Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

My first virus

Started by Ronald Bruns , Mar 29 2012 08:50 AM

  • Please log in to reply

#1
Ronald Bruns
Posted 29 March 2012 - 08:50 AM

Ronald Bruns

    Member

  • Member
  • PipPip
  • 25 posts
Hello I am Ronald Bruns from the Netherlands, and I made it online for the first time in my life.
The internet is amazing, but it took only a few days before I somehow attracted my first malware infection.
My nephew removed the harmful effects, but ever since, my wireless connection is very unreliable and I can't seem to update Windows XP itself.
After reading the malware-removal-introduction I downloaded OTL.exe and ran a quick scan.
I read you guys only need the OTL.log and not the extras.log so I posted the OTL.log only.

I got my computer as a gift, so I don't have re-installation disks.
It is a Dell optiflex 745.

I really hope somebody can help me with these issues.
Thank you in advance,

Ron.



LOG OTL.txt:

OTL logfile created on: 29-3-2012 16:38:18 - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Documents and Settings\Administrator\Bureaublad\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000413 | Country: Nederland | Language: NLD | Date Format: d-M-yyyy

1013,54 Mb Total Physical Memory | 698,43 Mb Available Physical Memory | 68,91% Memory free
2,38 Gb Paging File | 2,05 Gb Available in Paging File | 86,01% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74,50 Gb Total Space | 61,43 Gb Free Space | 82,46% Space Free | Partition Type: NTFS

Computer Name: MIJNPC | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012-03-29 16:37:43 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Bureaublad\Downloads\OTL.exe
PRC - [2012-01-13 15:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011-12-21 02:41:43 | 006,676,808 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
PRC - [2011-12-19 20:58:58 | 001,960,584 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
PRC - [2011-10-25 17:21:54 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011-03-28 16:15:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2011-03-28 16:15:40 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011-03-28 16:15:29 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2008-07-03 17:18:06 | 001,037,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2010-06-17 15:27:22 | 000,355,688 | ---- | M] () -- C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll


========== Win32 Services (SafeList) ==========

SRV - [2012-01-13 15:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011-12-19 20:58:58 | 001,960,584 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV - [2011-10-25 17:21:54 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011-03-28 16:15:40 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2012-03-13 21:49:14 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2012-01-17 23:00:48 | 000,494,968 | ---- | M] (COMODO) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\cmdGuard.sys -- (cmdGuard)
DRV - [2011-12-19 20:59:22 | 000,097,760 | ---- | M] (COMODO) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\inspect.sys -- (Inspect)
DRV - [2011-12-19 20:59:21 | 000,031,704 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cmdhlp.sys -- (cmdHlp)
DRV - [2011-12-10 16:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011-10-25 17:21:54 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2011-10-25 17:21:54 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011-06-09 17:43:34 | 001,756,384 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\athuw.sys -- (AR9271)
DRV - [2010-11-25 22:37:31 | 000,005,632 | ---- | M] (Marvell Semiconductor Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\mvxxmm.sys -- (mvxxmm)
DRV - [2010-11-25 22:37:31 | 000,005,632 | ---- | M] (Marvell Semiconductor Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\mv64xxmm.sys -- (mv64xxmm)
DRV - [2010-11-25 22:37:31 | 000,005,632 | ---- | M] (Marvell Semiconductor Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\mv61xxmm.sys -- (mv61xxmm)
DRV - [2010-07-30 17:36:12 | 000,224,808 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2010-06-17 15:27:22 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010-06-17 15:27:12 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {6B528F7B-1290-4F85-BA27-8515B393FF4B}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{6B528F7B-1290-4F85-BA27-8515B393FF4B}: "URL" = http://www.google.co...age={startPage}
IE - HKLM\..\SearchScopes\{6BA4BBC5-3A34-465E-A7AD-CA216AD72022}: "URL" = http://en.wikipedia....h={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
IE - HKCU\..\SearchScopes,DefaultScope = {6B528F7B-1290-4F85-BA27-8515B393FF4B}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...Box&Form=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)



========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Disabled) = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\17.0.963.83\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\17.0.963.83\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\17.0.963.83\pdf.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: WOT = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp\1.2.12_0\
CHR - Extension: YouTube = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Zoeken = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.18_0\
CHR - Extension: AdBlock = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.22_0\
CHR - Extension: Better Pop Up Blocker = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmpeeekfhbmikbdhlpjbfmnpgcbeggic\2.1.6_0\
CHR - Extension: Gmail = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

Hosts file not found
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - mswsock.dll File not found
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.54.40.25 212.54.35.25
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2662CA9A-BCCB-40D9-AB24-ABAA529BD6BB}: DhcpNameServer = 212.54.40.25 212.54.35.25
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2662CA9A-BCCB-40D9-AB24-ABAA529BD6BB}: NameServer = 8.26.56.26,156.154.70.22
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AEED3375-2EE5-4E0F-83FB-4DCBB7795A71}: DhcpNameServer = 212.54.40.25 212.54.35.25
O20 - AppInit_DLLs: (C:\WINDOWS\system32\guard32.dll) - C:\WINDOWS\system32\guard32.dll (COMODO)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Mijn huidige introductiepagina) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011-08-24 14:35:29 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012-03-29 16:35:38 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Onlangs geopend
[2012-03-29 16:35:14 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Bureaublad\OTL.exe
[2012-03-28 14:51:26 | 000,000,000 | ---D | C] -- C:\74cee5f115af6b1d5fc13b1d23
[2012-03-13 21:49:14 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2012-03-11 20:22:37 | 000,000,000 | ---D | C] -- C:\b7afa5eb9b53c1176da2e7f9ca0c3800
[2012-03-06 18:56:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programma's\Google Earth
[2012-03-06 18:47:54 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2012-03-06 18:45:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2012-03-05 01:27:18 | 000,000,000 | -H-D | C] -- C:\VritualRoot
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012-03-29 16:37:16 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Bureaublad\OTL.exe
[2012-03-29 16:12:00 | 000,001,168 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1757981266-583907252-1177238915-500UA.job
[2012-03-29 16:04:00 | 000,001,058 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012-03-29 15:56:30 | 000,001,054 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012-03-29 15:56:29 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012-03-29 15:56:08 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012-03-29 01:12:00 | 000,001,116 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1757981266-583907252-1177238915-500Core.job
[2012-03-28 14:52:17 | 000,551,684 | ---- | M] () -- C:\WINDOWS\System32\perfh013.dat
[2012-03-28 14:52:17 | 000,481,000 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012-03-28 14:52:17 | 000,100,114 | ---- | M] () -- C:\WINDOWS\System32\perfc013.dat
[2012-03-28 14:52:17 | 000,079,074 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012-03-24 01:08:13 | 000,002,344 | ---- | M] () -- C:\Documents and Settings\Administrator\Bureaublad\Google Chrome.lnk
[2012-03-24 01:08:13 | 000,002,322 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012-03-13 21:49:14 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2012-03-08 20:12:50 | 000,001,397 | ---- | M] () -- C:\Documents and Settings\Administrator\Bureaublad\Speciale Tekens.lnk
[2012-03-06 20:20:45 | 000,000,802 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2012-03-06 18:56:20 | 000,001,915 | ---- | M] () -- C:\Documents and Settings\All Users\Bureaublad\Google Earth.lnk
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012-03-08 20:12:34 | 000,001,397 | ---- | C] () -- C:\Documents and Settings\Administrator\Bureaublad\Speciale Tekens.lnk
[2012-03-06 18:56:20 | 000,001,915 | ---- | C] () -- C:\Documents and Settings\All Users\Bureaublad\Google Earth.lnk
[2012-02-15 18:13:21 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011-08-24 16:23:36 | 000,004,205 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011-08-24 16:17:36 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll
[2011-08-24 16:17:36 | 000,104,636 | ---- | C] () -- C:\WINDOWS\System32\igmedcompkrn.dll
[2011-08-24 16:17:32 | 001,843,784 | ---- | C] () -- C:\WINDOWS\System32\igklg400.dll
[2011-08-24 16:17:32 | 001,399,880 | ---- | C] () -- C:\WINDOWS\System32\igklg450.dll
[2011-08-24 14:44:02 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011-08-24 14:39:26 | 000,064,200 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011-08-24 14:31:55 | 000,021,748 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010-11-25 22:27:25 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat

========== LOP Check ==========

[2011-10-18 16:16:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\OpenOffice.org
[2011-10-27 18:16:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ICIDU B.V

========== Purity Check ==========



< End of report >

Attached Files

  • Attached File  OTL.Txt   37.75KB   62 downloads

Edited by Ronald Bruns, 29 March 2012 - 08:55 AM.

  • 0

Advertisements

#2
Jintan
Posted 03 April 2012 - 05:47 PM

Jintan

    Trusted Helper

  • Malware Removal
  • 904 posts
Welkom op de Geeks to Go Ronald Bruns,

I don't see any infection in this log, but it does show you have at least two antivirus programs installed, which both AntiVir and COMODO Internet Security. This would cause them to damage each other, so first step, you need to disable all security programs, then uninstall one of those. reboot, then uninstall the other.

Then reboot again, and run and post a new OTL scan log please.

Also the OTL Extras.Txt log, we should be in the same location as OTL.exe.

Also at that time post back on what problems you are having, after making these changes.
  • 0

#3
Ronald Bruns
Posted 04 April 2012 - 10:18 AM

Ronald Bruns

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
Hello Jintan, thank you for your assistance.


I am getting much help with your instructions myself, I hope everything will turn out well.
The Comodo installation is just a 3rd party firewall (only) and since the start of this topic we have replaced Avira with MSE.
After reading your instructions, we have both removed MSE and the Comodo firewall, exposing this system, but as there is not much personal information on here, this is not a real problem.

There are still installations of on-demand scanners, MBAM and SUPERAntiSpyware Free Edition.

The main issues still remain, we still are not able to update windows (the files are downloaded and processed, but every-time the installation will "fail" after a while) and the wireless connection to the network is buggy to say the least.
We have tried both updating and connection wireless without the Comodo installation already, to no avail.
All hardware performs outstanding by the way, it never fails on boot, and only once had a single BSOD, after which we were alarmed of an infection in the first place.
These were found and cleaned up by MBAM if I recall correctly.

I really hope you can help us, or at least give us some advice on how to proceed further, as we still have much problems recovering the original installation discs from Dell.
Thank you -again- for all your time,


With much regards,

Ron




I have done the scan as instructed, but there doesn't seem to be any Extras.log. Is this normal?


Otl.log:
OTL logfile created on: 4-4-2012 18:15:34 - Run 3
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Documents and Settings\Administrator\Bureaublad\ADHD
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000413 | Country: Nederland | Language: NLD | Date Format: d-M-yyyy

1013,54 Mb Total Physical Memory | 580,98 Mb Available Physical Memory | 57,32% Memory free
2,38 Gb Paging File | 2,05 Gb Available in Paging File | 85,92% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74,50 Gb Total Space | 63,38 Gb Free Space | 85,07% Space Free | Partition Type: NTFS

Computer Name: MIJNPC | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012-03-29 16:37:16 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Bureaublad\ADHD\OTL.exe
PRC - [2012-03-27 04:28:45 | 001,224,176 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2012-01-13 15:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011-08-12 01:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2008-07-03 17:18:06 | 001,037,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2012-03-27 04:28:43 | 000,444,400 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\18.0.1025.142\ppgooglenaclpluginchrome.dll
MOD - [2012-03-27 04:28:42 | 003,915,248 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\18.0.1025.142\pdf.dll
MOD - [2012-03-27 04:27:17 | 000,122,880 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\18.0.1025.142\avutil-51.dll
MOD - [2012-03-27 04:27:16 | 000,220,672 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\18.0.1025.142\avformat-53.dll
MOD - [2012-03-27 04:27:14 | 001,747,456 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\18.0.1025.142\avcodec-53.dll


========== Win32 Services (SafeList) ==========

SRV - [2012-01-13 15:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011-08-12 01:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2011-12-10 16:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011-07-22 18:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011-07-12 23:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011-06-09 17:43:34 | 001,756,384 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\athuw.sys -- (AR9271)
DRV - [2010-11-25 22:37:31 | 000,005,632 | ---- | M] (Marvell Semiconductor Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\mvxxmm.sys -- (mvxxmm)
DRV - [2010-11-25 22:37:31 | 000,005,632 | ---- | M] (Marvell Semiconductor Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\mv64xxmm.sys -- (mv64xxmm)
DRV - [2010-11-25 22:37:31 | 000,005,632 | ---- | M] (Marvell Semiconductor Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\mv61xxmm.sys -- (mv61xxmm)
DRV - [2010-07-30 17:36:12 | 000,224,808 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {6B528F7B-1290-4F85-BA27-8515B393FF4B}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{6B528F7B-1290-4F85-BA27-8515B393FF4B}: "URL" = http://www.google.co...age={startPage}
IE - HKLM\..\SearchScopes\{6BA4BBC5-3A34-465E-A7AD-CA216AD72022}: "URL" = http://en.wikipedia....h={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
IE - HKCU\..\SearchScopes,DefaultScope = {6B528F7B-1290-4F85-BA27-8515B393FF4B}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...Box&Form=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)



========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\18.0.1025.142\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\18.0.1025.142\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\18.0.1025.142\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - Extension: WOT = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp\1.2.12_0\
CHR - Extension: YouTube = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Zoeken = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: AdBlock = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.22_0\
CHR - Extension: Better Pop Up Blocker = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmpeeekfhbmikbdhlpjbfmnpgcbeggic\2.1.6_0\
CHR - Extension: Gmail = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

Hosts file not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - mswsock.dll File not found
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.54.40.25 212.54.35.25
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2662CA9A-BCCB-40D9-AB24-ABAA529BD6BB}: DhcpNameServer = 212.54.40.25 212.54.35.25
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2662CA9A-BCCB-40D9-AB24-ABAA529BD6BB}: NameServer = 8.26.56.26,156.154.70.22
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AEED3375-2EE5-4E0F-83FB-4DCBB7795A71}: DhcpNameServer = 212.54.40.25 212.54.35.25
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AEED3375-2EE5-4E0F-83FB-4DCBB7795A71}: NameServer = 8.26.56.26,156.154.70.22
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop Components:0 (Mijn huidige introductiepagina) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011-08-24 14:35:29 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012-04-04 18:11:14 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Onlangs geopend
[2012-04-04 18:09:19 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012-04-03 17:00:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
[2012-04-03 16:59:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2012-04-03 16:59:58 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012-04-03 16:36:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Auslogics
[2012-04-03 16:24:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2012-04-03 16:24:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programma's\Auslogics
[2012-04-03 16:24:33 | 000,000,000 | ---D | C] -- C:\Program Files\Auslogics BoostSpeed
[2012-04-03 16:18:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Bureaublad\ADHD
[2012-03-30 18:49:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programma's\Google Earth
[2012-03-30 17:09:45 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\GroupPolicy
[2012-03-06 18:47:54 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2012-03-06 18:45:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012-04-04 18:12:00 | 000,001,168 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1757981266-583907252-1177238915-500UA.job
[2012-04-04 18:10:21 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012-04-04 18:10:20 | 000,001,054 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012-04-04 18:10:17 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012-04-04 18:04:01 | 000,001,058 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012-04-04 17:50:14 | 000,001,912 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2012-04-03 01:12:00 | 000,001,116 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1757981266-583907252-1177238915-500Core.job
[2012-03-30 23:14:28 | 000,002,322 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012-03-30 23:14:27 | 000,002,344 | ---- | M] () -- C:\Documents and Settings\Administrator\Bureaublad\Google Chrome.lnk
[2012-03-30 18:49:27 | 000,001,915 | ---- | M] () -- C:\Documents and Settings\All Users\Bureaublad\Google Earth.lnk
[2012-03-30 17:15:58 | 000,401,538 | ---- | M] () -- C:\WINDOWS\System32\perfh013.dat
[2012-03-30 17:15:58 | 000,343,658 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012-03-30 17:15:58 | 000,070,590 | ---- | M] () -- C:\WINDOWS\System32\perfc013.dat
[2012-03-30 17:15:58 | 000,053,340 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012-03-08 20:12:50 | 000,001,397 | ---- | M] () -- C:\Documents and Settings\Administrator\Bureaublad\Speciale Tekens.lnk
[2012-03-06 20:20:45 | 000,000,802 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012-03-30 18:49:27 | 000,001,915 | ---- | C] () -- C:\Documents and Settings\All Users\Bureaublad\Google Earth.lnk
[2012-03-30 15:21:39 | 000,001,912 | ---- | C] () -- C:\WINDOWS\epplauncher.mif
[2012-03-08 20:12:34 | 000,001,397 | ---- | C] () -- C:\Documents and Settings\Administrator\Bureaublad\Speciale Tekens.lnk
[2012-02-15 18:13:21 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011-08-24 16:23:36 | 000,004,205 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011-08-24 16:17:36 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll
[2011-08-24 16:17:36 | 000,104,636 | ---- | C] () -- C:\WINDOWS\System32\igmedcompkrn.dll
[2011-08-24 16:17:32 | 001,843,784 | ---- | C] () -- C:\WINDOWS\System32\igklg400.dll
[2011-08-24 16:17:32 | 001,399,880 | ---- | C] () -- C:\WINDOWS\System32\igklg450.dll
[2011-08-24 14:44:02 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011-08-24 14:31:55 | 000,021,748 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010-11-25 22:27:25 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat

========== LOP Check ==========

[2012-04-03 16:36:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Auslogics
[2011-10-18 16:16:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\OpenOffice.org
[2011-10-27 18:16:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ICIDU B.V
[2012-04-03 19:40:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:07BF512B

< End of report >
  • 0

#4
Jintan
Posted 04 April 2012 - 04:43 PM

Jintan

    Trusted Helper

  • Malware Removal
  • 904 posts
No, that is still just the OTL.Txt log, and not the OTL Extras.Txt log.

If there is no OTL Extras.txt log, download HijackThis from Here. Then click on the downloaded file, and install HijackThis.

In HijackThis, click Config - Misc Tools - Open Uninstall Manager.

Click on Save List, then save that to a location you can locate again (such as the desktop). Copy/paste the contents of that back here please.

--------

Also right click My Computer, left click Manage. Then click Device Manager. If any of the devices there shows a yellow caution mark, write down the name and post them back here please.

--------

And click here and download the installer for Gmer to your desktop, then click that file to run Gmer.


Once the opening scan finishes, click on Scan (again, before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan).

When completed, click on the Copy button and rightclick on your Desktop, choose "New" > Text document. Once the file is created, open it and rightclick again and choose Paste. Copy the information and post it here please.
  • 0

#5
Ronald Bruns
Posted 06 April 2012 - 11:18 AM

Ronald Bruns

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
Hi Jintan,

As of now, the pc is not able to connect to the internet anymore, neither by wifi, nor by cable.
I just copied your reply, Hijackthis and a randomly-named Gmer.exe to an usb-stick and am on my way over within the hour.
I will post the logs here later today.

Sorry for the inconvenience.
  • 0

#6
Jintan
Posted 06 April 2012 - 03:22 PM

Jintan

    Trusted Helper

  • Malware Removal
  • 904 posts
I would think those security software removals were incomplete - that the softwares left things behind that are causing the net access problem. Things such as "NDIS" drivers, which can monitor net traffic, and so block it when corrupted.

If you see this post and are able to do this step as well, I would like to see it's results.

Using Gmer, this time just right click in the white space in the display and select Options - Only non MS files. Then click Scan and allow Gmer to run a different scan. Once that completes click on the Copy button and rightclick on your Desktop, choose "New" > Text document. Once the file is created, open it and rightclick again and choose Paste. Copy the information and post it here please.
  • 0

#7
Ronald Bruns
Posted 08 April 2012 - 12:49 PM

Ronald Bruns

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
Hi Jintan,

The system now is sporadically connecting to the net, at complete random.
It got connected yesterday for a short amount of time, just long enough to notice that the mail.com startpage I was visiting was completely in Russian in stead of English.
My nephew just told me that could be important, as there should be no proxy (whatever that is, google WAS my friend...) installed on this computer.
He also just told me that I shouldn't have logged in (automatically) and he will change the password for the account as soon as possible.

Also, when right-clicking the wireless connection icon (in the system-tray next to the clock) and "reset" (sorry, no Google translate) the connection it mentions that the DNS-cache couldn't be reset.
It shuts down (1 sec) -> connects again (takes over 30 seconds) -> renews IP (takes about 10 seconds) -> deletes various [netBT/ARP?] caches (1 sec) and then is unable to delete the DNS-cache.



Ok, back to business:
All active security software has been successfully de-installed, except SUPERAntiSpyware Free Edition and MBAM, which are on-demand only.
We also threw out all unnecessary applications like HDD-tune and such.
The system still boots and works without a hitch, no BSOD's and "Device Manager" shows not a single device that isn't properly installed/initiated.
No errors, no logs, no nothing.

Sadly, we didn't get your last reply in time, we will get on that within 24 hours.
I did the 2 scans as instructed before, here are the logs:

Thank you for your time!






*** GMER_log.txt: ***
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-04-07 17:46:12
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 WDC_WD800JD-75MSA3 rev.10.01E04
Running: vcg1948j.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\uwtdypog.sys


---- Files - GMER 1.0.15 ----

File C:\WINDOWS\$NtUninstallKB12052$\2235673173 0 bytes
File C:\WINDOWS\$NtUninstallKB12052$\2235673173\@ 2048 bytes
File C:\WINDOWS\$NtUninstallKB12052$\2235673173\bckfg.tmp 703 bytes
File C:\WINDOWS\$NtUninstallKB12052$\2235673173\cfg.ini 226 bytes
File C:\WINDOWS\$NtUninstallKB12052$\2235673173\Desktop.ini 4608 bytes
File C:\WINDOWS\$NtUninstallKB12052$\2235673173\kwrd.dll 223744 bytes
File C:\WINDOWS\$NtUninstallKB12052$\2235673173\L 0 bytes
File C:\WINDOWS\$NtUninstallKB12052$\2235673173\L\gibvlomo 457856 bytes
File C:\WINDOWS\$NtUninstallKB12052$\2235673173\U 0 bytes
File C:\WINDOWS\$NtUninstallKB12052$\2235673173\U\00000001.@ 1536 bytes
File C:\WINDOWS\$NtUninstallKB12052$\2235673173\U\00000002.@ 224768 bytes
File C:\WINDOWS\$NtUninstallKB12052$\2235673173\U\00000004.@ 1024 bytes
File C:\WINDOWS\$NtUninstallKB12052$\2235673173\U\80000000.@ 1024 bytes
File C:\WINDOWS\$NtUninstallKB12052$\2235673173\U\80000004.@ 12800 bytes
File C:\WINDOWS\$NtUninstallKB12052$\2235673173\U\80000032.@ 97792 bytes
File C:\WINDOWS\$NtUninstallKB12052$\754708898 0 bytes

---- EOF - GMER 1.0.15 ----







*** HijackThis_Misc_Add_Rem.txt: ***
Beveiligingsupdate voor Windows Internet Explorer 8 (KB2510531)
Beveiligingsupdate voor Windows Internet Explorer 8 (KB2544521)
Beveiligingsupdate voor Windows Internet Explorer 8 (KB2586448)
Beveiligingsupdate voor Windows Internet Explorer 8 (KB2618444)
Beveiligingsupdate voor Windows Internet Explorer 8 (KB2647516)
CCleaner
Defraggler
Google Earth
Google Update Helper
Intel® Graphics Media Accelerator Driver
Malwarebytes Anti-Malware versie 1.60.1.1000
OpenOffice.org 3.3
SUPERAntiSpyware



Where "Beveiligingsupdate voor" is translated as "Security-update for" in proper English.
  • 0

#8
Jintan
Posted 08 April 2012 - 03:26 PM

Jintan

    Trusted Helper

  • Malware Removal
  • 904 posts
Sporadicly connecting to the Internet due to a very busy bootkit/rootkit infection that Gmer log shows. We need to change course here now.

Be sure to continue to temporarily disable any protective software when running the scan tools we use here.

Click here and download Kaspersky's TDSSKiller to your desktop, but as you download it, rename it to larry.com then click that file to run TDSSKiller.

In the display that opens click Start scan. Once that completes, follow any prompts to act on anything it located, including as reboot (Reboot Now) if requested.

When the scan completes it will create a log file on your C drive.

Similar in name to this:

C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt

Your copy will be different - some of those numbers will reflect the date/time it was just run by you there.

Copy/paste those contents back here please. If it does locate malware, but does not prompt for a reboot, go ahead and do reboot.

Run a new Gmer scan as well, and post both those logs please.
  • 0

#9
Ronald Bruns
Posted 09 April 2012 - 07:16 AM

Ronald Bruns

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
I can't tell you how glad I am finally somebody found something! *Positive thinking*

I'll run all scans in respective order (Gmer non-MS / TDSS / Gmer again) later today and I'll post the results as soon as possible.


THANK YOU!
  • 0

#10
Ronald Bruns
Posted 09 April 2012 - 11:51 AM

Ronald Bruns

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
Hey Jintan,

I ran all scans as instructed, but TDSS-killer (Larry.com) didn't find anything as far as I can make out.
Here are the logs, starting with the GMER_non-ms, then the TDSS and finally the last GMER -log.
We hope you can find what we are looking for.

Question, would it make a difference if we ran the scan in safe-mode?

Thank you!



*** GMER_NonMS.txt: ***
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-04-09 16:37:55
Windows 5.1.2600 Service Pack 3
Running: vcg1948j.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\uwtdypog.sys


---- Modules - GMER 1.0.15 ----

Module mvxxmm.sys (Marvell Aux NV Bridge DLL/Marvell Semiconductor Inc.) F7882000-F788A000 (32768 bytes)
Module mv61xxmm.sys (Marvell Aux NV Bridge DLL/Marvell Semiconductor Inc.) F788A000-F7892000 (32768 bytes)
Module mv64xxmm.sys (Marvell Aux NV Bridge DLL/Marvell Semiconductor Inc.) F7892000-F789A000 (32768 bytes)
Module \SystemRoot\system32\DRIVERS\igxpmp32.sys (Intel Graphics Miniport Driver/Intel Corporation) F6D48000-F72DE000 (5857280 bytes)
Module \SystemRoot\system32\DRIVERS\HDAudBus.sys (High Definition Audio Bus Driver v1.0a/Windows ® Server 2003 DDK provider) F6CE8000-F6D10000 (163840 bytes)
Module \SystemRoot\system32\DRIVERS\b57xp32.sys (Broadcom NetXtreme Gigabit Ethernet NDIS5.1 Driver./Broadcom Corporation) F6CAE000-F6CE8000 (237568 bytes)
Module \SystemRoot\system32\DRIVERS\ptilink.sys (Parallel Technologies DirectParallel IO Library/Parallel Technologies, Inc.) F790A000-F790F000 (20480 bytes)
Module \SystemRoot\system32\drivers\ADIHdAud.sys (High Definition Audio Function Driver/Analog Devices, Inc.) A9F27000-A9F7F000 (360448 bytes)
Module \??\C:\Program_Files\SUPERAntiSpyware\SASKUTIL.SYS (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) A9C74000-A9C96000 (139264 bytes)
Module \??\C:\Program_Files\SUPERAntiSpyware\SASDIFSV.SYS (SASDIFSV.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) F796A000-F7970000 (24576 bytes)
Module \SystemRoot\system32\DRIVERS\athuw.sys (Driver for Atheros Wireless Network Adapter/Atheros Communications, Inc.) A9A9C000-A9C49000 (1757184 bytes)
Module \SystemRoot\System32\igxpgd32.dll (Intel Graphics 2D Driver/Intel Corporation) BF024000-BF04F000 (176128 bytes)
Module \SystemRoot\System32\igxprd32.dll (Intel Graphics 2D Rotation Driver/Intel Corporation) BF012000-BF024000 (73728 bytes)
Module \SystemRoot\System32\igxpdv32.DLL (Component GHAL Driver/Intel Corporation) BF04F000-BF1E7000 (1671168 bytes)
Module \SystemRoot\System32\igxpdx32.DLL (DirectDraw® Driver for Intel® Graphics Technology/Intel Corporation) BF1E7000-BF47A000 (2699264 bytes)
Module \??\C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes' Anti-Malware/Malwarebytes Corporation) F6BED000-F6BF1000 (16384 bytes)
Module \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\uwtdypog.sys (GMER) A8DE2000-A8DFB000 (102400 bytes)

---- Processes - GMER 1.0.15 ----

Process C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (Core Service/SUPERAntiSpyware.com) 124
Library C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (Core Service/SUPERAntiSpyware.com) 0x00400000

Process C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Anti-Malware/Malwarebytes Corporation) 332
Library C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Anti-Malware/Malwarebytes Corporation) 0x00400000
Library C:\Program Files\Malwarebytes' Anti-Malware\mbamcore.dll (Malwarebytes Anti-Malware/Malwarebytes Corporation) 0x10000000
Library C:\Program Files\Malwarebytes' Anti-Malware\mbam.dll (Malwarebytes Anti-Malware/Malwarebytes Corporation) 0x00330000
Library C:\Program Files\Malwarebytes' Anti-Malware\mbamnet.dll (Malwarebytes Anti-Malware/Malwarebytes Corporation) 0x004B0000

Process C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Google Chrome/Google Inc.) 404
Library C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Google Chrome/Google Inc.) 0x00400000
Library C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\18.0.1025.151\chrome.dll (Google Chrome/Google Inc.) 0x01C30000
Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x74D10000
Library C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\18.0.1025.151\icudt.dll (ICU Data DLL/The ICU Project) 0x4AD00000
Library C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\18.0.1025.151\pdf.dll 0x10000000
Library C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\18.0.1025.151\ppGoogleNaClPluginChrome.dll 0x01450000
Library C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\18.0.1025.151\avcodec-53.dll 0x65EC0000
Library C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\18.0.1025.151\avutil-51.dll 0x68B80000
Library C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\18.0.1025.151\avformat-53.dll 0x6AB00000

Process C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Google Chrome/Google Inc.) 412
Library C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Google Chrome/Google Inc.) 0x00400000
Library C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\18.0.1025.151\chrome.dll (Google Chrome/Google Inc.) 0x01C30000
Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x74D10000
Library C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\18.0.1025.151\icudt.dll (ICU Data DLL/The ICU Project) 0x4AD00000
Library C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\18.0.1025.151\pdf.dll 0x10000000
Library C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\18.0.1025.151\ppGoogleNaClPluginChrome.dll 0x012E0000
Library C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\18.0.1025.151\avcodec-53.dll 0x65EC0000
Library C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\18.0.1025.151\avutil-51.dll 0x68B80000
Library C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\18.0.1025.151\avformat-53.dll 0x6AB00000

Process C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Google Chrome/Google Inc.) 444
Library C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Google Chrome/Google Inc.) 0x00400000
Library C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\18.0.1025.151\chrome.dll (Google Chrome/Google Inc.) 0x01C30000
Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x74D10000
Library C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\18.0.1025.151\icudt.dll (ICU Data DLL/The ICU Project) 0x4AD00000
Library C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\18.0.1025.151\pdf.dll 0x10000000
Library C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\18.0.1025.151\ppGoogleNaClPluginChrome.dll 0x014A0000
Library C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\18.0.1025.151\avcodec-53.dll 0x65EC0000
Library C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\18.0.1025.151\avutil-51.dll 0x68B80000
Library C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\18.0.1025.151\avformat-53.dll 0x6AB00000

Process C:\WINDOWS\Explorer.EXE (Windows Verkenner/Microsoft Corporation) 680
Library C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (ShellExecuteHook/SuperAdBlocker.com) 0x10000000
Library C:\WINDOWS\system32\igfxpph.dll (igfxpph Module/Intel Corporation) 0x00CF0000
Library C:\WINDOWS\system32\hccutils.DLL (hccutils Module/Intel Corporation) 0x00D40000
Library C:\WINDOWS\system32\igfxres.dll (igfxres Module/Intel Corporation) 0x00FA0000
Library C:\WINDOWS\system32\igfxress.dll (igfxress Module/Intel Corporation) 0x034C0000
Library C:\WINDOWS\system32\igfxsrvc.dll (igfxsrvc Module/Intel Corporation) 0x01100000

Process C:\WINDOWS\system32\winlogon.exe (Toepassing Windows NT-aanmelding/Microsoft Corporation) 976
Library C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware WinLogon Processor/SUPERAntiSpyware.com) 0x10000000

Process C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Google Chrome/Google Inc.) 1464
Library C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Google Chrome/Google Inc.) 0x00400000
Library C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\18.0.1025.151\chrome.dll (Google Chrome/Google Inc.) 0x01C30000
Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x74D10000
Library C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\18.0.1025.151\icudt.dll (ICU Data DLL/The ICU Project) 0x4AD00000

Process C:\WINDOWS\system32\hkcmd.exe (hkcmd Module/Intel Corporation) 1468
Library C:\WINDOWS\system32\hkcmd.exe (hkcmd Module/Intel Corporation) 0x00400000
Library C:\WINDOWS\system32\hccutils.DLL (hccutils Module/Intel Corporation) 0x10000000
Library C:\WINDOWS\system32\igfxsrvc.dll (igfxsrvc Module/Intel Corporation) 0x00F40000
Library C:\WINDOWS\system32\igfxres.dll (igfxres Module/Intel Corporation) 0x00FD0000

Process C:\WINDOWS\system32\igfxpers.exe (persistence Module/Intel Corporation) 1496
Library C:\WINDOWS\system32\igfxpers.exe (persistence Module/Intel Corporation) 0x00400000
Library C:\WINDOWS\system32\igfxsrvc.dll (igfxsrvc Module/Intel Corporation) 0x10000000

Process C:\Program Files\Analog Devices\Core\smax4pnp.exe (SMax4PNP/Analog Devices, Inc.) 1504
Library C:\Program Files\Analog Devices\Core\smax4pnp.exe (SMax4PNP/Analog Devices, Inc.) 0x00400000
Library C:\Program Files\Analog Devices\Core\SMWDMIF.dll (SMWDM Interface DLL/Analog Devices, Inc.) 0x10000000

Process C:\WINDOWS\system32\igfxsrvc.exe (igfxsrvc Module/Intel Corporation) 1548
Library C:\WINDOWS\system32\igfxsrvc.exe (igfxsrvc Module/Intel Corporation) 0x00400000
Library C:\WINDOWS\system32\igfxsrvc.dll (igfxsrvc Module/Intel Corporation) 0x10000000
Library C:\WINDOWS\system32\igfxdev.dll (igfxdev Module/Intel Corporation) 0x01000000

Process C:\Documents and Settings\Administrator\Bureaublad\Ron_USB\vcg1948j.exe 3044
Library C:\Documents and Settings\Administrator\Bureaublad\Ron_USB\vcg1948j.exe 0x00400000

Process C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Google Chrome/Google Inc.) 3104
Library C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Google Chrome/Google Inc.) 0x00400000
Library C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\18.0.1025.151\chrome.dll (Google Chrome/Google Inc.) 0x01C30000
Library C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x74D10000
Library C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\18.0.1025.151\icudt.dll (ICU Data DLL/The ICU Project) 0x4AD00000
Library C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\18.0.1025.151\pdf.dll 0x10000000
Library C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\18.0.1025.151\ppGoogleNaClPluginChrome.dll 0x013A0000
Library C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\18.0.1025.151\avcodec-53.dll 0x65EC0000
Library C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\18.0.1025.151\avutil-51.dll 0x68B80000
Library C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\18.0.1025.151\avformat-53.dll 0x6AB00000

---- Services - GMER 1.0.15 ----

Service C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (Core Service/SUPERAntiSpyware.com) [AUTO] !SASCORE
Service C:\WINDOWS\system32\drivers\ADIHdAud.sys (High Definition Audio Function Driver/Analog Devices, Inc.) [MANUAL] ADIHdAudAddService
Service C:\WINDOWS\system32\DRIVERS\athuw.sys (Driver for Atheros Wireless Network Adapter/Atheros Communications, Inc.) [MANUAL] AR9271
Service C:\WINDOWS\system32\DRIVERS\b57xp32.sys (Broadcom NetXtreme Gigabit Ethernet NDIS5.1 Driver./Broadcom Corporation) [MANUAL] b57w2k
Service C:\Program Files\Google\Update\GoogleUpdate.exe (Google Installer/Google Inc.) [AUTO] gupdate
Service C:\Program Files\Google\Update\GoogleUpdate.exe (Google Installer/Google Inc.) [MANUAL] gupdatem
Service C:\WINDOWS\system32\DRIVERS\HDAudBus.sys (High Definition Audio Bus Driver v1.0a/Windows ® Server 2003 DDK provider) [MANUAL] HDAudBus
Service C:\WINDOWS\system32\DRIVERS\igxpmp32.sys (Intel Graphics Miniport Driver/Intel Corporation) [MANUAL] ialm
Service C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes' Anti-Malware/Malwarebytes Corporation) [MANUAL] MBAMProtector
Service C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Anti-Malware/Malwarebytes Corporation) [AUTO] MBAMService
Service MSDTC Bridge 3.0.0.0
Service (Marvell Aux NV Bridge DLL/Marvell Semiconductor Inc.) [BOOT] mv61xxmm
Service (Marvell Aux NV Bridge DLL/Marvell Semiconductor Inc.) [BOOT] mv64xxmm
Service (Marvell Aux NV Bridge DLL/Marvell Semiconductor Inc.) [BOOT] mvxxmm
Service C:\WINDOWS\system32\DRIVERS\ptilink.sys (Parallel Technologies DirectParallel IO Library/Parallel Technologies, Inc.) [MANUAL] Ptilink
Service C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (SASDIFSV.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) [SYSTEM] SASDIFSV
Service C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) [SYSTEM] SASKUTIL
Service C:\WINDOWS\system32\DRIVERS\secdrv.sys (Macrovision SECURITY Driver/Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [MANUAL] Secdrv
Service ServiceModelEndpoint 3.0.0.0
Service ServiceModelOperation 3.0.0.0
Service ServiceModelService 3.0.0.0
Service SMSvcHost 3.0.0.0
Service Windows Workflow Foundation 3.0.0.0

---- EOF - GMER 1.0.15 ----
  • 0

Advertisements

#11
Ronald Bruns
Posted 09 April 2012 - 11:53 AM

Ronald Bruns

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
*** TDSS_log.txt ***
16:43:48.0265 0460 TDSS rootkit removing tool 2.7.27.0 Apr 9 2012 09:53:37
16:43:48.0453 0460 ============================================================
16:43:48.0453 0460 Current date / time: 2012/04/09 16:43:48.0453
16:43:48.0453 0460 SystemInfo:
16:43:48.0453 0460
16:43:48.0453 0460 OS Version: 5.1.2600 ServicePack: 3.0
16:43:48.0453 0460 Product type: Workstation
16:43:48.0453 0460 ComputerName: MIJNPC
16:43:48.0453 0460 UserName: Administrator
16:43:48.0453 0460 Windows directory: C:\WINDOWS
16:43:48.0453 0460 System windows directory: C:\WINDOWS
16:43:48.0453 0460 Processor architecture: Intel x86
16:43:48.0453 0460 Number of processors: 2
16:43:48.0453 0460 Page size: 0x1000
16:43:48.0453 0460 Boot type: Normal boot
16:43:48.0453 0460 ============================================================
16:43:49.0750 0460 Drive \Device\Harddisk0\DR0 - Size: 0x12A05F2000 (74.51 Gb), SectorSize: 0x200, Cylinders: 0x25FE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
16:43:49.0750 0460 Drive \Device\Harddisk1\DR2 - Size: 0x3AF800000 (14.74 Gb), SectorSize: 0x200, Cylinders: 0x784, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
16:43:49.0750 0460 \Device\Harddisk0\DR0:
16:43:49.0750 0460 MBR used
16:43:49.0750 0460 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x94FE97E
16:43:49.0750 0460 \Device\Harddisk1\DR2:
16:43:49.0750 0460 MBR used
16:43:49.0750 0460 \Device\Harddisk1\DR2\Partition0: MBR, Type 0xC, StartLBA 0x1F80, BlocksNum 0x1D7A080
16:43:49.0812 0460 Initialize success
16:43:49.0812 0460 ============================================================
16:44:02.0078 0900 ============================================================
16:44:02.0078 0900 Scan started
16:44:02.0078 0900 Mode: Manual;
16:44:02.0078 0900 ============================================================
16:44:02.0328 0900 !SASCORE (c0393eb99a6c72c6bef9bfc4a72b33a6) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
16:44:02.0343 0900 !SASCORE - ok
16:44:02.0468 0900 Abiosdsk - ok
16:44:02.0484 0900 abp480n5 - ok
16:44:02.0546 0900 ACPI (02273a448ba21a7d447daeb47810d40c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
16:44:02.0546 0900 ACPI - ok
16:44:02.0609 0900 ACPIEC (63f517b1a87dabf3f5acb8a7952fc1d1) C:\WINDOWS\system32\drivers\ACPIEC.sys
16:44:02.0609 0900 ACPIEC - ok
16:44:02.0656 0900 ADIHdAudAddService (54613c0cab4c452c852efafb97a8a0e9) C:\WINDOWS\system32\drivers\ADIHdAud.sys
16:44:02.0656 0900 ADIHdAudAddService - ok
16:44:02.0656 0900 adpu160m - ok
16:44:02.0718 0900 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
16:44:02.0718 0900 aec - ok
16:44:02.0781 0900 AFD (f6b7b1ecd7b41736bdb6ff4b092bcb79) C:\WINDOWS\System32\drivers\afd.sys
16:44:02.0781 0900 AFD - ok
16:44:02.0781 0900 Aha154x - ok
16:44:02.0796 0900 aic78u2 - ok
16:44:02.0796 0900 aic78xx - ok
16:44:02.0843 0900 Alerter (8bed67d13dcb55b3e9ff6dac4c6d3b49) C:\WINDOWS\system32\alrsvc.dll
16:44:02.0843 0900 Alerter - ok
16:44:02.0875 0900 ALG (dab2a89fde5cf791161200d90c1bcb12) C:\WINDOWS\System32\alg.exe
16:44:02.0875 0900 ALG - ok
16:44:02.0875 0900 AliIde - ok
16:44:02.0890 0900 amsint - ok
16:44:02.0921 0900 AppMgmt (434a70fa278eb3c42140e3755c2fa4f8) C:\WINDOWS\System32\appmgmts.dll
16:44:02.0937 0900 AppMgmt - ok
16:44:03.0015 0900 AR9271 (8dbeb23baf83d7161a69503bd5fc0162) C:\WINDOWS\system32\DRIVERS\athuw.sys
16:44:03.0078 0900 AR9271 - ok
16:44:03.0078 0900 asc - ok
16:44:03.0093 0900 asc3350p - ok
16:44:03.0093 0900 asc3550 - ok
16:44:03.0140 0900 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
16:44:03.0140 0900 AsyncMac - ok
16:44:03.0171 0900 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
16:44:03.0171 0900 atapi - ok
16:44:03.0187 0900 Atdisk - ok
16:44:03.0218 0900 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
16:44:03.0234 0900 Atmarpc - ok
16:44:03.0281 0900 AudioSrv (f10745ed3195360e69aa4a6e7768c0e0) C:\WINDOWS\System32\audiosrv.dll
16:44:03.0281 0900 AudioSrv - ok
16:44:03.0328 0900 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
16:44:03.0328 0900 audstub - ok
16:44:03.0390 0900 b57w2k (bf9c01a3040d75bfb95beffa216173df) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
16:44:03.0390 0900 b57w2k - ok
16:44:03.0421 0900 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
16:44:03.0421 0900 Beep - ok
16:44:03.0468 0900 BITS (5c0073a51c4873430fa8b262e92183ff) C:\WINDOWS\system32\qmgr.dll
16:44:03.0546 0900 BITS - ok
16:44:03.0687 0900 Browser (69eaa7501f53a40e8c04c69f2391224f) C:\WINDOWS\System32\browser.dll
16:44:03.0687 0900 Browser - ok
16:44:03.0750 0900 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
16:44:03.0750 0900 cbidf2k - ok
16:44:03.0765 0900 cd20xrnt - ok
16:44:03.0765 0900 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
16:44:03.0765 0900 Cdaudio - ok
16:44:03.0781 0900 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
16:44:03.0781 0900 Cdfs - ok
16:44:03.0781 0900 Cdrom (7b53584d94e9d8716b2de91d5f1cb42d) C:\WINDOWS\system32\DRIVERS\cdrom.sys
16:44:03.0781 0900 Cdrom - ok
16:44:03.0796 0900 Changer - ok
16:44:03.0828 0900 CiSvc (bd85400700b80fbe3d4a3412bce74861) C:\WINDOWS\system32\cisvc.exe
16:44:03.0828 0900 CiSvc - ok
16:44:03.0828 0900 ClipSrv (4fb6108130829666c8fe96b442fead94) C:\WINDOWS\system32\clipsrv.exe
16:44:03.0828 0900 ClipSrv - ok
16:44:03.0843 0900 CmdIde - ok
16:44:03.0843 0900 COMSysApp - ok
16:44:03.0859 0900 Cpqarray - ok
16:44:03.0859 0900 CryptSvc (0a9cf5d3cf63a8699f28c814ef821c7e) C:\WINDOWS\System32\cryptsvc.dll
16:44:03.0859 0900 CryptSvc - ok
16:44:03.0875 0900 dac2w2k - ok
16:44:03.0875 0900 dac960nt - ok
16:44:03.0953 0900 DcomLaunch (d8d28f6cabec7d42b8e487e290563b9a) C:\WINDOWS\system32\rpcss.dll
16:44:03.0953 0900 DcomLaunch - ok
16:44:03.0968 0900 Dhcp (99f2c23ed213c7e0c10a778cb8e98c3b) C:\WINDOWS\System32\dhcpcsvc.dll
16:44:03.0968 0900 Dhcp - ok
16:44:03.0984 0900 Disk (47b6aaec570f2c11d8bad80a064d8ed1) C:\WINDOWS\system32\DRIVERS\disk.sys
16:44:03.0984 0900 Disk - ok
16:44:03.0984 0900 dmadmin - ok
16:44:04.0031 0900 dmboot (dec123e0c75971d0cc7a6c6a75e28429) C:\WINDOWS\system32\drivers\dmboot.sys
16:44:04.0062 0900 dmboot - ok
16:44:04.0093 0900 dmio (7268e66259722f6228c730685b201092) C:\WINDOWS\system32\drivers\dmio.sys
16:44:04.0093 0900 dmio - ok
16:44:04.0125 0900 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
16:44:04.0125 0900 dmload - ok
16:44:04.0156 0900 dmserver (127db74184e2d3d31655da525a5efde1) C:\WINDOWS\System32\dmserver.dll
16:44:04.0171 0900 dmserver - ok
16:44:04.0218 0900 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
16:44:04.0234 0900 DMusic - ok
16:44:04.0281 0900 Dnscache (f41ae23847f084f92e283d86c2a9efcc) C:\WINDOWS\System32\dnsrslvr.dll
16:44:04.0296 0900 Dnscache - ok
16:44:04.0328 0900 Dot3svc (90ee765e1a598b578852901f74f914f1) C:\WINDOWS\System32\dot3svc.dll
16:44:04.0328 0900 Dot3svc - ok
16:44:04.0328 0900 dpti2o - ok
16:44:04.0359 0900 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
16:44:04.0359 0900 drmkaud - ok
16:44:04.0390 0900 EapHost (e6bbdebf7081899d161c773e8d84d015) C:\WINDOWS\System32\eapsvc.dll
16:44:04.0390 0900 EapHost - ok
16:44:04.0421 0900 ERSvc (2f5c7f650b7af178988946ee4b0d9c01) C:\WINDOWS\System32\ersvc.dll
16:44:04.0421 0900 ERSvc - ok
16:44:04.0484 0900 Eventlog (d98a222a707ffe40043e533fe7a6ba24) C:\WINDOWS\system32\services.exe
16:44:04.0484 0900 Eventlog - ok
16:44:04.0515 0900 EventSystem (f6c37073a269c163a5fdae5bff47f367) C:\WINDOWS\system32\es.dll
16:44:04.0515 0900 EventSystem - ok
16:44:04.0546 0900 exFat (4d893323dae445e34a4c9038b0551bc9) C:\WINDOWS\system32\drivers\exFat.sys
16:44:04.0562 0900 exFat - ok
16:44:04.0609 0900 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
16:44:04.0609 0900 Fastfat - ok
16:44:04.0640 0900 FastUserSwitchingCompatibility (c28a9e9d28acdaf8097be4578c49559b) C:\WINDOWS\System32\shsvcs.dll
16:44:04.0656 0900 FastUserSwitchingCompatibility - ok
16:44:04.0656 0900 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
16:44:04.0656 0900 Fdc - ok
16:44:04.0765 0900 Fips (8bfffb5ac954e19dfdb96d56512aa518) C:\WINDOWS\system32\drivers\Fips.sys
16:44:04.0765 0900 Fips - ok
16:44:04.0781 0900 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
16:44:04.0781 0900 Flpydisk - ok
16:44:04.0843 0900 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
16:44:04.0843 0900 FltMgr - ok
16:44:04.0859 0900 Fs_Rec (30d42943a54704ef13e2562911dbfcea) C:\WINDOWS\system32\drivers\Fs_Rec.sys
16:44:04.0859 0900 Fs_Rec - ok
16:44:04.0875 0900 Ftdisk (fa8ca22e70245c81ff29c36af56292fc) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
16:44:04.0875 0900 Ftdisk - ok
16:44:04.0937 0900 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
16:44:04.0937 0900 Gpc - ok
16:44:05.0093 0900 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
16:44:05.0109 0900 gupdate - ok
16:44:05.0109 0900 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
16:44:05.0109 0900 gupdatem - ok
16:44:05.0125 0900 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
16:44:05.0125 0900 HDAudBus - ok
16:44:05.0187 0900 helpsvc (5327bad9b35c33d2a64b64e4cf282ecd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
16:44:05.0187 0900 helpsvc - ok
16:44:05.0250 0900 HidServ (10003105aab8d5a7db51a9cb3d9f55a3) C:\WINDOWS\System32\hidserv.dll
16:44:05.0250 0900 HidServ - ok
16:44:05.0296 0900 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
16:44:05.0312 0900 hidusb - ok
16:44:05.0359 0900 hkmsvc (1ff903ffa2da1704e5a5443d37d8e49e) C:\WINDOWS\System32\kmsvc.dll
16:44:05.0359 0900 hkmsvc - ok
16:44:05.0359 0900 hpn - ok
16:44:05.0406 0900 HTTP (937031c085718c1c04a9c0864625ec6b) C:\WINDOWS\system32\Drivers\HTTP.sys
16:44:05.0406 0900 HTTP - ok
16:44:05.0468 0900 HTTPFilter (2529c7ba05242beed0027f554d0513bb) C:\WINDOWS\System32\w3ssl.dll
16:44:05.0468 0900 HTTPFilter - ok
16:44:05.0468 0900 i2omgmt - ok
16:44:05.0468 0900 i2omp - ok
16:44:05.0515 0900 i8042prt (c43372d0682f8e32e4ec21117e089ec0) C:\WINDOWS\system32\drivers\i8042prt.sys
16:44:05.0515 0900 i8042prt - ok
16:44:05.0734 0900 ialm (48846b31be5a4fa662ccfde7a1ba86b9) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
16:44:05.0906 0900 ialm - ok
16:44:05.0968 0900 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
16:44:05.0968 0900 Imapi - ok
16:44:05.0984 0900 ImapiService (a117772f94c854de5d1bbc1f1962b192) C:\WINDOWS\system32\imapi.exe
16:44:05.0984 0900 ImapiService - ok
16:44:05.0984 0900 ini910u - ok
16:44:06.0000 0900 IntelIde - ok
16:44:06.0015 0900 intelppm (2d2254fac267e6b1c7865e8ebef60c6d) C:\WINDOWS\system32\DRIVERS\intelppm.sys
16:44:06.0015 0900 intelppm - ok
16:44:06.0046 0900 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
16:44:06.0046 0900 Ip6Fw - ok
16:44:06.0093 0900 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
16:44:06.0093 0900 IpFilterDriver - ok
16:44:06.0109 0900 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
16:44:06.0109 0900 IpInIp - ok
16:44:06.0140 0900 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
16:44:06.0140 0900 IpNat - ok
16:44:06.0296 0900 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
16:44:06.0312 0900 IPSec - ok
16:44:06.0359 0900 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
16:44:06.0359 0900 IRENUM - ok
16:44:06.0421 0900 isapnp (0b78e1a31340e1fb1e389d5633f7c3a0) C:\WINDOWS\system32\DRIVERS\isapnp.sys
16:44:06.0421 0900 isapnp - ok
16:44:06.0437 0900 Kbdclass (380397621e94b32c744e7b2cc1330390) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
16:44:06.0437 0900 Kbdclass - ok
16:44:06.0437 0900 kbdhid (b833b70fe639f01fb36cedabe57ef031) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
16:44:06.0437 0900 kbdhid - ok
16:44:06.0468 0900 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
16:44:06.0468 0900 kmixer - ok
16:44:06.0484 0900 KSecDD (c6ebf1d6ad71df30db49b8d3287e1368) C:\WINDOWS\system32\drivers\KSecDD.sys
16:44:06.0484 0900 KSecDD - ok
16:44:06.0531 0900 LanmanServer (ab3c73cfc4d21540c51671edf6e2c989) C:\WINDOWS\System32\srvsvc.dll
16:44:06.0546 0900 LanmanServer - ok
16:44:06.0609 0900 lanmanworkstation (f2bb3d20cd27ee6ed1fd5954de629441) C:\WINDOWS\System32\wkssvc.dll
16:44:06.0609 0900 lanmanworkstation - ok
16:44:06.0625 0900 lbrtfdc - ok
16:44:06.0640 0900 LmHosts (91ae20c5c2776c511994aa1308c05283) C:\WINDOWS\System32\lmhsvc.dll
16:44:06.0640 0900 LmHosts - ok
16:44:06.0671 0900 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\WINDOWS\system32\drivers\mbam.sys
16:44:06.0671 0900 MBAMProtector - ok
16:44:06.0812 0900 MBAMService (056b19651bd7b7ce5f89a3ac46dbdc08) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
16:44:06.0843 0900 MBAMService - ok
16:44:06.0890 0900 Messenger (c56a45a03dca11712de9fdf98224230b) C:\WINDOWS\System32\msgsvc.dll
16:44:06.0890 0900 Messenger - ok
16:44:06.0906 0900 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
16:44:06.0906 0900 mnmdd - ok
16:44:06.0953 0900 mnmsrvc (5b1d994dcf1895afa27600e46a2f0fea) C:\WINDOWS\system32\mnmsrvc.exe
16:44:06.0953 0900 mnmsrvc - ok
16:44:07.0000 0900 Modem (8114eeac353f549331ab73e9af4219ed) C:\WINDOWS\system32\drivers\Modem.sys
16:44:07.0000 0900 Modem - ok
16:44:07.0015 0900 Mouclass (1a4e2214dd63e4a876463d3427ee8261) C:\WINDOWS\system32\DRIVERS\mouclass.sys
16:44:07.0015 0900 Mouclass - ok
16:44:07.0046 0900 mouhid (18017899254e01371e1a39754d6bf98c) C:\WINDOWS\system32\DRIVERS\mouhid.sys
16:44:07.0046 0900 mouhid - ok
16:44:07.0062 0900 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
16:44:07.0062 0900 MountMgr - ok
16:44:07.0062 0900 mraid35x - ok
16:44:07.0093 0900 MRxDAV (4fefd389d71126ee581b9f9cb2918be4) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
16:44:07.0093 0900 MRxDAV - ok
16:44:07.0125 0900 MSDTC (21ea21984d7d1ad50db2e627020ab14c) C:\WINDOWS\system32\msdtc.exe
16:44:07.0125 0900 MSDTC - ok
16:44:07.0125 0900 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
16:44:07.0125 0900 Msfs - ok
16:44:07.0140 0900 MSIServer - ok
16:44:07.0171 0900 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
16:44:07.0171 0900 MSKSSRV - ok
16:44:07.0281 0900 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
16:44:07.0281 0900 MSPCLOCK - ok
16:44:07.0312 0900 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
16:44:07.0312 0900 MSPQM - ok
16:44:07.0375 0900 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
16:44:07.0375 0900 mssmbios - ok
16:44:07.0437 0900 Mup (f7b1ad991491f02af6da70b00b8bf114) C:\WINDOWS\system32\drivers\Mup.sys
16:44:07.0437 0900 Mup - ok
16:44:07.0437 0900 mv61xxmm (354a04bf1603cb4b07346c470ea52e73) C:\WINDOWS\system32\drivers\mv61xxmm.sys
16:44:07.0437 0900 mv61xxmm - ok
16:44:07.0453 0900 mv64xxmm (6090786daa545a3ec7d34a46a8cd1661) C:\WINDOWS\system32\drivers\mv64xxmm.sys
16:44:07.0453 0900 mv64xxmm - ok
16:44:07.0453 0900 mvxxmm (b937b5f8cc5644f9bf9373e16a9aa0b4) C:\WINDOWS\system32\drivers\mvxxmm.sys
16:44:07.0453 0900 mvxxmm - ok
16:44:07.0515 0900 napagent (87e394c810794d3c70cf22e8316cb23e) C:\WINDOWS\System32\qagentrt.dll
16:44:07.0515 0900 napagent - ok
16:44:07.0531 0900 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
16:44:07.0531 0900 NDIS - ok
16:44:07.0578 0900 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
16:44:07.0578 0900 NdisTapi - ok
16:44:07.0578 0900 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
16:44:07.0578 0900 Ndisuio - ok
16:44:07.0593 0900 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
16:44:07.0609 0900 NdisWan - ok
16:44:07.0625 0900 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
16:44:07.0640 0900 NDProxy - ok
16:44:07.0640 0900 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
16:44:07.0640 0900 NetBIOS - ok
16:44:07.0671 0900 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
16:44:07.0671 0900 NetBT - ok
16:44:07.0687 0900 NetDDE (dc6bae085e9b3c2f3a963ed46791feab) C:\WINDOWS\system32\netdde.exe
16:44:07.0687 0900 NetDDE - ok
16:44:07.0687 0900 NetDDEdsdm (dc6bae085e9b3c2f3a963ed46791feab) C:\WINDOWS\system32\netdde.exe
16:44:07.0687 0900 NetDDEdsdm - ok
16:44:07.0750 0900 Netlogon (8754210a3399d19610ce2d71e0c3e5d9) C:\WINDOWS\system32\lsass.exe
16:44:07.0750 0900 Netlogon - ok
16:44:07.0765 0900 Netman (5431fb616ecae0d587c5b97d0b86cbd8) C:\WINDOWS\System32\netman.dll
16:44:07.0765 0900 Netman - ok
16:44:07.0796 0900 Nla (18740e8ec5be4b6d66fa0e4cbfd3b9c6) C:\WINDOWS\System32\mswsock.dll
16:44:07.0796 0900 Nla - ok
16:44:07.0796 0900 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
16:44:07.0796 0900 Npfs - ok
16:44:07.0828 0900 Ntfs (a0857c97770034fd2af17dc4014b5abd) C:\WINDOWS\system32\drivers\Ntfs.sys
16:44:07.0843 0900 Ntfs - ok
16:44:07.0843 0900 NtLmSsp (8754210a3399d19610ce2d71e0c3e5d9) C:\WINDOWS\system32\lsass.exe
16:44:07.0843 0900 NtLmSsp - ok
16:44:07.0890 0900 NtmsSvc (ac1a78237b53044735693633f8235468) C:\WINDOWS\system32\ntmssvc.dll
16:44:07.0906 0900 NtmsSvc - ok
16:44:07.0937 0900 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
16:44:07.0937 0900 Null - ok
16:44:07.0968 0900 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
16:44:07.0968 0900 NwlnkFlt - ok
16:44:07.0984 0900 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
16:44:07.0984 0900 NwlnkFwd - ok
16:44:08.0015 0900 Parport (e3934ccc20a4d24f1924e13d36d2a5bd) C:\WINDOWS\system32\DRIVERS\parport.sys
16:44:08.0015 0900 Parport - ok
16:44:08.0109 0900 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
16:44:08.0125 0900 PartMgr - ok
16:44:08.0187 0900 ParVdm (1eade28746a64c21e0a808bb12a63326) C:\WINDOWS\system32\drivers\ParVdm.sys
16:44:08.0187 0900 ParVdm - ok
16:44:08.0218 0900 PCI (3b166f9f753c21aedaa9a6bd76b49655) C:\WINDOWS\system32\DRIVERS\pci.sys
16:44:08.0218 0900 PCI - ok
16:44:08.0218 0900 PCIDump - ok
16:44:08.0234 0900 PCIIde (b31edeba4da28283f6b8dc4756fb9585) C:\WINDOWS\system32\DRIVERS\pciide.sys
16:44:08.0234 0900 PCIIde - ok
16:44:08.0265 0900 Pcmcia (2137ffd65f8e609a3a5acd487c56cce0) C:\WINDOWS\system32\drivers\Pcmcia.sys
16:44:08.0281 0900 Pcmcia - ok
16:44:08.0296 0900 PDCOMP - ok
16:44:08.0296 0900 PDFRAME - ok
16:44:08.0296 0900 PDRELI - ok
16:44:08.0312 0900 PDRFRAME - ok
16:44:08.0312 0900 perc2 - ok
16:44:08.0328 0900 perc2hib - ok
16:44:08.0359 0900 PlugPlay (d98a222a707ffe40043e533fe7a6ba24) C:\WINDOWS\system32\services.exe
16:44:08.0359 0900 PlugPlay - ok
16:44:08.0375 0900 PolicyAgent (8754210a3399d19610ce2d71e0c3e5d9) C:\WINDOWS\system32\lsass.exe
16:44:08.0375 0900 PolicyAgent - ok
16:44:08.0390 0900 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
16:44:08.0390 0900 PptpMiniport - ok
16:44:08.0390 0900 ProtectedStorage (8754210a3399d19610ce2d71e0c3e5d9) C:\WINDOWS\system32\lsass.exe
16:44:08.0390 0900 ProtectedStorage - ok
16:44:08.0406 0900 PSched (d8e11d311785f89f1d70a28b0e879127) C:\WINDOWS\system32\DRIVERS\psched.sys
16:44:08.0406 0900 PSched - ok
16:44:08.0437 0900 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
16:44:08.0437 0900 Ptilink - ok
16:44:08.0437 0900 ql1080 - ok
16:44:08.0453 0900 Ql10wnt - ok
16:44:08.0453 0900 ql12160 - ok
16:44:08.0468 0900 ql1240 - ok
16:44:08.0468 0900 ql1280 - ok
16:44:08.0500 0900 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
16:44:08.0500 0900 RasAcd - ok
16:44:08.0531 0900 RasAuto (0575d034b1292ca3a9bb9f67a8ee289c) C:\WINDOWS\System32\rasauto.dll
16:44:08.0531 0900 RasAuto - ok
16:44:08.0562 0900 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
16:44:08.0562 0900 Rasl2tp - ok
16:44:08.0578 0900 RasMan (9e7e2df6971a5f00102be3f901cc3bdc) C:\WINDOWS\System32\rasmans.dll
16:44:08.0578 0900 RasMan - ok
16:44:08.0593 0900 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
16:44:08.0593 0900 RasPppoe - ok
16:44:08.0609 0900 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
16:44:08.0609 0900 Raspti - ok
16:44:08.0625 0900 Rdbss (9629383f70db691cb6aa5bbd828cd9a9) C:\WINDOWS\system32\DRIVERS\rdbss.sys
16:44:08.0625 0900 Rdbss - ok
16:44:08.0640 0900 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
16:44:08.0640 0900 RDPCDD - ok
16:44:08.0656 0900 rdpdr (47ea20320e3d6fdc7b7bb22b2b881ca6) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
16:44:08.0656 0900 rdpdr - ok
16:44:08.0703 0900 RDPWD (2d293b720c206473a05950ce007db12a) C:\WINDOWS\system32\drivers\RDPWD.sys
16:44:08.0703 0900 RDPWD - ok
16:44:08.0734 0900 RDSessMgr (ea9fdf71d696b532bdc44c8bff03a737) C:\WINDOWS\system32\sessmgr.exe
16:44:08.0750 0900 RDSessMgr - ok
16:44:08.0750 0900 redbook (4173bc66e485fd77a03c4819f60bd0da) C:\WINDOWS\system32\DRIVERS\redbook.sys
16:44:08.0750 0900 redbook - ok
16:44:08.0828 0900 RemoteAccess (4007abf5d9bf0e55451d775443d1f985) C:\WINDOWS\System32\mprdim.dll
16:44:08.0828 0900 RemoteAccess - ok
16:44:08.0843 0900 RemoteRegistry (2fd5b89bf9289c774c5c730dea96cd91) C:\WINDOWS\system32\regsvc.dll
16:44:08.0843 0900 RemoteRegistry - ok
16:44:08.0890 0900 RpcLocator (be078f8f7ec2491efdd79a53353a060f) C:\WINDOWS\system32\locator.exe
16:44:08.0890 0900 RpcLocator - ok
16:44:08.0937 0900 RpcSs (d8d28f6cabec7d42b8e487e290563b9a) C:\WINDOWS\system32\rpcss.dll
16:44:08.0937 0900 RpcSs - ok
16:44:08.0937 0900 rspndr (743d7d59767073a617b1dcc6c546f234) C:\WINDOWS\system32\DRIVERS\rspndr.sys
16:44:08.0953 0900 rspndr - ok
16:44:09.0062 0900 RSVP (ad1b5f1b99fff08c99f443d784711a81) C:\WINDOWS\system32\rsvp.exe
16:44:09.0078 0900 RSVP - ok
16:44:09.0093 0900 SamSs (8754210a3399d19610ce2d71e0c3e5d9) C:\WINDOWS\system32\lsass.exe
16:44:09.0093 0900 SamSs - ok
16:44:09.0250 0900 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
16:44:09.0250 0900 SASDIFSV - ok
16:44:09.0250 0900 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
16:44:09.0250 0900 SASKUTIL - ok
16:44:09.0281 0900 SCardSvr (1b4cd62174e907c7ef8ec5d4d0a2a616) C:\WINDOWS\System32\SCardSvr.exe
16:44:09.0281 0900 SCardSvr - ok
16:44:09.0328 0900 Schedule (7c288ae0f75cb18cff1df6179a67ad8f) C:\WINDOWS\system32\schedsvc.dll
16:44:09.0343 0900 Schedule - ok
16:44:09.0359 0900 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
16:44:09.0375 0900 Secdrv - ok
16:44:09.0406 0900 seclogon (6983665bea867125b1da5757cd8b2f9d) C:\WINDOWS\System32\seclogon.dll
16:44:09.0406 0900 seclogon - ok
16:44:09.0406 0900 SENS (f6ec8f1e50e40237bddee1cb7fe20b42) C:\WINDOWS\system32\sens.dll
16:44:09.0406 0900 SENS - ok
16:44:09.0421 0900 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
16:44:09.0421 0900 serenum - ok
16:44:09.0421 0900 Serial (92c21762653bb2ce51147eb8a9aa654f) C:\WINDOWS\system32\DRIVERS\serial.sys
16:44:09.0437 0900 Serial - ok
16:44:09.0468 0900 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
16:44:09.0468 0900 Sfloppy - ok
16:44:09.0531 0900 SharedAccess (fb728cfe87ff4a3aba0aa526b553d877) C:\WINDOWS\System32\ipnathlp.dll
16:44:09.0546 0900 SharedAccess - ok
16:44:09.0562 0900 ShellHWDetection (c28a9e9d28acdaf8097be4578c49559b) C:\WINDOWS\System32\shsvcs.dll
16:44:09.0562 0900 ShellHWDetection - ok
16:44:09.0578 0900 Simbad - ok
16:44:09.0578 0900 Sparrow - ok
16:44:09.0640 0900 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
16:44:09.0640 0900 splitter - ok
16:44:09.0656 0900 Spooler (258dd5d4283fd9f9a7166be9ae45ce73) C:\WINDOWS\system32\spoolsv.exe
16:44:09.0656 0900 Spooler - ok
16:44:09.0703 0900 sr (64d2a7640e0767ecd3bcb38d3200e7ce) C:\WINDOWS\system32\DRIVERS\sr.sys
16:44:09.0703 0900 sr - ok
16:44:09.0718 0900 srservice (81cbf363c414620caa61bd6843d8fdb9) C:\WINDOWS\system32\srsvc.dll
16:44:09.0718 0900 srservice - ok
16:44:09.0781 0900 Srv (9b390283569ea58d43d2586032b892f5) C:\WINDOWS\system32\DRIVERS\srv.sys
16:44:09.0796 0900 Srv - ok
16:44:09.0812 0900 SSDPSRV (5b9d0de64be96a806819516440fd211c) C:\WINDOWS\System32\ssdpsrv.dll
16:44:09.0828 0900 SSDPSRV - ok
16:44:09.0875 0900 stisvc (5ae996186d2dc694fef88f14a3fc9242) C:\WINDOWS\system32\wiaservc.dll
16:44:09.0906 0900 stisvc - ok
16:44:10.0015 0900 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
16:44:10.0015 0900 swenum - ok
16:44:10.0031 0900 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
16:44:10.0031 0900 swmidi - ok
16:44:10.0046 0900 SwPrv - ok
16:44:10.0046 0900 symc810 - ok
16:44:10.0046 0900 symc8xx - ok
16:44:10.0062 0900 sym_hi - ok
16:44:10.0062 0900 sym_u3 - ok
16:44:10.0078 0900 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
16:44:10.0078 0900 sysaudio - ok
16:44:10.0140 0900 SysmonLog (251eae7c56c6ab9490311a3c9757e18d) C:\WINDOWS\system32\smlogsvc.exe
16:44:10.0140 0900 SysmonLog - ok
16:44:10.0203 0900 TapiSrv (abaec91155e18be1215b9170ee6b2f13) C:\WINDOWS\System32\tapisrv.dll
16:44:10.0203 0900 TapiSrv - ok
16:44:10.0234 0900 Tcpip (ad978a1b783b5719720cff204b666c8e) C:\WINDOWS\system32\DRIVERS\tcpip.sys
16:44:10.0250 0900 Tcpip - ok
16:44:10.0296 0900 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
16:44:10.0296 0900 TDPIPE - ok
16:44:10.0312 0900 TDTCP (c0578456f29e5f26285f81b7b71fe57d) C:\WINDOWS\system32\drivers\TDTCP.sys
16:44:10.0312 0900 TDTCP - ok
16:44:10.0359 0900 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
16:44:10.0359 0900 TermDD - ok
16:44:10.0437 0900 TermService (e0aef86a594c9990d6321c5ca239c5b7) C:\WINDOWS\System32\termsrv.dll
16:44:10.0468 0900 TermService - ok
16:44:10.0531 0900 Themes (c28a9e9d28acdaf8097be4578c49559b) C:\WINDOWS\System32\shsvcs.dll
16:44:10.0531 0900 Themes - ok
16:44:10.0531 0900 TlntSvr (78a2fe13662a119875f10e9ffcb49a8f) C:\WINDOWS\system32\tlntsvr.exe
16:44:10.0546 0900 TlntSvr - ok
16:44:10.0546 0900 TosIde - ok
16:44:10.0562 0900 TrkWks (20655e8ca1c78bc7088b18e93806d21b) C:\WINDOWS\system32\trkwks.dll
16:44:10.0562 0900 TrkWks - ok
16:44:10.0593 0900 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
16:44:10.0593 0900 Udfs - ok
16:44:10.0593 0900 ultra - ok
16:44:10.0656 0900 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
16:44:10.0687 0900 Update - ok
16:44:10.0718 0900 upnphost (01653d6c9604f1fb31a76ec94e08954f) C:\WINDOWS\System32\upnphost.dll
16:44:10.0718 0900 upnphost - ok
16:44:10.0734 0900 UPS (a89796dd0de24cf03b3a39407e1f46a3) C:\WINDOWS\System32\ups.exe
16:44:10.0734 0900 UPS - ok
16:44:10.0875 0900 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
16:44:10.0875 0900 usbccgp - ok
16:44:10.0937 0900 usbehci (52674b5dbee499342a599c7771abecaa) C:\WINDOWS\system32\DRIVERS\usbehci.sys
16:44:10.0937 0900 usbehci - ok
16:44:10.0968 0900 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
16:44:10.0968 0900 usbhub - ok
16:44:10.0984 0900 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
16:44:10.0984 0900 USBSTOR - ok
16:44:11.0031 0900 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
16:44:11.0031 0900 usbuhci - ok
16:44:11.0031 0900 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
16:44:11.0031 0900 VgaSave - ok
16:44:11.0046 0900 ViaIde - ok
16:44:11.0062 0900 VolSnap (8ab662b3c4691e6ddf61c96bb5b7d103) C:\WINDOWS\system32\drivers\VolSnap.sys
16:44:11.0062 0900 VolSnap - ok
16:44:11.0078 0900 VSS (a585edd6965b301de8a45c6768c7c215) C:\WINDOWS\System32\vssvc.exe
16:44:11.0093 0900 VSS - ok
16:44:11.0109 0900 W32Time (99bdd2dff6f04482b738a90d74688212) C:\WINDOWS\system32\w32time.dll
16:44:11.0109 0900 W32Time - ok
16:44:11.0140 0900 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
16:44:11.0140 0900 Wanarp - ok
16:44:11.0140 0900 WDICA - ok
16:44:11.0156 0900 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
16:44:11.0156 0900 wdmaud - ok
16:44:11.0187 0900 WebClient (33d8e2812054d97a0aec9b8f04277927) C:\WINDOWS\System32\webclnt.dll
16:44:11.0187 0900 WebClient - ok
16:44:11.0265 0900 winmgmt (f9e105f369c18e4001e0c05aaf600d73) C:\WINDOWS\system32\wbem\WMIsvc.dll
16:44:11.0265 0900 winmgmt - ok
16:44:11.0312 0900 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\mspmsnsv.dll
16:44:11.0312 0900 WmdmPmSN - ok
16:44:11.0375 0900 Wmi (3ec0ffe81cccc9b694f5fdf4363f13bf) C:\WINDOWS\System32\advapi32.dll
16:44:11.0406 0900 Wmi - ok
16:44:11.0453 0900 WmiApSrv (87f11d161207c7063edabac0aadc33c3) C:\WINDOWS\system32\wbem\wmiapsrv.exe
16:44:11.0453 0900 WmiApSrv - ok
16:44:11.0640 0900 WMPNetworkSvc (79a01acd485687ee602411a06b63a9a5) C:\Program Files\Windows Media Player\wmpnetwk.exe
16:44:11.0687 0900 WMPNetworkSvc - ok
16:44:11.0703 0900 wscsvc (843f7fa8ea38e6a4262976dcc994c81a) C:\WINDOWS\system32\wscsvc.dll
16:44:11.0734 0900 wscsvc - ok
16:44:11.0781 0900 wuauserv (02e4055488047729b333f99d93877038) C:\WINDOWS\system32\wuauserv.dll
16:44:11.0781 0900 wuauserv - ok
16:44:11.0875 0900 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
16:44:11.0875 0900 WudfPf - ok
16:44:11.0937 0900 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
16:44:11.0937 0900 WudfRd - ok
16:44:11.0953 0900 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
16:44:11.0953 0900 WudfSvc - ok
16:44:12.0000 0900 WZCSVC (991e417c2d3d07260757f165a8f40589) C:\WINDOWS\System32\wzcsvc.dll
16:44:12.0015 0900 WZCSVC - ok
16:44:12.0046 0900 xmlprov (fd3c38635808920f8235bf2fed642f54) C:\WINDOWS\System32\xmlprov.dll
16:44:12.0046 0900 xmlprov - ok
16:44:12.0078 0900 MBR (0x1B8) (3051207086651214e435112e51817dc5) \Device\Harddisk0\DR0
16:44:12.0218 0900 \Device\Harddisk0\DR0 - ok
16:44:12.0218 0900 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR2
16:44:12.0234 0900 \Device\Harddisk1\DR2 - ok
16:44:12.0234 0900 Boot (0x1200) (4b2bfa925d9b3df1e31d43f874613003) \Device\Harddisk0\DR0\Partition0
16:44:12.0234 0900 \Device\Harddisk0\DR0\Partition0 - ok
16:44:12.0234 0900 Boot (0x1200) (66299e817b8a44c399d53091754c6db0) \Device\Harddisk1\DR2\Partition0
16:44:12.0234 0900 \Device\Harddisk1\DR2\Partition0 - ok
16:44:12.0234 0900 ============================================================
16:44:12.0234 0900 Scan finished
16:44:12.0234 0900 ============================================================
16:44:12.0250 0508 Detected object count: 0
16:44:12.0250 0508 Actual detected object count: 0
16:44:16.0171 0632 Deinitialize success
  • 0

#12
Ronald Bruns
Posted 09 April 2012 - 11:54 AM

Ronald Bruns

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
And finally, the latest GMER scan:

Thanks Jintan.


*** GMER_After_TDSS.txt ***
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-04-09 16:59:09
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 WDC_WD800JD-75MSA3 rev.10.01E04
Running: vcg1948j.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\uwtdypog.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Files - GMER 1.0.15 ----

File C:\WINDOWS\$NtUninstallKB12052$\2235673173 0 bytes
File C:\WINDOWS\$NtUninstallKB12052$\2235673173\@ 2048 bytes
File C:\WINDOWS\$NtUninstallKB12052$\2235673173\bckfg.tmp 703 bytes
File C:\WINDOWS\$NtUninstallKB12052$\2235673173\cfg.ini 226 bytes
File C:\WINDOWS\$NtUninstallKB12052$\2235673173\Desktop.ini 4608 bytes
File C:\WINDOWS\$NtUninstallKB12052$\2235673173\kwrd.dll 223744 bytes
File C:\WINDOWS\$NtUninstallKB12052$\2235673173\L 0 bytes
File C:\WINDOWS\$NtUninstallKB12052$\2235673173\L\gibvlomo 457856 bytes
File C:\WINDOWS\$NtUninstallKB12052$\2235673173\U 0 bytes
File C:\WINDOWS\$NtUninstallKB12052$\2235673173\U\00000001.@ 1536 bytes
File C:\WINDOWS\$NtUninstallKB12052$\2235673173\U\00000002.@ 224768 bytes
File C:\WINDOWS\$NtUninstallKB12052$\2235673173\U\00000004.@ 1024 bytes
File C:\WINDOWS\$NtUninstallKB12052$\2235673173\U\80000000.@ 1024 bytes
File C:\WINDOWS\$NtUninstallKB12052$\2235673173\U\80000004.@ 12800 bytes
File C:\WINDOWS\$NtUninstallKB12052$\2235673173\U\80000032.@ 97792 bytes
File C:\WINDOWS\$NtUninstallKB12052$\754708898 0 bytes

---- EOF - GMER 1.0.15 ----



EDIT: I only just noticed the "Welkom"...Hahahaha, bedankt!

Edited by Ronald Bruns, 09 April 2012 - 01:50 PM.

  • 0

#13
Jintan
Posted 09 April 2012 - 05:22 PM

Jintan

    Trusted Helper

  • Malware Removal
  • 904 posts
In my youth I spend a few years protecting the world in Kleine Brogel, Belgie. I also protected the bars during carnival in Eindhoven, and often defended the area around the Oude Kerk in Amsterdam.

Be sure to continue to temporarily disable any protective software when running the scan tools we use here.


Download ComboFix.exe from here to your desktop, then click that to run that scan. Agree to any warnings you might receive.

Be sure to install the Recovery Console if you are asked to do so. When the scan completes, a text window with your log will open. Please copy and paste that log back here.

A caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop.

Allow the scan to run. When completed a text window will appear - please copy/paste the contents back here. This log can also be found at C:\ComboFix.txt.
  • 0

#14
Ronald Bruns
Posted 10 April 2012 - 02:11 PM

Ronald Bruns

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
Hey again,

Too bad you only saw the "rough" side of our little country, hahahaha, but we do know how to party and get drunk once in a while!
Hopefully you had a nice time here, and where do you live nowadays if we may ask?


*** And then..., YEEEEEEAAAAAAYYYYY!!!! for Jintan! ***
Combofix found a infection called "Rootkit.ZeroAcces! in tcp/ip stack" and seemed to have "fixed" that.
A note popped up telling this was a "particularly hard infection to get rid of" and "the internet connection may have been lost after removal".
After letting Combofix doing some magic stuff, it rebooted and "new hardware was detected."

I tried auto-detection but nothing was found, and as we have no driver discs or anything else, installation failed. We checked the Device manager and nothing seemed to be missing. So we removed both the USB-wireless-network-stick and my own USB just to be on the safe side and rebooted again, it detected new hardware again, marked "do not show on next boot" and let it be. Then I opened the Device Manager -> Unknown Devices -> Unknown Device -> "Details Tab" as the rest shows nothing, and checked all options. They're in Dutch and I can't translate everything in proper English, please forgive me for the "somethings" in the details below.

On the bright side, I finally convinced my uncle to stay totally disconnected until we receive further instructions from you.
Here are the Combofix log and "New Hardware Details"

Thanks!



*** CombofixLog.txt: ***
ComboFix 12-04-10.01 - Administrator 10-04-2012 18:11:00.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.1014.767 [GMT 2:00]
Gestart vanuit: c:\documents and settings\Administrator\Bureaublad\ComboFix.exe
* Nieuw herstelpunt werd aangemaakt
.
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\windows\$NtUninstallKB12052$
c:\windows\$NtUninstallKB12052$\2235673173\@
c:\windows\$NtUninstallKB12052$\2235673173\bckfg.tmp
c:\windows\$NtUninstallKB12052$\2235673173\cfg.ini
c:\windows\$NtUninstallKB12052$\2235673173\Desktop.ini
c:\windows\$NtUninstallKB12052$\2235673173\kwrd.dll
c:\windows\$NtUninstallKB12052$\2235673173\L\gibvlomo
c:\windows\$NtUninstallKB12052$\2235673173\U\00000001.@
c:\windows\$NtUninstallKB12052$\2235673173\U\00000002.@
c:\windows\$NtUninstallKB12052$\2235673173\U\00000004.@
c:\windows\$NtUninstallKB12052$\2235673173\U\80000000.@
c:\windows\$NtUninstallKB12052$\2235673173\U\80000004.@
c:\windows\$NtUninstallKB12052$\2235673173\U\80000032.@
c:\windows\$NtUninstallKB12052$\754708898
c:\windows\system32\drivers\etc\hosts.txt
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_AMSERVICE
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2012-03-10 to 2012-04-10 ))))))))))))))))))))))))))))))
.
.
2012-04-10 16:15 . 2012-04-10 16:15 -------- d-----w- c:\windows\system32\xircom
2012-04-10 16:15 . 2012-04-10 16:15 -------- d-----w- c:\windows\system32\wbem\snmp
2012-04-10 16:15 . 2012-04-10 16:15 -------- d-----w- c:\program files\microsoft frontpage
2012-04-10 16:05 . 2012-04-10 16:05 -------- d--h--r- c:\documents and settings\Administrator\Onlangs geopend
2012-04-09 15:13 . 2012-04-09 21:28 -------- d-----w- c:\documents and settings\Administrator\Application Data\vlc
2012-04-09 15:01 . 2012-04-09 15:01 -------- d-----w- c:\program files\VideoLAN
2012-04-03 17:24 . 2012-04-03 17:24 348160 ----a-w- c:\windows\system32\msvcr71.dll
2012-04-03 17:24 . 2012-04-03 17:24 1060864 ----a-w- c:\windows\system32\mfc71.dll
2012-04-03 17:24 . 2012-04-03 17:24 1700352 ----a-w- c:\windows\system32\gdiplus.dll
2012-04-03 14:36 . 2012-04-03 14:36 -------- d-----w- c:\documents and settings\Administrator\Application Data\Auslogics
2012-03-30 15:09 . 2012-03-30 15:09 -------- d--h--w- c:\windows\system32\GroupPolicy
2012-03-30 13:23 . 2012-01-31 12:44 237072 ------w- c:\windows\system32\MpSigStub.exe
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-03 09:56 . 2010-09-01 07:02 1869312 ----a-w- c:\windows\system32\win32k.sys
2012-01-11 19:07 . 2012-02-15 16:13 3072 ------w- c:\windows\system32\iacenc.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-28 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-28 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-28 137752]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2010-01-08 1044480]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-15 15360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"_nltide_3"="advpack.dll" [2009-03-07 128512]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders schannel.dll, digest.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-10-25 14:57 136176 ----atw- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 20:33 1695232 --sh--w- c:\program files\Messenger\msmsgs.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
.
R0 mv61xxmm;mv61xxmm;c:\windows\system32\drivers\mv61xxmm.sys [25-11-2010 22:37 5632]
R0 mv64xxmm;mv64xxmm;c:\windows\system32\drivers\mv64xxmm.sys [25-11-2010 22:37 5632]
R0 mvxxmm;mvxxmm;c:\windows\system32\drivers\mvxxmm.sys [25-11-2010 22:37 5632]
R3 AR9271;Wireless Network Adapter Service;c:\windows\system32\drivers\athuw.sys [27-10-2011 18:35 1756384]
S2 gupdate;Google Update-service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [31-1-2012 0:49 136176]
S3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [31-1-2012 0:49 136176]
.
Inhoud van de 'Gedeelde Taken' map
.
2012-04-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-01-30 22:49]
.
2012-04-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-01-30 22:49]
.
2012-04-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1757981266-583907252-1177238915-500Core.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-10-25 14:57]
.
2012-04-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1757981266-583907252-1177238915-500UA.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-10-25 14:57]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.google.nl/
TCP: DhcpNameServer = 212.54.40.25 212.54.35.25
TCP: Interfaces\{2662CA9A-BCCB-40D9-AB24-ABAA529BD6BB}: NameServer = 8.26.56.26,156.154.70.22
TCP: Interfaces\{AEED3375-2EE5-4E0F-83FB-4DCBB7795A71}: NameServer = 8.26.56.26,156.154.70.22
.
- - - - ORPHANS VERWIJDERD - - - -
.
MSConfigStartUp-Malwarebytes' Anti-Malware - c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-04-10 18:15
Windows 5.1.2600 Service Pack 3 NTFS
.
scannen van verborgen processen ...
.
scannen van verborgen autostart items ...
.
scannen van verborgen bestanden ...
.
Scan succesvol afgerond
verborgen bestanden: 0
.
**************************************************************************
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
.
[HKEY_USERS\S-1-5-21-1757981266-583907252-1177238915-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,05,3d,02,f0,9a,1b,a8,4f,92,e1,ba,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,05,3d,02,f0,9a,1b,a8,4f,92,e1,ba,\
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------
.
- - - - - - - > 'explorer.exe'(1900)
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
.
------------------------ Andere Aktieve Processen ------------------------
.
c:\windows\system32\rsvp.exe
c:\windows\system32\igfxsrvc.exe
.
**************************************************************************
.
Voltooingstijd: 2012-04-10 18:17:08 - machine werd herstart
ComboFix-quarantined-files.txt 2012-04-10 16:17
.
Pre-Run: 59.002.404.864 bytes beschikbaar
Post-Run: 59.785.277.440 bytes beschikbaar
.
WindowsXP-KB310994-SP2-Pro-BootDisk-NLD.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - E771EC7A436E1D3B1715A06E1C2D0BBD







*** New Hardware Details: ***
1] Device-something-ID: ROOT\LEGACY_SASKUTIL\0000

8] Devnode Flags: DN_ROOT_ENUMERATED
DN_HAS_PROBLEM
DN_DISABLEABLE
DN_NT_ENUMERATOR
DN_NT_DRIVER

22] Current energy-status: D3

23] Energy-something-possibilities: PDCAP_D0_SUPPORTED

24] Energy-something-?: S0 -> D0
S1 -> D3
S2 -> D3
S3 -> D3
S4 -> D3
S5 -> D3

Edited by Ronald Bruns, 10 April 2012 - 02:15 PM.

  • 0

#15
Jintan
Posted 10 April 2012 - 03:55 PM

Jintan

    Trusted Helper

  • Malware Removal
  • 904 posts
The author of ComboFix is the one who deserves the thanks. I don't recognize that last log file. What created it please?

One other change to make, then let's do scans to check for anything else.


Be sure to continue to temporarily disable any protective software when running the scan tools we use here.


Open notepad (go to Start, Run, type notepad and press Enter) and copy/paste the text in the codebox below into it:

KillAll::
RegLock::
[HKEY_USERS\S-1-5-21-1757981266-583907252-1177238915-500\Software\Microsoft\Internet Explorer\User Preferences]
Save this to your desktop as CFScript.txt


You should now have both ComboFix and that CFScript.txt on the desktop. Just left click/hold on the CFScript.txt file, and drag it into ComboFix to start the scan.

ComboFix will now run as it did before. Allow the scan to run. When completed a text window will appear - please copy/paste the contents back here. This log can also be found at C:\ComboFix.txt.

---------

Open and update Malwarebytes.

* If an update is found, it will download and install the latest version.
* Once the program has loaded, select "Perform quick scan", then click Scan.
* The scan may take some time to finish,so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
* The log is automatically saved by Malwarebytes and can be viewed by clicking the Logs tab in Malwarebytes.
* Copy and Paste the entire report in your next reply. If it calls for a reboot to complete the repairs do that as well then.

---------------

Disable your antivirus program and click here and download the esetsmartinstaller_enu.exe Eset installer. Then click that file to run the scanner.

If you accept the Terms of Use, check the box and click Start. It will take a couple minutes for the scanner to get ready. When the Computer scan settings display shows, check the following boxes:

Remove found threats
Scan unwanted applications

Next to "Current scan targets: Operating memory, Local drives", click the "Change" word. Make sure you place a check next to all disk drives, including any external drives that are attached (no need to check off the floppy or DVD/CD-Rom drives).

Then click the Advanced option, the place a check next to the following (if it is not already checked):

Enable Anti-Stealth technology

Click Start. This scan may take a while, so please be patient.

If infection is found, at the end of the scan click "List of found threats".

In that display, at the bottom, select the option to save the results as a text file, and save that to your desktop. Post that back here please.


Post that log, the C:\ComboFix.txt log and the Malwarebytes log please.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP