Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Infected! the horror..

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Infected! the horror..

Unread postby EZSundayAM » June 8th, 2011, 2:32 pm

Hi

**** My logs were too long to post as instructed! Tried everything.
**** I'm sorry but I had to cut the ~attach.txt~ out, so I made it an attachment.
**** I can of course post it as a second message if requested.

3 days ago it suddenly began. I've tried Spybot/Malwarebytes etc but can't get rid of it. I think it came via Utorrent so I will delete Utorrent now.

Windows:
The machine often runs slow and a windows service keeps crashing/throwing an error,
resulting in loss of the shiny "aero?" Vista UI and buggy behaviour.

In Task Manager I often see a svchost.exe running with >500 MB memory that restarts
soon after I task-kill it.

Firefox:
Constantly redirecting search results to bad websites.
Sometimes tabs open by themselves to bad websites.

I'm standing by if you can help! I can run scans, work from safe mode, etc. Thanks!


.
DDS (Ver_2011-06-03.01) - NTFSx86
Internet Explorer: 8.0.6001.18975 BrowserJavaVersion: 1.6.0_20
Run by Cmack at 13:53:33 on 2011-06-08
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2936.1538 [GMT -4:00]
.
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Lenovo\Lenovo OneKey Theater\OneKeyTheater.exe
C:\Program Files\DDNI\Lenovo Idea Notes\DDNIMSGUser.exe
C:\Program Files\Lenovo\Lenovo Desktop Navigator\DesktopNavigator.exe
C:\Program Files\Lenovo\ReadyComm\ReadyComm.exe
C:\Program Files\Lenovo\Energy Management\utility.exe
C:\Program Files\Lenovo\Energy Management\Energy Management.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\igfxext.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\Lenovo\ReadyComm\common\IGRS.exe
c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESSCR\MSSQL\Binn\sqlservr.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\IgrsSvcs.exe
C:\Program Files\Cyberlink\Shared files\RichVideo.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Lenovo\OneKey App\System Repair\UpdateMonitor.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
M:\PortableApps\geekMenu\GeekMenu.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
M:\PortableApps\FirefoxPortable\FirefoxPortable.exe
M:\PortableApps\FirefoxPortable\FirefoxPortable.exe
M:\PortableApps\FirefoxPortable\App\firefox\firefox.exe
M:\PortableApps\FirefoxPortable\App\firefox\plugin-container.exe
C:\Program Files\DDNI\Lenovo Idea Notes\DDNIMSGService.exe
C:\Program Files\DDNI\DIBS\DDNIService.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://lenovo.live.com/
mStart Page = hxxp://lenovo.live.com/
mDefault_Page_URL = hxxp://www.lenovo.com
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Interest recogniser for Moovida (powered by Spointer): {e2a7bd67-0eaf-497f-b05b-748d7bf3c421} - c:\program files\fluendo\moovida\spointer\extensions\moovida_air_ie.dll
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [snp2uvc] c:\windows\vsnp2uvc.exe
mRun: [OneKey Theater] c:\progra~1\lenovo\lenovo~1\ONEKEY~1.EXE
mRun: [IdeaNotesUser] c:\program files\ddni\lenovo idea notes\DDNIMSGUser.exe
mRun: [Desktop Navigator] %ProgramFiles%\Lenovo\Lenovo Desktop Navigator\DesktopNavigator.exe
mRun: [MDS_Menu] "c:\program files\lenovo\mediashow\muitransfer\muistartmenu.exe" "c:\program files\lenovo\mediashow" updatewithcreateonce "software\cyberlink\mediashow\4.1"
mRun: [VeriFaceManager] c:\program files\lenovo\veriface\PManage.exe
mRun: [UpdateP2GShortCut] "c:\program files\lenovo\power2go\muitransfer\muistartmenu.exe" "c:\program files\lenovo\power2go" updatewithcreateonce "software\cyberlink\power2go\5.0"
mRun: [Readycomm] c:\program files\lenovo\readycomm\ReadyComm.exe -TrayMode
mRun: [EnergyUtility] c:\program files\lenovo\energy management\utility.exe
mRun: [Energy Management] c:\program files\lenovo\energy management\Energy Management.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
TCP: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
TCP: Interfaces\{8AC28891-FD17-4A3E-96F4-4CD360939CA8} : DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
TCP: Interfaces\{BD780A43-D49E-452C-9F65-28366E26A148} : DhcpNameServer = 8.8.8.8
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
Notify: igfxcui - igfxdev.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\cmack\appdata\roaming\mozilla\firefox\profiles\qwjx7xuu.default\
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?hl=en&source=iglk
FF - prefs.js: keyword.URL - hxxp://search.avg.com/?d=4dd6e8ef&i=23&tp=ab&nt=1&q=
FF - component: c:\program files\avg\avg10\firefox4\components\avgssff4.dll
FF - component: c:\program files\fluendo\moovida\spointer\extensions\moovida@spointer.com\components\moovida_air_ff.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
FF - plugin: c:\users\cmack\appdata\roaming\mozilla\firefox\profiles\qwjx7xuu.default\extensions\{1bc9ba34-1eed-42ca-a505-6d2f1a935bbb}\plugins\npietab2.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Linkification: {35106bca-6c78-48c7-ac28-56df30b51d2a} - %profile%\extensions\{35106bca-6c78-48c7-ac28-56df30b51d2a}
FF - Ext: BetterPrivacy: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3} - %profile%\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: FEBE: {4BBDD651-70CF-4821-84F8-2B918CF89CA3} - %profile%\extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3}
FF - Ext: IE Tab 2 (FF 3.6+): {1BC9BA34-1EED-42ca-A505-6D2F1A935BBB} - %profile%\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}
FF - Ext: ImageHost Grabber: {E4091D66-127C-11DB-903A-DE80D2EFDFE8} - %profile%\extensions\{E4091D66-127C-11DB-903A-DE80D2EFDFE8}
FF - Ext: Snap Links Plus: snaplinks@snaplinks.mozdev.org - %profile%\extensions\snaplinks@snaplinks.mozdev.org
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Ext: Mouse Gestures Redox: {FFA36170-80B1-4535-B0E3-A4569E497DD0} - %profile%\extensions\{FFA36170-80B1-4535-B0E3-A4569E497DD0}
FF - Ext: Web Developer: {c45c406e-ab73-11d8-be73-000a95be3b12} - %profile%\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: AVG Safe Search: {1E73965B-8B48-48be-9C8D-68B920ABC1C4} - c:\program files\avg\avg10\Firefox4
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-2-22 22992]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-3-16 32592]
R0 Wdkbdmou;Lenovo RMCT KbdMou Service;c:\windows\system32\drivers\Wdkbdmou.sys [2008-12-17 8832]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-1-7 248656]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-3-1 34896]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-4-5 297168]
R1 funfrm;funfrm;c:\windows\system32\drivers\funfrm.sys [2009-4-27 48192]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-4-18 7398752]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2011-2-8 269520]
R2 DDNIMSGService;DDNIMSGService;c:\program files\ddni\lenovo idea notes\DDNIMSGService.exe [2008-10-6 180912]
R2 DDNIService;DDNIService;c:\program files\ddni\dibs\DDNIService.exe [2009-4-27 164528]
R2 IGRS;IGRS;c:\program files\lenovo\readycomm\common\IGRS.exe [2008-12-17 36480]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-6-8 366640]
R2 MSSQL$SQLEXPRESSCR;SQL Server (SQLEXPRESSCR);c:\program files\microsoft sql server\mssql10_50.sqlexpresscr\mssql\binn\sqlservr.exe [2010-4-3 42884448]
R2 ReadyComm.DirectRouter;ReadyComm.DirectRouter;c:\windows\system32\igrssvcs.exe -k igrssvcs --> c:\windows\system32\IgrsSvcs.exe -k IgrsSvcs [?]
R2 System_Repair_UpdateMonitor;System Repair Windows Update Monitor;c:\program files\lenovo\onekey app\system repair\UpdateMonitor.exe [2009-4-27 430080]
R2 tvtumon;tvtumon;c:\windows\system32\drivers\tvtumon.sys [2009-4-27 48192]
R3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\drivers\AcpiVpc.sys [2009-4-27 14336]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-4-14 134480]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-2-10 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-2-10 28624]
R3 BazisVirtualCDBus;WinCDEmu Virtual Bus Driver;c:\windows\system32\drivers\BazisVirtualCDBus.sys [2010-4-6 98400]
R3 IncSvc;ReadyComm Network Monitor and Configuration;c:\windows\system32\igrssvcs.exe -k igrssvcs --> c:\windows\system32\IgrsSvcs.exe -k IgrsSvcs [?]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-12-29 112128]
R3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2009-1-14 107360]
R3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\k57nd60x.sys [2008-6-19 212992]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-6-8 22712]
R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2008-12-18 3664384]
R3 pneteth;PdaNet Broadband;c:\windows\system32\drivers\pneteth.sys [2010-10-9 13312]
R3 wdmirror;wdmirror;c:\windows\system32\drivers\WDMirror.sys [2008-12-17 8832]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-6-23 136176]
S2 MSSQL$INSTANCENAME;SQL Server (INSTANCENAME);c:\program files\microsoft sql server\mssql.2\mssql\binn\sqlservr.exe [2007-2-10 29178224]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2008-1-20 179712]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-6-23 136176]
S3 pnetmdm;PdaNet Modem;c:\windows\system32\drivers\pnetmdm.sys [2010-8-9 9472]
S3 PS_MDP;ReadyComm Presentation Space Helper Service;c:\windows\system32\igrssvcs.exe -k igrssvcs --> c:\windows\system32\IgrsSvcs.exe -k IgrsSvcs [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S3 WSVD;WSVD;c:\windows\system32\drivers\WSVD.sys [2009-4-27 81192]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2010-4-3 44896]
S4 RsFx0150;RsFx0150 Driver;c:\windows\system32\drivers\RsFx0150.sys [2010-4-3 240608]
S4 SQLAgent$SQLEXPRESSCR;SQL Server Agent (SQLEXPRESSCR);c:\program files\microsoft sql server\mssql10_50.sqlexpresscr\mssql\binn\SQLAGENT.EXE [2010-4-3 367456]
.
=============== Created Last 30 ================
.
2011-06-08 15:13:12 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-06-08 15:13:12 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-06-08 12:52:15 388096 ----a-r- c:\users\cmack\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-06-08 12:52:14 -------- d-----w- c:\program files\Antivrus
2011-06-08 12:49:56 -------- d-----w- c:\users\cmack\appdata\roaming\Malwarebytes
2011-06-08 12:49:50 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-06-08 12:49:50 -------- d-----w- c:\programdata\Malwarebytes
2011-06-08 12:49:47 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-08 12:49:47 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-06-08 01:43:33 0 ---ha-w- c:\users\cmack\appdata\local\BIT76C4.tmp
2011-06-07 20:54:11 0 ---ha-w- c:\users\cmack\appdata\local\BITFC6D.tmp
2011-06-07 19:50:37 -------- d-sh--w- C:\found.000
2011-06-07 16:23:34 -------- d-----w- c:\windows\pss
2011-06-06 21:19:25 -------- d-----w- c:\users\cmack\appdata\roaming\DVD Flick
2011-06-06 21:19:03 -------- d-----w- c:\program files\DVD Flick
2011-06-06 18:11:12 -------- d-----w- c:\users\cmack\appdata\roaming\53F86A63F5D4F100F6889BC00BC54BC1
2011-05-16 21:48:26 -------- d-----w- c:\users\cmack\appdata\local\Moovida
2011-05-16 21:48:15 -------- d-----w- c:\users\cmack\appdata\local\moovida Air
2011-05-16 21:47:58 -------- d-----w- c:\users\cmack\appdata\roaming\moovida-1
2011-05-16 21:46:56 -------- d-----w- c:\program files\Fluendo
2011-05-16 03:19:46 -------- d-----w- c:\program files\VisiPics
.
==================== Find3M ====================
.
2011-04-15 01:28:18 134480 ----a-w- c:\windows\system32\drivers\AVGIDSDriver.sys
2011-04-13 22:40:10 4284416 ----a-w- c:\windows\system32\GPhotos.scr
2011-04-05 04:59:56 297168 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2011-04-01 18:20:51 1409 ----a-w- c:\windows\QTFont.for
2011-03-16 20:03:20 32592 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
.
============= FINISH: 13:54:36.27 ===============
You do not have the required permissions to view the files attached to this post.
EZSundayAM
Active Member
 
Posts: 9
Joined: June 8th, 2011, 1:23 pm
Advertisement
Register to Remove

Re: Infected! the horror..

Unread postby Jack&Jill » June 11th, 2011, 11:31 am

Hello and welcome to Malware Removal.

I am currently assessing your situation and will be back with a fix for your problem as soon as possible.

You will be notified of replies by email as soon as they are posted.

Please be patient with me during this time.

Meanwhile, please make a reply to this topic to acknowledge that you have read this and is still with me to tackle the problem until the end. If I do not get any response within 3 days, this topic will be closed.
User avatar
Jack&Jill
MRU Emeritus
MRU Emeritus
 
Posts: 2284
Joined: August 19th, 2008, 5:37 am
Location: South East Asia

Re: Infected! the horror..

Unread postby EZSundayAM » June 11th, 2011, 3:03 pm

Thanks!!!!! I am going on holiday tomorrow so I will be a bit slower but I WILL be looking for your reply and will do what you tell me!

And while I was typing this reply I got a Windows error that's been common since the virus.. Yuck!

Problem Event Name: APPCRASH
Application Name: svchost.exe
Application Version: 6.0.6001.18000
Application Timestamp: 47918b89
Fault Module Name: ntdll.dll
Fault Module Version: 6.0.6001.18000
Fault Module Timestamp: 4791a7a6
Exception Code: c000071b
Exception Offset: 00088ed9
OS Version: 6.0.6001.2.1.0.768.3
Locale ID: 1033
Additional Information 1: 0e02
Additional Information 2: b21b56b606e7544720668ce364087082
Additional Information 3: 0e02
Additional Information 4: b21b56b606e7544720668ce364087082
EZSundayAM
Active Member
 
Posts: 9
Joined: June 8th, 2011, 1:23 pm

Re: Infected! the horror..

Unread postby Jack&Jill » June 12th, 2011, 12:23 pm

Hello EZSundayAM :),

Welcome to Malware Removal. I am Jack&Jill, and I will be helping you out.

Before we go further, there are a few things that I would like to make clear so that we are share the same understanding.
  • Please observe and follow these Forum Rules and ALL USERS OF THIS FORUM MUST READ THIS FIRST.
  • Any advice is for your computer only and is taken at your own risk. Fixes sometimes will cause unexpected results, but I will do my best to assist you.
  • Please read the instructions carefully and follow them closely, in the order they are presented to you.
  • If you have any doubts or problems during the fix, please stop and ask.
  • All the tools that I will ask you to download and use are safe. Please allow if prompted by any of your security softwares.
  • Do not use or run any malware cleaning tools without supervision as they may cause more harm if improperly used.
  • Refrain from installing any new programs except those that I request during the fix to prevent interference to my diagnosis of the problem.
  • Lack of malware symptoms does not mean your computer is clean. Stick to this topic until I give the All Clear.
  • If you do not reply within 3 days, this topic will be closed.

If you are agreeable to the above, then everything should go smoothly :) . We may begin.

--------------------

Thanks!!!!! I am going on holiday tomorrow so I will be a bit slower but I WILL be looking for your reply and will do what you tell me!
Have a good time, no rush for reply. Away for one day only?

Is this a business or corporate computer?

--------------------

Remove P2P software
  • IMPORTANT: I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.

    µTorrent

  • Please read our P2P Policy where we explain why it's not a good idea to have them.
  • Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.
  • Go to Control Panel > Add/Remove Programs and uninstall the P2P program(s) listed above (in red).
  • Please remove them before we continue with fixing your computer.

Please rerun DDS and post back a new Attach.txt.

--------------------

Check for additional security risks
  • Please download CKScanner© by askey127 and save to your desktop. Click here.
  • Double click on CKScanner.exe and click Search For Files.
  • After a very short time, when the cursor hourglass disappears, click Save List To File. You will be prompted, click OK.
  • Post the contents of ckfiles.txt in your reply, it is located on your desktop.

--------------------

Please post back:
1. new Attach.txt
2. CKScanner log
User avatar
Jack&Jill
MRU Emeritus
MRU Emeritus
 
Posts: 2284
Joined: August 19th, 2008, 5:37 am
Location: South East Asia

Re: Infected! the horror..

Unread postby EZSundayAM » June 13th, 2011, 12:07 pm

Hi. It's my personal laptop so I have it with me for our week in New Orleans! Waiting now to leave for a tour of the swamps to see some alligators!

1. I removed Utorrent.
2. Ran a new Attach.txt
3. Ran CKScanner

My attach.txt is still so ^%$ huge it can't be posted properly so I had to zip/attach it! Nuts..

Standing by. Thanks!!

-----------------------
P.S. I ran CKScanner 3 times. 1st time is hung up (not responding.) 2nd and 3rd time it gave the following results..

CKScanner - Additional Security Risks - These are not necessarily bad
scanner sequence 3.RP.11
----- EOF -----
You do not have the required permissions to view the files attached to this post.
EZSundayAM
Active Member
 
Posts: 9
Joined: June 8th, 2011, 1:23 pm

Re: Infected! the horror..

Unread postby Jack&Jill » June 14th, 2011, 1:46 pm

Hello EZSundayAM :),

I see that you have installed Spyware Doctor 7.0 since your last log. Does it contain the Antivirus (AV) component? If yes, it will conflict with AVG.

Although AV is essential for keeping your computer free from viruses, having more than one AV will do more harm than protect your computer. They will not only conflict, but will slow down your computer as well.

The same principle applies for Antispyware programs as well. You must choose one between Spyware Doctor and Spybot.

Please do not install any other programs while I am helping you.

--------------------

You have Malwarebytes' Anti-Malware (MBAM) on your machine. I wish to take a look at the most recent log file. Open MBAM and click on the Logs tab. Open the file at the bottom of the list and post the contents back here. If there is no log or you have yet to run MBAM, please let me know.

--------------------

Please download TDSSKiller© from Kaspersky and save it to your desktop. Click here.
  • Alternatively, you may get the zip version and extract the file to the desktop.
  • Double click on TDSSKiller.exe to execute it.
  • Press Start scan to begin.
  • If anything is found, please change all the actions to Skip only.
  • Then click on Continue at the lower right corner.
  • You may be prompted to reboot your computer, please consent.
  • Once complete, a log will be produced at C:\. It will be named TDSSKiller.Version_Date_Time_log.txt, for example, C:\TDSSKiller.2.4.12.0_26.12.2010_23.12.11_log.txt.
  • Please post the contents of this log.

--------------------

Please close all programs and do not run any others before and during the GMER scan. Do not use the computer for anything else until after the scan is completed.

Please download GMER and save it to your desktop. Click here.
  • Please disable your real time protection of any Antivirus, Antispyware or Antimalware programs temporarily when running GMER. They may cause the computer to freeze.
  • If you need help to disable your protection programs see here and here.
  • Double click the .exe file. If asked to allow the gmer driver file with a sys extension to load, please consent.
  • If it gives you a warning about rootkit activity and asks if you want to run scan, click on No.
  • In the right panel, you will see several boxes that have been checked (ticked).
    • Uncheck IAT/EAT
    • Uncheck All other Drives/Partitions except C:\ (leave C:\ checked)
    • Uncheck Show All (don't miss this one)
  • Then click the Scan button and wait for it to finish.
  • Once done, click on the Save... button and save it as "Gmer.txt" at a convenient location. Post the contents of that report.
  • Enable back your security softwares as soon as you completed the GMER steps.
    Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries.

If you are having problems running GMER, retry with Devices unchecked as well. If you are still encountering difficulties, please try running GMER in Safe Mode. You can get into Safe Mode using the F8 key during the startup of your computer after a reboot.

--------------------

Please post back:
1. previous MBAM log
2. TDSSKiller result
3. GMER log
User avatar
Jack&Jill
MRU Emeritus
MRU Emeritus
 
Posts: 2284
Joined: August 19th, 2008, 5:37 am
Location: South East Asia

Re: Infected! the horror..

Unread postby EZSundayAM » June 17th, 2011, 9:30 pm

Hello! I'm home from vacation so I'll be quick to reply now.

For what it's worth, my computer already seems better since tdsskiller.exe!! No sign of the nasty svchost.exe and no browser tabs opening randomly.

Still standing by, thanks!


1. Removed Spyware Doctor
2. Malwarebytes' Anti-Malware (MBAM) Most recent log

10:23:04 Cmack MESSAGE Protection started successfully
10:23:08 Cmack MESSAGE IP Protection started successfully
10:24:36 Cmack IP-BLOCK 195.3.145.105 (Type: outgoing, Port: 49296, Process: firefox.exe)
10:25:32 Cmack IP-BLOCK 195.3.145.184 (Type: outgoing, Port: 49339, Process: firefox.exe)
10:30:39 Cmack IP-BLOCK 208.87.32.75 (Type: outgoing, Port: 49839, Process: svchost.exe)
10:30:39 Cmack IP-BLOCK 208.87.32.75 (Type: outgoing, Port: 49840, Process: svchost.exe)
10:54:33 Cmack IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 53156, Process: svchost.exe)
10:54:49 Cmack IP-BLOCK 67.29.139.153 (Type: outgoing, Port: 53191, Process: svchost.exe)
10:55:37 Cmack IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 53406, Process: svchost.exe)
11:15:14 Cmack IP-BLOCK 69.6.27.100 (Type: outgoing, Port: 54760, Process: svchost.exe)
11:15:54 Cmack IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 54876, Process: svchost.exe)
11:16:18 Cmack IP-BLOCK 188.229.90.64 (Type: outgoing, Port: 55030, Process: svchost.exe)
12:04:50 Cmack IP-BLOCK 67.29.139.153 (Type: outgoing, Port: 59021, Process: svchost.exe)
12:07:22 Cmack IP-BLOCK 208.87.32.75 (Type: outgoing, Port: 59463, Process: svchost.exe)
12:07:22 Cmack IP-BLOCK 208.87.32.75 (Type: outgoing, Port: 59464, Process: svchost.exe)
12:07:46 Cmack IP-BLOCK 67.29.139.153 (Type: outgoing, Port: 59508, Process: svchost.exe)
13:57:36 Cmack IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 55158, Process: svchost.exe)
13:57:36 Cmack IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 55159, Process: svchost.exe)
14:04:40 Cmack IP-BLOCK 67.29.139.153 (Type: outgoing, Port: 55736, Process: svchost.exe)
14:05:05 Cmack IP-BLOCK 67.29.139.153 (Type: outgoing, Port: 55767, Process: svchost.exe)
14:13:53 Cmack IP-BLOCK 67.29.139.153 (Type: outgoing, Port: 56334, Process: svchost.exe)
14:20:42 Cmack IP-BLOCK 208.87.32.75 (Type: outgoing, Port: 57279, Process: svchost.exe)
14:20:42 Cmack IP-BLOCK 208.87.32.75 (Type: outgoing, Port: 57280, Process: svchost.exe)
14:26:51 Cmack IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 58021, Process: svchost.exe)
14:26:51 Cmack IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 58022, Process: svchost.exe)
15:56:33 Cmack MESSAGE Protection started successfully
15:56:37 Cmack MESSAGE IP Protection started successfully
17:11:39 Cmack IP-BLOCK 208.87.32.75 (Type: outgoing, Port: 53780, Process: svchost.exe)
17:19:08 Cmack IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 54162, Process: svchost.exe)
17:27:00 Cmack IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 54661, Process: svchost.exe)
17:27:00 Cmack IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 54665, Process: svchost.exe)
17:41:25 Cmack IP-BLOCK 208.87.32.75 (Type: outgoing, Port: 54881, Process: svchost.exe)
17:44:13 Cmack IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 55355, Process: svchost.exe)
17:44:13 Cmack IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 55356, Process: svchost.exe)
17:52:14 Cmack IP-BLOCK 193.105.154.238 (Type: outgoing, Port: 56118, Process: svchost.exe)
17:52:14 Cmack IP-BLOCK 193.105.154.238 (Type: outgoing, Port: 56119, Process: svchost.exe)
17:56:23 Cmack IP-BLOCK 208.87.32.75 (Type: outgoing, Port: 56717, Process: svchost.exe)
17:58:48 Cmack IP-BLOCK 195.3.145.105 (Type: outgoing, Port: 56816, Process: firefox.exe)
18:06:40 Cmack IP-BLOCK 91.213.29.63 (Type: outgoing, Port: 57131, Process: firefox.exe)
18:10:24 Cmack IP-BLOCK 195.3.145.105 (Type: outgoing, Port: 57141, Process: firefox.exe)
18:16:33 Cmack IP-BLOCK 188.95.52.161 (Type: outgoing, Port: 58315, Process: firefox.exe)
18:16:33 Cmack IP-BLOCK 91.213.29.63 (Type: outgoing, Port: 58316, Process: firefox.exe)
18:19:45 Cmack IP-BLOCK 208.87.32.75 (Type: outgoing, Port: 58664, Process: svchost.exe)
18:19:45 Cmack IP-BLOCK 208.87.32.75 (Type: outgoing, Port: 58665, Process: svchost.exe)
18:26:33 Cmack IP-BLOCK 188.95.52.162 (Type: outgoing, Port: 59259, Process: firefox.exe)
18:32:26 Cmack IP-BLOCK 195.3.145.105 (Type: outgoing, Port: 59396, Process: firefox.exe)
18:36:34 Cmack IP-BLOCK 193.218.156.42 (Type: outgoing, Port: 59627, Process: firefox.exe)
18:36:34 Cmack IP-BLOCK 188.229.90.136 (Type: outgoing, Port: 59628, Process: firefox.exe)
18:36:42 Cmack IP-BLOCK 208.87.32.75 (Type: outgoing, Port: 59641, Process: svchost.exe)
18:36:42 Cmack IP-BLOCK 208.87.32.75 (Type: outgoing, Port: 59642, Process: svchost.exe)
18:44:26 Cmack IP-BLOCK 67.29.139.153 (Type: outgoing, Port: 60229, Process: svchost.exe)
18:46:35 Cmack IP-BLOCK 193.218.156.42 (Type: outgoing, Port: 60510, Process: firefox.exe)
18:46:35 Cmack IP-BLOCK 188.229.90.137 (Type: outgoing, Port: 60511, Process: firefox.exe)
18:50:52 Cmack IP-BLOCK 195.3.145.105 (Type: outgoing, Port: 60809, Process: firefox.exe)
20:03:01 Cmack MESSAGE Protection started successfully
20:03:05 Cmack MESSAGE IP Protection started successfully
20:06:25 Cmack IP-BLOCK 195.3.145.105 (Type: outgoing, Port: 49255, Process: firefox.exe)
20:07:29 Cmack IP-BLOCK 195.3.145.184 (Type: outgoing, Port: 49264, Process: firefox.exe)
20:07:53 Cmack IP-BLOCK 195.3.145.184 (Type: outgoing, Port: 49268, Process: firefox.exe)
20:08:17 Cmack IP-BLOCK 195.3.145.184 (Type: outgoing, Port: 49273, Process: firefox.exe)
20:11:06 Cmack IP-BLOCK 67.29.139.153 (Type: outgoing, Port: 49390, Process: svchost.exe)
20:12:02 Cmack IP-BLOCK 67.29.139.153 (Type: outgoing, Port: 49522, Process: svchost.exe)
20:12:18 Cmack IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 49527, Process: svchost.exe)
20:13:22 Cmack IP-BLOCK 91.213.29.63 (Type: outgoing, Port: 49576, Process: svchost.exe)
20:23:23 Cmack IP-BLOCK 188.95.52.161 (Type: outgoing, Port: 50274, Process: svchost.exe)
20:23:23 Cmack IP-BLOCK 91.213.29.63 (Type: outgoing, Port: 50275, Process: svchost.exe)















3. Ran tdsskiller.exe

2011/06/17 20:40:06.0817 2320 TDSS rootkit removing tool 2.5.5.0 Jun 16 2011 15:25:15
2011/06/17 20:40:06.0879 2320 ================================================================================
2011/06/17 20:40:06.0879 2320 SystemInfo:
2011/06/17 20:40:06.0879 2320
2011/06/17 20:40:06.0879 2320 OS Version: 6.0.6001 ServicePack: 1.0
2011/06/17 20:40:06.0879 2320 Product type: Workstation
2011/06/17 20:40:06.0879 2320 ComputerName: LAPPY-L
2011/06/17 20:40:06.0879 2320 UserName: Cmack
2011/06/17 20:40:06.0879 2320 Windows directory: C:\Windows
2011/06/17 20:40:06.0879 2320 System windows directory: C:\Windows
2011/06/17 20:40:06.0879 2320 Processor architecture: Intel x86
2011/06/17 20:40:06.0879 2320 Number of processors: 2
2011/06/17 20:40:06.0879 2320 Page size: 0x1000
2011/06/17 20:40:06.0879 2320 Boot type: Normal boot
2011/06/17 20:40:06.0879 2320 ================================================================================
2011/06/17 20:40:07.0566 2320 Initialize success
2011/06/17 20:40:20.0295 5700 ================================================================================
2011/06/17 20:40:20.0295 5700 Scan started
2011/06/17 20:40:20.0295 5700 Mode: Manual;
2011/06/17 20:40:20.0295 5700 ================================================================================
2011/06/17 20:40:20.0872 5700 ACPI (fcb8c7210f0135e24c6580f7f649c73c) C:\Windows\system32\drivers\acpi.sys
2011/06/17 20:40:21.0028 5700 ACPIVPC (3af8037a2922e5f4be02d8078fee0055) C:\Windows\system32\DRIVERS\AcpiVpc.sys
2011/06/17 20:40:21.0153 5700 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
2011/06/17 20:40:21.0200 5700 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
2011/06/17 20:40:21.0247 5700 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
2011/06/17 20:40:21.0278 5700 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
2011/06/17 20:40:21.0340 5700 AFD (763e172a55177e478cb419f88fd0ba03) C:\Windows\system32\drivers\afd.sys
2011/06/17 20:40:21.0387 5700 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
2011/06/17 20:40:21.0434 5700 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/06/17 20:40:21.0465 5700 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
2011/06/17 20:40:21.0496 5700 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
2011/06/17 20:40:21.0543 5700 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
2011/06/17 20:40:21.0621 5700 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
2011/06/17 20:40:21.0684 5700 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
2011/06/17 20:40:21.0715 5700 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
2011/06/17 20:40:21.0762 5700 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
2011/06/17 20:40:21.0808 5700 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/06/17 20:40:21.0855 5700 atapi (9c0e70031905adbf94edb9ea14af943b) C:\Windows\system32\drivers\atapi.sys
2011/06/17 20:40:22.0011 5700 AVGIDSDriver (97824e8c95d9717777abd46a7b632310) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
2011/06/17 20:40:22.0074 5700 AVGIDSEH (c59c9bc3f0612bd207ccdc5d8cb9ce39) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
2011/06/17 20:40:22.0120 5700 AVGIDSFilter (c5559de2ec66cede15a1664f6d183d8e) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
2011/06/17 20:40:22.0167 5700 AVGIDSShim (ae5e9667fa40206796d1bd5bd0427a8a) C:\Windows\system32\DRIVERS\AVGIDSShim.Sys
2011/06/17 20:40:22.0245 5700 Avgldx86 (4e796d3d2c3182b13b3e3b5a2ad4ef0a) C:\Windows\system32\DRIVERS\avgldx86.sys
2011/06/17 20:40:22.0339 5700 Avgmfx86 (5639de66b37d02bd22df4cf3155fba60) C:\Windows\system32\DRIVERS\avgmfx86.sys
2011/06/17 20:40:22.0386 5700 Avgrkx86 (d1baf652eda0ae70896276a1fb32c2d4) C:\Windows\system32\DRIVERS\avgrkx86.sys
2011/06/17 20:40:22.0448 5700 Avgtdix (aaf0ebcad95f2164cffb544e00392498) C:\Windows\system32\DRIVERS\avgtdix.sys
2011/06/17 20:40:22.0573 5700 b57nd60x (502f1c30bd50b32d00ce4dcaecc3d3c7) C:\Windows\system32\DRIVERS\b57nd60x.sys
2011/06/17 20:40:22.0760 5700 BazisVirtualCDBus (33ac10402622b7e92ca44075f1bec94b) C:\Windows\system32\DRIVERS\BazisVirtualCDBus.sys
2011/06/17 20:40:22.0963 5700 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/06/17 20:40:23.0088 5700 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
2011/06/17 20:40:23.0166 5700 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys
2011/06/17 20:40:23.0197 5700 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/06/17 20:40:23.0228 5700 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/06/17 20:40:23.0275 5700 Bridge (72df06d26ae4ced2e08f428b96302b0e) C:\Windows\system32\DRIVERS\bridge.sys
2011/06/17 20:40:23.0306 5700 BridgeMP (72df06d26ae4ced2e08f428b96302b0e) C:\Windows\system32\DRIVERS\bridge.sys
2011/06/17 20:40:23.0353 5700 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/06/17 20:40:23.0400 5700 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/06/17 20:40:23.0462 5700 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/06/17 20:40:23.0493 5700 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/06/17 20:40:23.0587 5700 BthEnum (cce53afc28347cc18ea139972e5b5e5a) C:\Windows\system32\DRIVERS\BthEnum.sys
2011/06/17 20:40:23.0649 5700 BTHMODEM (5ffa6988ff9597986ff2ada736cc90c0) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/06/17 20:40:23.0758 5700 BthPan (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys
2011/06/17 20:40:23.0821 5700 BTHPORT (ac8a1689d5efc4d214201155a78d8f4b) C:\Windows\system32\Drivers\BTHport.sys
2011/06/17 20:40:23.0868 5700 BTHUSB (288c1f74e3e2eed6c7b54eb3aac70856) C:\Windows\system32\Drivers\BTHUSB.sys
2011/06/17 20:40:23.0977 5700 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/06/17 20:40:24.0008 5700 cdrom (1ec25cea0de6ac4718bf89f9e1778b57) C:\Windows\system32\DRIVERS\cdrom.sys
2011/06/17 20:40:24.0055 5700 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
2011/06/17 20:40:24.0133 5700 CLFS (465745561c832b29f7c48b488aab3842) C:\Windows\system32\CLFS.sys
2011/06/17 20:40:24.0258 5700 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/06/17 20:40:24.0289 5700 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
2011/06/17 20:40:24.0336 5700 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
2011/06/17 20:40:24.0351 5700 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
2011/06/17 20:40:24.0414 5700 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
2011/06/17 20:40:24.0507 5700 DfsC (9e635ae5e8ad93e2b5989e2e23679f97) C:\Windows\system32\Drivers\dfsc.sys
2011/06/17 20:40:24.0570 5700 disk (64109e623abd6955c8fb110b592e68b7) C:\Windows\system32\drivers\disk.sys
2011/06/17 20:40:24.0648 5700 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2011/06/17 20:40:24.0726 5700 DXGKrnl (85f33880b8cfb554bd3d9ccdb486845a) C:\Windows\System32\drivers\dxgkrnl.sys
2011/06/17 20:40:24.0819 5700 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/06/17 20:40:24.0897 5700 Ecache (dd2cd259d83d8b72c02c5f2331ff9d68) C:\Windows\system32\drivers\ecache.sys
2011/06/17 20:40:25.0006 5700 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
2011/06/17 20:40:25.0116 5700 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
2011/06/17 20:40:25.0194 5700 exfat (0d858eb20589a34efb25695acaa6aa2d) C:\Windows\system32\drivers\exfat.sys
2011/06/17 20:40:25.0240 5700 fastfat (3c489390c2e2064563727752af8eab9e) C:\Windows\system32\drivers\fastfat.sys
2011/06/17 20:40:25.0287 5700 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
2011/06/17 20:40:25.0318 5700 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/06/17 20:40:25.0350 5700 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/06/17 20:40:25.0428 5700 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/06/17 20:40:25.0459 5700 FltMgr (05ea53afe985443011e36dab07343b46) C:\Windows\system32\drivers\fltmgr.sys
2011/06/17 20:40:25.0490 5700 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/06/17 20:40:25.0537 5700 funfrm (f923fdea75675f5c2cc55d01e0fd2891) C:\Windows\system32\drivers\funfrm.sys
2011/06/17 20:40:25.0599 5700 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
2011/06/17 20:40:25.0693 5700 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
2011/06/17 20:40:25.0724 5700 HDAudBus (c87b1ee051c0464491c1a7b03fa0bc99) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/06/17 20:40:25.0771 5700 HidBth (2fe6ef94b64d2da60f400eb643086220) C:\Windows\system32\DRIVERS\hidbth.sys
2011/06/17 20:40:25.0802 5700 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/06/17 20:40:25.0849 5700 HidUsb (e2b5bd48afcc0f0974fb44641b223250) C:\Windows\system32\DRIVERS\hidusb.sys
2011/06/17 20:40:25.0880 5700 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
2011/06/17 20:40:26.0005 5700 HTTP (406c027c18e98a396faa1963dad5ff70) C:\Windows\system32\drivers\HTTP.sys
2011/06/17 20:40:26.0098 5700 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
2011/06/17 20:40:26.0145 5700 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/06/17 20:40:26.0208 5700 iaStor (baabb0301949774a66b955c65319635a) C:\Windows\system32\DRIVERS\iaStor.sys
2011/06/17 20:40:26.0379 5700 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
2011/06/17 20:40:26.0582 5700 igfx (0391268713612372e4e0eceaadad41d5) C:\Windows\system32\DRIVERS\igdkmd32.sys
2011/06/17 20:40:26.0816 5700 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/06/17 20:40:26.0941 5700 IntcAzAudAddService (2790cc09422b6bedae9825ae289e9bb7) C:\Windows\system32\drivers\RTKVHDA.sys
2011/06/17 20:40:27.0128 5700 IntcHdmiAddService (092a78e9c6f71bf0e22379503b90e800) C:\Windows\system32\drivers\IntcHdmi.sys
2011/06/17 20:40:27.0190 5700 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
2011/06/17 20:40:27.0222 5700 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2011/06/17 20:40:27.0253 5700 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/06/17 20:40:27.0378 5700 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
2011/06/17 20:40:27.0409 5700 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/06/17 20:40:27.0440 5700 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/06/17 20:40:27.0471 5700 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
2011/06/17 20:40:27.0502 5700 iScsiPrt (f247eec28317f6c739c16de420097301) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/06/17 20:40:27.0518 5700 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/06/17 20:40:27.0549 5700 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/06/17 20:40:27.0580 5700 JMCR (ab772e9cc29c29f59cb4b75f9d6f3f96) C:\Windows\system32\DRIVERS\jmcr.sys
2011/06/17 20:40:27.0643 5700 k57nd60x (e1d7dcbb8811f8be7784046d4dd3a837) C:\Windows\system32\DRIVERS\k57nd60x.sys
2011/06/17 20:40:27.0690 5700 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/06/17 20:40:27.0721 5700 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/06/17 20:40:27.0768 5700 KSecDD (5367dc846cae9639b899bfd13b97a8c9) C:\Windows\system32\Drivers\ksecdd.sys
2011/06/17 20:40:27.0814 5700 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/06/17 20:40:27.0861 5700 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
2011/06/17 20:40:27.0924 5700 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
2011/06/17 20:40:28.0048 5700 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
2011/06/17 20:40:28.0080 5700 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2011/06/17 20:40:28.0158 5700 MBAMProtector (3d2c13377763eeac0ca6fb46f57217ed) C:\Windows\system32\drivers\mbam.sys
2011/06/17 20:40:28.0189 5700 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
2011/06/17 20:40:28.0236 5700 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
2011/06/17 20:40:28.0298 5700 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2011/06/17 20:40:28.0329 5700 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2011/06/17 20:40:28.0485 5700 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2011/06/17 20:40:28.0516 5700 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2011/06/17 20:40:28.0548 5700 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2011/06/17 20:40:28.0594 5700 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
2011/06/17 20:40:28.0626 5700 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2011/06/17 20:40:28.0657 5700 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/06/17 20:40:28.0688 5700 MRxDAV (ae3de84536b6799d2267443cec8edbb9) C:\Windows\system32\drivers\mrxdav.sys
2011/06/17 20:40:28.0735 5700 mrxsmb (c4ad205530888404e2b5fc8d9319b119) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/06/17 20:40:28.0750 5700 mrxsmb10 (0a986b34f1678a2697574d7b1664e2dd) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/06/17 20:40:28.0797 5700 mrxsmb20 (3268b8c3fa92bfc086355c39b45e9cc9) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/06/17 20:40:28.0860 5700 msahci (aa305cff241da187bd5077de4a2a043d) C:\Windows\system32\drivers\msahci.sys
2011/06/17 20:40:28.0891 5700 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
2011/06/17 20:40:28.0922 5700 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2011/06/17 20:40:28.0969 5700 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2011/06/17 20:40:29.0047 5700 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2011/06/17 20:40:29.0078 5700 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/06/17 20:40:29.0125 5700 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2011/06/17 20:40:29.0156 5700 MsRPC (b5614aecb05a9340aa0fb55bf561cc63) C:\Windows\system32\drivers\MsRPC.sys
2011/06/17 20:40:29.0187 5700 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/06/17 20:40:29.0250 5700 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2011/06/17 20:40:29.0296 5700 Mup (6dfd1d322de55b0b7db7d21b90bec49c) C:\Windows\system32\Drivers\mup.sys
2011/06/17 20:40:29.0343 5700 NativeWifiP (3c21ce48ff529bb73dadb98770b54025) C:\Windows\system32\DRIVERS\nwifi.sys
2011/06/17 20:40:29.0374 5700 NDIS (9bdc71790fa08f0a0b5f10462b1bd0b1) C:\Windows\system32\drivers\ndis.sys
2011/06/17 20:40:29.0406 5700 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/06/17 20:40:29.0437 5700 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/06/17 20:40:29.0468 5700 NdisWan (3d14c3b3496f88890d431e8aa022a411) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/06/17 20:40:29.0484 5700 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2011/06/17 20:40:29.0499 5700 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2011/06/17 20:40:29.0530 5700 netbt (7c5fee5b1c5728507cd96fb4a13e7a02) C:\Windows\system32\DRIVERS\netbt.sys
2011/06/17 20:40:29.0702 5700 NETw5v32 (ba420e8ebfcad35581fe8e4c64f71469) C:\Windows\system32\DRIVERS\NETw5v32.sys
2011/06/17 20:40:29.0811 5700 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/06/17 20:40:29.0858 5700 Npfs (ecb5003f484f9ed6c608d6d6c7886cbb) C:\Windows\system32\drivers\Npfs.sys
2011/06/17 20:40:29.0889 5700 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2011/06/17 20:40:29.0936 5700 Ntfs (b4effe29eb4f15538fd8a9681108492d) C:\Windows\system32\drivers\Ntfs.sys
2011/06/17 20:40:30.0014 5700 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/06/17 20:40:30.0045 5700 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2011/06/17 20:40:30.0076 5700 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
2011/06/17 20:40:30.0108 5700 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
2011/06/17 20:40:30.0139 5700 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
2011/06/17 20:40:30.0217 5700 ohci1394 (790e27c3db53410b40ff9ef2fd10a1d9) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/06/17 20:40:30.0264 5700 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2011/06/17 20:40:30.0279 5700 partmgr (3b38467e7c3daed009dfe359e17f139f) C:\Windows\system32\drivers\partmgr.sys
2011/06/17 20:40:30.0310 5700 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2011/06/17 20:40:30.0342 5700 pci (01b94418deb235dff777cc80076354b4) C:\Windows\system32\drivers\pci.sys
2011/06/17 20:40:30.0373 5700 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
2011/06/17 20:40:30.0420 5700 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2011/06/17 20:40:30.0482 5700 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/06/17 20:40:30.0669 5700 pneteth (088335b06f75adbcbb81575c7cae6c43) C:\Windows\system32\DRIVERS\pneteth.sys
2011/06/17 20:40:30.0732 5700 pnetmdm (da19e3401f39c10df193be029c7e7bba) C:\Windows\system32\DRIVERS\pnetmdm.sys
2011/06/17 20:40:30.0794 5700 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2011/06/17 20:40:30.0825 5700 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
2011/06/17 20:40:30.0888 5700 PSched (bfef604508a0ed1eae2a73e872555ffb) C:\Windows\system32\DRIVERS\pacer.sys
2011/06/17 20:40:30.0981 5700 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
2011/06/17 20:40:31.0090 5700 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/06/17 20:40:31.0122 5700 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2011/06/17 20:40:31.0137 5700 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2011/06/17 20:40:31.0168 5700 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/06/17 20:40:31.0215 5700 RasPppoe (3e9d9b048107b40d87b97df2e48e0744) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/06/17 20:40:31.0246 5700 RasSstp (a7d141684e9500ac928a772ed8e6b671) C:\Windows\system32\DRIVERS\rassstp.sys
2011/06/17 20:40:31.0278 5700 rdbss (6e1c5d0457622f9ee35f683110e93d14) C:\Windows\system32\DRIVERS\rdbss.sys
2011/06/17 20:40:31.0293 5700 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/06/17 20:40:31.0340 5700 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
2011/06/17 20:40:31.0356 5700 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2011/06/17 20:40:31.0402 5700 RDPWD (e1c18f4097a5abcec941dc4b2f99db7e) C:\Windows\system32\drivers\RDPWD.sys
2011/06/17 20:40:31.0480 5700 RFCOMM (23f486726da7a9b2f3ec7326421a9c36) C:\Windows\system32\DRIVERS\rfcomm.sys
2011/06/17 20:40:31.0527 5700 ROOTMODEM (75e8a6bfa7374aba833ae92bf41ae4e6) C:\Windows\system32\Drivers\RootMdm.sys
2011/06/17 20:40:31.0590 5700 RsFx0150 (a95840a95a9ff74b0009e5d848cddb39) C:\Windows\system32\DRIVERS\RsFx0150.sys
2011/06/17 20:40:31.0636 5700 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2011/06/17 20:40:31.0668 5700 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/06/17 20:40:31.0761 5700 sdbus (126ea89bcc413ee45e3004fb0764888f) C:\Windows\system32\DRIVERS\sdbus.sys
2011/06/17 20:40:31.0792 5700 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/06/17 20:40:31.0839 5700 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2011/06/17 20:40:31.0870 5700 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2011/06/17 20:40:31.0902 5700 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2011/06/17 20:40:31.0964 5700 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
2011/06/17 20:40:32.0011 5700 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
2011/06/17 20:40:32.0089 5700 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
2011/06/17 20:40:32.0120 5700 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/06/17 20:40:32.0151 5700 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
2011/06/17 20:40:32.0182 5700 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
2011/06/17 20:40:32.0214 5700 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
2011/06/17 20:40:32.0260 5700 Smb (031e6bcd53c9b2b9ace111eafec347b6) C:\Windows\system32\DRIVERS\smb.sys
2011/06/17 20:40:32.0338 5700 smserial (c8a58fc905c9184fa70e37f71060c64d) C:\Windows\system32\DRIVERS\smserial.sys
2011/06/17 20:40:32.0463 5700 SNP2UVC (72b66a2e3f13cb05383149e50c186857) C:\Windows\system32\DRIVERS\snp2uvc.sys
2011/06/17 20:40:32.0526 5700 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2011/06/17 20:40:32.0604 5700 srv (ce5e5d07bcda842d3f417a8333f91440) C:\Windows\system32\DRIVERS\srv.sys
2011/06/17 20:40:32.0650 5700 srv2 (805fac010405ad3f82ef8df0bb035d81) C:\Windows\system32\DRIVERS\srv2.sys
2011/06/17 20:40:32.0697 5700 srvnet (f63a0a58aafe34d7a1a0a74abccdd9c0) C:\Windows\system32\DRIVERS\srvnet.sys
2011/06/17 20:40:32.0744 5700 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2011/06/17 20:40:32.0775 5700 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/06/17 20:40:32.0806 5700 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/06/17 20:40:32.0822 5700 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/06/17 20:40:32.0869 5700 SynTP (a4ee086cb6c3c56e1d95863979a35bb0) C:\Windows\system32\DRIVERS\SynTP.sys
2011/06/17 20:40:32.0978 5700 Tcpip (82e266bee5f0167e41c6ecfdd2a79c02) C:\Windows\system32\drivers\tcpip.sys
2011/06/17 20:40:33.0103 5700 Tcpip6 (82e266bee5f0167e41c6ecfdd2a79c02) C:\Windows\system32\DRIVERS\tcpip.sys
2011/06/17 20:40:33.0150 5700 tcpipreg (d4a2e4a4b011f3a883af77315a5ae76b) C:\Windows\system32\drivers\tcpipreg.sys
2011/06/17 20:40:33.0181 5700 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2011/06/17 20:40:33.0196 5700 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2011/06/17 20:40:33.0228 5700 tdx (d09276b1fab033ce1d40dcbdf303d10f) C:\Windows\system32\DRIVERS\tdx.sys
2011/06/17 20:40:33.0243 5700 TermDD (a048056f5e1a96a9bf3071b91741a5aa) C:\Windows\system32\DRIVERS\termdd.sys
2011/06/17 20:40:33.0306 5700 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/06/17 20:40:33.0352 5700 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2011/06/17 20:40:33.0384 5700 tunnel (119b8184e106baedc83fce5ddf3950da) C:\Windows\system32\DRIVERS\tunnel.sys
2011/06/17 20:40:33.0430 5700 tvtumon (3385d48304443d0ee42af5dbf89634b6) C:\Windows\system32\DRIVERS\tvtumon.sys
2011/06/17 20:40:33.0462 5700 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
2011/06/17 20:40:33.0493 5700 udfs (8b5088058fa1d1cd897a2113ccff6c58) C:\Windows\system32\DRIVERS\udfs.sys
2011/06/17 20:40:33.0540 5700 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
2011/06/17 20:40:33.0571 5700 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
2011/06/17 20:40:33.0618 5700 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/06/17 20:40:33.0633 5700 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/06/17 20:40:33.0664 5700 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/06/17 20:40:33.0711 5700 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/06/17 20:40:33.0742 5700 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/06/17 20:40:33.0789 5700 usbehci (cebe90821810e76320155beba722fcf9) C:\Windows\system32\DRIVERS\usbehci.sys
2011/06/17 20:40:33.0820 5700 usbhub (cc6b28e4ce39951357963119ce47b143) C:\Windows\system32\DRIVERS\usbhub.sys
2011/06/17 20:40:33.0867 5700 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
2011/06/17 20:40:33.0914 5700 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
2011/06/17 20:40:33.0976 5700 USBSTOR (87ba6b83c5d19b69160968d07d6e2982) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/06/17 20:40:34.0023 5700 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/06/17 20:40:34.0132 5700 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
2011/06/17 20:40:34.0195 5700 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/06/17 20:40:34.0210 5700 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/06/17 20:40:34.0257 5700 vhidmini (8e969805420e8a28822d539327ce8fff) C:\Windows\system32\DRIVERS\ITEhidCIR.sys
2011/06/17 20:40:34.0288 5700 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
2011/06/17 20:40:34.0320 5700 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
2011/06/17 20:40:34.0351 5700 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
2011/06/17 20:40:34.0382 5700 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2011/06/17 20:40:34.0413 5700 volmgrx (98f5ffe6316bd74e9e2c97206c190196) C:\Windows\system32\drivers\volmgrx.sys
2011/06/17 20:40:34.0444 5700 volsnap (d8b4a53dd2769f226b3eb374374987c9) C:\Windows\system32\drivers\volsnap.sys
2011/06/17 20:40:34.0476 5700 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
2011/06/17 20:40:34.0522 5700 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/06/17 20:40:34.0554 5700 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/06/17 20:40:34.0569 5700 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/06/17 20:40:34.0616 5700 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
2011/06/17 20:40:34.0678 5700 WDC_SAM (d6efaf429fd30c5df613d220e344cce7) C:\Windows\system32\DRIVERS\wdcsam.sys
2011/06/17 20:40:34.0710 5700 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2011/06/17 20:40:34.0788 5700 Wdkbdmou (36f2beda08b629cd3a1f7805d1f90378) C:\Windows\system32\DRIVERS\Wdkbdmou.sys
2011/06/17 20:40:34.0819 5700 wdmirror (c1043a2336625dff9f48b9953a2f7291) C:\Windows\system32\DRIVERS\WDMirror.sys
2011/06/17 20:40:34.0881 5700 WimFltr (f9ad3a5e3fd7e0bdb18b8202b0fdd4e4) C:\Windows\system32\DRIVERS\wimfltr.sys
2011/06/17 20:40:34.0959 5700 WinUSB (f03110711b17ad31271cb2baf0dbb2b1) C:\Windows\system32\DRIVERS\WinUSB.sys
2011/06/17 20:40:35.0022 5700 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/06/17 20:40:35.0115 5700 WpdUsb (0cec23084b51b8288099eb710224e955) C:\Windows\system32\DRIVERS\wpdusb.sys
2011/06/17 20:40:35.0146 5700 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/06/17 20:40:35.0209 5700 WSVD (5d0a08ebf9660e07865907fb1ab022b5) C:\Windows\system32\drivers\WSVD.sys
2011/06/17 20:40:35.0240 5700 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/06/17 20:40:35.0302 5700 MBR (0x1B8) (04d4350ae5fb6fc2ad3e7c26b1323c68) \Device\Harddisk0\DR0
2011/06/17 20:40:35.0302 5700 \Device\Harddisk0\DR0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2011/06/17 20:40:35.0318 5700 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR1
2011/06/17 20:40:35.0349 5700 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk2\DR2
2011/06/17 20:40:35.0365 5700 ================================================================================
2011/06/17 20:40:35.0365 5700 Scan finished
2011/06/17 20:40:35.0365 5700 ================================================================================
2011/06/17 20:40:35.0380 6060 Detected object count: 1
2011/06/17 20:40:35.0380 6060 Actual detected object count: 1
2011/06/17 20:40:52.0322 6060 \Device\Harddisk0\DR0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot
2011/06/17 20:40:52.0322 6060 \Device\Harddisk0\DR0 - ok
2011/06/17 20:40:52.0322 6060 Rootkit.Win32.TDSS.tdl4(\Device\Harddisk0\DR0) - User select action: Cure
2011/06/17 20:41:06.0939 1424 Deinitialize success










4. Ran GMER

GMER 1.0.15.15640 - http://www.gmer.net
Rootkit scan 2011-06-17 21:19:46
Windows 6.0.6001 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD25 rev.11.0
Running: 28vhkfi0.exe; Driver: C:\Users\Cmack\AppData\Local\Temp\fgldapoc.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwOpenProcess [0xACE8C7A0]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateProcess [0xACE8C848]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateThread [0xACE8C8E4]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwWriteVirtualMemory [0xACE8C980]

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!KeSetTimerEx + 624 826C4BE8 4 Bytes [A0, C7, E8, AC]
.text ntkrnlpa.exe!KeSetTimerEx + 854 826C4E18 8 Bytes [48, C8, E8, AC, E4, C8, E8, ...]
.text ntkrnlpa.exe!KeSetTimerEx + 8B4 826C4E78 4 Bytes [80, C9, E8, AC] {OR CL, 0xe8; LODSB }

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs tvtumon.sys (Windows Update Monitor Driver/Lenovo)
AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \Driver\BTHUSB \Device\00000088 bthport.sys (Bluetooth Bus Driver/Microsoft Corporation)

AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat tvtumon.sys (Windows Update Monitor Driver/Lenovo)
AttachedDevice \FileSystem\fastfat \Fat AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000272a0ee8b
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000272a0ee8b@c0e422215413 0x8C 0x96 0xD4 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\000272a0ee8b (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\000272a0ee8b@c0e422215413 0x8C 0x96 0xD4 0x00 ...

---- EOF - GMER 1.0.15 ----
EZSundayAM
Active Member
 
Posts: 9
Joined: June 8th, 2011, 1:23 pm

Re: Infected! the horror..

Unread postby Jack&Jill » June 17th, 2011, 11:56 pm

Hello EZSundayAM :),

Welcome back.

Good to hear things are better. Please note one thing though, you did not follow the TDSSKiller instructions properly. You are supposed to select the Skip action instead of Cure. It is very important because due to the complexity of infections nowadays, it could lead to an unbootable computer at the worst case.

What I am trying to say is that we should proceed cautiously until we know what we are dealing with. Please read my instructions slowly and carefully.

--------------------

I want you to update MBAM and run a scan.
  • Open MBAM and click on the Update tab, then Check for Updates.
  • When completed, go to back to the Scanner tab and select Perform full scan. Click Scan.
  • Leave the default options as it is and click on Start Scan.
  • If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process.
  • When done, you will be prompted. Click OK, then click on Show Results.
  • Check (tick) all items except items in the C:\System Volume Information folder and click on Remove Selected.
  • After it has removed the items, a log in Notepad will open. Please post this log in your next reply. You can also find the log in the Logs tab. The bottom most log is the latest.

If asked to restart the computer, please do so. Failure to reboot will prevent MBAM from removing all the malware. If you receive an (Error Loading) error on reboot, please reboot a second time . It is normal for this error to occur once and does not need to be reported unless it returns on future reboots.

--------------------

Do an online scan with ESET Online Scanner.
Please be patient as scanning will take quite some time. If you have problem running the scan, you might want to disable any real time protection that you have.
  • Click here to go to ESET Online Scanner page.
  • Click on Run ESET Online Scanner. A new window will open.
    For FireFox user, you will need to download and install esetsmartinstaller_enu.exe. Click on it and save the file to a convenient location. Double click on it to install and a new window will open.
  • After reading through the Terms of Use, check YES, I accept the Terms of Use and click Start to begin scan.
  • You will be prompted to install an ActiveX Control from ESET. Please install.
  • At the Computer scan settings section, uncheck (untick) Remove found threats. <-- Important, do not remove anything yet.
  • Then, check Scan archives.
  • Now, click on Advanced settings and make sure all these are checked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Click on Scan to proceed.
  • When done, the scan result will be shown. Look for C:\Program Files\ESET\ESET Online Scanner\log.txt and open the file.
  • Post the contents in your reply.

If the contents of log.txt do not reflect what is shown in the result window, click on List of found threats, then Export to text file..., save a file and post that instead.

--------------------

Please post back:
1. new MBAM report
2. ESET online scan result
User avatar
Jack&Jill
MRU Emeritus
MRU Emeritus
 
Posts: 2284
Joined: August 19th, 2008, 5:37 am
Location: South East Asia

Re: Infected! the horror..

Unread postby Jack&Jill » June 19th, 2011, 11:24 pm

Hello EZSundayAM :),

I usually close the topic after 3 days without any reply, and it has already been 2 days since my last post. Do you still need help? Any problems following my instructions? Need more time?

If I do not get any response within the next 24 hours, this topic will be closed.
User avatar
Jack&Jill
MRU Emeritus
MRU Emeritus
 
Posts: 2284
Joined: August 19th, 2008, 5:37 am
Location: South East Asia

Re: Infected! the horror..

Unread postby EZSundayAM » June 20th, 2011, 9:03 pm

Hey I am still here! I've been slammed with work since I was on holiday for a week.

I thought I would be done but I have a huge amount of hard drive, so the Malwarebytes scan took over 4 hours and just finished. I'm about to start the ESET scan now, hopefully it will be done before bedtime. Thanks!
EZSundayAM
Active Member
 
Posts: 9
Joined: June 8th, 2011, 1:23 pm

Re: Infected! the horror..

Unread postby Jack&Jill » June 21st, 2011, 12:06 am

Hello EZSundayAM :),

Not a problem, but I do appreciate it if you could inform me like what you did when you went for holiday to know what to expect.

Wait for your results.
User avatar
Jack&Jill
MRU Emeritus
MRU Emeritus
 
Posts: 2284
Joined: August 19th, 2008, 5:37 am
Location: South East Asia

Re: Infected! the horror..

Unread postby EZSundayAM » June 21st, 2011, 1:32 am

I sure will let you know. I really appreciate the help.

I'll bring this laptop to work. Then I can reply sooner and run long scans during the day, The ESET took 2:54. I'm very happy to get my machine fixed! I don't have TV or video games, all my books/music/movies/internet come from this laptop!

Looks like the new scans found more bad stuff. I don't know about the items in the System32 and AppData folders, but the items listed in my personal folders (downloads, Apps, projects, etc) can all be deleted as far as I know. Also I was careful this time to follow your instructions and set the scans correctly. Thanks!




-------------------------------------------------------------------------------------------
Malwarebytes' Anti-Malware 1.51.0.1200
http://www.malwarebytes.org

Database version: 6904

Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.18975

6/20/2011 9:20:48 PM
mbam-log-2011-06-20 (21-20-48).txt

Scan type: Full scan (C:\|D:\|F:\|)
Objects scanned: 409132
Time elapsed: 4 hour(s), 26 minute(s), 35 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
f:\from 500p1\@Inbox\sony vegas pro 8.0b build 217-avchd-mpg-ac3 fixed\Keygen.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.


-------------------------------------------------------------------------------------------
ESET

C:\Users\Cmack\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\I2VHFTM3\winamp5572_full_emusic-7plus_en-us[1].exe Win32/OpenCandy application
C:\Users\Cmack\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1\532f4a01-640c1b0b Java/Agent.CK trojan
C:\Users\Cmack\AppData\Roaming\53F86A63F5D4F100F6889BC00BC54BC1\enemies-names.txt Win32/Adware.AntimalwareDoctor.AE.Gen application
C:\Windows\System32\dll probably a variant of Win32/TrojanDropper.Agent.IRPNUAE trojan
F:\Downloads\@Apps\Miro_Installer.exe Win32/Toolbar.Zugo application
F:\from 500p1\Apps\@Media.Players\WinAmp\winamp5572_full_emusic-7plus_en-us.exe Win32/OpenCandy application
F:\from 500p1\Projects\KBwM\Reference.GPS\GPS Pack.rar probably a variant of Win32/Agent.HSGJOMD trojan
F:\from 500p1\Self\Self Help\SelfHelp.Tony Robbins\Make Money Doing What You Love [Tony Robbins, T Harv Eker, Robert Kiyosaki, Bob Proctor]\Online Texas Holdem Poker Players CP\ProCalculatem.exe probably a variant of Win32/TrojanDownloader.VB.JCXGTJX trojan
EZSundayAM
Active Member
 
Posts: 9
Joined: June 8th, 2011, 1:23 pm

Re: Infected! the horror..

Unread postby Jack&Jill » June 21st, 2011, 2:58 am

Hello EZSundayAM :),

We will come back to the ESET findings in a while.

--------------------

Your Adobe Reader is outdated. Older versions have security vulnerabilities that can be exploited.

Please update your Adobe Reader to the latest.
It is important that you uninstall any previous versions by using Add/Remove Programs in your Control Panel before installing a newer version. Please uninstall:

Adobe Reader 8.2.6

  • Go to the Adobe download page. Click here.
  • If your OS is not the same as stated, click on Different language or operating system? link.
    • Under the Select an operating system title, click on Select an OS... box and choose the OS that you have.
    • Change the language if you want by clicking on English below the Select a language title.
    • Press Continue.
    • Uncheck (untick) Free McAfee Security Scan (optional).
    • Click the Download now button after selecting the latest version.
    • Allow if prompted and save the file to a convenient location.
    • Run the downloaded file to continue with the installation.
  • If your OS is the same, uncheck (untick) Free McAfee Security Scan (optional).
  • Click Download to proceed. Allow if prompted and save the file to a convenient location.
  • Run the downloaded file to continue with the installation.

--------------------

Your Java Runtime Environment is outdated. Older versions have security vulnerabilities that can be exploited.

Please update JRE to the latest.
It is important that you uninstall any previous versions by using Add/Remove Programs in your Control Panel before installing a newer version. Please uninstall:

Java(TM) 6 Update 20

  • Go to the Java SE download page. Click here.
  • Look for Java SE 6 Update 26. Click the Download button to the right below JRE.
  • Click on Accept License Agreement after reading Oracle Binary Code License Agreement for the Java SE Platform Products.
  • From a list of files for download, click on the link which says jre-6u26-windows-i586.exe besides Windows x86 Offline and save the file to your desktop.
  • Close any programs you may have running, especially your web browser.
  • Then, from your desktop, double click on the download to install the newest version. Reboot your computer.

--------------------

Your Firefox browser is outdated. Older versions have security vulnerabilities that can be exploited.

Please update your Firefox browser to the latest. You may need to use Internet Explorer temporarily for this, or download the program first before continuing the uninstall step.
It is important that you uninstall any previous versions by using Add/Remove Programs in your Control Panel before installing a newer version. Please uninstall:

Mozilla Firefox (3.6.13)

  • Go to the Mozilla Firefox download page. Click here.
  • Click on the Free Download button and save the setup file to a convenient location.
  • Double click on the setup file and follow the steps accordingly.

--------------------

Please post back:
1. new DDS log (DDS.txt) after you complete all the above
User avatar
Jack&Jill
MRU Emeritus
MRU Emeritus
 
Posts: 2284
Joined: August 19th, 2008, 5:37 am
Location: South East Asia

Re: Infected! the horror..

Unread postby EZSundayAM » June 21st, 2011, 4:21 pm

All right! Updated Acrobat, Java Runtime, and Firefox.. Here is new DDS.txt.
Standing by, thanks!!


.
DDS (Ver_2011-06-12.02) - NTFSx86
Internet Explorer: 8.0.6001.18975 BrowserJavaVersion: 1.6.0_26
Run by Cmack at 16:15:49 on 2011-06-21
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2936.1656 [GMT -4:00]
.
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Lenovo\Lenovo OneKey Theater\OneKeyTheater.exe
C:\Program Files\DDNI\Lenovo Idea Notes\DDNIMSGUser.exe
C:\Program Files\Lenovo\Lenovo Desktop Navigator\DesktopNavigator.exe
C:\Program Files\Lenovo\VeriFace\PManage.exe
C:\Program Files\Lenovo\ReadyComm\ReadyComm.exe
C:\Program Files\Lenovo\Energy Management\utility.exe
C:\Program Files\Lenovo\Energy Management\Energy Management.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\igfxext.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Lenovo\ReadyComm\common\IGRS.exe
c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESSCR\MSSQL\Binn\sqlservr.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\IgrsSvcs.exe
C:\Program Files\Cyberlink\Shared files\RichVideo.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Lenovo\OneKey App\System Repair\UpdateMonitor.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
F:\PortableApps\geekMenu\GeekMenu.exe
C:\Program Files\DDNI\Lenovo Idea Notes\DDNIMSGService.exe
C:\Program Files\DDNI\DIBS\DDNIService.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://lenovo.live.com/
mStart Page = hxxp://lenovo.live.com/
mDefault_Page_URL = hxxp://www.lenovo.com
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Interest recogniser for Moovida (powered by Spointer): {e2a7bd67-0eaf-497f-b05b-748d7bf3c421} - c:\program files\fluendo\moovida\spointer\extensions\moovida_air_ie.dll
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [snp2uvc] c:\windows\vsnp2uvc.exe
mRun: [OneKey Theater] c:\progra~1\lenovo\lenovo~1\ONEKEY~1.EXE
mRun: [IdeaNotesUser] c:\program files\ddni\lenovo idea notes\DDNIMSGUser.exe
mRun: [Desktop Navigator] %ProgramFiles%\Lenovo\Lenovo Desktop Navigator\DesktopNavigator.exe
mRun: [MDS_Menu] "c:\program files\lenovo\mediashow\muitransfer\muistartmenu.exe" "c:\program files\lenovo\mediashow" updatewithcreateonce "software\cyberlink\mediashow\4.1"
mRun: [VeriFaceManager] c:\program files\lenovo\veriface\PManage.exe
mRun: [UpdateP2GShortCut] "c:\program files\lenovo\power2go\muitransfer\muistartmenu.exe" "c:\program files\lenovo\power2go" updatewithcreateonce "software\cyberlink\power2go\5.0"
mRun: [Readycomm] c:\program files\lenovo\readycomm\ReadyComm.exe -TrayMode
mRun: [EnergyUtility] c:\program files\lenovo\energy management\utility.exe
mRun: [Energy Management] c:\program files\lenovo\energy management\Energy Management.exe
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
TCP: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
TCP: Interfaces\{8AC28891-FD17-4A3E-96F4-4CD360939CA8} : DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
TCP: Interfaces\{BD780A43-D49E-452C-9F65-28366E26A148} : DhcpNameServer = 8.8.8.8
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
Notify: igfxcui - igfxdev.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\cmack\appdata\roaming\mozilla\firefox\profiles\qwjx7xuu.default\
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?hl=en&source=iglk
FF - prefs.js: keyword.URL - hxxp://search.avg.com/?d=4dd6e8ef&i=23&tp=ab&nt=1&q=
FF - component: c:\program files\avg\avg10\firefox4\components\avgssff4.dll
FF - component: c:\program files\fluendo\moovida\spointer\extensions\moovida@spointer.com\components\moovida_air_ff.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.50524.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
FF - plugin: c:\users\cmack\appdata\roaming\mozilla\firefox\profiles\qwjx7xuu.default\extensions\{1bc9ba34-1eed-42ca-a505-6d2f1a935bbb}\plugins\npietab2.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-2-22 22992]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-3-16 32592]
R0 Wdkbdmou;Lenovo RMCT KbdMou Service;c:\windows\system32\drivers\Wdkbdmou.sys [2008-12-17 8832]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-1-7 248656]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-3-1 34896]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-4-5 297168]
R1 funfrm;funfrm;c:\windows\system32\drivers\funfrm.sys [2009-4-27 48192]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2011-6-6 64952]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-4-18 7398752]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2011-2-8 269520]
R2 DDNIMSGService;DDNIMSGService;c:\program files\ddni\lenovo idea notes\DDNIMSGService.exe [2008-10-6 180912]
R2 DDNIService;DDNIService;c:\program files\ddni\dibs\DDNIService.exe [2009-4-27 164528]
R2 IGRS;IGRS;c:\program files\lenovo\readycomm\common\IGRS.exe [2008-12-17 36480]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-6-8 366640]
R2 MSSQL$SQLEXPRESSCR;SQL Server (SQLEXPRESSCR);c:\program files\microsoft sql server\mssql10_50.sqlexpresscr\mssql\binn\sqlservr.exe [2010-4-3 42884448]
R2 ReadyComm.DirectRouter;ReadyComm.DirectRouter;c:\windows\system32\igrssvcs.exe -k igrssvcs --> c:\windows\system32\IgrsSvcs.exe -k IgrsSvcs [?]
R2 System_Repair_UpdateMonitor;System Repair Windows Update Monitor;c:\program files\lenovo\onekey app\system repair\UpdateMonitor.exe [2009-4-27 430080]
R2 tvtumon;tvtumon;c:\windows\system32\drivers\tvtumon.sys [2009-4-27 48192]
R3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\drivers\AcpiVpc.sys [2009-4-27 14336]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-4-14 134480]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-2-10 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-2-10 28624]
R3 BazisVirtualCDBus;WinCDEmu Virtual Bus Driver;c:\windows\system32\drivers\BazisVirtualCDBus.sys [2010-4-6 98400]
R3 IncSvc;ReadyComm Network Monitor and Configuration;c:\windows\system32\igrssvcs.exe -k igrssvcs --> c:\windows\system32\IgrsSvcs.exe -k IgrsSvcs [?]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-12-29 112128]
R3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2009-1-14 107360]
R3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\k57nd60x.sys [2008-6-19 212992]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-6-8 22712]
R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2008-12-18 3664384]
R3 pneteth;PdaNet Broadband;c:\windows\system32\drivers\pneteth.sys [2010-10-9 13312]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2010-9-10 11520]
R3 wdmirror;wdmirror;c:\windows\system32\drivers\WDMirror.sys [2008-12-17 8832]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-6-23 136176]
S2 MSSQL$INSTANCENAME;SQL Server (INSTANCENAME);c:\program files\microsoft sql server\mssql.2\mssql\binn\sqlservr.exe [2007-2-10 29178224]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2008-1-20 179712]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-6-23 136176]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-6-8 39984]
S3 pnetmdm;PdaNet Modem;c:\windows\system32\drivers\pnetmdm.sys [2010-8-9 9472]
S3 PS_MDP;ReadyComm Presentation Space Helper Service;c:\windows\system32\igrssvcs.exe -k igrssvcs --> c:\windows\system32\IgrsSvcs.exe -k IgrsSvcs [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S3 WSVD;WSVD;c:\windows\system32\drivers\WSVD.sys [2009-4-27 81192]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2010-4-3 44896]
S4 RsFx0150;RsFx0150 Driver;c:\windows\system32\drivers\RsFx0150.sys [2010-4-3 240608]
S4 SQLAgent$SQLEXPRESSCR;SQL Server Agent (SQLEXPRESSCR);c:\program files\microsoft sql server\mssql10_50.sqlexpresscr\mssql\binn\SQLAGENT.EXE [2010-4-3 367456]
.
=============== Created Last 30 ================
.
2011-06-21 20:08:12 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2011-06-21 20:08:11 89048 ----a-w- c:\program files\mozilla firefox\libEGL.dll
2011-06-21 20:08:11 781272 ----a-w- c:\program files\mozilla firefox\mozsqlite3.dll
2011-06-21 20:08:11 465880 ----a-w- c:\program files\mozilla firefox\libGLESv2.dll
2011-06-21 20:08:11 2106216 ----a-w- c:\program files\mozilla firefox\D3DCompiler_43.dll
2011-06-21 20:08:11 1998168 ----a-w- c:\program files\mozilla firefox\d3dx9_43.dll
2011-06-21 20:08:11 1850328 ----a-w- c:\program files\mozilla firefox\mozjs.dll
2011-06-21 20:08:11 15832 ----a-w- c:\program files\mozilla firefox\mozalloc.dll
2011-06-21 01:28:43 -------- d-----w- c:\program files\ESET
2011-06-10 20:07:22 -------- d-----w- c:\users\cmack\appdata\local\Western Digital
2011-06-10 15:14:56 -------- d-----w- c:\programdata\SecTaskMan
2011-06-10 15:14:49 -------- d-----w- c:\program files\Security Task Manager
2011-06-08 20:16:11 40960 ----a-w- c:\windows\system32\ssubtmr6.dll
2011-06-08 20:16:11 36864 ----a-w- c:\windows\system32\trayicon_handler.ocx
2011-06-08 20:16:11 28672 ----a-w- c:\windows\system32\mousewheel.ocx
2011-06-08 20:16:11 164144 ----a-w- c:\windows\system32\comct232.ocx
2011-06-08 15:13:12 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-06-08 15:13:12 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-06-08 12:52:15 388096 ----a-r- c:\users\cmack\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-06-08 12:52:14 -------- d-----w- c:\program files\Antivrus
2011-06-08 12:49:56 -------- d-----w- c:\users\cmack\appdata\roaming\Malwarebytes
2011-06-08 12:49:50 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-06-08 12:49:50 -------- d-----w- c:\programdata\Malwarebytes
2011-06-08 12:49:47 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-08 12:49:47 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-06-08 01:43:33 0 ---ha-w- c:\users\cmack\appdata\local\BIT76C4.tmp
2011-06-07 20:54:11 0 ---ha-w- c:\users\cmack\appdata\local\BITFC6D.tmp
2011-06-07 19:50:37 -------- d-sh--w- C:\found.000
2011-06-07 16:23:34 -------- d-----w- c:\windows\pss
2011-06-06 21:19:25 -------- d-----w- c:\users\cmack\appdata\roaming\DVD Flick
2011-06-06 21:19:03 -------- d-----w- c:\program files\DVD Flick
2011-06-06 18:11:12 -------- d-----w- c:\users\cmack\appdata\roaming\53F86A63F5D4F100F6889BC00BC54BC1
2011-06-06 16:55:30 183696 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll
2011-06-06 16:55:30 183696 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
.
==================== Find3M ====================
.
2011-06-21 20:00:41 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-04-15 01:28:18 134480 ----a-w- c:\windows\system32\drivers\AVGIDSDriver.sys
2011-04-13 22:40:10 4284416 ----a-w- c:\windows\system32\GPhotos.scr
2011-04-05 04:59:56 297168 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2011-04-01 18:20:51 1409 ----a-w- c:\windows\QTFont.for
.
============= FINISH: 16:16:40.44 ===============
EZSundayAM
Active Member
 
Posts: 9
Joined: June 8th, 2011, 1:23 pm

Re: Infected! the horror..

Unread postby Jack&Jill » June 22nd, 2011, 11:51 am

Hello EZSundayAM :),

Great work so far. We are almost done.

Look into folder
  • Go to Start > Run.... Copy and paste the following text into the white box:
    Code: Select all
    cmd /c dir "c:\program files\Antivrus" /A /S > "%userprofile%\desktop\look.txt"
  • Click OK. A command prompt window will open for a while and close.
  • A file called look.txt should appear on your desktop. Please post the contents of this file.

--------------------

Please download ERUNT© by Lars Hederer from one of the links below and save it to your desktop.

Link 1
Link 2
Link 3

Backup your registry with ERUNT
  • Double click on erunt-setup.exe and run the installation setup.
  • Follow the setup instructions until you reach Select Additional Tasks, uncheck (untick) Create NTREGOPT desktop icon.
  • Continue until you get prompted to run ERUNT at startup. Choose No.
  • Next, make sure Launch ERUNT is checked (ticked) and click Finish.
  • Click OK when ERUNT is launched, and accept all default setting. ERUNT will then backup the registry.

--------------------

This step will delete the items found by ESET in drive F:\.

Please download OTM© by Old Timer from one of the links below and save it to your desktop.

Link 1
Link 2

  • Double click OTM.exe to run it.
  • Copy and paste the following text into the white box under Paste Instructions for Items to be Moved:
    Code: Select all
    :files
    c:\users\cmack\appdata\local\BIT76C4.tmp
    c:\users\cmack\appdata\local\BITFC6D.tmp
    C:\Users\Cmack\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\I2VHFTM3\winamp5572_full_emusic-7plus_en-us[1].exe 
    C:\Users\Cmack\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1\532f4a01-640c1b0b 
    C:\Users\Cmack\AppData\Roaming\53F86A63F5D4F100F6889BC00BC54BC1
    C:\Windows\System32\dll 
    F:\Downloads\@Apps\Miro_Installer.exe 
    F:\from 500p1\Apps\@Media.Players\WinAmp\winamp5572_full_emusic-7plus_en-us.exe 
    F:\from 500p1\Projects\KBwM\Reference.GPS\GPS Pack.rar 
    F:\from 500p1\Self\Self Help\SelfHelp.Tony Robbins\Make Money Doing What You Love [Tony Robbins, T Harv Eker, Robert Kiyosaki, Bob Proctor]\Online Texas Holdem Poker Players CP\ProCalculatem.exe 
    
    :commands
    [CREATERESTOREPOINT]
    [resethosts]
    [emptytemp]
    
  • Click the red MoveIt! button.
  • Copy everything in the Results window (under the green bar) and paste it in your next reply.
  • The results can also be found in C:\_OTM\MovedFiles folder, the log file being named MMDDYYYY_HHMMSS.log, where MMDDYYYY_HHMMSS represent the date and time the fix was performed.

--------------------

Please post back:
1. contents of look.txt
2. OTM result
3. any more problems?
User avatar
Jack&Jill
MRU Emeritus
MRU Emeritus
 
Posts: 2284
Joined: August 19th, 2008, 5:37 am
Location: South East Asia
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 311 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware