader. You can uninstall it, then re-install it or seek their help > Clients Support MetaQuotes Software Corp. / MetaQuotes Software Corp.

------------------------------------------------------

Disable your antivirus and antispyware applications, usually via a right-click on the System Tray icon. They may otherwise interfere with ComboFix.

Open Notepad and copy/paste all the text in the quotebox below into Notepad:

Quote:
DeQuarantine::
C:\Qoobox\Quarantine\C\windows\system32\usmt\migwiz_a.exe.vir

Quit::
Save this Notepad file as CFScript.txt to your Desktop and then close the file.





Referring to the picture above, drag CFScript onto ComboFix

If you are prompted to update ComboFix, please choose Yes

Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.

When finished, it shall produce a log for you. Please post that log, DeQuarantine.txt in your next reply.

Please re-enable your antivirus before posting the log.

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

chemist is offline  
Old 12-09-2011, 02:24 PM   #16
Registered Member
 
Join Date: Nov 2011
Posts: 24
OS: xp



I have downloaded the Kaspersky program but haven't installed it yet. If you have any recommendations I would appreciate it. Sorry for any delays in responding.

C:\Qoobox\Quarantine\C\windows\system32\usmt\migwiz_a.exe.vir -> C:\windows\system32\usmt\migwiz_a.exe ( 236032 bytes )
__________________
RHeart is offline  
Old 12-09-2011, 04:41 PM   #17
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 26,218
OS: XP SP3; Win7 32/64-bit



Hello again, RHeart. Are you still being warned about redirects?

Go ahead and install Kaspersky, update, and do a full system scan.

Let me know when you are done.

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

chemist is offline  
Old 12-09-2011, 11:57 PM   #18
Registered Member
 
Join Date: Nov 2011
Posts: 24
OS: xp



I have tried both Norton and Mcafee before with rather dismal results both ended up in a major conflict with windows firewall and security updates it was worse than a virus. Please advise on your take with regard to the XP firewall and the need to use it with an antivirus program. I will in the mean time run the K program and let you know.
__________________
RHeart is offline  
Old 12-10-2011, 12:12 AM   #19
Registered Member
 
Join Date: Nov 2011
Posts: 24
OS: xp



The Kaspersky scan said no threats. I am still getting redirect warnings on Firefox for Google and this site and advisories about Chrome being out of date. I am beginning to wonder if Google is doing this? Paypal said they might be calling them about this threat as it relates to Google email accounts and personal profiles.

Before doing the Kaspersky scan there was a pop up that said that the data base was obsolete. Clicking on the link windows explorer opened but no Kaspersky page ever came up.
__________________
RHeart is offline  
Old 12-10-2011, 01:17 PM   #20
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 26,218
OS: XP SP3; Win7 32/64-bit



Hello again, RHeart. If you have a full antivirus program installed, it includes its own firewall, so you don't need Windows Firewall enabled.

------------------------------------------------------

Quote:
I am still getting redirect warnings on Firefox for Google and this site and advisories about Chrome being out of date. I am beginning to wonder if Google is doing this? Paypal said they might be calling them about this threat as it relates to Google email accounts and personal profiles.
In Firefox, go Tools > Options > Advanced tab > General

Under Accessibility, see if 'Warn me when web sites try to redirect or reload the page' is checked. If so, uncheck it.

Any change?

------------------------------------------------------

Please download Malwarebytes' Anti-Malware and Save it to your Desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • If an update is found, it will download and install the latest version.
  • Under the Scanner tab, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad and you may be prompted to Restart your computer.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy/Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.


------------------------------------------------------

Uninstall the following via the Add/Remove Panel (Start->(Settings)->Control Panel->Add/Remove Programs):

J2SE Runtime Environment 5.0 Update 6

These are all outdated, and security risks by having them installed still. Reboot your computer once all those Java components are removed.

Leave this one as it has the latest definitions:

Java(TM) 6 Update 29

Going forward, Java will overwrite existing installs, so removing older versions should not be required after this.

When updating in the future, make sure you untick the box next to whatever free program they prompt you to install, unless you want it.

------------------------------------------------------

Please run this online scan to help look for remnants. Ensure your external and/or USB drives are inserted during the scan.

Go here and click 'ESET Online Scanner'.
  • If you are not using Internet Explorer, double-click esetsmartinstaller_enu.exe to install it, then click 'Run'.
  • Turn off the real-time scanner of any existing antivirus program while performing the online scan.
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • If using Internet Explorer, allow the ActiveX control to install when asked.
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Next to 'Current scan targets: Operating memory, Local drives', click the Change.. button.
  • Tick all the boxes that correspond to your external/inserted drives.
  • Click Start
  • Wait for the scan to finish, then click 'Finish'.
  • Use Notepad to open the logfile located at C:\Program Files\Eset\Eset Online Scanner\log.txt
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Copy/paste that log as a reply to this topic.
------------------------------------------------------

Please post the following in your next reply:

MBAM log
ESET report
report on system behavior

__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

chemist is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar Threads
Thread Thread Starter Forum Replies Last Post
password changing virus?
Recently tried to log into Paypal only to find that my password had been changed. Once resetting it I found that my account had been wiped clean. I also noticed that apparently every time I changed the password the next time I tried to log in it was changed again. It also appears that this virus?...
RHeart Resolved HJT Threads 1 11-26-2011 07:23 AM
I cannot seem to log into my Windows Server 2008 Enterprise with my password
Hi there. I am really frustrated and upset because I cannot seem to sign in with my current and new password. But I already have it installed, on a separate partition, so that's good. Whatever new password that I add, it won't log me in at all! Man, this is really frustrating and is making me mad...
jordanllgg45 Windows Servers 4 03-13-2011 09:59 PM

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2


All times are GMT -7. The time now is 04:34 PM.


Copyright 2001 - 2014, Tech Support Forum

Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts