Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads

User Tag List

Audio-commercial virus

This is a discussion on Audio-commercial virus within the Resolved HJT Threads forums, part of the Tech Support Forum category. Hey folks, I have attached the requested logs, however for the ark.txt file I had to run it with only


 
 
Thread Tools Search this Thread
Old 08-27-2011, 05:54 AM   #1
fks
Registered Member
 
Join Date: Aug 2011
Posts: 10
OS: vista



Hey folks, I have attached the requested logs, however for the ark.txt file I had to run it with only the "Sections" and "C Drive" checked. My computer froze on a black screen once while running the full scan and I had to reboot my computer via removing the laptop battery, and shut down the "gmer" program the second time.

What do I know of this virus:

Whenever I am connected to the internet random audio clips and audio commercials will play in the background of my system. These range from bits of meaningless sound to entire commercials about lysol..etc. The virus has not been located by any freeware virus remover that I have used e.g. avast and possibly others--I've had this virus for years. The virus does not appear in the task manager open applications. I have factory reset my computer countless times out of frustration during the past few years and each time the audio virus has remained intact. This leads me to believe it is hidden in my boot system or the major system drivers etc. Also, I believe it is somehow involved with iexplorer--the virus will be active before I download Firefox during these factory resets.

I do not have access to a boot cd. As this is a laptop the only option for boot options are obviously in the motherboard.

Also, when I disconnect my wifi connection and the virus is active, the virus keeps the connection open until the message is finished.

I appreciate the aid

DDS:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by Hope at 1:27:42 on 2011-08-27
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.1789.711 [GMT -4:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
svchost.exe 4
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\Ati2evxx.exe
svchost.exe 4
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Ati2evxx.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
C:\Windows\system32\mfevtps.exe
C:\Program Files\EgisTec\MyWinLocker 3\x86\MWLService.exe
C:\Program Files\NewTech Infosystems\Backup Now EZ\BackupNowEZSvr.exe
C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe
C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
C:\Program Files\Carbonite\CarbonitePreinstaller.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe
C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe
C:\Program Files\NewTech Infosystems\Backup Now EZ\BackupNowEZtray.exe
C:\Program Files\Real\RealPlayer\Update\realsched.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\W3i\InstallIQUpdater\InstallIQUpdater.exe
C:\Users\Hope\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.search.yahoo.com/?fr=w3i&type=W3i_SP,204,0_0,StartPage,20110729,16897,0,6,0
uDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=2&o=vb32&d=0611&m=aspire_5516
uSearch Page = hxxp://www.google.com
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=2&o=vb32&d=0611&m=aspire_5516
mDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=2&o=vb32&d=0611&m=aspire_5516
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
uURLSearchHooks: NetAssistant: {e38fa08e-f56a-4169-abf5-5c71e3c153a1} - c:\program files\freeze.com\netassistant\NetAssistant.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20110724120433.dll
BHO: Shop to Win 14: {8c423c72-f06e-43b3-a3e8-a435fff9e9e0} - c:\program files\shop to win 14\Shop to Win 14.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: WinZip Courier BHO: {a8fb70fa-0fdf-4601-9dc4-bfa1b357204f} - c:\progra~1\winzip~1\wzwmcie.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: WeCareReminder Class: {d824f0de-3d60-4f57-9eb1-66033ecd8abb} - c:\programdata\wecarereminder\IEHelperv2.5.0.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: NetAssistant: {e38fa08e-f56a-4169-abf5-5c71e3c153a1} - c:\program files\freeze.com\netassistant\NetAssistant.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [InstallIQUpdater] "c:\program files\w3i\installiqupdater\InstallIQUpdater.exe" /silent /autorun
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [BackupManagerTray] "c:\program files\newtech infosystems\acer backup manager\BackupManagerTray.exe" -k
mRun: [Acer ePower Management] c:\program files\acer\acer epower management\ePowerTray.exe
mRun: [EgisTecLiveUpdate] "c:\program files\egistec egis software update\EgisUpdate.exe"
mRun: [mwlDaemon] c:\program files\egistec\mywinlocker 3\x86\mwlDaemon.exe
mRun: [Acer Assist Launcher] c:\program files\acer\acer assist\launcher.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [CarboniteSetupLite] "c:\program files\carbonite\CarbonitePreinstaller.exe" /preinstalled
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe
mRun: [Skytel] c:\program files\realtek\audio\hda\Skytel.exe
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [Acer Product Registration] "c:\program files\acer\acer registration\ACE1.exe" /startup
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [LManager] c:\progra~1\launch~1\LManager.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [ArcadeDeluxeAgent] "c:\program files\acer arcade deluxe\acer arcade deluxe\ArcadeDeluxeAgent.exe"
mRun: [CLMLServer] "c:\program files\acer arcade deluxe\acer arcade deluxe\kernel\clml\CLMLSvc.exe"
mRun: [PlayMovie] "c:\program files\acer arcade deluxe\playmovie\PMVService.exe"
mRun: [BackupNowEZtray] "c:\program files\newtech infosystems\backup now ez\BackupNowEZtray.exe" -k
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
dRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10b.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: DhcpNameServer = 192.168.100.1
TCP: Interfaces\{0C8072CD-8C60-4297-8A08-B6B8C39997C6} : DhcpNameServer = 192.168.100.1
TCP: Interfaces\{41CB4E52-6312-46EC-AE19-2AC09A59BF3B} : DhcpNameServer = 204.111.1.210 204.111.1.195
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\hope\appdata\roaming\mozilla\firefox\profiles\6i4j39gx.default\
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\program files\winzip courier\npwzwmc.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2011-6-24 387480]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-6-24 441176]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-6-24 309848]
R1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\drivers\mfenlfk.sys [2011-6-24 64584]
R1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2011-6-24 165032]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-6-24 19544]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-6-24 54104]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-6-24 42184]
R2 CLHNService;CLHNService;c:\program files\acer arcade deluxe\homemedia\kernel\dmp\CLHNService.exe [2011-6-25 75048]
R2 ePowerSvc;Acer ePower Service;c:\program files\acer\acer epower management\ePowerSvc.exe [2009-4-18 653856]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-6-24 271480]
R2 McShield;McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2011-6-24 171168]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2011-6-24 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2011-6-24 141792]
R2 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\drivers\mwlPSDFilter.sys [2008-10-9 19504]
R2 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\drivers\mwlPSDNserv.sys [2008-10-9 16432]
R2 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\drivers\mwlPSDVDisk.sys [2008-10-9 59952]
R2 MWLService;MyWinLocker Service;c:\program files\egistec\mywinlocker 3\x86\MWLService.exe [2008-10-27 306736]
R2 NTI BackupNowEZSvr;NTI BackupNowEZSvr;c:\program files\newtech infosystems\backup now ez\BackupNowEZSvr.exe [2010-9-17 45312]
R2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files\newtech infosystems\acer backup manager\IScheduleSvc.exe [2009-2-17 44800]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\newtech infosystems\nti backup now 5\SchedulerSvc.exe [2008-9-23 144632]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2011-6-25 1153368]
R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\L1C60x86.sys [2009-4-18 49664]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2011-6-24 153280]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2011-6-24 52320]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2011-6-24 314088]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-6-24 136176]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2011-6-24 56064]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2009-4-18 30192]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-6-24 136176]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-6-24 84488]
S3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\newtech infosystems\nti backup now 5\BackupSvc.exe [2008-9-23 50424]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2011-08-27 05:11:36 443448 ----a-w- c:\windows\system32\drivers\sptd.sys
2011-08-27 00:55:59 7152464 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{b3e6ba76-0fc6-42c7-ab07-ceae79de6144}\mpengine.dll
2011-08-14 02:50:16 -------- d-----w- c:\program files\W3i
2011-08-11 17:01:42 375808 ----a-w- c:\windows\system32\winsrv.dll
2011-08-11 17:01:12 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-08-11 16:40:13 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2011-08-11 16:34:13 3550096 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-08-11 16:34:12 3602832 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-08-11 16:33:40 905104 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-08-06 06:00:38 -------- d-----w- c:\windows\system32\AGEIA
2011-08-06 05:57:43 -------- d-----w- c:\program files\common files\Wise Installation Wizard
2011-08-06 05:57:24 453456 ----a-w- c:\windows\system32\d3dx10_41.dll
2011-08-06 05:57:24 1846632 ----a-w- c:\windows\system32\D3DCompiler_41.dll
2011-08-06 05:57:20 69448 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2011-08-06 05:57:19 517448 ----a-w- c:\windows\system32\XAudio2_4.dll
2011-08-06 05:55:49 2297552 ----a-w- c:\windows\system32\d3dx9_26.dll
2011-08-05 23:22:28 7152464 ----a-w- c:\programdata\microsoft\windows defender\definition updates\backup\mpengine.dll
2011-08-05 23:22:16 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-08-03 15:04:29 -------- d-----w- c:\program files\common files\Macrovision Shared
2011-07-31 03:04:42 -------- d-----r- c:\program files\Skype
.
==================== Find3M ====================
.
2011-07-22 02:54:43 1797632 ----a-w- c:\windows\system32\jscript9.dll
2011-07-22 02:48:26 1126912 ----a-w- c:\windows\system32\wininet.dll
2011-07-22 02:44:36 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-07-18 17:01:59 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-07-04 11:43:53 40112 ----a-w- c:\windows\avastSS.scr
2011-07-04 11:36:43 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-07-04 11:32:20 54104 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-06-25 13:51:42 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-24 03:34:14 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-06-23 22:33:10 0 ----a-w- c:\windows\ativpsrm.bin
2011-06-02 13:34:49 2043392 ----a-w- c:\windows\system32\win32k.sys
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, GMER - Rootkit Detector and Remover
Windows 6.0.6002
.
CreateFile("\\.\PHYSICALDRIVE0"): The process cannot access the file because it is being used by another process.
device: opened successfully
user: error reading MBR
.
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll storport.sys ahcix86s.sys win32k.sys
c:\windows\system32\drivers\ahcix86s.sys Advanced Micro Devices, Inc AMD AHCI Compatible Controller
1 ntkrnlpa!IofCallDriver[0x8287A912] -> \Device\Harddisk0\DR0[0x863914F8]
3 CLASSPNP[0x8819F8B3] -> ntkrnlpa!IofCallDriver[0x8287A912] -> [0x854C1020]
5 acpi[0x807236BC] -> ntkrnlpa!IofCallDriver[0x8287A912] -> \Device\00000063[0x854C16E0]
kernel: MBR read successfully
_asm { XOR AX, AX; MOV DS, AX; MOV ES, AX; MOV SS, AX; MOV SP, 0x7c00; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x80; CLD ; REP MOVSD ; NOP ; JMP FAR 0x0:0x61e; }
user != kernel MBR !!!
.
============= FINISH: 1:30:23.05 ===============
Attached Files
File Type: zip ark.zip (22.6 KB, 44 views)
File Type: zip Attach.zip (2.7 KB, 44 views)
fks is offline  
Sponsored Links
Advertisement
 
Old 08-27-2011, 07:52 AM   #2
TSF Team
Manager Emeritus
 
Join Date: Jun 2008
Location: London UK
Posts: 4,966
OS: Windows 7 SP1 x64



Hi and welcome to TSF.

I am currently reviewing your log. Please note that this is under the supervision of an expert analyst, and I will be back with a fix for your problem as soon as possible.

You may wish to subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Please be patient with me during this time.
Will Watts is offline  
Old 08-27-2011, 08:48 AM   #3
TSF Team
Manager Emeritus
 
Join Date: Jun 2008
Location: London UK
Posts: 4,966
OS: Windows 7 SP1 x64



Hi fks, welcome to TSF. It looks like you've been infected with a rootkit.

I can see remnants of CD Emulation tools on your machine. Please uninstall any remaining CD Emulation programs, as these interfere with our tools. You can reinstall them after we've finished, if you so wish.

Please also download and run SPTDinst-v178-x86.exe.

In dialog that appears press "Uninstall" button and then SPTD will remove itself from your Windows installation.

--------------------------------------

Next, please run this rootkit scanner.
  • Please Download Rootkit Unhooker Save it to your desktop.
  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers, Stealth. Uncheck the rest. then Click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • Save the report somewhere where you can find it. Click Close.
Copy the entire contents of the report and paste it in a reply here.

Note** you may get the following warning, just click OK and continue.

"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"

--------------------------------------
Will Watts is offline  
Sponsored Links
Advertisement
 
Old 08-28-2011, 08:21 PM   #4
fks
Registered Member
 
Join Date: Aug 2011
Posts: 10
OS: vista



I had run the sptdinst already before you asked me to. I have run it again just in case, but if cd emulators are present just know I have now used that tool twice.

This is the rootkit result:

ion: 3.8.389.593, Type LE (SR2)
==============================================
OS Name: Windows Vista
Version 6.0.6002 (Service Pack 2)
Number of processors #1
==============================================
>Drivers
==============================================
0x8BA0B000 C:\Windows\system32\DRIVERS\atikmdag.sys 6180864 bytes (ATI Technologies Inc., ATI Radeon Kernel Mode Driver)
0x82808000 C:\Windows\system32\ntkrnlpa.exe 3907584 bytes (Microsoft Corporation, NT Kernel & System)
0x82808000 PnpManager 3907584 bytes
0x82808000 RAW 3907584 bytes
0x82808000 WMIxWDM 3907584 bytes
0x8C806000 C:\Windows\system32\drivers\RTKVHDA.sys 2301952 bytes (Realtek Semiconductor Corp., Realtek(r) High Definition Audio Function Driver)
0x956D0000 Win32k 2113536 bytes
0x956D0000 C:\Windows\System32\win32k.sys 2113536 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0x80603000 PCI_PNP3489 1138688 bytes
0x80603000 C:\Windows\System32\Drivers\sptd.sys 1138688 bytes
0x88003000 C:\Windows\System32\Drivers\Ntfs.sys 1114112 bytes (Microsoft Corporation, NT File System Driver)
0x87C02000 C:\Windows\system32\drivers\ndis.sys 1093632 bytes (Microsoft Corporation, NDIS 6.0 wrapper driver)
0x8C0B3000 C:\Windows\system32\DRIVERS\athr.sys 978944 bytes (Atheros Communications, Inc., Atheros Extensible Wireless LAN device driver)
0x87E07000 C:\Windows\System32\drivers\tcpip.sys 958464 bytes (Microsoft Corporation, TCP/IP Driver)
0x80463000 C:\Windows\system32\CI.dll 917504 bytes (Microsoft Corporation, Code Integrity Module)
0x998C4000 C:\Windows\system32\drivers\peauth.sys 909312 bytes (Microsoft Corporation, Protected Environment Authentication and Authorization Export Driver)
0x9780E000 C:\Windows\system32\drivers\spsys.sys 720896 bytes (Microsoft Corporation, security processor)
0x8C007000 C:\Windows\System32\drivers\dxgkrnl.sys 655360 bytes (Microsoft Corporation, DirectX Graphics Kernel)
0x8C604000 C:\Windows\system32\DRIVERS\HDAudBus.sys 577536 bytes (Microsoft Corporation, High Definition Audio Bus Driver)
0x80543000 C:\Windows\system32\drivers\Wdf01000.sys 507904 bytes (Microsoft Corporation, WDF Dynamic)
0x82F4A000 C:\Windows\System32\Drivers\ksecdd.sys 462848 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0x8CA8A000 C:\Windows\System32\Drivers\aswSnx.SYS 458752 bytes (AVAST Software, avast! Virtualization Driver)
0x978BE000 C:\Windows\system32\drivers\HTTP.sys 446464 bytes (Microsoft Corporation, HTTP Protocol Stack)
0x82EED000 C:\Windows\system32\drivers\mfehidk.sys 380928 bytes (McAfee, Inc., McAfee Link Driver)
0x99831000 C:\Windows\System32\DRIVERS\srv.sys 323584 bytes (Microsoft Corporation, Server driver)
0x95920000 C:\Windows\System32\ATMFD.DLL 315392 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0x8D16D000 C:\Windows\system32\drivers\mfefirek.sys 307200 bytes (McAfee, Inc., McAfee Core Firewall Engine Driver)
0x8D0FF000 C:\Windows\System32\Drivers\aswSP.SYS 303104 bytes (AVAST Software, avast! self protection module)
0x82E0C000 C:\Windows\System32\drivers\volmgrx.sys 303104 bytes (Microsoft Corporation, Volume Manager Extension Driver)
0x8D00B000 C:\Windows\system32\drivers\afd.sys 294912 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x80719000 C:\Windows\system32\drivers\acpi.sys 286720 bytes (Microsoft Corporation, ACPI Driver for NT)
0x87F0C000 C:\Windows\system32\DRIVERS\ahcix86s.sys 274432 bytes (Advanced Micro Devices, Inc, AMD AHCI Compatible Controller Driver for Windows family)
0x87F90000 C:\Windows\System32\Drivers\dump_ahcix86s.sys 274432 bytes
0x80422000 C:\Windows\system32\CLFS.SYS 266240 bytes (Microsoft Corporation, Common Log File System Driver)
0x87F4F000 C:\Windows\system32\DRIVERS\storport.sys 266240 bytes (Microsoft Corporation, Microsoft Storage Port Driver)
0x87D73000 C:\Windows\system32\DRIVERS\USBPORT.SYS 253952 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0x8D09E000 C:\Windows\system32\DRIVERS\rdbss.sys 245760 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0x87D38000 C:\Windows\system32\drivers\NETIO.SYS 241664 bytes (Microsoft Corporation, Network I/O Subsystem)
0x979B6000 C:\Windows\system32\DRIVERS\mrxsmb10.sys 233472 bytes (Microsoft Corporation, Longhorn SMB Downlevel SubRdr)
0x88113000 C:\Windows\system32\drivers\volsnap.sys 233472 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0x807C2000 C:\Windows\system32\drivers\aswMonFlt.sys 229376 bytes (AVAST Software, avast! File System Minifilter for Windows 2003/Vista)
0x87DB1000 C:\Windows\system32\DRIVERS\usbhub.sys 217088 bytes (Microsoft Corporation, Default Hub Driver for USB)
0x82BC2000 ACPI_HAL 208896 bytes
0x82BC2000 C:\Windows\system32\hal.dll 208896 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0x82EAB000 C:\Windows\system32\drivers\fltmgr.sys 204800 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0x8CBCA000 C:\Windows\System32\DRIVERS\netbt.sys 204800 bytes (Microsoft Corporation, MBT Transport driver)
0x8C6B9000 C:\Windows\system32\DRIVERS\SynTP.sys 200704 bytes (Synaptics, Inc., Synaptics Touchpad Driver)
0x8C6FB000 C:\Windows\system32\DRIVERS\msiscsi.sys 192512 bytes (Microsoft Corporation, Microsoft iSCSI Initiator Driver)
0x8CA38000 C:\Windows\system32\drivers\portcls.sys 184320 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0x87D0D000 C:\Windows\system32\drivers\msrpc.sys 176128 bytes (Microsoft Corporation, Kernel Remote Procedure Call Provider)
0x8C7C4000 C:\Windows\system32\DRIVERS\ks.sys 172032 bytes (Microsoft Corporation, Kernel CSA Library)
0x82FD6000 C:\Windows\system32\DRIVERS\nwifi.sys 172032 bytes (Microsoft Corporation, NativeWiFi Miniport Driver)
0x99809000 C:\Windows\System32\DRIVERS\srv2.sys 163840 bytes (Microsoft Corporation, Smb 2.0 Server driver)
0x88163000 C:\Windows\System32\drivers\ecache.sys 159744 bytes (Microsoft Corporation, Special Memory Device Cache)
0x8CB70000 C:\Windows\system32\drivers\mfewfpk.sys 159744 bytes (McAfee, Inc., Anti-Virus Mini-Firewall Driver)
0x80770000 C:\Windows\system32\drivers\pci.sys 159744 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0x8CA65000 C:\Windows\system32\drivers\drmk.sys 151552 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0x8D149000 C:\Windows\system32\drivers\mfeavfk.sys 147456 bytes (McAfee, Inc., Anti-Virus File System Filter Driver)
0x8C757000 C:\Windows\system32\DRIVERS\ndiswan.sys 143360 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0x8819B000 C:\Windows\system32\drivers\CLASSPNP.SYS 135168 bytes (Microsoft Corporation, SCSI Class System Dll)
0x97976000 C:\Windows\system32\drivers\mrxdav.sys 135168 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0x8CB1D000 C:\Windows\System32\drivers\VIDEOPRT.SYS 135168 bytes (Microsoft Corporation, Video Port Driver)
0x97997000 C:\Windows\system32\DRIVERS\mrxsmb.sys 126976 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0x82E83000 C:\Windows\system32\drivers\ataport.SYS 122880 bytes (Microsoft Corporation, ATAPI Driver Extension)
0x9792B000 C:\Windows\System32\DRIVERS\srvnet.sys 118784 bytes (Microsoft Corporation, Server Network driver)
0x87EF1000 C:\Windows\System32\drivers\fwpkclnt.sys 110592 bytes (Microsoft Corporation, FWP/IPsec Kernel-Mode API)
0x82FBB000 C:\Windows\system32\drivers\luafv.sys 110592 bytes (Microsoft Corporation, LUA File Virtualization Filter Driver)
0x97948000 C:\Windows\system32\DRIVERS\bowser.sys 102400 bytes (Microsoft Corporation, NT Lan Manager Datagram Receiver Driver)
0x8C1BA000 C:\Windows\system32\DRIVERS\cdrom.sys 98304 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0x805DF000 C:\Windows\system32\DRIVERS\mrxsmb20.sys 98304 bytes (Microsoft Corporation, Longhorn SMB 2.0 Redirector)
0x8D0E8000 C:\Windows\System32\Drivers\dfsc.sys 94208 bytes (Microsoft Corporation, DFS Namespace Client Driver)
0x8C735000 C:\Windows\system32\DRIVERS\rasl2tp.sys 94208 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0x8D1B8000 C:\Windows\system32\DRIVERS\usbccgp.sys 94208 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
0x999DA000 C:\Windows\system32\DRIVERS\cdfs.sys 90112 bytes (Microsoft Corporation, CD-ROM File System Driver)
0x99880000 C:\Windows\system32\drivers\mfeapfk.sys 90112 bytes (McAfee, Inc., Access Protection Filter Driver)
0x8D058000 C:\Windows\system32\DRIVERS\pacer.sys 90112 bytes (Microsoft Corporation, QoS Packet Scheduler)
0x8CB97000 C:\Windows\system32\DRIVERS\tdx.sys 90112 bytes (Microsoft Corporation, TDI Translation Driver)
0x97961000 C:\Windows\System32\drivers\mpsdrv.sys 86016 bytes (Microsoft Corporation, Microsoft Protection Service Driver)
0x8C79D000 C:\Windows\system32\DRIVERS\rassstp.sys 86016 bytes (Microsoft Corporation, RAS SSTP Miniport Call Manager)
0x8C789000 C:\Windows\system32\DRIVERS\raspptp.sys 81920 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0x8CBB6000 C:\Windows\system32\DRIVERS\smb.sys 81920 bytes (Microsoft Corporation, SMB Transport driver)
0x8C691000 C:\Windows\system32\DRIVERS\i8042prt.sys 77824 bytes (Microsoft Corporation, i8042 Port Driver)
0x805CC000 C:\Windows\system32\DRIVERS\rspndr.sys 77824 bytes (Microsoft Corporation, Link-Layer Topology Responder Driver for NDIS 6)
0x8D08B000 C:\Windows\system32\DRIVERS\wanarp.sys 77824 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0x998B2000 C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys 73728 bytes (Egis Incorporated., MyWinLocker PSD Virtual Disk Driver)
0x99898000 C:\Windows\System32\Drivers\adfs.SYS 69632 bytes (Adobe Systems, Inc., Adobe Drive File System Driver)
0x8818A000 C:\Windows\system32\drivers\disk.sys 69632 bytes (Microsoft Corporation, PnP Disk Driver)
0x87FEC000 C:\Windows\System32\Drivers\NDProxy.SYS 69632 bytes (Microsoft Corporation, NDIS Proxy)
0x80409000 C:\Windows\system32\PSHED.dll 69632 bytes (Microsoft Corporation, Platform Specific Hardware Error Driver)
0x87FD3000 C:\Windows\system32\DRIVERS\amdk8.sys 65536 bytes (Microsoft Corporation, Processor Device Driver)
0x82EDD000 C:\Windows\system32\drivers\fileinfo.sys 65536 bytes (Microsoft Corporation, FileInfo Filter Driver)
0x979EF000 C:\Windows\system32\DRIVERS\HIDCLASS.SYS 65536 bytes (Microsoft Corporation, Hid Class Library)
0x8C1A2000 C:\Windows\system32\DRIVERS\L1C60x86.sys 65536 bytes (Atheros Communications, Inc., Atheros L1c PCI-E Gigabit Ethernet Controller)
0x87DEF000 C:\Windows\system32\DRIVERS\lltdio.sys 65536 bytes (Microsoft Corporation, Link-Layer Topology Mapper I/O Driver)
0x82E6B000 C:\Windows\System32\drivers\mountmgr.sys 65536 bytes (Microsoft Corporation, Mount Point Manager)
0x8C7B2000 C:\Windows\system32\DRIVERS\termdd.sys 65536 bytes (Microsoft Corporation, Terminal Server Driver)
0x8D06E000 C:\Windows\system32\DRIVERS\mfenlfk.sys 61440 bytes (McAfee, Inc., McAfee NDIS Light Filter Driver)
0x881CD000 C:\Windows\system32\DRIVERS\monitor.sys 61440 bytes (Microsoft Corporation, Monitor Driver)
0x88154000 C:\Windows\System32\Drivers\mup.sys 61440 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0x80797000 C:\Windows\System32\drivers\partmgr.sys 61440 bytes (Microsoft Corporation, Partition Management Driver)
0x8C77A000 C:\Windows\system32\DRIVERS\raspppoe.sys 61440 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0x8C1E4000 C:\Windows\system32\DRIVERS\usbehci.sys 61440 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0x807B3000 C:\Windows\system32\drivers\volmgr.sys 61440 bytes (Microsoft Corporation, Volume Manager Driver)
0x95910000 C:\Windows\System32\cdd.dll 57344 bytes (Microsoft Corporation, Canonical Display Driver)
0x8D07D000 C:\Windows\system32\DRIVERS\netbios.sys 57344 bytes (Microsoft Corporation, NetBIOS interface driver)
0x8CB59000 C:\Windows\System32\Drivers\Npfs.SYS 57344 bytes (Microsoft Corporation, NPFS Driver)
0x82E5D000 C:\Windows\system32\drivers\PCIIDEX.SYS 57344 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0x8BFF0000 C:\Windows\System32\Drivers\crashdmp.sys 53248 bytes (Microsoft Corporation, Crash Dump Driver)
0x8C1F3000 C:\Windows\system32\DRIVERS\umbus.sys 53248 bytes (Microsoft Corporation, User-Mode Bus Enumerator)
0x805BF000 C:\Windows\system32\drivers\WDFLDR.SYS 53248 bytes (Microsoft Corporation, WDFLDR)
0x999B8000 C:\Windows\system32\drivers\mfebopk.sys 49152 bytes (McAfee, Inc., Buffer Overflow Protection Driver)
0x999AC000 C:\Windows\System32\drivers\tcpipreg.sys 49152 bytes (Microsoft Corporation, TCP/IP Registry Compatibility Driver)
0x8CB11000 C:\Windows\System32\drivers\vga.sys 49152 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0x8C0A7000 C:\Windows\System32\drivers\watchdog.sys 49152 bytes (Microsoft Corporation, Watchdog Driver)
0x8C6AE000 C:\Windows\system32\DRIVERS\kbdclass.sys 45056 bytes (Microsoft Corporation, Keyboard Class Driver)
0x8C6EC000 C:\Windows\system32\DRIVERS\mouclass.sys 45056 bytes (Microsoft Corporation, Mouse Class Driver)
0x8CB4E000 C:\Windows\System32\Drivers\Msfs.SYS 45056 bytes (Microsoft Corporation, Mailslot driver)
0x8C74C000 C:\Windows\system32\DRIVERS\ndistapi.sys 45056 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0x8C72A000 C:\Windows\system32\DRIVERS\TDI.SYS 45056 bytes (Microsoft Corporation, TDI Wrapper)
0x881E4000 C:\Windows\system32\DRIVERS\tunnel.sys 45056 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x807A9000 C:\Windows\system32\DRIVERS\BATTC.SYS 40960 bytes (Microsoft Corporation, Battery Class Driver)
0x8C6A4000 C:\Windows\system32\DRIVERS\DKbFltr.sys 40960 bytes (Dritek System Inc., Dritek PS2 Keyboard Filter Driver)
0x8D000000 C:\Windows\System32\Drivers\dump_diskdump.sys 40960 bytes
0x8BA00000 C:\Windows\System32\drivers\Dxapi.sys 40960 bytes (Microsoft Corporation, DirectX API Driver)
0x82EA1000 C:\Windows\system32\drivers\msahci.sys 40960 bytes (Microsoft Corporation, MS AHCI 1.0 Standard Driver)
0x8C7EE000 C:\Windows\system32\DRIVERS\mssmbios.sys 40960 bytes (Microsoft Corporation, System Management BIOS Driver)
0x82E00000 C:\Windows\system32\DRIVERS\ndisuio.sys 40960 bytes (Microsoft Corporation, NDIS User mode I/O driver)
0x8D0DE000 C:\Windows\system32\drivers\nsiproxy.sys 40960 bytes (Microsoft Corporation, NSI Proxy)
0x999A2000 C:\Windows\System32\Drivers\secdrv.SYS 40960 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver)
0x8C1DA000 C:\Windows\system32\DRIVERS\usbohci.sys 40960 bytes (Microsoft Corporation, OHCI USB Miniport Driver)
0x8CBAD000 C:\Windows\System32\Drivers\aswTdi.SYS 36864 bytes (AVAST Software, avast! TDI Filter Driver)
0x999F0000 C:\Windows\System32\Drivers\BlackBox.SYS 36864 bytes (RKU Driver)
0x881C4000 C:\Windows\system32\drivers\crcdisk.sys 36864 bytes (Microsoft Corporation, Disk Block Verification Filter Driver)
0x8CAFA000 C:\Windows\System32\Drivers\Fs_Rec.SYS 36864 bytes (Microsoft Corporation, File System Recognizer Driver)
0x999C4000 C:\Windows\system32\DRIVERS\hidusb.sys 36864 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0x87DE6000 C:\Windows\system32\DRIVERS\mwlPSDFilter.sys 36864 bytes (Egis Incorporated., PSD Filter Driver)
0x998A9000 C:\Windows\system32\DRIVERS\mwlPSDNServ.sys 36864 bytes (Egis Incorporated., MyWinLocker PSD Named Pipe Driver)
0x8CB67000 C:\Windows\System32\DRIVERS\rasacd.sys 36864 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0x958F0000 C:\Windows\System32\TSDDD.dll 36864 bytes (Microsoft Corporation, Framebuffer Display Driver)
0x881EF000 C:\Windows\system32\DRIVERS\tunmp.sys 36864 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x87FE3000 C:\Windows\system32\DRIVERS\wmiacpi.sys 36864 bytes (Microsoft Corporation, Windows Management Interface for ACPI)
0x8075F000 C:\Windows\system32\drivers\WMILIB.SYS 36864 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0x82E7B000 C:\Windows\system32\drivers\atapi.sys 32768 bytes (Microsoft Corporation, ATAPI IDE Miniport Driver)
0x881BC000 C:\Windows\system32\DRIVERS\AtiPcie.sys 32768 bytes (ATI Technologies Inc., ATI PCIE Driver for ATI PCIE chipset)
0x8041A000 C:\Windows\system32\BOOTVID.dll 32768 bytes (Microsoft Corporation, VGA Boot Driver)
0x999CD000 C:\Windows\system32\DRIVERS\mouhid.sys 32768 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0x80768000 C:\Windows\system32\drivers\msisadrv.sys 32768 bytes (Microsoft Corporation, ISA Driver)
0x8C1D2000 C:\Windows\system32\drivers\NTIDrvr.sys 32768 bytes (NewTech Infosystems, Inc., NTI CD-ROM Filter Driver)
0x8CB3E000 C:\Windows\System32\DRIVERS\RDPCDD.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x8CB46000 C:\Windows\system32\drivers\rdpencdd.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x8814C000 C:\Windows\System32\Drivers\spldr.sys 32768 bytes (Microsoft Corporation, loader for security processor)
0x8C1B2000 C:\Windows\system32\drivers\UBHelper.sys 32768 bytes (NewTech Infosystems Corporation, NTI CDROM Filter Driver)
0x8CB0A000 C:\Windows\System32\Drivers\Beep.SYS 28672 bytes (Microsoft Corporation, BEEP Driver)
0x8D1E8000 C:\Windows\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0x80402000 C:\Windows\system32\kdcom.dll 28672 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0x8CB03000 C:\Windows\System32\Drivers\Null.SYS 28672 bytes (Microsoft Corporation, NULL Driver)
0x82E56000 C:\Windows\system32\drivers\pciide.sys 28672 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
0x8D053000 C:\Windows\System32\Drivers\aswRdr.SYS 20480 bytes (AVAST Software, avast! TDI RDR Driver)
0x8C6F7000 C:\Windows\system32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver)
0x8D0DA000 C:\PROGRA~1\LAUNCH~1\DPortIO.sys 16384 bytes (Dritek System Inc., General Port I/O)
0x8D1F7000 C:\Windows\System32\Drivers\aswFsBlk.SYS 12288 bytes (AVAST Software, avast! File System Access Blocking Driver)
0x807A6000 C:\Windows\system32\DRIVERS\compbatt.sys 12288 bytes (Microsoft Corporation, Composite Battery Driver)
0x8C7C2000 C:\Windows\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0x8C6EA000 C:\Windows\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0x853F01E8 unknown_irp_handler 3608 bytes
0x853EE1E8 unknown_irp_handler 3608 bytes
0x86B281E8 unknown_irp_handler 3608 bytes
0x872D41E8 unknown_irp_handler 3608 bytes
0x8736A1E8 unknown_irp_handler 3608 bytes
0x869CF1E8 unknown_irp_handler 3608 bytes
0x86BCD1E8 unknown_irp_handler 3608 bytes
0x86B211E8 unknown_irp_handler 3608 bytes
0x853EF1E8 unknown_irp_handler 3608 bytes
0x87BA61E8 unknown_irp_handler 3608 bytes
0x84E551E8 unknown_irp_handler 3608 bytes
==============================================
>Stealth
==============================================
WARNING: File locked for read access [C:\Windows\system32\drivers\sptd.sys]


!!POSSIBLE ROOTKIT ACTIVITY DETECTED!! =)
fks is offline  
Old 08-29-2011, 06:45 AM   #5
TSF Team
Manager Emeritus
 
Join Date: Jun 2008
Location: London UK
Posts: 4,966
OS: Windows 7 SP1 x64



Hi fks,

Ok, thanks for running the tool again. The SPTD driver seems to be reluctant to uninstall, however we won't need to address that issue further at this stage.

Please run Combofix.
  1. Download ComboFix from one of these locations:

    Link 1
    Link 2

    * IMPORTANT !!! Place combofix.exe on your Desktop
  2. Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.


    You can get help on disabling your protection programs here

  3. Double click on combofix.exe & follow the prompts.

  4. Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.

  5. When finished, it shall produce a log for you. Post that log in your next reply


    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


    ---------------------------------------------------------------------------------------------

  6. Ensure your AntiVirus and AntiSpyware applications are re-enabled.

    ---------------------------------------------------------------------------------------------
Will Watts is offline  
Old 08-29-2011, 04:28 PM   #6
fks
Registered Member
 
Join Date: Aug 2011
Posts: 10
OS: vista



Hey there. I did the scan and now i am getting some illegal operations attempted on a registry key message and no applications will open unless i open as admin. hence me attaching combo fix via attachment. How do I fix this issue? Thanks,


ComboFix 11-08-29.03 - Hope 08/29/2011 18:58:34.1.1 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.1789.978 [GMT -4:00]
Running from: c:\users\Hope\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Hope\AppData\Roaming\.#
.
.
((((((((((((((((((((((((( Files Created from 2011-07-28 to 2011-08-29 )))))))))))))))))))))))))))))))
.
.
2011-08-29 23:10 . 2011-08-29 23:10 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-08-29 22:06 . 2011-08-29 22:14 -------- d-----w- c:\users\Hope\AppData\Local\Microsoft Games
2011-08-28 19:09 . 2011-08-29 03:42 -------- d-----w- c:\users\Hope\AppData\Roaming\.minecraft
2011-08-27 06:01 . 2011-08-27 06:01 -------- d-----w- c:\windows\CD95F661A5C411AFB2CCABCD21A325B5.TMP
2011-08-27 06:01 . 2011-08-27 06:01 -------- d-----w- c:\users\Hope\AppData\Local\WinZip
2011-08-27 05:59 . 2011-08-27 06:00 -------- d-----w- c:\programdata\WinZip
2011-08-27 01:10 . 2011-07-11 13:25 2048 ----a-w- c:\windows\system32\tzres.dll
2011-08-27 00:55 . 2011-08-12 02:44 7152464 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B3E6BA76-0FC6-42C7-AB07-CEAE79DE6144}\mpengine.dll
2011-08-14 02:50 . 2011-08-14 02:50 -------- d-----w- c:\program files\W3i
2011-08-11 17:01 . 2011-06-17 16:03 375808 ----a-w- c:\windows\system32\winsrv.dll
2011-08-11 17:01 . 2011-07-06 15:31 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-08-11 16:40 . 2011-06-06 10:59 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-08-11 16:34 . 2011-06-20 08:54 3550096 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-08-11 16:34 . 2011-06-20 08:54 3602832 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-08-11 16:33 . 2011-06-17 20:13 905104 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-08-06 06:00 . 2011-08-06 06:00 -------- d-----w- c:\windows\system32\AGEIA
2011-08-06 06:00 . 2011-08-06 06:01 -------- d-----w- c:\program files\AGEIA Technologies
2011-08-06 05:57 . 2011-08-06 05:57 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2011-08-06 05:57 . 2009-03-09 19:27 453456 ----a-w- c:\windows\system32\d3dx10_41.dll
2011-08-06 05:57 . 2009-03-09 19:27 1846632 ----a-w- c:\windows\system32\D3DCompiler_41.dll
2011-08-06 05:57 . 2009-03-16 18:18 69448 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2011-08-06 05:57 . 2009-03-16 18:18 517448 ----a-w- c:\windows\system32\XAudio2_4.dll
2011-08-06 05:55 . 2005-05-26 19:34 2297552 ----a-w- c:\windows\system32\d3dx9_26.dll
2011-08-06 00:21 . 2011-08-06 00:21 -------- d-----w- c:\programdata\WindowsSearch
2011-08-05 23:22 . 2011-05-24 23:14 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-08-03 15:23 . 2011-08-03 15:23 -------- d-----w- c:\programdata\FLEXnet
2011-08-03 15:16 . 2011-08-03 15:16 -------- d-----w- c:\program files\Adobe Media Player
2011-08-03 15:11 . 2011-08-03 15:11 -------- d-----w- c:\program files\Common Files\Adobe AIR
2011-08-03 15:04 . 2011-08-03 15:04 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2011-07-31 03:08 . 2011-08-29 22:41 -------- d-----w- c:\users\Hope\AppData\Roaming\Skype
2011-07-31 03:04 . 2011-07-31 03:07 -------- d-----r- c:\program files\Skype
2011-07-31 03:04 . 2011-07-31 03:04 -------- d-----w- c:\programdata\Skype
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-18 17:02 . 2011-07-18 17:02 161792 ----a-w- c:\windows\system32\msls31.dll
2011-07-18 17:02 . 2011-07-18 17:02 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-07-18 17:02 . 2011-07-18 17:02 86528 ----a-w- c:\windows\system32\iesysprep.dll
2011-07-18 17:02 . 2011-07-18 17:02 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-07-18 17:02 . 2011-07-18 17:02 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-07-18 17:02 . 2011-07-18 17:02 63488 ----a-w- c:\windows\system32\tdc.ocx
2011-07-18 17:02 . 2011-07-18 17:02 367104 ----a-w- c:\windows\system32\html.iec
2011-07-18 17:02 . 2011-07-18 17:02 74752 ----a-w- c:\windows\system32\iesetup.dll
2011-07-18 17:02 . 2011-07-18 17:02 23552 ----a-w- c:\windows\system32\licmgr10.dll
2011-07-18 17:02 . 2011-07-18 17:02 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2011-07-18 17:02 . 2011-07-18 17:02 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-07-18 17:02 . 2011-07-18 17:02 152064 ----a-w- c:\windows\system32\wextract.exe
2011-07-18 17:02 . 2011-07-18 17:02 150528 ----a-w- c:\windows\system32\iexpress.exe
2011-07-18 17:02 . 2011-07-18 17:02 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2011-07-18 17:02 . 2011-07-18 17:02 11776 ----a-w- c:\windows\system32\mshta.exe
2011-07-18 17:02 . 2011-07-18 17:02 35840 ----a-w- c:\windows\system32\imgutil.dll
2011-07-18 17:02 . 2011-07-18 17:02 101888 ----a-w- c:\windows\system32\admparse.dll
2011-07-18 17:01 . 2011-07-18 17:01 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-07-12 03:24 . 2011-07-12 03:24 18944 ----a-r- c:\users\Hope\AppData\Roaming\Microsoft\Installer\{8F018A9E-56DE-4A79-A5EF-25F413F1D538}\IconBB6A16301.exe
2011-07-09 02:40 . 2011-07-09 02:40 40960 ----a-r- c:\users\Hope\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\NewShortcut1_9559F7CA5E344237A2D9D856464AD727.exe
2011-07-09 02:40 . 2011-07-09 02:40 40960 ----a-r- c:\users\Hope\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\ARPPRODUCTICON.exe
2011-06-25 13:51 . 2011-06-25 13:51 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-24 03:34 . 2011-06-24 03:35 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-06-02 13:34 . 2011-07-14 18:29 2043392 ----a-w- c:\windows\system32\win32k.sys
2011-08-23 04:36 . 2011-06-24 04:02 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2011-04-14 18:01 . 2011-06-24 16:01 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{E38FA08E-F56A-4169-ABF5-5C71E3C153A1}"= "c:\program files\Freeze.com\NetAssistant\NetAssistant.dll" [2011-06-22 1718472]
.
[HKEY_CLASSES_ROOT\clsid\{e38fa08e-f56a-4169-abf5-5c71e3c153a1}]
[HKEY_CLASSES_ROOT\NetAssistant.NetAssistantBHO.1]
[HKEY_CLASSES_ROOT\TypeLib\{1E8FC16F-4C51-49C4-BC9B-4FC24BDDCEE7}]
[HKEY_CLASSES_ROOT\NetAssistant.NetAssistantBHO]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E38FA08E-F56A-4169-ABF5-5C71E3C153A1}]
2011-06-22 16:30 1718472 ----a-w- c:\program files\Freeze.com\NetAssistant\NetAssistant.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-10-27 19:05 40496 ----a-w- c:\program files\EgisTec\MyWinLocker 3\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-07-21 17357448]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-06-23 68856]
"InstallIQUpdater"="c:\program files\W3i\InstallIQUpdater\InstallIQUpdater.exe" [2011-08-09 1176064]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2011-06-23 30192]
"BackupManagerTray"="c:\program files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2009-02-17 248576]
"Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2009-02-06 686624]
"EgisTecLiveUpdate"="c:\program files\EgisTec Egis Software Update\EgisUpdate.exe" [2008-10-27 199464]
"mwlDaemon"="c:\program files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe" [2008-10-27 346672]
"Acer Assist Launcher"="c:\program files\Acer\Acer Assist\launcher.exe" [2007-11-19 1261568]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"CarboniteSetupLite"="c:\program files\Carbonite\CarbonitePreinstaller.exe" [2008-10-03 294544]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-04-10 6711840]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-04-10 1833504]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-30 61440]
"Acer Product Registration"="c:\program files\Acer\Acer Registration\ACE1.exe" [2007-11-26 3387392]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-01-09 1418536]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2009-01-17 862728]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-05-05 1195408]
"ArcadeDeluxeAgent"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2009-03-11 156968]
"CLMLServer"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe" [2009-03-11 202024]
"PlayMovie"="c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2009-03-05 173288]
"BackupNowEZtray"="c:\program files\NewTech Infosystems\Backup Now EZ\BackupNowEZtray.exe" [2010-09-17 577792]
"TkBellExe"="c:\program files\Real\RealPlayer\Update\realsched.exe" [2011-07-18 273544]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil10b.exe" [2009-02-03 240544]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-06-24 136176]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2011-04-14 56064]
R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2011-06-23 30192]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-06-24 136176]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-04-14 84488]
R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-09-23 50424]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [2011-04-14 64584]
S1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2011-04-14 165032]
S2 CLHNService;CLHNService;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [2009-03-06 75048]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2009-02-06 653856]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2011-04-14 188136]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2011-04-14 141792]
S2 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [2008-10-09 19504]
S2 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [2008-10-09 16432]
S2 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [2008-10-09 59952]
S2 MWLService;MyWinLocker Service;c:\program files\EgisTec\MyWinLocker 3\x86\\MWLService.exe [2008-10-27 306736]
S2 NTI BackupNowEZSvr;NTI BackupNowEZSvr;c:\program files\NewTech Infosystems\Backup Now EZ\BackupNowEZSvr.exe [2010-09-17 45312]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2009-02-17 44800]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-09-23 144632]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C60x86.sys [2009-01-15 49664]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2011-04-14 314088]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2011-08-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-06-24 04:29]
.
2011-08-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-06-24 04:29]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.facebook.com/
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=2&o=vb32&d=0611&m=aspire_5516
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
TCP: DhcpNameServer = 10.0.0.4
FF - ProfilePath - c:\users\Hope\AppData\Roaming\Mozilla\Firefox\Profiles\6i4j39gx.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-Steam App 39500 - e:\steam\steam.exe
AddRemove-Steam App 4000 - e:\steam\steam.exe
AddRemove-Steam App 4760 - e:\steam\steam.exe
AddRemove-Steam App 4770 - e:\steam\steam.exe
AddRemove-Steam App 48700 - e:\steam\steam.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2011-08-29 19:10
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,38,12,df,c1,0b,
27,57,07,ba,54,e4,0e,43,d0,22,fb,89,5b
"{32004B8A-44A9-43E7-84E9-808838809519}"=hex:51,66,7a,6c,4c,1d,38,12,e4,48,13,
36,9b,0a,89,06,fb,ff,c3,c8,3d,de,d1,0d
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{27B4851A-3207-45A2-B947-BE8AFE6163AB}"=hex:51,66,7a,6c,4c,1d,38,12,74,86,a7,
23,35,7c,cc,00,c6,51,fd,ca,fb,3f,27,bf
"{3049C3E9-B461-4BC5-8870-4C09146192CA}"=hex:51,66,7a,6c,4c,1d,38,12,87,c0,5a,
34,53,fa,ab,0e,f7,66,0f,49,11,3f,d6,de
"{53707962-6F74-2D53-2644-206D7942484F}"=hex:51,66,7a,6c,4c,1d,38,12,0c,7a,63,
57,46,21,3d,68,59,52,63,2d,7c,1c,0c,5b
"{7DB2D5A0-7241-4E79-B68D-6309F01C5231}"=hex:51,66,7a,6c,4c,1d,38,12,ce,d6,a1,
79,73,3c,17,0b,c9,9b,20,49,f5,42,16,25
"{8C423C72-F06E-43B3-A3E8-A435FFF9E9E0}"=hex:51,66,7a,6c,4c,1d,38,12,1c,3f,51,
88,5c,be,dd,06,dc,fe,e7,75,fa,a7,ad,f4
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,38,12,36,ee,4b,
ae,ef,4f,ff,08,fc,25,8c,50,52,2a,37,e3
"{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}"=hex:51,66,7a,6c,4c,1d,38,12,2d,dd,7a,
ab,6a,33,56,03,c9,ec,8d,26,b0,f3,64,49
"{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}"=hex:51,66,7a,6c,4c,1d,38,12,b0,f3,37,
dc,52,73,39,0a,e1,a7,25,43,3b,93,ce,af
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{E38FA08E-F56A-4169-ABF5-5C71E3C153A1}"=hex:51,66,7a,6c,4c,1d,38,12,e0,a3,9c,
e7,58,bb,07,04,d4,e3,1f,31,e6,9f,17,b5
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:54,f7,70,04,ca,4e,cc,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,82,79,d2,4a,26,c0,9b,42,81,93,06,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,82,79,d2,4a,26,c0,9b,42,81,93,06,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(2372)
c:\program files\EgisTec\MyWinLocker 3\x86\psdprotect.dll
c:\program files\EgisTec\MyWinLocker 3\x86\sysenv.dll
c:\program files\EgisTec\MyWinLocker 3\x86\mwlUI.dll
c:\program files\EgisTec\MyWinLocker 3\x86\GDIExtendCtrl.dll
c:\program files\EgisTec\MyWinLocker 3\x86\mwlOP.dll
c:\program files\EgisTec\MyWinLocker 3\x86\CryptoAPI.dll
c:\program files\EgisTec\MyWinLocker 3\x86\ShowErrMsg.dll
c:\program files\Acer\Acer ePower Management\SysHook.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
Completion time: 2011-08-29 19:18:29
ComboFix-quarantined-files.txt 2011-08-29 23:18
.
Pre-Run: 99,037,765,632 bytes free
Post-Run: 99,193,028,608 bytes free
.
- - End Of File - - 9999B3CEA3CB3A16D3E25D33AEFB238C
Attached Files
File Type: txt ComboFix Report.txt (18.4 KB, 40 views)
fks is offline  
Old 08-29-2011, 04:55 PM   #7
TSF Team
Manager Emeritus
 
Join Date: Jun 2008
Location: London UK
Posts: 4,966
OS: Windows 7 SP1 x64



Hi, please restart the computer and let me know if the problem persists.
  • Download TDSSKiller.exe to your desktop
  • Execute TDSSKiller.exe by doubleclicking on it.
  • Press Start Scan
  • If Malicious objects are found, ensure Skip is selected.
    NOTE: Please do not attempt any fix yet.
  • Click Continue then click Reboot now.
  • Once complete, a log will be produced at the root drive which is typically C:\
    For example, C:\TDSSKiller.2.5.17.0_date_time_log.txt
  • Attach that log, please.
--------------------------------------
Will Watts is offline  
Old 08-31-2011, 08:07 AM   #8
fks
Registered Member
 
Join Date: Aug 2011
Posts: 10
OS: vista



Thanks, after I rebooted my computer is working fine.

Below is the TDSSKILLER report:

2011/08/30 23:01:27.0730 5404 TDSS rootkit removing tool 2.5.17.0 Aug 22 2011 15:46:57
2011/08/30 23:01:27.0777 5404 ================================================================================
2011/08/30 23:01:27.0777 5404 SystemInfo:
2011/08/30 23:01:27.0777 5404
2011/08/30 23:01:27.0777 5404 OS Version: 6.0.6002 ServicePack: 2.0
2011/08/30 23:01:27.0777 5404 Product type: Workstation
2011/08/30 23:01:27.0777 5404 ComputerName: HOPE-PC
2011/08/30 23:01:27.0777 5404 UserName: Hope
2011/08/30 23:01:27.0777 5404 Windows directory: C:\Windows
2011/08/30 23:01:27.0777 5404 System windows directory: C:\Windows
2011/08/30 23:01:27.0777 5404 Processor architecture: Intel x86
2011/08/30 23:01:27.0777 5404 Number of processors: 1
2011/08/30 23:01:27.0777 5404 Page size: 0x1000
2011/08/30 23:01:27.0777 5404 Boot type: Normal boot
2011/08/30 23:01:27.0777 5404 ================================================================================
2011/08/30 23:01:28.0900 5404 Initialize success
2011/08/30 23:01:32.0207 5076 ================================================================================
2011/08/30 23:01:32.0207 5076 Scan started
2011/08/30 23:01:32.0207 5076 Mode: Manual;
2011/08/30 23:01:32.0207 5076 ================================================================================
2011/08/30 23:01:33.0814 5076 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2011/08/30 23:01:33.0892 5076 adfs (6d7f09cd92a9fef3a8efce66231fdd79) C:\Windows\system32\drivers\adfs.sys
2011/08/30 23:01:34.0079 5076 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
2011/08/30 23:01:34.0251 5076 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
2011/08/30 23:01:34.0407 5076 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
2011/08/30 23:01:34.0563 5076 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
2011/08/30 23:01:34.0750 5076 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
2011/08/30 23:01:34.0844 5076 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
2011/08/30 23:01:35.0000 5076 ahcix86s (03081e98c515cb838434d252f407f6e8) C:\Windows\system32\DRIVERS\ahcix86s.sys
2011/08/30 23:01:35.0156 5076 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/08/30 23:01:35.0312 5076 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
2011/08/30 23:01:35.0483 5076 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
2011/08/30 23:01:35.0624 5076 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
2011/08/30 23:01:35.0686 5076 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
2011/08/30 23:01:35.0764 5076 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\DRIVERS\amdk8.sys
2011/08/30 23:01:35.0998 5076 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
2011/08/30 23:01:36.0232 5076 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
2011/08/30 23:01:36.0372 5076 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/08/30 23:01:36.0419 5076 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
2011/08/30 23:01:36.0560 5076 athr (99d78248bfd454bfa9b5bec37350fade) C:\Windows\system32\DRIVERS\athr.sys
2011/08/30 23:01:36.0872 5076 atikmdag (7526ad10925d1aa9e4e6b0fb393b701f) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/08/30 23:01:37.0059 5076 AtiPcie (5a1465ad2e7c1bc39cda12a355329096) C:\Windows\system32\DRIVERS\AtiPcie.sys
2011/08/30 23:01:37.0184 5076 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/08/30 23:01:37.0340 5076 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
2011/08/30 23:01:37.0418 5076 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
2011/08/30 23:01:37.0464 5076 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/08/30 23:01:37.0511 5076 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/08/30 23:01:37.0636 5076 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/08/30 23:01:37.0698 5076 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/08/30 23:01:37.0761 5076 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/08/30 23:01:37.0792 5076 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/08/30 23:01:37.0932 5076 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2011/08/30 23:01:38.0135 5076 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/08/30 23:01:38.0229 5076 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2011/08/30 23:01:38.0432 5076 cfwids (7fd604cd7a7a0ff8975af61bdf64c577) C:\Windows\system32\drivers\cfwids.sys
2011/08/30 23:01:38.0619 5076 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
2011/08/30 23:01:38.0915 5076 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2011/08/30 23:01:39.0321 5076 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/08/30 23:01:39.0524 5076 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
2011/08/30 23:01:39.0633 5076 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
2011/08/30 23:01:39.0758 5076 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
2011/08/30 23:01:39.0867 5076 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
2011/08/30 23:01:40.0132 5076 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
2011/08/30 23:01:40.0444 5076 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2011/08/30 23:01:40.0616 5076 DKbFltr (73baf270d24fe726b9cd7f80bb17a23d) C:\Windows\system32\DRIVERS\DKbFltr.sys
2011/08/30 23:01:40.0772 5076 DritekPortIO (5c918d413f5837e67a85775c9873775e) C:\PROGRA~1\LAUNCH~1\DPortIO.sys
2011/08/30 23:01:41.0068 5076 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2011/08/30 23:01:41.0146 5076 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
2011/08/30 23:01:41.0474 5076 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/08/30 23:01:41.0817 5076 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
2011/08/30 23:01:42.0207 5076 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
2011/08/30 23:01:42.0581 5076 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
2011/08/30 23:01:42.0846 5076 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
2011/08/30 23:01:43.0018 5076 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
2011/08/30 23:01:43.0798 5076 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
2011/08/30 23:01:44.0360 5076 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/08/30 23:01:44.0968 5076 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/08/30 23:01:45.0389 5076 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/08/30 23:01:45.0623 5076 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
2011/08/30 23:01:45.0842 5076 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/08/30 23:01:46.0419 5076 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
2011/08/30 23:01:46.0918 5076 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
2011/08/30 23:01:47.0667 5076 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/08/30 23:01:47.0823 5076 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/08/30 23:01:47.0854 5076 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/08/30 23:01:47.0979 5076 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
2011/08/30 23:01:48.0119 5076 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
2011/08/30 23:01:48.0213 5076 HTTP (0eeeca26c8d4bde2a4664db058a81937) C:\Windows\system32\drivers\HTTP.sys
2011/08/30 23:01:48.0338 5076 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
2011/08/30 23:01:48.0416 5076 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/08/30 23:01:48.0478 5076 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
2011/08/30 23:01:48.0806 5076 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/08/30 23:01:49.0180 5076 IntcAzAudAddService (33a8c13c71698218be432020cc668d5c) C:\Windows\system32\drivers\RTKVHDA.sys
2011/08/30 23:01:49.0336 5076 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
2011/08/30 23:01:49.0414 5076 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2011/08/30 23:01:49.0492 5076 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/08/30 23:01:49.0820 5076 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
2011/08/30 23:01:49.0866 5076 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/08/30 23:01:49.0944 5076 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/08/30 23:01:50.0007 5076 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
2011/08/30 23:01:50.0085 5076 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/08/30 23:01:50.0225 5076 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/08/30 23:01:50.0288 5076 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/08/30 23:01:50.0334 5076 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/08/30 23:01:50.0475 5076 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/08/30 23:01:50.0568 5076 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
2011/08/30 23:01:50.0724 5076 L1C (e7ec4dc9192166e7adb76c9fe3f10709) C:\Windows\system32\DRIVERS\L1C60x86.sys
2011/08/30 23:01:50.0834 5076 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/08/30 23:01:50.0927 5076 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
2011/08/30 23:01:51.0099 5076 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
2011/08/30 23:01:51.0161 5076 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
2011/08/30 23:01:51.0224 5076 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2011/08/30 23:01:51.0411 5076 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
2011/08/30 23:01:51.0473 5076 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
2011/08/30 23:01:51.0614 5076 mfeapfk (113445fc6a858ef453cded5b0a0df665) C:\Windows\system32\drivers\mfeapfk.sys
2011/08/30 23:01:51.0660 5076 mfeavfk (dbf6e1b388d5c070d438c61adb990c30) C:\Windows\system32\drivers\mfeavfk.sys
2011/08/30 23:01:51.0707 5076 mfebopk (a528b15e330edb83ea649be318d841d5) C:\Windows\system32\drivers\mfebopk.sys
2011/08/30 23:01:51.0801 5076 mfefirek (c7da1b8003c89acedaa13768f7a1c622) C:\Windows\system32\drivers\mfefirek.sys
2011/08/30 23:01:51.0926 5076 mfehidk (5e9679bb2fc4fa38ec8ca906c47acd46) C:\Windows\system32\drivers\mfehidk.sys
2011/08/30 23:01:52.0066 5076 mfenlfk (3a1aa28066785449da570462e0532d0c) C:\Windows\system32\DRIVERS\mfenlfk.sys
2011/08/30 23:01:52.0191 5076 mferkdet (ce1711f7c3f72f6762abd241dcfd5ee1) C:\Windows\system32\drivers\mferkdet.sys
2011/08/30 23:01:52.0269 5076 mfewfpk (b2baac6bbedda3e26e82db13fa0e5bee) C:\Windows\system32\drivers\mfewfpk.sys
2011/08/30 23:01:52.0409 5076 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2011/08/30 23:01:52.0456 5076 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2011/08/30 23:01:52.0503 5076 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2011/08/30 23:01:52.0550 5076 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2011/08/30 23:01:52.0674 5076 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2011/08/30 23:01:52.0737 5076 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
2011/08/30 23:01:52.0799 5076 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2011/08/30 23:01:52.0940 5076 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/08/30 23:01:53.0049 5076 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
2011/08/30 23:01:53.0127 5076 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/08/30 23:01:53.0267 5076 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/08/30 23:01:53.0298 5076 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/08/30 23:01:53.0392 5076 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
2011/08/30 23:01:53.0532 5076 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
2011/08/30 23:01:53.0626 5076 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2011/08/30 23:01:53.0673 5076 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2011/08/30 23:01:53.0860 5076 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2011/08/30 23:01:53.0907 5076 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/08/30 23:01:54.0000 5076 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2011/08/30 23:01:54.0078 5076 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
2011/08/30 23:01:54.0219 5076 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/08/30 23:01:54.0281 5076 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2011/08/30 23:01:54.0359 5076 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
2011/08/30 23:01:54.0484 5076 mwlPSDFilter (2de94e435c3efde58c7b1856d4f20724) C:\Windows\system32\DRIVERS\mwlPSDFilter.sys
2011/08/30 23:01:54.0531 5076 mwlPSDNServ (61920a7146eed3d903dbbb8ec295af76) C:\Windows\system32\DRIVERS\mwlPSDNServ.sys
2011/08/30 23:01:54.0593 5076 mwlPSDVDisk (e0f49721e68ebd2983e84c44fada6665) C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys
2011/08/30 23:01:54.0749 5076 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
2011/08/30 23:01:54.0843 5076 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
2011/08/30 23:01:54.0952 5076 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/08/30 23:01:55.0030 5076 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/08/30 23:01:55.0092 5076 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/08/30 23:01:55.0155 5076 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2011/08/30 23:01:55.0280 5076 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2011/08/30 23:01:55.0342 5076 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
2011/08/30 23:01:55.0451 5076 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/08/30 23:01:55.0607 5076 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
2011/08/30 23:01:55.0701 5076 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2011/08/30 23:01:55.0841 5076 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
2011/08/30 23:01:56.0091 5076 NTIDrvr (6dcaa65f49ef3b97a5cffc0cb5de1c2f) C:\Windows\system32\drivers\NTIDrvr.sys
2011/08/30 23:01:56.0169 5076 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/08/30 23:01:56.0231 5076 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2011/08/30 23:01:56.0340 5076 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
2011/08/30 23:01:56.0403 5076 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
2011/08/30 23:01:56.0465 5076 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
2011/08/30 23:01:56.0637 5076 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
2011/08/30 23:01:56.0824 5076 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2011/08/30 23:01:56.0902 5076 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
2011/08/30 23:01:56.0964 5076 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2011/08/30 23:01:57.0120 5076 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
2011/08/30 23:01:57.0198 5076 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
2011/08/30 23:01:57.0261 5076 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2011/08/30 23:01:57.0448 5076 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/08/30 23:01:57.0744 5076 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2011/08/30 23:01:57.0807 5076 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
2011/08/30 23:01:57.0900 5076 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
2011/08/30 23:01:58.0150 5076 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
2011/08/30 23:01:58.0337 5076 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/08/30 23:01:58.0415 5076 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2011/08/30 23:01:58.0462 5076 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2011/08/30 23:01:58.0524 5076 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/08/30 23:01:58.0680 5076 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/08/30 23:01:58.0727 5076 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
2011/08/30 23:01:58.0805 5076 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
2011/08/30 23:01:58.0868 5076 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/08/30 23:01:59.0008 5076 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
2011/08/30 23:01:59.0102 5076 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2011/08/30 23:01:59.0258 5076 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
2011/08/30 23:01:59.0414 5076 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2011/08/30 23:01:59.0570 5076 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/08/30 23:01:59.0710 5076 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/08/30 23:01:59.0882 5076 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2011/08/30 23:01:59.0928 5076 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2011/08/30 23:01:59.0975 5076 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2011/08/30 23:02:00.0069 5076 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
2011/08/30 23:02:00.0116 5076 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
2011/08/30 23:02:00.0162 5076 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
2011/08/30 23:02:00.0209 5076 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/08/30 23:02:00.0303 5076 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
2011/08/30 23:02:00.0350 5076 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
2011/08/30 23:02:00.0506 5076 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
2011/08/30 23:02:00.0599 5076 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
2011/08/30 23:02:00.0708 5076 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2011/08/30 23:02:00.0911 5076 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
2011/08/30 23:02:01.0130 5076 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
2011/08/30 23:02:01.0192 5076 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
2011/08/30 23:02:01.0410 5076 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2011/08/30 23:02:01.0488 5076 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/08/30 23:02:01.0551 5076 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/08/30 23:02:01.0582 5076 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/08/30 23:02:01.0644 5076 SynTP (32c0296ae115906679d94957f501e8db) C:\Windows\system32\DRIVERS\SynTP.sys
2011/08/30 23:02:01.0878 5076 Tcpip (2756186e287139310997090797e0182b) C:\Windows\system32\drivers\tcpip.sys
2011/08/30 23:02:02.0050 5076 Tcpip6 (2756186e287139310997090797e0182b) C:\Windows\system32\DRIVERS\tcpip.sys
2011/08/30 23:02:02.0284 5076 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
2011/08/30 23:02:02.0346 5076 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2011/08/30 23:02:02.0393 5076 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2011/08/30 23:02:02.0456 5076 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
2011/08/30 23:02:02.0596 5076 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
2011/08/30 23:02:02.0736 5076 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/08/30 23:02:02.0799 5076 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2011/08/30 23:02:02.0924 5076 tunnel (119b8184e106baedc83fce5ddf3950da) C:\Windows\system32\DRIVERS\tunnel.sys
2011/08/30 23:02:02.0955 5076 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
2011/08/30 23:02:03.0033 5076 UBHelper (d79c0b9bb011218b93705cbf77fa3e5e) C:\Windows\system32\drivers\UBHelper.sys
2011/08/30 23:02:03.0173 5076 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
2011/08/30 23:02:03.0376 5076 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
2011/08/30 23:02:03.0423 5076 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
2011/08/30 23:02:03.0563 5076 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/08/30 23:02:03.0610 5076 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/08/30 23:02:03.0672 5076 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/08/30 23:02:03.0844 5076 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
2011/08/30 23:02:03.0922 5076 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/08/30 23:02:03.0984 5076 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/08/30 23:02:04.0140 5076 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
2011/08/30 23:02:04.0234 5076 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
2011/08/30 23:02:04.0296 5076 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys
2011/08/30 23:02:04.0359 5076 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
2011/08/30 23:02:04.0484 5076 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/08/30 23:02:04.0546 5076 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/08/30 23:02:04.0608 5076 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
2011/08/30 23:02:04.0764 5076 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/08/30 23:02:04.0811 5076 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/08/30 23:02:04.0874 5076 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
2011/08/30 23:02:04.0905 5076 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
2011/08/30 23:02:04.0967 5076 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
2011/08/30 23:02:05.0014 5076 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2011/08/30 23:02:05.0076 5076 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
2011/08/30 23:02:05.0279 5076 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
2011/08/30 23:02:05.0373 5076 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
2011/08/30 23:02:05.0482 5076 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/08/30 23:02:05.0607 5076 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/08/30 23:02:05.0654 5076 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/08/30 23:02:05.0716 5076 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
2011/08/30 23:02:05.0810 5076 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2011/08/30 23:02:06.0153 5076 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/08/30 23:02:06.0324 5076 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
2011/08/30 23:02:06.0449 5076 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/08/30 23:02:06.0590 5076 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/08/30 23:02:06.0714 5076 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
2011/08/30 23:02:06.0761 5076 Boot (0x1200) (12a2819d345a4fb01f03e6c7e6799c60) \Device\Harddisk0\DR0\Partition0
2011/08/30 23:02:06.0777 5076 ================================================================================
2011/08/30 23:02:06.0777 5076 Scan finished
2011/08/30 23:02:06.0777 5076 ================================================================================
2011/08/30 23:02:06.0808 6036 Detected object count: 0
2011/08/30 23:02:06.0808 6036 Actual detected object count: 0
fks is offline  
Old 08-31-2011, 08:19 AM   #9
TSF Team
Manager Emeritus
 
Join Date: Jun 2008
Location: London UK
Posts: 4,966
OS: Windows 7 SP1 x64



Hi fks,

Please rerun our initial scanners DDS and GMER and attach the logs produced in your next reply.

Please also find the log located at C:\Qoobox\ComboFix-quarantined-files.txt and post this in your next reply.
Will Watts is offline  
Old 09-01-2011, 05:00 PM   #10
fks
Registered Member
 
Join Date: Aug 2011
Posts: 10
OS: vista



here is the DDS:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by Hope at 23:46:07 on 2011-08-31
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.1789.1032 [GMT -4:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
C:\Windows\system32\mfevtps.exe
C:\Program Files\EgisTec\MyWinLocker 3\x86\MWLService.exe
C:\Program Files\NewTech Infosystems\Backup Now EZ\BackupNowEZSvr.exe
C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe
C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
C:\Program Files\Carbonite\CarbonitePreinstaller.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe
C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe
C:\Program Files\NewTech Infosystems\Backup Now EZ\BackupNowEZtray.exe
C:\Program Files\Real\RealPlayer\Update\realsched.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\W3i\InstallIQUpdater\InstallIQUpdater.exe
C:\Windows\system32\taskeng.exe
C:\Users\Hope\AppData\Local\Temp\RtkBtMnt.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.facebook.com/
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=2&o=vb32&d=0611&m=aspire_5516
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
uURLSearchHooks: NetAssistant: {e38fa08e-f56a-4169-abf5-5c71e3c153a1} - c:\program files\freeze.com\netassistant\NetAssistant.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20110724120433.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: WeCareReminder Class: {d824f0de-3d60-4f57-9eb1-66033ecd8abb} - c:\programdata\wecarereminder\IEHelperv2.5.0.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: NetAssistant: {e38fa08e-f56a-4169-abf5-5c71e3c153a1} - c:\program files\freeze.com\netassistant\NetAssistant.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [InstallIQUpdater] "c:\program files\w3i\installiqupdater\InstallIQUpdater.exe" /silent /autorun
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [BackupManagerTray] "c:\program files\newtech infosystems\acer backup manager\BackupManagerTray.exe" -k
mRun: [Acer ePower Management] c:\program files\acer\acer epower management\ePowerTray.exe
mRun: [EgisTecLiveUpdate] "c:\program files\egistec egis software update\EgisUpdate.exe"
mRun: [mwlDaemon] c:\program files\egistec\mywinlocker 3\x86\mwlDaemon.exe
mRun: [Acer Assist Launcher] c:\program files\acer\acer assist\launcher.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [CarboniteSetupLite] "c:\program files\carbonite\CarbonitePreinstaller.exe" /preinstalled
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe
mRun: [Skytel] c:\program files\realtek\audio\hda\Skytel.exe
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [Acer Product Registration] "c:\program files\acer\acer registration\ACE1.exe" /startup
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [LManager] c:\progra~1\launch~1\LManager.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [ArcadeDeluxeAgent] "c:\program files\acer arcade deluxe\acer arcade deluxe\ArcadeDeluxeAgent.exe"
mRun: [CLMLServer] "c:\program files\acer arcade deluxe\acer arcade deluxe\kernel\clml\CLMLSvc.exe"
mRun: [PlayMovie] "c:\program files\acer arcade deluxe\playmovie\PMVService.exe"
mRun: [BackupNowEZtray] "c:\program files\newtech infosystems\backup now ez\BackupNowEZtray.exe" -k
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
dRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10b.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: DhcpNameServer = 4.2.2.2 8.8.8.8
TCP: Interfaces\{0C8072CD-8C60-4297-8A08-B6B8C39997C6} : DhcpNameServer = 4.2.2.2 8.8.8.8
TCP: Interfaces\{41CB4E52-6312-46EC-AE19-2AC09A59BF3B} : DhcpNameServer = 204.111.1.210 204.111.1.195
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
AppInit_DLLs: c:\progra~1\google\google~1\GoogleDesktopNetwork3.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\hope\appdata\roaming\mozilla\firefox\profiles\6i4j39gx.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2011-6-24 387480]
R1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\drivers\mfenlfk.sys [2011-6-24 64584]
R1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2011-6-24 165032]
R2 CLHNService;CLHNService;c:\program files\acer arcade deluxe\homemedia\kernel\dmp\CLHNService.exe [2011-6-25 75048]
R2 ePowerSvc;Acer ePower Service;c:\program files\acer\acer epower management\ePowerSvc.exe [2009-4-18 653856]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-6-24 271480]
R2 McShield;McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2011-6-24 171168]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2011-6-24 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2011-6-24 141792]
R2 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\drivers\mwlPSDFilter.sys [2008-10-9 19504]
R2 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\drivers\mwlPSDNserv.sys [2008-10-9 16432]
R2 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\drivers\mwlPSDVDisk.sys [2008-10-9 59952]
R2 MWLService;MyWinLocker Service;c:\program files\egistec\mywinlocker 3\x86\MWLService.exe [2008-10-27 306736]
R2 NTI BackupNowEZSvr;NTI BackupNowEZSvr;c:\program files\newtech infosystems\backup now ez\BackupNowEZSvr.exe [2010-9-17 45312]
R2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files\newtech infosystems\acer backup manager\IScheduleSvc.exe [2009-2-17 44800]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\newtech infosystems\nti backup now 5\SchedulerSvc.exe [2008-9-23 144632]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2011-6-25 1153368]
R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\L1C60x86.sys [2009-4-18 49664]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2011-6-24 153280]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2011-6-24 52320]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2011-6-24 314088]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-6-24 136176]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2011-6-24 56064]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2009-4-18 30192]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-6-24 136176]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-6-24 84488]
S3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\newtech infosystems\nti backup now 5\BackupSvc.exe [2008-9-23 50424]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2011-08-31 15:30:49 -------- d-----w- c:\users\hope\appdata\roaming\.minecraft
2011-08-31 02:36:10 7152464 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{0191c291-d777-479a-8d56-100a0f6a5f2b}\mpengine.dll
2011-08-29 23:15:28 -------- d-sh--w- C:\$RECYCLE.BIN
2011-08-29 2223 -------- d-----w- c:\users\hope\appdata\local\Microsoft Games
2011-08-29 21:27:41 98816 ----a-w- c:\windows\sed.exe
2011-08-29 21:27:41 518144 ----a-w- c:\windows\SWREG.exe
2011-08-29 21:27:41 256000 ----a-w- c:\windows\PEV.exe
2011-08-29 21:27:41 208896 ----a-w- c:\windows\MBR.exe
2011-08-27 06:01:41 -------- d-----w- c:\windows\CD95F661A5C411AFB2CCABCD21A325B5.TMP
2011-08-27 06:01:11 -------- d-----w- c:\users\hope\appdata\local\WinZip
2011-08-27 01:10:46 2048 ----a-w- c:\windows\system32\tzres.dll
2011-08-14 02:50:16 -------- d-----w- c:\program files\W3i
2011-08-11 17:01:42 375808 ----a-w- c:\windows\system32\winsrv.dll
2011-08-11 17:01:12 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-08-11 16:40:13 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2011-08-11 16:34:13 3550096 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-08-11 16:34:12 3602832 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-08-11 16:33:40 905104 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-08-06 06:00:38 -------- d-----w- c:\windows\system32\AGEIA
2011-08-06 05:57:43 -------- d-----w- c:\program files\common files\Wise Installation Wizard
2011-08-06 05:57:24 453456 ----a-w- c:\windows\system32\d3dx10_41.dll
2011-08-06 05:57:24 1846632 ----a-w- c:\windows\system32\D3DCompiler_41.dll
2011-08-06 05:57:20 69448 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2011-08-06 05:57:19 517448 ----a-w- c:\windows\system32\XAudio2_4.dll
2011-08-06 05:55:49 2297552 ----a-w- c:\windows\system32\d3dx9_26.dll
2011-08-05 23:22:28 7152464 ----a-w- c:\programdata\microsoft\windows defender\definition updates\backup\mpengine.dll
2011-08-05 23:22:16 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-08-03 15:04:29 -------- d-----w- c:\program files\common files\Macrovision Shared
.
==================== Find3M ====================
.
2011-07-22 02:54:43 1797632 ----a-w- c:\windows\system32\jscript9.dll
2011-07-22 02:48:26 1126912 ----a-w- c:\windows\system32\wininet.dll
2011-07-22 02:44:36 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-07-18 17:01:59 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-06-25 13:51:42 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-24 03:34:14 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-06-23 22:33:10 0 ----a-w- c:\windows\ativpsrm.bin
.
============= FINISH: 23:47:33.58 ===============
Attached Files
File Type: zip gmer (2).zip (8.7 KB, 39 views)
File Type: txt ComboFix-quarantined-files.txt (1.0 KB, 47 views)
fks is offline  
Old 09-02-2011, 02:24 AM   #11
TSF Team
Manager Emeritus
 
Join Date: Jun 2008
Location: London UK
Posts: 4,966
OS: Windows 7 SP1 x64



Hi fks, that log is looking better now. I see you've also uninstalled Avast!, is McAfee working correctly? In future, remember to only ever have one antivirus program installed at any time.

Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location.
  • Please post contents of that file in your next reply.
--------------------------------------

It's important to run an online scan to search for any remnants that may be lurking. Please go to here to run an online scannner from ESET.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked, and the option Scan unwanted applications is checked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click Scan
  • Wait for the scan to finish
  • If any threats were found, click the 'List of found threats' , then click Export to text file....
  • Save it to your desktop, then please copy and paste that log as a reply to this topic.
------------------------------------------------------
Will Watts is offline  
Old 09-02-2011, 08:02 AM   #12
fks
Registered Member
 
Join Date: Aug 2011
Posts: 10
OS: vista



I will post shortly, just a quick question..

Could you give an unofficial recommendation on what antivirus tools are most effective? I simply have no clue. Is free ware like avast worth using or is something like Norton more useful?
fks is offline  
Old 09-02-2011, 08:11 AM   #13
TSF Team
Manager Emeritus
 
Join Date: Jun 2008
Location: London UK
Posts: 4,966
OS: Windows 7 SP1 x64



Hi,

Personally I use Microsoft Security Essentials, although Avast! is also an excellent choice. As for whether to go for a paid suite, it depends on your needs and whether you don't mind using multiple free programs, over a single suite. I will provide some more information about free programs I use once your machine has been cleaned.

Please see this topic for more information:
PC Safety and Security - What Do I Need?
Will Watts is offline  
Old 09-02-2011, 11:36 AM   #14
fks
Registered Member
 
Join Date: Aug 2011
Posts: 10
OS: vista



Below is the Malwarebites log, nothing was detected from the eset scan and so i couldn't find any logs to post:

Malwarebytes' Anti-Malware 1.51.1.1800
Malwarebytes : Free anti-malware, anti-virus and spyware removal download

Database version: 7637

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421

9/2/2011 11:22:20 AM
mbam-log-2011-09-02 (11-22-19).txt

Scan type: Quick scan
Objects scanned: 163062
Time elapsed: 17 minute(s), 16 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
fks is offline  
Old 09-02-2011, 11:43 AM   #15
TSF Team
Manager Emeritus
 
Join Date: Jun 2008
Location: London UK
Posts: 4,966
OS: Windows 7 SP1 x64



Hi fks,

Congratulations, your logs are clean!

Disconnect from the internet and disable your AntiVirus temporarily.

Go to Start -> copy/paste the following single line command into the Search box and press Enter:

ComboFix /Uninstall
This will uninstall ComboFix. It will also implement some cleanup procedures and reset System Restore points.

Re-enable your AntiVirus now. Reconnect to the internet at your leisure.
------------------------------------------------------

To help protect your computer in the future I recommend that you follow these steps and look into the following free programs:

MICROSOFT UPDATES

It is very important that you get all of the critical updates for your Operating System and Internet Explorer. Keeping your OS and browser up to date will help make you less susceptible to attacks by Trojans and viruses. Please go to Microsoft and download all the critical updates to help prevent possible re-infection.

SOFTWARE
You need an antivirus that is continually updated and a good firewall. In Windows Vista and 7, the Windows inbuilt firewall is usually sufficient, but XP users are recommended to have a good 3rd party firewall. However, be very wary with any security software that is advertised in popups. They are not only usually of no use, but often have malware in them. If you ever have doubts about the legitimacy of an anti-spyware or anti-virus program, it is best to post your question in our General Security forum.

Remember never to install more than one AntiVirus program as they will conflict with each other.
  • WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam, and helps to protect your computer against online threats when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
    • Green to go
    • Yellow for caution
    • Red to stop

    WOT and has an add-on available for all major browsers.

  • Winpatrol is heuristic protection program, meaning it looks for patterns in codes that work like malware. It also takes a snapshot of your system's critical resources and alerts you to any changes that may occur without you knowing. You can read more about Winpatrol's features here. The Plus Version has more features, and you can read Winpatrol's FAQ if you run into any problems.

  • MVPS HOSTS FILE replaces your current HOSTS file with one that will restrict known ad sites from serving you unsolicited advertisements. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is the IP of your local computer. Windows Vista users see here, and Windows 7 users see here. Note that if you use a company provided HOSTS file you should not use the MVPS HOSTS file.

  • ERUNT will create daily complete backups of your computer's Registry. Whilst System Restore does the same thing, a corrupt registry file may prevent Windows from booting & this effectively renders System Restore unavailable by simple means. With ERUNT, you're able to restore the damaged Registry.

    Vista/Windows 7 users - see this link for proper setup of Erunt Automatically Backup your Windows Vista Registry daily using ERUNT - The Winhelponline Blog

SPYWARE PREVENTION

In light of your recent troubles, I'm sure you'll like to avoid any future infections. Please take a look at these well written articles

PC Safety & Security - What Do I Need?
Think Prevention

Have a look here if your PC is still running a bit slow
Is your PC running slow...?

Please respond to this thread one more time so we can mark this issue as resolved.
Will Watts is offline  
Old 09-03-2011, 08:09 AM   #16
fks
Registered Member
 
Join Date: Aug 2011
Posts: 10
OS: vista



Thank you for all your help I really appreciate it!
fks is offline  
Old 09-03-2011, 08:14 AM   #17
TSF Team
Manager Emeritus
 
Join Date: Jun 2008
Location: London UK
Posts: 4,966
OS: Windows 7 SP1 x64



Your welcome!
Will Watts is offline  
Old 09-03-2011, 08:18 AM   #18
fks
Registered Member
 
Join Date: Aug 2011
Posts: 10
OS: vista



OUt of curiosity what was my computer infected with? Was is it a mild or really dangerous virus?

Thanks Again!
fks is offline  
Old 09-03-2011, 08:23 AM   #19
TSF Team
Manager Emeritus
 
Join Date: Jun 2008
Location: London UK
Posts: 4,966
OS: Windows 7 SP1 x64



Hi fks, you had a Master Boot Record (MBR) infection which Combofix dealt with. These are often hard to detect, and if something goes wrong in the removal process a corrupted MBR will prevent the computer from booting. Fortunately, you didn't have one of the latest strains of malware so our tools were able to pick it up successfully.

Will
Will Watts is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar Threads
Thread Thread Starter Forum Replies Last Post
Windows Xp slow boot after splash screen
After the Windows Xp splash screen I get about 30 to 40 seconds of blackness (could be more) before the cursor appears. When I start in Safe Mode it takes a long time to load mup.sys but that could just be because it's the last one to load. Here's by most recent ntbtlog.txt: Service...
Sulla Windows XP Support 5 06-17-2013 10:29 AM
Windows 7 freezes at startup (HiJack This Log)
Out of the blue my Windows 7 x64 laptop started having problems. Every time I boot it will get to the desktop and LOOK fine, but if I try to open anything it is completely unresponsive. Eventually it will notify me that Windows is not responding and offer to restart or wait. If I restart the...
slhaas Windows 7 , Windows Vista Support 3 08-01-2011 12:29 PM
Unknown threat...
Yesterday i've searched for a cooking recipe on a russian website and when i clicked on a link that Google showed me as a search result i found out that my antivirus (Avira) found something like JAVA/Exdoer.BV then antivirus sent it to quarantine and deleted. When i closed and reenter Firefox i...
Alonzo Resolved HJT Threads 24 06-18-2011 12:22 PM
[SOLVED] Yet Another Antivira Av Virus :(
so I've gotten this virus Antivira Av that will pop up and say that I'm under attack... obviously fake. right now I'm in safe mode as i can't open anything other than the internet without Antivira closing it out. I couldn't find a save button for the Gmer log, so if necessary i can run it again...
chuckles3 Resolved HJT Threads 22 03-05-2011 10:39 PM
Please check my post for bob2881 [resolved]
Link to thread. I have been having an issue with both IE and Firefox redirecting Google search results a majority of the time. I had done a scan with Spybot Search & Destroy prior to posting here and "Fraud.WindowsProtectionSuite" (15 entries) and "Microsoft.Windows.RedirectedHosts" (3...
Skiingguru1611 Resolved Back Me Up Threads 32 02-21-2011 06:41 PM

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 11:20 PM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts