Page 1 of 2 12 LastLast
Results 1 to 10 of 11
  1. #1
    Member
    Join Date
    Nov 2011
    Posts
    6
    Points
    0

    Default Is the Malware that infected this computer completely gone?

    Hi,

    My father's PC was infected by the protect.exe virus and I want to make sure it is now running correctly and there is no other sign of malicious software on it any more. Can you analyze the HiJackThis log for us? Thanks so much!

    HiJackThis log:
    --------------
    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 7:34:19 PM, on 11/15/2011
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\vcsFPService.exe
    C:\Program Files\DigitalPersona\Bin\DPWinLct.exe
    C:\WINDOWS\system32\spoolsv.exe
    c:\drivers\audio\r256076\wdm\stacsv.exe
    C:\Program Files\DigitalPersona\Bin\DpHostW.exe
    C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
    C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    C:\Program Files\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Microsoft\BingBar\SeaPort.EXE
    C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files\Memeo\AutoBackupPro\MemeoBackgroundService.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
    C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe
    c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\IDT\WDM\sttray.exe
    C:\WINDOWS\system32\AESTFltr.exe
    C:\WINDOWS\system32\RunDLL32.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\STMicroelectronics\Accelerometer\FF_Protection.exe
    C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
    C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
    C:\Program Files\DigitalPersona\Bin\dpagent.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
    C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    C:\Program Files\Kodak\MediaImpression\ArcMonitor.exe
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
    C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe
    C:\Program Files\Adobe\Elements 9 Organizer\ElementsOrganizerSyncAgent.exe
    C:\Program Files\Seagate\Seagate Dashboard\MemeoDashboard.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\Memeo\AutoSync\MemeoAutoSync.exe
    C:\Program Files\Express Technologies\Download Manager\DLMClient.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Windows Desktop Search\WindowsSearch.exe
    C:\Program Files\Express Technologies\World Watch\W32ALARM.exe
    C:\Program Files\Microsoft Office\Office12\GROOVE.EXE
    C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
    C:\Program Files\Memeo\AutoBackupPro\MemeoBackup.exe
    C:\WINDOWS\system32\VirtualExpander\VirtualExpander.exe
    C:\Program Files\Windows Live\Contacts\wlcomm.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
    C:\WINDOWS\system32\msiexec.exe
    C:\Program Files\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Microsoft\BingBar\BingBar.exe
    C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
    C:\Program Files\Microsoft\BingBar\BingApp.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Common Files\Corel\Standby\Standby.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\HiJackThis\Trend Micro\HiJackThis\HiJackThis.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Ask.com\Updater\Updater.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Dell | MSN
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = Internet Explorer 6 Search Companion is no longer supported.
    R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = Dell | MSN
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: DigitalPersona Fingerprint Software Extension - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files\DigitalPersona\Bin\DpOtsPluginIe8.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7018.1622\swg.dll
    O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
    O4 - HKLM\..\Run: [AESTFltr] %SystemRoot%\system32\AESTFltr.exe /NoDlg
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
    O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
    O4 - HKLM\..\Run: [FreeFallProtection] C:\Program Files\STMicroelectronics\Accelerometer\FF_Protection.exe
    O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
    O4 - HKLM\..\Run: [Dell Webcam Central] "C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
    O4 - HKLM\..\Run: [DpAgent] C:\Program Files\DigitalPersona\Bin\dpagent.exe
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
    O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
    O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    O4 - HKLM\..\Run: [Corel File Shell Monitor] C:\Program Files\Corel\Corel PaintShop Photo Pro\X3\PSPClassic\CorelIOMonitor.exe
    O4 - HKLM\..\Run: [Standby] "C:\Program Files\Common Files\Corel\Standby\Standby.exe" -START
    O4 - HKLM\..\Run: [ArcSoft MediaImpression Monitor] C:\Program Files\Kodak\MediaImpression\ArcMonitor.exe
    O4 - HKLM\..\Run: [Memeo Backup Premium] C:\Program Files\Memeo\AutoBackupPro\MemeoLauncher2.exe --silent --no_ui
    O4 - HKLM\..\Run: [Memeo AutoSync] C:\Program Files\Memeo\AutoSync\MemeoLauncher2.exe --silent
    O4 - HKLM\..\Run: [Seagate Dashboard] C:\Program Files\Seagate\Seagate Dashboard\MemeoLauncher.exe --silent --no_ui
    O4 - HKLM\..\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\RunOnce: [ApnStub] "C:\Documents and Settings\All Users\Application Data\Ask\APN-Stub\ORJ\Local\ApnStub.exe" /tbr /sa /noinet /geo=US toolbar=ORJ dtid=OSJ000 /local
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [Corel Photo Downloader] "C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" -startup
    O4 - HKCU\..\Run: [PhotoshopElements8SyncAgent] C:\Program Files\Adobe\Elements 9 Organizer\ElementsOrganizerSyncAgent.exe
    O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Jack Mills\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
    O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    O4 - HKCU\..\Run: [CORYBJUvgosSXeG.exe] C:\Documents and Settings\All Users\Application Data\CORYBJUvgosSXeG.exe
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
    O4 - Startup: Microsoft Office Groove.lnk = C:\Program Files\Microsoft Office\Office12\GROOVE.EXE
    O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    O4 - Startup: PMB Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
    O4 - Startup: VirtualExpander.lnk = C:\WINDOWS\system32\VirtualExpander\VirtualExpander.exe
    O4 - Global Startup: Download Manager.lnk = C:\Program Files\Express Technologies\Download Manager\DLMClient.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
    O4 - Global Startup: World Watch.lnk = C:\Program Files\Express Technologies\World Watch\W32ALARM.exe
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Send to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    O8 - Extra context menu item: Send To Bluetooth - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm (file missing)
    O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm (file missing)
    O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanage...ex-2.2.5.7.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1274216929468
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
    O20 - Winlogon Notify: DPWLN - C:\Program Files\DigitalPersona\Bin\DPWLEvHd.dll
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
    O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    O23 - Service: Adobe Active File Monitor V9 (AdobeActiveFileMonitor9.0) - Adobe Systems Incorporated - C:\Program Files\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Bluetooth Service (btwdins) - Unknown owner - c:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe (file missing)
    O23 - Service: Biometric Authentication Service (DpHost) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DpHostW.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Sony SPTI Service for DVE (ICDSPTSV) - Unknown owner - C:\WINDOWS\system32\IcdSptSv.exe (file missing)
    O23 - Service: FF Install Filter Service (InstallFilterService) - Unknown owner - C:\Program Files\STMicroelectronics\Accelerometer\InstallFilterService.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    O23 - Service: MemeoBackgroundService - Memeo - C:\Program Files\Memeo\AutoBackupPro\MemeoBackgroundService.exe
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
    O23 - Service: Seagate Dashboard Service (SeagateDashboardService) - Memeo - C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe
    O23 - Service: Audio Service (STacSV) - IDT, Inc. - c:\drivers\audio\r256076\wdm\stacsv.exe
    O23 - Service: Validity VCS Fingerprint Service (vcsFPService) - Validity Sensors, Inc. - C:\WINDOWS\system32\vcsFPService.exe

    --
    End of file - 18202 bytes

    MalWareByte's Log
    ------------------
    Malwarebytes' Anti-Malware 1.51.2.1300
    Malwarebytes : Free anti-malware, anti-virus and spyware removal download

    Database version: 8172

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    11/15/2011 7:12:16 PM
    mbam-log-2011-11-15 (19-12-04).txt

    Scan type: Quick scan
    Objects scanned: 205893
    Time elapsed: 14 minute(s), 30 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 1

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    c:\documents and settings\jack mills\my documents\downloads\explorer.exe (Heuristics.Reserved.Word.Exploit) -> No action taken.

    ----------------
    SUPERAntiSpyware log
    --
    SUPERAntiSpyware Scan Log
    SUPERAntiSpyware.com | Remove Malware | Remove Spyware - AntiMalware, AntiSpyware, AntiAdware!

    Generated 11/15/2011 at 04:43 PM

    Application Version : 5.0.1136

    Core Rules Database Version : 7946
    Trace Rules Database Version: 5758

    Scan type : Complete Scan
    Total Scan Time : 01:14:02

    Operating System Information
    Windows XP Professional 32-bit, Service Pack 3 (Build 5.01.2600)
    Administrator

    Memory items scanned : 547
    Memory threats detected : 0
    Registry items scanned : 40904
    Registry threats detected : 1
    File items scanned : 55942
    File threats detected : 28

    Malware.Trace
    HKU\S-1-5-21-2616639269-3999005954-3109697047-1005\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON#SHELL

    Adware.Tracking Cookie
    C:\Documents and Settings\Jack Mills\Cookies\KW397EPV.txt [ /accounts.google.com ]
    C:\DOCUMENTS AND SETTINGS\JACK MILLS\Cookies\LX0AH2VI.txt [ Cookie:jack mills@www.google.com/support/accounts/ ]
    C:\DOCUMENTS AND SETTINGS\JACK MILLS\Cookies\S02ZHLZH.txt [ Cookie:jack mills@google.com/accounts/ ]
    C:\DOCUMENTS AND SETTINGS\JACK MILLS\Cookies\E0KC5R9P.txt [ Cookie:jack mills@google.com/support/accounts/ ]
    .atdmt.com [ C:\DOCUMENTS AND SETTINGS\JACK MILLS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .atdmt.com [ C:\DOCUMENTS AND SETTINGS\JACK MILLS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .russell.112.2o7.net [ C:\DOCUMENTS AND SETTINGS\JACK MILLS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .doubleclick.net [ C:\DOCUMENTS AND SETTINGS\JACK MILLS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    accounts.google.com [ C:\DOCUMENTS AND SETTINGS\JACK MILLS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\JACK MILLS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .pointroll.com [ C:\DOCUMENTS AND SETTINGS\JACK MILLS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\JACK MILLS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .pointroll.com [ C:\DOCUMENTS AND SETTINGS\JACK MILLS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\JACK MILLS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\JACK MILLS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\JACK MILLS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\JACK MILLS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\JACK MILLS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\JACK MILLS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .questionmarket.com [ C:\DOCUMENTS AND SETTINGS\JACK MILLS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .questionmarket.com [ C:\DOCUMENTS AND SETTINGS\JACK MILLS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .eyewonder.com [ C:\DOCUMENTS AND SETTINGS\JACK MILLS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .eyewonder.com [ C:\DOCUMENTS AND SETTINGS\JACK MILLS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    accounts.google.com [ C:\DOCUMENTS AND SETTINGS\JACK MILLS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    accounts.google.com [ C:\DOCUMENTS AND SETTINGS\JACK MILLS\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

    Rogue.AVSecurity2012
    C:\DOCUMENTS AND SETTINGS\JACK MILLS\APPLICATION DATA\JRZQHYCWKVLNX0C\AV SECURITY 2012V121.EXE

    Trojan.Agent/Gen-FakeAlert
    C:\DOCUMENTS AND SETTINGS\JACK MILLS\LOCAL SETTINGS\TEMP\100.TMP
    C:\DOCUMENTS AND SETTINGS\JACK MILLS\LOCAL SETTINGS\TEMP\~!#FF.TMP
    Attached Files

  2. #2
    Member
    Join Date
    Nov 2011
    Posts
    6
    Points
    0

    Default

    One specific question I have is whether my Dad's anti-virus software is still running correctly. As the trojan found on the system was mimicking Microsoft's virus program, I am not sure if the actual program is still good or whether it has been compromised. The system was set up with Microsoft Security Essentials which I have not used before. I don't know if it is running correctly or if it has been updated regularly.

    Again, thanks for your help in diagnosing these logs.

  3. #3
    Member Spyware Fighter
    Join Date
    Jun 2010
    Location
    Bement,Ill USA
    Posts
    1,340
    Points
    146

    Default

    Hello and welcome to Help2Go

    We apologize for the delay in responding to your request for help. Here at Help2Go we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

    Please take note:

    1. If you have since resolved the original problem you were having, we would appreciate you letting us know.
    2. If you are unable to create a log because your computer cannot start up successfully please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
      • If you are unsure about any of these characteristics just post what you can and we will guide you.
    3. Please tell us if you have your original Windows CD/DVD available.
    4. If you are unable to perform the steps we have recommended please try one more time and if unsuccessful alert us of such and we will design an alternate means of obtaining the necessary information.
    5. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.
    6. Upon completing the steps below another staff member will review your topic an do their best to resolve your issues.
    7. If you have already posted a DDS log, please do so again, as your situation may have changed.
    8. Use the 'Add Reply' and add the new log to this thread.


    We need to see some information about what is happening in your machine. Please perform the following scan again:

    • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
    • Double click on the DDS icon, allow it to run.
    • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
    • Notepad will open with the results.
    • Follow the instructions that pop up for posting the results.
    • Close the program window, and delete the program from your desktop.
    Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

    Information on A/V control HERE


    We also need a new log from the GMER anti-rootkit Scanner.

    Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step. Then proceed to run aswMbr.exe as noted below.

    Please first disable any CD emulation programs using the steps found in this topic:

    Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:


    Note:
    If you are unable to run a Gmer scan due the fact you are running a 64bit machine please run the following tool and post its log.

    Please download aswMBR ( 511KB ) to your desktop.
    • Double click the aswMBR.exe icon to run it
    • Click the Scan button to start the scan
    • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.




    Thanks and again sorry for the delay.
    " Extinguishing Malware from the world"

    The Spware Help forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.
    HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
    Thanks-




  4. #4
    Member
    Join Date
    Nov 2011
    Posts
    6
    Points
    0

    Default Updated with additional Scan Results

    Hi,

    I've run both DSS and the GMER scans on my father's computer and am attaching the log files here.

    Can you let me know if everything looks okay with these logs or whether there is any sign of viruses, worms or spyware on his computer?

    Thank you for your help!

    -Mary
    Attached Files

  5. #5
    Member Spyware Fighter
    Join Date
    Jun 2010
    Location
    Bement,Ill USA
    Posts
    1,340
    Points
    146

    Default

    Hello,

    Can you let me know if everything looks okay with these logs or whether there is any sign of viruses, worms or spyware on his computer?
    I have bad news. your fathers computer is currently still infected. The good news is we can get it cleaned up.


    1.
    Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
    • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
      Vista/Windows 7 users right-click and select Run As Administrator.
    • If TDSSKiller does not run, try renaming it.
    • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
    • Click the Start Scan button.
    • Do not use the computer during the scan
    • If the scan completes with nothing found, click Close to exit.
    • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
    • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
      Note: If Cure is not an option, Skip instead, do not choose Delete unless instructed.
    • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C.
    • Copy and paste the contents of that file in your next reply.


    2.
    Install Recovery Console and Run ComboFix

    This tool is not a toy. If used the wrong way you could trash your computer. Please use only under direction of a Helper. If you decide to do so anyway, please do not blame me or ComboFix.

    Download Combofix from any of the links below, and save it to your desktop.

    Link 1
    Link 2
    • Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are not sure how.
    • Close any open windows, including this one.
    • Double click on ComboFix.exe & follow the prompts.
    • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
    • If you did not have it installed, you will see the prompt below. Choose YES.
    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

    Note:The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you
    should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

    • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    • Click on Yes, to continue scanning for malware.
    • When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).
    Leave your computer alone while ComboFix is running.
    ComboFix will restart your computer if malware is found; allow it to do so.


    Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.


    Things to include in your next reply::
    TdssKiller log
    Combofix.txt
    How is your machine running now?
    " Extinguishing Malware from the world"

    The Spware Help forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.
    HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
    Thanks-




  6. #6
    Member
    Join Date
    Nov 2011
    Posts
    6
    Points
    0

    Default New Scan Results

    Quote Originally Posted by fireman4it View Post
    Hello,



    I have bad news. your fathers computer is currently still infected. The good news is we can get it cleaned up.


    .....

    Things to include in your next reply::
    TdssKiller log
    Combofix.txt
    How is your machine running now?
    Here are the files that have been created with TDSSKILLER (inline since it wasn't a txt file) and COMBOFIX.

    The computer seems to be running okay now. My dad's system has lots of applications that start during startup, and they seem to have all restarted okay. I've reenabled the AV and Malwarebytes protection.

    TDSSKILLER log:
    16:01:01.0171 5700 TDSS rootkit removing tool 2.6.21.0 Nov 24 2011 12:32:44
    16:01:01.0750 5700 ============================================================
    16:01:01.0750 5700 Current date / time: 2011/11/27 16:01:01.0750
    16:01:01.0750 5700 SystemInfo:
    16:01:01.0750 5700
    16:01:01.0750 5700 OS Version: 5.1.2600 ServicePack: 3.0
    16:01:01.0750 5700 Product type: Workstation
    16:01:01.0750 5700 ComputerName: D781N7L1
    16:01:01.0750 5700 UserName: Jack Mills
    16:01:01.0750 5700 Windows directory: C:\WINDOWS
    16:01:01.0750 5700 System windows directory: C:\WINDOWS
    16:01:01.0750 5700 Processor architecture: Intel x86
    16:01:01.0750 5700 Number of processors: 4
    16:01:01.0750 5700 Page size: 0x1000
    16:01:01.0750 5700 Boot type: Normal boot
    16:01:01.0750 5700 ============================================================
    16:01:02.0578 5700 Initialize success
    16:01:09.0843 1260 ============================================================
    16:01:09.0843 1260 Scan started
    16:01:09.0843 1260 Mode: Manual;
    16:01:09.0843 1260 ============================================================
    16:01:10.0328 1260 Abiosdsk - ok
    16:01:10.0375 1260 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
    16:01:10.0390 1260 abp480n5 - ok
    16:01:10.0437 1260 Acceler (3c189400c996a4301c3f1bd93c9c1a17) C:\WINDOWS\system32\DRIVERS\Acceler.sys
    16:01:10.0437 1260 Acceler - ok
    16:01:10.0484 1260 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
    16:01:10.0484 1260 ACPI - ok
    16:01:10.0500 1260 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
    16:01:10.0500 1260 ACPIEC - ok
    16:01:10.0515 1260 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
    16:01:10.0515 1260 adpu160m - ok
    16:01:10.0562 1260 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
    16:01:10.0578 1260 aec - ok
    16:01:10.0609 1260 AESTAud (f21d5e93a94514be9f5b6ebf74a696b2) C:\WINDOWS\system32\drivers\AESTAud.sys
    16:01:10.0609 1260 AESTAud - ok
    16:01:10.0656 1260 Afc (fe3ea6e9afc1a78e6edca121e006afb7) C:\WINDOWS\system32\drivers\Afc.sys
    16:01:10.0656 1260 Afc - ok
    16:01:10.0703 1260 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
    16:01:10.0718 1260 AFD - ok
    16:01:10.0734 1260 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
    16:01:10.0734 1260 agp440 - ok
    16:01:10.0750 1260 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
    16:01:10.0750 1260 agpCPQ - ok
    16:01:10.0781 1260 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
    16:01:10.0781 1260 Aha154x - ok
    16:01:10.0796 1260 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
    16:01:10.0796 1260 aic78u2 - ok
    16:01:10.0812 1260 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
    16:01:10.0812 1260 aic78xx - ok
    16:01:10.0828 1260 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
    16:01:10.0828 1260 AliIde - ok
    16:01:10.0843 1260 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
    16:01:10.0843 1260 alim1541 - ok
    16:01:10.0843 1260 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
    16:01:10.0843 1260 amdagp - ok
    16:01:10.0859 1260 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
    16:01:10.0859 1260 amsint - ok
    16:01:10.0890 1260 ArcCD (a82f1a1b09593c73efd02a59dc94920c) C:\WINDOWS\system32\drivers\ArcCD.sys
    16:01:10.0906 1260 ArcCD - ok
    16:01:10.0937 1260 ArcRec (1af9061b61741a912368ab4dc309d25e) C:\WINDOWS\system32\drivers\ArcRec.sys
    16:01:10.0937 1260 ArcRec - ok
    16:01:10.0968 1260 ArcUdfs (3ee9e41102a2c6b8f7dbad5d44abda05) C:\WINDOWS\system32\drivers\ArcUdfs.sys
    16:01:11.0015 1260 ArcUdfs - ok
    16:01:11.0109 1260 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
    16:01:11.0109 1260 asc - ok
    16:01:11.0140 1260 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
    16:01:11.0140 1260 asc3350p - ok
    16:01:11.0156 1260 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
    16:01:11.0156 1260 asc3550 - ok
    16:01:11.0203 1260 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
    16:01:11.0203 1260 AsyncMac - ok
    16:01:11.0218 1260 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
    16:01:11.0218 1260 atapi - ok
    16:01:11.0218 1260 Atdisk - ok
    16:01:11.0234 1260 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
    16:01:11.0234 1260 Atmarpc - ok
    16:01:11.0265 1260 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
    16:01:11.0265 1260 audstub - ok
    16:01:11.0359 1260 BCM43XX (345d38f298368dd6b0df5c4f37457a22) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
    16:01:11.0406 1260 BCM43XX - ok
    16:01:11.0421 1260 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
    16:01:11.0421 1260 Beep - ok
    16:01:11.0453 1260 btaudio (9e8cf88d340e32fcb3c53955b2df388f) C:\WINDOWS\system32\drivers\btaudio.sys
    16:01:11.0468 1260 btaudio - ok
    16:01:11.0515 1260 BTDriver (2f9f111d31aa3fbbe5781d829a4524e6) C:\WINDOWS\system32\DRIVERS\btport.sys
    16:01:11.0515 1260 BTDriver - ok
    16:01:11.0640 1260 BTKRNL (9f704f40cd50ae05bbfc492c0342e765) C:\WINDOWS\system32\DRIVERS\btkrnl.sys
    16:01:11.0656 1260 BTKRNL - ok
    16:01:11.0703 1260 BTWDNDIS (485020a1e1fc5c51a800ca69c618d881) C:\WINDOWS\system32\DRIVERS\btwdndis.sys
    16:01:11.0703 1260 BTWDNDIS - ok
    16:01:11.0734 1260 btwhid (c51d50cf24da69a9c499e65b0edb3bb7) C:\WINDOWS\system32\DRIVERS\btwhid.sys
    16:01:11.0734 1260 btwhid - ok
    16:01:11.0765 1260 BTWUSB (581ca1a9b6f8cba92e3bc8460c14faab) C:\WINDOWS\system32\Drivers\btwusb.sys
    16:01:11.0765 1260 BTWUSB - ok
    16:01:11.0812 1260 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
    16:01:11.0812 1260 cbidf - ok
    16:01:11.0828 1260 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
    16:01:11.0828 1260 cbidf2k - ok
    16:01:11.0859 1260 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
    16:01:11.0875 1260 CCDECODE - ok
    16:01:11.0875 1260 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
    16:01:11.0875 1260 cd20xrnt - ok
    16:01:11.0906 1260 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
    16:01:11.0906 1260 Cdaudio - ok
    16:01:11.0921 1260 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
    16:01:11.0921 1260 Cdfs - ok
    16:01:11.0968 1260 Cdrom (4b0a100eaf5c49ef3cca8c641431eacc) C:\WINDOWS\system32\DRIVERS\cdrom.sys
    16:01:11.0968 1260 Cdrom - ok
    16:01:11.0984 1260 Changer - ok
    16:01:12.0000 1260 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
    16:01:12.0000 1260 CmBatt - ok
    16:01:12.0031 1260 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
    16:01:12.0031 1260 CmdIde - ok
    16:01:12.0062 1260 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
    16:01:12.0062 1260 Compbatt - ok
    16:01:12.0156 1260 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
    16:01:12.0156 1260 Cpqarray - ok
    16:01:12.0203 1260 CtAudDrv (0f538df1673e5216f3baacb6911d9d0f) C:\WINDOWS\system32\Drivers\CtAudDrv.sys
    16:01:12.0218 1260 CtAudDrv - ok
    16:01:12.0234 1260 CtClsFlt (9a6ca307151505730dbfc91d97f01c7e) C:\WINDOWS\system32\DRIVERS\CtClsFlt.sys
    16:01:12.0234 1260 CtClsFlt - ok
    16:01:12.0250 1260 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
    16:01:12.0265 1260 dac2w2k - ok
    16:01:12.0265 1260 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
    16:01:12.0265 1260 dac960nt - ok
    16:01:12.0281 1260 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
    16:01:12.0281 1260 Disk - ok
    16:01:12.0328 1260 DLABOIOM (a14524d3f130a57163e0b3e057fc85d5) C:\WINDOWS\system32\DLA\DLABOIOM.SYS
    16:01:12.0343 1260 DLABOIOM - ok
    16:01:12.0359 1260 DLACDBHM (7581407a6a3c56860ae31e6e423fe824) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
    16:01:12.0359 1260 DLACDBHM - ok
    16:01:12.0390 1260 DLADResN (7c4cdf8a684b63d7482e0bf7440dc3b5) C:\WINDOWS\system32\DLA\DLADResN.SYS
    16:01:12.0390 1260 DLADResN - ok
    16:01:12.0406 1260 DLAIFS_M (97bca2aac06a9fea56615b4b15bdb9b8) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
    16:01:12.0453 1260 DLAIFS_M - ok
    16:01:12.0468 1260 DLAOPIOM (be8d558cf749424f0de612813f7c6725) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
    16:01:12.0468 1260 DLAOPIOM - ok
    16:01:12.0484 1260 DLAPoolM (7e5277cb45dc5e2a86af8ce093c7ef31) C:\WINDOWS\system32\DLA\DLAPoolM.SYS
    16:01:12.0500 1260 DLAPoolM - ok
    16:01:12.0500 1260 DLARTL_N (693dfd92d41a3d270053cd97834e4960) C:\WINDOWS\system32\Drivers\DLARTL_N.SYS
    16:01:12.0515 1260 DLARTL_N - ok
    16:01:12.0531 1260 DLAUDFAM (d886b6d02b51e5bd61b8a571a16d5ca2) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
    16:01:12.0562 1260 DLAUDFAM - ok
    16:01:12.0562 1260 DLAUDF_M (2c0ecf7a9d5162d87c64e2ae868b5039) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
    16:01:12.0593 1260 DLAUDF_M - ok
    16:01:12.0640 1260 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
    16:01:12.0640 1260 dmboot - ok
    16:01:12.0671 1260 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
    16:01:12.0671 1260 dmio - ok
    16:01:12.0687 1260 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
    16:01:12.0687 1260 dmload - ok
    16:01:12.0734 1260 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
    16:01:12.0734 1260 DMusic - ok
    16:01:12.0750 1260 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
    16:01:12.0750 1260 dpti2o - ok
    16:01:12.0812 1260 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
    16:01:12.0812 1260 drmkaud - ok
    16:01:12.0812 1260 DRVMCDB (73623d89faef4d1aa600edee8b490bc5) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
    16:01:12.0843 1260 DRVMCDB - ok
    16:01:12.0859 1260 DRVNDDM (2aeee1600d0f14ba535f90a1f4411b54) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
    16:01:13.0203 1260 DRVNDDM - ok
    16:01:13.0687 1260 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
    16:01:13.0703 1260 Fastfat - ok
    16:01:13.0718 1260 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
    16:01:13.0718 1260 Fdc - ok
    16:01:13.0734 1260 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
    16:01:13.0734 1260 Fips - ok
    16:01:13.0750 1260 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
    16:01:13.0750 1260 Flpydisk - ok
    16:01:13.0765 1260 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
    16:01:13.0765 1260 FltMgr - ok
    16:01:13.0781 1260 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
    16:01:13.0781 1260 Fs_Rec - ok
    16:01:13.0843 1260 FTDIBUS (b7aa8283ec551d3a3b924e520e0621a7) C:\WINDOWS\system32\drivers\ftdibus.sys
    16:01:13.0843 1260 FTDIBUS - ok
    16:01:13.0859 1260 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
    16:01:13.0859 1260 Ftdisk - ok
    16:01:13.0890 1260 FTSER2K (596d31583ce332b5514520d74837f434) C:\WINDOWS\system32\drivers\ftser2k.sys
    16:01:13.0890 1260 FTSER2K - ok
    16:01:13.0921 1260 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
    16:01:13.0921 1260 GEARAspiWDM - ok
    16:01:13.0968 1260 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
    16:01:13.0968 1260 Gpc - ok
    16:01:14.0000 1260 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
    16:01:14.0015 1260 HDAudBus - ok
    16:01:14.0046 1260 HECI (a88485dc6a7136c10d9a6c7e38fdfe3c) C:\WINDOWS\system32\DRIVERS\HECI.sys
    16:01:14.0046 1260 HECI - ok
    16:01:14.0062 1260 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
    16:01:14.0062 1260 hidusb - ok
    16:01:14.0109 1260 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
    16:01:14.0109 1260 hpn - ok
    16:01:14.0171 1260 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
    16:01:14.0171 1260 HTTP - ok
    16:01:14.0296 1260 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
    16:01:14.0296 1260 i2omgmt - ok
    16:01:14.0312 1260 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
    16:01:14.0312 1260 i2omp - ok
    16:01:14.0359 1260 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
    16:01:14.0375 1260 i8042prt - ok
    16:01:14.0390 1260 iaStor (8cdacd4ad63d49834c6b59db102e7cd7) C:\WINDOWS\system32\drivers\iaStor.sys
    16:01:14.0390 1260 iaStor - ok
    16:01:14.0421 1260 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
    16:01:14.0421 1260 Imapi - ok
    16:01:14.0437 1260 Impcd (2db41ba61d5e44d0667cf126d35dcf34) C:\WINDOWS\system32\DRIVERS\Impcd.sys
    16:01:14.0437 1260 Impcd - ok
    16:01:14.0453 1260 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
    16:01:14.0453 1260 ini910u - ok
    16:01:14.0468 1260 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
    16:01:14.0468 1260 IntelIde - ok
    16:01:14.0484 1260 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
    16:01:14.0484 1260 intelppm - ok
    16:01:14.0500 1260 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
    16:01:14.0500 1260 Ip6Fw - ok
    16:01:14.0515 1260 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    16:01:14.0515 1260 IpFilterDriver - ok
    16:01:14.0546 1260 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
    16:01:14.0546 1260 IpInIp - ok
    16:01:14.0578 1260 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
    16:01:14.0578 1260 IpNat - ok
    16:01:14.0593 1260 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
    16:01:14.0593 1260 IPSec - ok
    16:01:14.0593 1260 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
    16:01:14.0593 1260 IRENUM - ok
    16:01:14.0625 1260 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
    16:01:14.0625 1260 isapnp - ok
    16:01:14.0640 1260 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
    16:01:14.0640 1260 Kbdclass - ok
    16:01:14.0640 1260 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
    16:01:14.0640 1260 kbdhid - ok
    16:01:14.0671 1260 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
    16:01:14.0671 1260 kmixer - ok
    16:01:14.0703 1260 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
    16:01:14.0703 1260 KSecDD - ok
    16:01:14.0718 1260 lbrtfdc - ok
    16:01:14.0750 1260 MBAMProtector (69a6268d7f81e53d568ab4e7e991caf3) C:\WINDOWS\system32\drivers\mbam.sys
    16:01:14.0750 1260 MBAMProtector - ok
    16:01:14.0843 1260 MBAMSwissArmy - ok
    16:01:14.0859 1260 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
    16:01:14.0875 1260 mnmdd - ok
    16:01:14.0906 1260 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
    16:01:14.0906 1260 Modem - ok
    16:01:14.0921 1260 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
    16:01:14.0921 1260 Mouclass - ok
    16:01:14.0921 1260 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
    16:01:14.0921 1260 mouhid - ok
    16:01:14.0937 1260 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
    16:01:14.0937 1260 MountMgr - ok
    16:01:14.0968 1260 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
    16:01:14.0968 1260 MpFilter - ok
    16:01:15.0078 1260 MpKsl44aeb36e (5f53edfead46fa7adb78eee9ecce8fdf) C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{EE94EDDA-ECBD-4390-89E7-2E81CFDBBB3A}\MpKsl44aeb36e.sys
    16:01:15.0078 1260 MpKsl44aeb36e - ok
    16:01:15.0093 1260 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
    16:01:15.0093 1260 mraid35x - ok
    16:01:15.0125 1260 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
    16:01:15.0125 1260 MRxDAV - ok
    16:01:15.0187 1260 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    16:01:15.0187 1260 MRxSmb - ok
    16:01:15.0203 1260 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
    16:01:15.0218 1260 Msfs - ok
    16:01:15.0250 1260 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
    16:01:15.0265 1260 MSKSSRV - ok
    16:01:15.0296 1260 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    16:01:15.0296 1260 MSPCLOCK - ok
    16:01:15.0312 1260 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
    16:01:15.0312 1260 MSPQM - ok
    16:01:15.0375 1260 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
    16:01:15.0375 1260 mssmbios - ok
    16:01:15.0406 1260 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
    16:01:15.0406 1260 MSTEE - ok
    16:01:15.0437 1260 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
    16:01:15.0437 1260 Mup - ok
    16:01:15.0546 1260 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
    16:01:15.0546 1260 NABTSFEC - ok
    16:01:15.0562 1260 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
    16:01:15.0562 1260 NDIS - ok
    16:01:15.0578 1260 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
    16:01:15.0578 1260 NdisIP - ok
    16:01:15.0625 1260 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
    16:01:15.0625 1260 NdisTapi - ok
    16:01:15.0656 1260 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
    16:01:15.0656 1260 Ndisuio - ok
    16:01:15.0687 1260 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
    16:01:15.0687 1260 NdisWan - ok
    16:01:15.0718 1260 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
    16:01:15.0718 1260 NDProxy - ok
    16:01:15.0734 1260 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
    16:01:15.0734 1260 NetBIOS - ok
    16:01:15.0781 1260 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
    16:01:15.0781 1260 NetBT - ok
    16:01:15.0812 1260 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
    16:01:15.0812 1260 Npfs - ok
    16:01:15.0875 1260 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
    16:01:15.0890 1260 Ntfs - ok
    16:01:15.0921 1260 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
    16:01:15.0968 1260 Null - ok
    16:01:16.0203 1260 nv (4f14180092151d72ac76593e41740e65) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
    16:01:16.0328 1260 nv - ok
    16:01:16.0453 1260 NVHDA (cf68bcac297b4c98c1d25b81e4011de4) C:\WINDOWS\system32\drivers\nvhda32.sys
    16:01:16.0453 1260 NVHDA - ok
    16:01:16.0500 1260 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
    16:01:16.0500 1260 NwlnkFlt - ok
    16:01:16.0515 1260 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
    16:01:16.0515 1260 NwlnkFwd - ok
    16:01:16.0531 1260 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
    16:01:16.0546 1260 Parport - ok
    16:01:16.0578 1260 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
    16:01:16.0578 1260 PartMgr - ok
    16:01:16.0578 1260 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
    16:01:16.0578 1260 ParVdm - ok
    16:01:16.0593 1260 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
    16:01:16.0593 1260 PCI - ok
    16:01:16.0609 1260 PCIDump - ok
    16:01:16.0609 1260 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
    16:01:16.0609 1260 PCIIde - ok
    16:01:16.0625 1260 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
    16:01:16.0625 1260 Pcmcia - ok
    16:01:16.0640 1260 PDCOMP - ok
    16:01:16.0656 1260 PDFRAME - ok
    16:01:16.0656 1260 PDRELI - ok
    16:01:16.0671 1260 PDRFRAME - ok
    16:01:16.0687 1260 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
    16:01:16.0687 1260 perc2 - ok
    16:01:16.0687 1260 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
    16:01:16.0687 1260 perc2hib - ok
    16:01:16.0734 1260 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
    16:01:16.0734 1260 PptpMiniport - ok
    16:01:16.0750 1260 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
    16:01:16.0750 1260 PSched - ok
    16:01:16.0750 1260 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
    16:01:16.0750 1260 Ptilink - ok
    16:01:16.0781 1260 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
    16:01:16.0781 1260 PxHelp20 - ok
    16:01:16.0796 1260 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
    16:01:16.0796 1260 ql1080 - ok
    16:01:16.0828 1260 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
    16:01:16.0828 1260 Ql10wnt - ok
    16:01:16.0843 1260 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
    16:01:16.0843 1260 ql12160 - ok
    16:01:16.0859 1260 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
    16:01:16.0859 1260 ql1240 - ok
    16:01:16.0859 1260 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
    16:01:16.0859 1260 ql1280 - ok
    16:01:16.0890 1260 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
    16:01:16.0906 1260 RasAcd - ok
    16:01:16.0921 1260 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    16:01:16.0921 1260 Rasl2tp - ok
    16:01:16.0937 1260 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    16:01:16.0937 1260 RasPppoe - ok
    16:01:16.0937 1260 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
    16:01:16.0937 1260 Raspti - ok
    16:01:16.0968 1260 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
    16:01:16.0968 1260 Rdbss - ok
    16:01:16.0968 1260 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
    16:01:16.0968 1260 RDPCDD - ok
    16:01:16.0984 1260 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
    16:01:16.0984 1260 rdpdr - ok
    16:01:17.0031 1260 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
    16:01:17.0031 1260 RDPWD - ok
    16:01:17.0062 1260 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
    16:01:17.0062 1260 redbook - ok
    16:01:17.0203 1260 RSUSBSTOR (31d45eca63884ff5f7aecc50f7d1bae0) C:\WINDOWS\system32\Drivers\RtsUStor.sys
    16:01:17.0203 1260 RSUSBSTOR - ok
    16:01:17.0265 1260 RTLE8023xp (387c8f70e992efa3d25816ecc1ab2b8b) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
    16:01:17.0265 1260 RTLE8023xp - ok
    16:01:17.0359 1260 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
    16:01:17.0359 1260 SASDIFSV - ok
    16:01:17.0359 1260 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
    16:01:17.0359 1260 SASKUTIL - ok
    16:01:17.0406 1260 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
    16:01:17.0406 1260 Secdrv - ok
    16:01:17.0437 1260 Serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
    16:01:17.0437 1260 Serenum - ok
    16:01:17.0468 1260 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
    16:01:17.0468 1260 Serial - ok
    16:01:17.0515 1260 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
    16:01:17.0515 1260 Sfloppy - ok
    16:01:17.0531 1260 Simbad - ok
    16:01:17.0546 1260 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
    16:01:17.0546 1260 sisagp - ok
    16:01:17.0593 1260 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
    16:01:17.0593 1260 SLIP - ok
    16:01:17.0625 1260 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
    16:01:17.0625 1260 Sparrow - ok
    16:01:17.0734 1260 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
    16:01:17.0734 1260 splitter - ok
    16:01:17.0781 1260 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
    16:01:17.0781 1260 sr - ok
    16:01:17.0843 1260 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
    16:01:17.0843 1260 Srv - ok
    16:01:17.0937 1260 stdflt (972f577308b006070de8d09573dbae53) C:\WINDOWS\system32\DRIVERS\stdflt.sys
    16:01:17.0937 1260 stdflt - ok
    16:01:18.0000 1260 STHDA (462206697984111b2c30e7cf7c580146) C:\WINDOWS\system32\drivers\sthda.sys
    16:01:18.0015 1260 STHDA - ok
    16:01:18.0062 1260 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
    16:01:18.0062 1260 StillCam - ok
    16:01:18.0078 1260 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
    16:01:18.0078 1260 streamip - ok
    16:01:18.0109 1260 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
    16:01:18.0109 1260 swenum - ok
    16:01:18.0140 1260 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
    16:01:18.0156 1260 swmidi - ok
    16:01:18.0171 1260 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
    16:01:18.0171 1260 symc810 - ok
    16:01:18.0187 1260 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
    16:01:18.0187 1260 symc8xx - ok
    16:01:18.0203 1260 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
    16:01:18.0203 1260 sym_hi - ok
    16:01:18.0218 1260 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
    16:01:18.0218 1260 sym_u3 - ok
    16:01:18.0265 1260 SynTP (cf196a45fd61118c95585489fad5b2aa) C:\WINDOWS\system32\DRIVERS\SynTP.sys
    16:01:18.0281 1260 SynTP - ok
    16:01:18.0343 1260 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
    16:01:18.0343 1260 sysaudio - ok
    16:01:18.0406 1260 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
    16:01:18.0406 1260 Tcpip - ok
    16:01:18.0437 1260 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
    16:01:18.0437 1260 TDPIPE - ok
    16:01:18.0453 1260 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
    16:01:18.0453 1260 TDTCP - ok
    16:01:18.0453 1260 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
    16:01:18.0453 1260 TermDD - ok
    16:01:18.0500 1260 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
    16:01:18.0500 1260 TosIde - ok
    16:01:18.0531 1260 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
    16:01:18.0531 1260 Udfs - ok
    16:01:18.0546 1260 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
    16:01:18.0546 1260 ultra - ok
    16:01:18.0546 1260 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
    16:01:18.0562 1260 Update - ok
    16:01:18.0609 1260 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\WINDOWS\system32\Drivers\usbaapl.sys
    16:01:18.0609 1260 USBAAPL - ok
    16:01:18.0640 1260 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
    16:01:18.0640 1260 usbaudio - ok
    16:01:18.0671 1260 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
    16:01:18.0671 1260 usbccgp - ok
    16:01:18.0718 1260 usbehci (4bac8df07f1d8434fc640e677a62204e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
    16:01:18.0734 1260 usbehci - ok
    16:01:18.0750 1260 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
    16:01:18.0750 1260 usbhub - ok
    16:01:18.0796 1260 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
    16:01:18.0796 1260 usbprint - ok
    16:01:18.0906 1260 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
    16:01:18.0906 1260 usbscan - ok
    16:01:18.0921 1260 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    16:01:18.0921 1260 USBSTOR - ok
    16:01:18.0984 1260 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
    16:01:18.0984 1260 usbuhci - ok
    16:01:19.0000 1260 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
    16:01:19.0000 1260 usbvideo - ok
    16:01:19.0046 1260 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
    16:01:19.0046 1260 VgaSave - ok
    16:01:19.0062 1260 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
    16:01:19.0062 1260 viaagp - ok
    16:01:19.0078 1260 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
    16:01:19.0078 1260 ViaIde - ok
    16:01:19.0109 1260 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
    16:01:19.0109 1260 VolSnap - ok
    16:01:19.0125 1260 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
    16:01:19.0125 1260 Wanarp - ok
    16:01:19.0156 1260 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
    16:01:19.0156 1260 Wdf01000 - ok
    16:01:19.0171 1260 WDICA - ok
    16:01:19.0218 1260 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
    16:01:19.0218 1260 wdmaud - ok
    16:01:19.0265 1260 WinUSB (fd600b032e741eb6aab509fc630f7c42) C:\WINDOWS\system32\DRIVERS\WinUSB.sys
    16:01:19.0265 1260 WinUSB - ok
    16:01:19.0296 1260 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
    16:01:19.0296 1260 WmiAcpi - ok
    16:01:19.0343 1260 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
    16:01:19.0343 1260 WSTCODEC - ok
    16:01:19.0375 1260 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
    16:01:19.0375 1260 WudfPf - ok
    16:01:19.0468 1260 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
    16:01:19.0468 1260 WudfRd - ok
    16:01:19.0500 1260 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
    16:01:19.0656 1260 \Device\Harddisk0\DR0 - ok
    16:01:19.0656 1260 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR3
    16:01:19.0671 1260 \Device\Harddisk1\DR3 - ok
    16:01:19.0671 1260 Boot (0x1200) (247a607fbc523a79c2ab07b7fbba4629) \Device\Harddisk0\DR0\Partition0
    16:01:19.0671 1260 \Device\Harddisk0\DR0\Partition0 - ok
    16:01:19.0671 1260 Boot (0x1200) (964388c3b0c5a268759ed39e9f662bc8) \Device\Harddisk1\DR3\Partition0
    16:01:19.0671 1260 \Device\Harddisk1\DR3\Partition0 - ok
    16:01:19.0671 1260 ============================================================
    16:01:19.0671 1260 Scan finished
    16:01:19.0671 1260 ============================================================
    16:01:19.0687 2908 Detected object count: 0
    16:01:19.0703 2908 Actual detected object count: 0
    16:01:39.0484 3072 Deinitialize success

    ---------------------------------


    Thank you for your help again!

    -Mary
    Attached Files

  7. #7
    Member Spyware Fighter
    Join Date
    Jun 2010
    Location
    Bement,Ill USA
    Posts
    1,340
    Points
    146

    Default

    Hello,

    There are still alot of leftovers on the machine.


    1.
    We need to run a CFScript.

    1. Close any open browsers.

    2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    3. Open notepad and copy/paste the text in the codebox below into it:

    Code:
    Folder::
    c:\documents and settings\Jack Mills\Application Data\mONyxA0uv2b3m5Q
    c:\documents and settings\Jack Mills\Application Data\DH6sWJ7fE9TqYeI
    c:\documents and settings\Jack Mills\Application Data\PlOBtxP0uSiDpG
    c:\documents and settings\Jack Mills\Application Data\owkUVrlOBx0
    c:\documents and settings\Jack Mills\Application Data\hpnG4aQH6
    c:\documents and settings\Jack Mills\Application Data\yvS2obF3pGsJdKg
    c:\documents and settings\Jack Mills\Application Data\SIVrzONyx0
    c:\documents and settings\Jack Mills\Application Data\3EA70
    c:\documents and settings\Jack Mills\Application Data\hycA1ivD2n4m5W7
    c:\documents and settings\Jack Mills\Application Data\JRZqhYCwkVlNx0c
    c:\documents and settings\Jack Mills\Application Data\kQH6dWK8fLhXjCl
    c:\documents and settings\Jack Mills\Application Data\wkIBrzPNyA
    c:\program files\7087A
    
    Domains::
    Save this as CFScript.txt, in the same location as ComboFix.exe




    Refering to the picture above, drag CFScript into ComboFix.exe

    When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.


    2.
    Please download Malwarebytes Anti-Malware and save it to your desktop.
    • Important!! When you save the mbam-setup file, rename it to something random (such as 123abc.exe) before beginning the download.

    Malwarebytes may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

    • Make sure you are connected to the Internet and double-click on the renamed file to install the application.
      For instructions with screenshots, please refer to this Guide.
    • When the installation begins, follow the prompts and do not make any changes to default settings.
    • Malwarebytes will automatically start and you will be asked to update the program before performing a scan.
    • If an update is found, the program will automatically update itself. Press the OK button and continue.
    • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.

    • Under the Scanner tab, make sure the "Perform Quick Scan" option is selected.
    • Click on the Scan button.
    • When finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
    • Click OK to close the message box, then click the Show Results button to see a list of any malware that was found.
    • Make sure that everything is checked and then click Remove Selected.
    • When removal is completed, a log report will open in Notepad.
    • The log is automatically saved and can be viewed by clicking the Logs tab.
    • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
    • Exit Malwarebytes when done.

    Note: If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.

    3.
    I'd like us to scan your machine with ESET OnlineScan
    1. Hold down Control and click on this link to open ESET OnlineScan in a new window.
    2. Click the button.
    3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
      1. Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
      2. Double click on the
        icon on your desktop.
    4. Check "YES, I accept the Terms of Use."
    5. Click the Start button.
    6. Accept any security warnings from your browser.
    7. Under scan settings, check "Scan Archives" and "Remove found threats"
    8. Click Advanced settings and select the following:
      • Scan potentially unwanted applications
      • Scan for potentially unsafe applications
      • Enable Anti-Stealth technology
    9. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    10. When the scan completes, click List Threats
    11. Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    12. Click the Back button.
    13. Click the Finish button.


    Things to include in your next reply::
    Combofix.txt
    MBAM log
    Eset log
    How is your machine running now?
    " Extinguishing Malware from the world"

    The Spware Help forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.
    HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
    Thanks-




  8. #8
    Member
    Join Date
    Nov 2011
    Posts
    6
    Points
    0

    Default Newest Scan Results

    Hi again,

    Quote Originally Posted by fireman4it View Post
    Hello,

    There are still alot of leftovers on the machine.


    Things to include in your next reply::
    Combofix.txt
    MBAM log
    Eset log
    How is your machine running now?
    I've run the final scans you discussed in the previous post. The logs are attached to this post.

    The system seems to come up faster than it did before and it seems to be working better.

    I have a few notes about my runs:

    1) The ComboFix executable said there was a newer version, so I downloaded the new version and used that to run the ComboFix script.
    2) I had already downloaded (and my Dad purchased) a copy of MalWareBytes earlier this month so it gets the latest upgrades daily. I used this copy to run the MalWareBytes scan.
    3) I had his backup harddrive connected to the PC while running ESET and it found 2 threats in the backups which I deleted.

    Do you recommend using ESET for a AV? My Dad's computer is currently running Microsoft Security Essentials (with MalWareBytes and SuperAntiSpyware), but it looks like ESET gives more powerful coverage. Is it compatable with MalWareBytes and SuperAntiSpyware?

    Finally, should we uninstall any of these programs from the PC after the system is clean? (ComboFix, GMER, etc?)

    Again, thank you very, very much for your help!

    -Mary
    Attached Files

  9. #9
    Member Spyware Fighter
    Join Date
    Jun 2010
    Location
    Bement,Ill USA
    Posts
    1,340
    Points
    146

    Default

    Hello, MaryR.
    Congratulations! You now appear clean!


    Microsoft Security Essentials is a good program. Just remember the is no one cure all Antivirus out there. If there was there wouldn't be so many.

    Uninstall Combofix
    • Make sure that Combofix.exe that you downloaded is on your Desktop but Do not run it!
      o *If it is not on your Desktop, the below will not work.
    • Click on then Run....
    • Now copy & paste the green bolded text in the run-box and click OK.

      ComboFix /Uninstall



      <Notice the space between the "x" and "/".> <--- It needs to be there
      Windows Vista users: Press the Windows Key + R to bring the Run... Command and then from there you can add in the Combofix /Uninstall

    • Please advise if this step is missed for any reason as it performs some important actions:
      "This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.
      It also makes a clean Restore Point and flashes all the old restore points in order to prevent possible reinfection from an old one through system restore".



    Are things running okay? Do you have any more questions?

    System Still Slow?
    You may wish to try StartupLite. Simply download this tool to your desktop and run it. It will explain any optional auto-start programs on your system, and offer the option to stop these programs from starting at startup. This will result in fewer programs running when you boot your system, and should improve preformance.
    If that does not work, you can try the steps mentioned in Slow Computer/browser? Check Here First; It May Not Be Malware.

    We Need to Clean Up Our Mess
    • Download OTC by OldTimer and save it to your desktop.
    • Double click icon to start the program. If you are using Vista, please right-click and choose run as administrator
    • Then Click the big button.
    • You will get a prompt saying "Being Cleanup Process". Please select Yes.
    • Restart your computer when prompted.


    Important Note: Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.
    Please follow these steps to remove older version Java components and update:
    • Download the latest version of Java Runtime Environment (JRE) Version 7 and save it to your desktop.
    • Look for "Java Platform, Standard Edition".
    • Click the "Download JRE" button to the right.
    • Read the License Agreement, and then check the box that says: "Accept License Agreement".
    • From the list, select your OS and Platform (32-bit or 64-bit).
    • If a download for an Offline Installation is available, it is recommended to choose that and save the file to your desktop.
    • Close any programs you may have running - especially your web browser.

    Go to > Control Panel, double-click on Add/Remove Programs or Programs and Features in Vista/Windows 7 and remove all older versions of Java.
    • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
    • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
    • Repeat as many times as necessary to remove each Java versions.
    • Reboot your computer once all Java components are removed.
    • Then from your desktop double-click on jre-7-windows-i586.exe to install the newest version.
    • If using Windows 7 or Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
    • When the Java Setup - Welcome window opens, click the Install > button.
    • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.
    • The McAfee Security Scan Plus tool is installed by default unless you uncheck the McAfee installation box when updating Java.

    Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications but it's not necessary.
    To disable the JQS service if you don't want to use it:
    • Go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter.
    • Click Ok and reboot your computer.



    One of the most common questions found when cleaning malware is "how did my machine get infected?". There are a variety of reasons, but the most common ones are that you are not practicing Safe Internet, you are not running the proper security software or that your computer's security settings are set too low.

    Below I have outlined a series of categories that outline how you can increase the security of your computer to help reduce the chance of being infected again in the future.

    Do not use P2P programs
    Peer-to-peer or file-sharing programs (such as uTorrent, Limewire and Bitorrent) are probably the primary route of infection nowadays. These programs allow file sharing between users as the name(s) suggest. It is almost impossible to know whether the file you’re downloading through P2P programs is safe.

    It is therefore possible to be infected by downloading infected files via peer-to-peer programs and so I recommend that you do not use these programs. Should you wish to use them, they must be used with extreme care. Some further reading on this subject, along with included links, are as follows: "File-Sharing, otherwise known as Peer To Peer" and "Risks of File-Sharing Technology."

    In addition, P2P programs facilitate cyber crime and help distribute pirated software, movies and other illegal material.

    Practice Safe Internet
    Another one of the main reasons people get infected in the first place is that they are not practicing Safe Internet. You practice Safe Internet when you educate yourself on how to properly use the Internet through the use of security tools and good practice. Knowing how you can get infected and what types of files and sites to avoid will be the most crucial step in keeping your computer malware free. The reality is that the majority of people who are infected with malware are ones who click on things they shouldn't be clicking on. Whether these things are files or sites it doesn't really matter. If something is out to get you, and you click on it, it most likely will.

    Below are a list of simple precautions to take to keep your computer clean and running securely:
    1. If you receive an attachment from someone you do not know, DO NOT OPEN IT! Simple as that. Opening attachments from people you do not know is a very common method for viruses or worms to infect your computer.
    2. If you receive an attachment and it ends with a .exe, .com, .bat, or .pif do not open the attachment unless you know for a fact that it is clean. For the casual computer user, you will almost never receive a valid attachment of this type.
    3. If you receive an attachment from someone you know, and it looks suspicious, then it probably is. The email could be from someone you know who is themselves infected with malware which is trying to infect everyone in their address book. A key thing to look out for here is: does the email sound as though it’s from the person you know? Often, the email may simply have a web link or a “Run this file to make your PC run fast” message in it.
    4. If you are browsing the Internet and a popup appears saying that you are infected, ignore it!. These are, as far as I am concerned, scams that are being used to scare you into purchasing a piece of software. For an example of these types of pop-ups, or Foistware, you should read this article: Foistware, And how to avoid it.
      There are also programs that disguise themselves as Anti-Spyware or security products but are instead scams. Removal instructions for a lot of these "rogues" can be found here.
    5. Another tactic to fool you on the web is when a site displays a popup that looks like a normal Windows message or alert. When you click on them, though, they instead bring you to another site that is trying to push a product on you, or will download a file to your PC without your knowledge. You can check to see if it's a real alert by right-clicking on the window. If there is a menu that comes up saying Add to Favorites... you know it's a fake. DO NOT click on these windows, instead close them by finding the open window on your Taskbar, right click and chose close.
    6. Do not visit pornographic websites. I know this may bother some of you, but the fact is that a large amount of malware is pushed through these types of sites. I am not saying all adult sites do this, but a lot do, as this can often form part of their funding.
    7. When using an Instant Messaging program be cautious about clicking on links people send to you. It is not uncommon for infections to send a message to everyone in the infected person's contact list that contains a link to an infection. Instead when you receive a message that contains a link you should message back to the person asking if it is legit.
    8. Stay away from Warez and Crack sites! As with Peer-2-Peer programs, in addition to the obvious copyright issues, the downloads from these sites are typically overrun with infections.
    9. Be careful of what you download off of web sites and Peer-2-Peer networks. Some sites disguise malware as legitimate software to trick you into installing them and Peer-2-Peer networks are crawling with it. If you want to download files from a site, and are not sure if they are legitimate, you can use tools such as BitDefender Traffic Light, Norton Safe Web, or McAfee SiteAdvisor to look up info on the site and stay protected against malicious sites. Please be sure to only choose and install one of those tool bars.
    10. DO NOT INSTALL any software without first reading the End User License Agreement, otherwise known as the EULA. A tactic that some developers use is to offer their software for free, but have spyware and other programs you do not want bundled with it. This is where they make their money. By reading the agreement there is a good chance you can spot this and not install the software.
      Sometimes even legitimate programs will try to bundle extra, unwanted, software with the program you want - this is done to raise money for the program. Be sure to untick any boxes which may indicate that other programs will be downloaded.


    Keep Windows up-to-date
    Microsoft continually releases security and stability updates for its supported operating systems and you should always apply these to help keep your PC secure.

    • Windows XP users
      You should visit Windows Update to check for the latest updates to your system. The latest service pack (SP3) can be obtained directly from Microsoft here.
    • Windows Vista users
      You should run the Windows Update program from your start menu to access the latest updates to your operating system (information can be found here). The latest service pack (SP2) can be obtained directly from Microsoft here.
    • Windows 7 users
      You should run the Windows Update program from your start menu to access the latest updates to your operating system (information can be found here). The latest service pack (SP1) can be obtained directly from Microsoft here



    Keep your browser secure
    Most modern browsers have come on in leaps and bounds with their inbuilt, default security. The best way to keep your browser secure nowadays is simply to keep it up-to-date.

    The latest versions of the three common browsers can be found below:


    Use an AntiVirus Software
    It is very important that your computer has an up-to-date anti-virus software on it which has a real-time agent running. This alone can save you a lot of trouble with malware in the future.
    See this link for a listing of some online & their stand-alone antivirus programs: Virus, Spyware, and Malware Protection and Removal Resources, a couple of free Anti-Virus programs you may be interested in are Microsoft Security Essentials and Avast.

    It is imperative that you update your Antivirus software at least once a week (even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out. If you use a commercial antivirus program you must make sure you keep renewing your subscription. Otherwise, once your subscription runs out, you may not be able to update the programs virus definitions.

    Use a Firewall
    I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a Firewall in its default configuration can lower your risk greatly.

    All versions of Windows starting from XP have an in-built firewall. With Windows XP this firewall will protect you from incoming traffic (i.e. hackers). Starting with Windows Vista, the firewall was beefed up to also protect you against outgoing traffic (i.e. malicious programs installed on your machine should be blocked from sending data, such as your bank details and passwords, out).

    In addition, if you connect to the internet via a router, this will normally have a firewall in-built.

    Some people will recommend installing a different firewall (instead of the Windows’ built one), this is personal choice, but the message is to definitely have one! For a tutorial on Firewalls and a listing of some available ones see this link: Understanding and Using Firewalls

    Install an Anti-Malware program
    Recommended, and free, Anti-Malware programs are Malwarebytes Anti-Malware and SuperAntiSpyware.

    You should regularly (perhaps once a week) scan your computer with an Anti-Malware program just as you would with an antivirus software.

    Make sure your applications have all of their updates
    It is also possible for other programs on your computer to have security vulnerability that can allow malware to infect you. Therefore, it is very important to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities (such as Adobe Reader and Java). You can check these by visiting Secunia Software Inspector.

    Follow this list and your potential for being infected again will reduce dramatically.
    " Extinguishing Malware from the world"

    The Spware Help forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.
    HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
    Thanks-




  10. The Following User Says Thank You to fireman4it For This Useful Post:


  11. #10
    Member
    Join Date
    Nov 2011
    Posts
    6
    Points
    0

    Default

    Thank you! Your help in deciphering the logs has been a tremendous help to me and my Dad. We are truly grateful.

Page 1 of 2 12 LastLast