Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Sony VAIO, Windows XP won't boot after Malware Removal. [Solved]


  • This topic is locked This topic is locked

#46
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,023 posts
Hello ferhampshire,

Open Notepad.

  • Copy and paste the contents of the quote box below into Notepad. To do this highlight the contents of the box and right click on it. Paste into the open notepad.



    Disk=0 Partition=3 delete

  • Save to your desktop as Fix.txt.
  • Double click ListParts.exe to run it.
  • Press the Fix button.
  • ListParts will process the script in Fix.txt
  • When finished, press the Scan button.
  • A log Result.txt will open on your Desktop.
  • Post back the contents of the log.

Caution: This script is specifically written for the infection on this person's computer. It should NOT to be used on another machine. It may cause serious damage even to the point of rendering the computer unbootable.
  • 0

Advertisements


#47
ferhampshire

ferhampshire

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
Alright emeraldnzl!....Here's the result of the scan:



ListParts by Farbar Version: 10-03-2013
Ran by Marita XoXo (administrator) on 11-04-2013 at 09:45:32
Windows XP (X86)
Running From: C:\Documents and Settings\Marita XoXo\Desktop\New Folder
Language: 0409
************************************************************

========================= Memory info ======================

Percentage of memory in use: 55%
Total physical RAM: 1014.36 MB
Available physical RAM: 446.75 MB
Total Pagefile: 2441.57 MB
Available Pagefile: 1732.47 MB
Total Virtual: 2047.88 MB
Available Virtual: 1999.03 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:141.05 GB) (Free:35.39 GB) NTFS ==>[Drive with boot components (Windows XP)]

Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 149 GB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 8190 MB 1024 KB
Partition 2 Primary 141 GB 8191 MB
======================================================================================================

Disk: 0
Partition 1
Type : 12
Hidden: Yes
Active: No

There is no volume associated with this partition.
======================================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 0 C NTFS Partition 141 GB Healthy System (partition with boot components)
======================================================================================================
============================== MBR Partition Table ==================

==============================
Partitions of Disk 0:
===============
Disk ID: 497E6F38

Partition 1:
===========
Hex: 0020210012FEFFFF0008000000F0FF00
Active: NO
Type: 12
Size: 8 GB

Partition 2:
===========
Hex: 8034E1FF0735F4FF00F8FF0000A0A111
Active: YES
Type: 07 (NTFS)
Size: 141 GB


****** End Of Log ******
  • 0

#48
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,023 posts
Excellent. :thumbsup:

Now


Please download the latest version of TDSSKiller from here and save it to your Desktop.
  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    Posted Image
  • Put a checkmark beside loaded modules.

    Posted Image
  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.

    Posted Image
  • Click the Start Scan button.

    Posted Image
  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
    Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.

    Posted Image

    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

  • 0

#49
ferhampshire

ferhampshire

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
Ok, so here is that report....Btw, I wanna thank you for your tutorials, there are so well explained and super easy to follow!! :)



10:16:12.0437 2388 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
10:16:12.0796 2388 ============================================================
10:16:12.0796 2388 Current date / time: 2013/04/11 10:16:12.0796
10:16:12.0796 2388 SystemInfo:
10:16:12.0796 2388
10:16:12.0796 2388 OS Version: 5.1.2600 ServicePack: 3.0
10:16:12.0796 2388 Product type: Workstation
10:16:12.0796 2388 ComputerName: MARITA_XOXO
10:16:12.0796 2388 UserName: Marita XoXo
10:16:12.0796 2388 Windows directory: C:\WINDOWS
10:16:12.0796 2388 System windows directory: C:\WINDOWS
10:16:12.0796 2388 Processor architecture: Intel x86
10:16:12.0796 2388 Number of processors: 2
10:16:12.0796 2388 Page size: 0x1000
10:16:12.0796 2388 Boot type: Normal boot
10:16:12.0796 2388 ============================================================
10:16:17.0078 2388 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
10:16:17.0078 2388 ============================================================
10:16:17.0078 2388 \Device\Harddisk0\DR0:
10:16:17.0078 2388 MBR partitions:
10:16:17.0078 2388 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xFFF800, BlocksNum 0x11A1A000
10:16:17.0078 2388 ============================================================
10:16:17.0109 2388 C: <-> \Device\Harddisk0\DR0\Partition1
10:16:17.0140 2388 ============================================================
10:16:17.0140 2388 Initialize success
10:16:17.0140 2388 ============================================================
10:18:11.0953 3976 ============================================================
10:18:11.0953 3976 Scan started
10:18:11.0953 3976 Mode: Manual; SigCheck; TDLFS;
10:18:11.0953 3976 ============================================================
10:18:12.0609 3976 ================ Scan system memory ========================
10:18:12.0625 3976 System memory - ok
10:18:12.0625 3976 ================ Scan services =============================
10:18:12.0796 3976 [ 21E762887187CF03494104165F3C148D ] 5U876UVC C:\WINDOWS\system32\DRIVERS\5U876.sys
10:18:13.0343 3976 5U876UVC - ok
10:18:13.0359 3976 Abiosdsk - ok
10:18:13.0375 3976 abp480n5 - ok
10:18:13.0546 3976 [ ADC420616C501B45D26C0FD3EF1E54E4 ] ACDaemon C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
10:18:13.0656 3976 ACDaemon - ok
10:18:13.0718 3976 [ D8FB7D1C3F5BFA3F53FE9CC6367E9E99 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
10:18:13.0718 3976 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\ACPI.sys. Real md5: D8FB7D1C3F5BFA3F53FE9CC6367E9E99, Fake md5: 8FD99680A539792A30E97944FDAECF17
10:18:13.0718 3976 ACPI ( Virus.Win32.Rloader.a ) - infected
10:18:13.0718 3976 ACPI - detected Virus.Win32.Rloader.a (0)
10:18:13.0781 3976 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
10:18:15.0046 3976 ACPIEC - ok
10:18:15.0062 3976 adpu160m - ok
10:18:15.0140 3976 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
10:18:15.0562 3976 aec - ok
10:18:15.0625 3976 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
10:18:15.0765 3976 AFD - ok
10:18:15.0765 3976 Aha154x - ok
10:18:15.0781 3976 aic78u2 - ok
10:18:15.0796 3976 aic78xx - ok
10:18:15.0859 3976 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
10:18:16.0015 3976 ALG - ok
10:18:16.0031 3976 AliIde - ok
10:18:16.0109 3976 [ 678C8FDB9D6094D41F322B7159853C54 ] AM10 C:\WINDOWS\system32\DRIVERS\AM10XP.sys
10:18:16.0187 3976 AM10 - ok
10:18:16.0281 3976 [ F6AF59D6EEE5E1C304F7F73706AD11D8 ] Ambfilt C:\WINDOWS\system32\drivers\Ambfilt.sys
10:18:16.0515 3976 Ambfilt - ok
10:18:16.0531 3976 amsint - ok
10:18:16.0593 3976 [ 20F6F19FE9E753F2780DC2FA083AD597 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
10:18:16.0625 3976 Apple Mobile Device - ok
10:18:16.0640 3976 AppMgmt - ok
10:18:16.0734 3976 [ D3E782AD9DCA4D6215222A43345F43B0 ] AR5416 C:\WINDOWS\system32\DRIVERS\athw.sys
10:18:17.0156 3976 AR5416 - ok
10:18:17.0187 3976 [ 35A6A419D7526F5CF824AFB23AFA08D6 ] ArcSoftKsUFilter C:\WINDOWS\system32\DRIVERS\ArcSoftKsUFilter.sys
10:18:17.0218 3976 ArcSoftKsUFilter - ok
10:18:17.0234 3976 asc - ok
10:18:17.0250 3976 asc3350p - ok
10:18:17.0250 3976 asc3550 - ok
10:18:17.0421 3976 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
10:18:17.0562 3976 aspnet_state - ok
10:18:17.0593 3976 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
10:18:17.0937 3976 AsyncMac - ok
10:18:17.0968 3976 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
10:18:18.0375 3976 atapi - ok
10:18:18.0406 3976 Atdisk - ok
10:18:18.0468 3976 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
10:18:18.0843 3976 Atmarpc - ok
10:18:18.0906 3976 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
10:18:19.0296 3976 AudioSrv - ok
10:18:19.0359 3976 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
10:18:19.0703 3976 audstub - ok
10:18:19.0765 3976 [ F62B70D3209E38A6C19A03109A25B903 ] AWINDIS5 C:\WINDOWS\system32\AWINDIS5.SYS
10:18:19.0796 3976 AWINDIS5 ( UnsignedFile.Multi.Generic ) - warning
10:18:19.0796 3976 AWINDIS5 - detected UnsignedFile.Multi.Generic (1)
10:18:19.0843 3976 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
10:18:20.0234 3976 Beep - ok
10:18:20.0328 3976 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
10:18:20.0734 3976 BITS - ok
10:18:20.0843 3976 [ F832F1505AD8B83474BD9A5B1B985E01 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
10:18:20.0906 3976 Bonjour Service - ok
10:18:20.0953 3976 [ 2C04F295F7F40EB46F7ACCD3F6CDEF4A ] btaudio C:\WINDOWS\system32\drivers\btaudio.sys
10:18:21.0046 3976 btaudio - ok
10:18:21.0078 3976 [ 2F9F111D31AA3FBBE5781D829A4524E6 ] BTDriver C:\WINDOWS\system32\DRIVERS\btport.sys
10:18:21.0125 3976 BTDriver - ok
10:18:21.0156 3976 [ 75130181FA2FD6CBE83083C5311ABE78 ] BTKRNL C:\WINDOWS\system32\DRIVERS\btkrnl.sys
10:18:21.0281 3976 BTKRNL - ok
10:18:21.0375 3976 [ B907322915D4B5105A7C4A78FFD7A4E3 ] btwdins C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
10:18:21.0421 3976 btwdins - ok
10:18:21.0453 3976 [ 485020A1E1FC5C51A800CA69C618D881 ] BTWDNDIS C:\WINDOWS\system32\DRIVERS\btwdndis.sys
10:18:21.0500 3976 BTWDNDIS - ok
10:18:21.0500 3976 [ C51D50CF24DA69A9C499E65B0EDB3BB7 ] btwhid C:\WINDOWS\system32\DRIVERS\btwhid.sys
10:18:21.0546 3976 btwhid - ok
10:18:21.0562 3976 [ 6B622612FE21B59FAEE2CA4385959778 ] BTWUSB C:\WINDOWS\system32\Drivers\btwusb.sys
10:18:21.0609 3976 BTWUSB - ok
10:18:21.0656 3976 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
10:18:22.0015 3976 cbidf2k - ok
10:18:22.0062 3976 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
10:18:22.0453 3976 CCDECODE - ok
10:18:22.0453 3976 cd20xrnt - ok
10:18:22.0515 3976 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
10:18:22.0875 3976 Cdaudio - ok
10:18:22.0921 3976 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
10:18:23.0281 3976 Cdfs - ok
10:18:23.0328 3976 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
10:18:23.0687 3976 Cdrom - ok
10:18:23.0687 3976 Changer - ok
10:18:23.0734 3976 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
10:18:24.0203 3976 CiSvc - ok
10:18:24.0250 3976 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
10:18:24.0671 3976 ClipSrv - ok
10:18:24.0734 3976 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:18:24.0812 3976 clr_optimization_v2.0.50727_32 - ok
10:18:24.0859 3976 [ 0F6C187D38D98F8DF904589A5F94D411 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys
10:18:25.0265 3976 CmBatt - ok
10:18:25.0296 3976 CmdIde - ok
10:18:25.0312 3976 [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys
10:18:25.0671 3976 Compbatt - ok
10:18:25.0671 3976 COMSysApp - ok
10:18:25.0703 3976 Cpqarray - ok
10:18:25.0765 3976 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
10:18:26.0125 3976 CryptSvc - ok
10:18:26.0156 3976 dac2w2k - ok
10:18:26.0156 3976 dac960nt - ok
10:18:26.0234 3976 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
10:18:26.0375 3976 DcomLaunch - ok
10:18:26.0421 3976 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
10:18:26.0921 3976 Dhcp - ok
10:18:26.0937 3976 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
10:18:27.0312 3976 Disk - ok
10:18:27.0312 3976 dmadmin - ok
10:18:27.0390 3976 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
10:18:27.0812 3976 dmboot - ok
10:18:27.0906 3976 [ 526192BF7696F72E29777BF4A180513A ] DMICall C:\WINDOWS\system32\DRIVERS\DMICall.sys
10:18:28.0234 3976 DMICall - ok
10:18:28.0281 3976 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
10:18:28.0828 3976 dmio - ok
10:18:28.0890 3976 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
10:18:29.0281 3976 dmload - ok
10:18:29.0328 3976 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
10:18:29.0703 3976 dmserver - ok
10:18:29.0765 3976 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
10:18:30.0140 3976 DMusic - ok
10:18:30.0203 3976 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
10:18:30.0359 3976 Dnscache - ok
10:18:30.0437 3976 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
10:18:30.0796 3976 Dot3svc - ok
10:18:30.0796 3976 dpti2o - ok
10:18:30.0875 3976 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
10:18:31.0218 3976 drmkaud - ok
10:18:31.0250 3976 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
10:18:31.0625 3976 EapHost - ok
10:18:31.0687 3976 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
10:18:32.0078 3976 ERSvc - ok
10:18:32.0140 3976 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
10:18:32.0187 3976 Eventlog - ok
10:18:32.0265 3976 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
10:18:32.0375 3976 EventSystem - ok
10:18:32.0453 3976 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
10:18:32.0812 3976 Fastfat - ok
10:18:32.0906 3976 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
10:18:33.0046 3976 FastUserSwitchingCompatibility - ok
10:18:33.0156 3976 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
10:18:33.0609 3976 Fdc - ok
10:18:33.0640 3976 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
10:18:34.0140 3976 Fips - ok
10:18:34.0218 3976 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
10:18:34.0531 3976 Flpydisk - ok
10:18:34.0609 3976 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
10:18:34.0859 3976 FltMgr - ok
10:18:34.0984 3976 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
10:18:35.0000 3976 FontCache3.0.0.0 - ok
10:18:35.0046 3976 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
10:18:35.0312 3976 Fs_Rec - ok
10:18:35.0359 3976 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
10:18:35.0593 3976 Ftdisk - ok
10:18:35.0640 3976 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
10:18:35.0671 3976 GEARAspiWDM - ok
10:18:35.0718 3976 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
10:18:35.0937 3976 Gpc - ok
10:18:36.0031 3976 [ CC839E8D766CC31A7710C9F38CF3E375 ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
10:18:36.0062 3976 gusvc - ok
10:18:36.0218 3976 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
10:18:36.0453 3976 HDAudBus - ok
10:18:36.0562 3976 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
10:18:36.0781 3976 helpsvc - ok
10:18:36.0828 3976 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll
10:18:37.0078 3976 HidServ - ok
10:18:37.0109 3976 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
10:18:37.0359 3976 HidUsb - ok
10:18:37.0390 3976 hitmanpro37 - ok
10:18:37.0453 3976 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
10:18:37.0703 3976 hkmsvc - ok
10:18:37.0718 3976 hpn - ok
10:18:37.0781 3976 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
10:18:37.0859 3976 HTTP - ok
10:18:37.0921 3976 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
10:18:38.0171 3976 HTTPFilter - ok
10:18:38.0171 3976 i2omgmt - ok
10:18:38.0187 3976 i2omp - ok
10:18:38.0234 3976 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
10:18:38.0468 3976 i8042prt - ok
10:18:38.0750 3976 [ 48846B31BE5A4FA662CCFDE7A1BA86B9 ] ialm C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
10:18:39.0125 3976 ialm - ok
10:18:39.0187 3976 [ 6F95324909B502E2651442C1548AB12F ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
10:18:39.0218 3976 IDriverT ( UnsignedFile.Multi.Generic ) - warning
10:18:39.0218 3976 IDriverT - detected UnsignedFile.Multi.Generic (1)
10:18:39.0328 3976 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
10:18:39.0406 3976 idsvc - ok
10:18:39.0453 3976 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
10:18:39.0687 3976 Imapi - ok
10:18:39.0734 3976 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
10:18:39.0968 3976 ImapiService - ok
10:18:39.0984 3976 ini910u - ok
10:18:40.0265 3976 [ 43B0B2D3D22AFB63197FE011D02A977B ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
10:18:40.0625 3976 IntcAzAudAddService - ok
10:18:40.0640 3976 IntelIde - ok
10:18:40.0703 3976 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
10:18:40.0921 3976 intelppm - ok
10:18:40.0984 3976 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
10:18:41.0203 3976 Ip6Fw - ok
10:18:41.0250 3976 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
10:18:41.0468 3976 IpFilterDriver - ok
10:18:41.0500 3976 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
10:18:41.0718 3976 IpInIp - ok
10:18:41.0765 3976 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
10:18:42.0015 3976 IpNat - ok
10:18:42.0093 3976 [ 9033D67B7112D23EDED6789BACDED128 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
10:18:42.0156 3976 iPod Service - ok
10:18:42.0187 3976 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
10:18:42.0453 3976 IPSec - ok
10:18:42.0515 3976 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
10:18:42.0625 3976 IRENUM - ok
10:18:42.0687 3976 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
10:18:42.0906 3976 isapnp - ok
10:18:43.0078 3976 [ 9AE07549A0D691A103FAF8946554BDB7 ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe
10:18:43.0109 3976 JavaQuickStarterService - ok
10:18:43.0203 3976 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
10:18:43.0437 3976 Kbdclass - ok
10:18:43.0468 3976 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
10:18:43.0687 3976 kmixer - ok
10:18:43.0750 3976 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
10:18:43.0859 3976 KSecDD - ok
10:18:43.0890 3976 [ 1E256E6541DDD97A1931A2A300317166 ] L1c C:\WINDOWS\system32\DRIVERS\l1c51x86.sys
10:18:43.0968 3976 L1c - ok
10:18:44.0031 3976 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
10:18:44.0109 3976 lanmanserver - ok
10:18:44.0109 3976 lbrtfdc - ok
10:18:44.0187 3976 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
10:18:44.0406 3976 LmHosts - ok
10:18:44.0484 3976 [ 4470E3C1E0C3378E4CAB137893C12C3A ] MBAMProtector C:\WINDOWS\system32\drivers\mbam.sys
10:18:44.0546 3976 MBAMProtector - ok
10:18:44.0625 3976 [ 65085456FD9A74D7F1A999520C299ECB ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
10:18:44.0687 3976 MBAMScheduler - ok
10:18:44.0734 3976 [ E0D7732F2D2E24B2DB3F67B6750295B8 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
10:18:44.0781 3976 MBAMService - ok
10:18:44.0812 3976 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
10:18:45.0031 3976 mnmdd - ok
10:18:45.0093 3976 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
10:18:45.0328 3976 mnmsrvc - ok
10:18:45.0406 3976 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
10:18:45.0640 3976 Modem - ok
10:18:45.0718 3976 [ 9FA7207D1B1ADEAD88AE8EED9CDBBAA5 ] Monfilt C:\WINDOWS\system32\drivers\Monfilt.sys
10:18:45.0859 3976 Monfilt - ok
10:18:45.0890 3976 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
10:18:46.0156 3976 Mouclass - ok
10:18:46.0203 3976 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
10:18:46.0453 3976 mouhid - ok
10:18:46.0500 3976 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
10:18:46.0734 3976 MountMgr - ok
10:18:46.0828 3976 [ 8A7C8F4C713E70D73946833D76B77035 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
10:18:46.0859 3976 MozillaMaintenance - ok
10:18:46.0859 3976 mraid35x - ok
10:18:46.0890 3976 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
10:18:47.0140 3976 MRxDAV - ok
10:18:47.0203 3976 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
10:18:47.0437 3976 MSDTC - ok
10:18:47.0546 3976 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
10:18:47.0843 3976 Msfs - ok
10:18:47.0859 3976 MSIServer - ok
10:18:47.0906 3976 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
10:18:48.0140 3976 MSKSSRV - ok
10:18:48.0171 3976 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
10:18:48.0390 3976 MSPCLOCK - ok
10:18:48.0421 3976 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
10:18:48.0671 3976 MSPQM - ok
10:18:48.0703 3976 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
10:18:48.0953 3976 mssmbios - ok
10:18:48.0984 3976 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
10:18:49.0234 3976 MSTEE - ok
10:18:49.0296 3976 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
10:18:49.0343 3976 Mup - ok
10:18:49.0359 3976 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
10:18:50.0281 3976 NABTSFEC - ok
10:18:50.0359 3976 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
10:18:50.0609 3976 napagent - ok
10:18:50.0640 3976 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
10:18:50.0890 3976 NDIS - ok
10:18:50.0953 3976 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
10:18:51.0171 3976 NdisIP - ok
10:18:51.0234 3976 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
10:18:51.0312 3976 NdisTapi - ok
10:18:51.0343 3976 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
10:18:51.0562 3976 Ndisuio - ok
10:18:51.0609 3976 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
10:18:51.0812 3976 NdisWan - ok
10:18:51.0843 3976 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
10:18:51.0937 3976 NDProxy - ok
10:18:51.0984 3976 [ 29C45722E20572B6440B57E3359E73EE ] Netaapl C:\WINDOWS\system32\DRIVERS\netaapl.sys
10:18:51.0984 3976 Netaapl ( UnsignedFile.Multi.Generic ) - warning
10:18:51.0984 3976 Netaapl - detected UnsignedFile.Multi.Generic (1)
10:18:52.0046 3976 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
10:18:52.0406 3976 NetBT - ok
10:18:52.0468 3976 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
10:18:52.0750 3976 NetDDE - ok
10:18:52.0750 3976 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
10:18:52.0984 3976 NetDDEdsdm - ok
10:18:53.0062 3976 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
10:18:53.0312 3976 Netman - ok
10:18:53.0359 3976 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
10:18:53.0390 3976 NetTcpPortSharing - ok
10:18:53.0437 3976 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
10:18:53.0484 3976 Nla - ok
10:18:53.0546 3976 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
10:18:53.0750 3976 Npfs - ok
10:18:53.0796 3976 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
10:18:54.0078 3976 Ntfs - ok
10:18:54.0156 3976 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
10:18:54.0421 3976 NtmsSvc - ok
10:18:54.0500 3976 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
10:18:54.0703 3976 Null - ok
10:18:54.0750 3976 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
10:18:54.0984 3976 NwlnkFlt - ok
10:18:55.0031 3976 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
10:18:55.0281 3976 NwlnkFwd - ok
10:18:55.0437 3976 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
10:18:55.0484 3976 odserv - ok
10:18:55.0515 3976 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
10:18:55.0546 3976 ose - ok
10:18:55.0578 3976 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\drivers\Parport.sys
10:18:55.0828 3976 Parport - ok
10:18:55.0875 3976 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
10:18:56.0109 3976 PartMgr - ok
10:18:56.0171 3976 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
10:18:56.0406 3976 ParVdm - ok
10:18:56.0468 3976 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
10:18:56.0687 3976 PCI - ok
10:18:56.0687 3976 PCIDump - ok
10:18:56.0734 3976 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
10:18:56.0953 3976 PCIIde - ok
10:18:57.0000 3976 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
10:18:57.0250 3976 Pcmcia - ok
10:18:57.0250 3976 PDCOMP - ok
10:18:57.0265 3976 PDFRAME - ok
10:18:57.0281 3976 PDRELI - ok
10:18:57.0281 3976 PDRFRAME - ok
10:18:57.0296 3976 perc2 - ok
10:18:57.0296 3976 perc2hib - ok
10:18:57.0359 3976 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
10:18:57.0375 3976 PlugPlay - ok
10:18:57.0437 3976 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
10:18:57.0671 3976 PolicyAgent - ok
10:18:57.0734 3976 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
10:18:57.0968 3976 PptpMiniport - ok
10:18:58.0078 3976 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
10:18:58.0296 3976 ProtectedStorage - ok
10:18:58.0312 3976 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
10:18:58.0546 3976 PSched - ok
10:18:58.0609 3976 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
10:18:58.0828 3976 Ptilink - ok
10:18:58.0890 3976 [ 153D02480A0A2F45785522E814C634B6 ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
10:18:58.0921 3976 PxHelp20 - ok
10:18:58.0921 3976 ql1080 - ok
10:18:58.0937 3976 Ql10wnt - ok
10:18:58.0937 3976 ql12160 - ok
10:18:58.0953 3976 ql1240 - ok
10:18:58.0968 3976 ql1280 - ok
10:18:59.0046 3976 [ 1E32F1D3364FF10FB958FBCDD2AE8487 ] RaAutoInstSrv_AM10 C:\Program Files\Cisco Systems\Cisco Valet Connector\CiscoAdapterSvc.exe
10:18:59.0093 3976 RaAutoInstSrv_AM10 - ok
10:18:59.0125 3976 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
10:18:59.0328 3976 RasAcd - ok
10:18:59.0375 3976 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
10:18:59.0609 3976 RasAuto - ok
10:18:59.0656 3976 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
10:18:59.0890 3976 Rasl2tp - ok
10:18:59.0937 3976 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
10:19:00.0187 3976 RasMan - ok
10:19:00.0203 3976 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
10:19:00.0406 3976 RasPppoe - ok
10:19:00.0468 3976 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
10:19:00.0703 3976 Raspti - ok
10:19:00.0765 3976 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
10:19:00.0968 3976 RDPCDD - ok
10:19:01.0031 3976 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
10:19:01.0156 3976 RDPWD - ok
10:19:01.0218 3976 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
10:19:01.0453 3976 RDSessMgr - ok
10:19:01.0484 3976 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
10:19:01.0703 3976 redbook - ok
10:19:01.0765 3976 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
10:19:02.0000 3976 RemoteAccess - ok
10:19:02.0062 3976 [ D0C2A0CE1091E08EFB7CCBA6CEA4C3F9 ] rimsptsk C:\WINDOWS\system32\DRIVERS\rimsptsk.sys
10:19:02.0125 3976 rimsptsk - ok
10:19:02.0171 3976 [ 4F4A4C09CC5BE58A76CAC1C337E004E6 ] RimUsb C:\WINDOWS\system32\Drivers\RimUsb.sys
10:19:02.0250 3976 RimUsb - ok
10:19:02.0296 3976 [ 3A5633AD615E2B15291BD0B1B97CCD8A ] RimVSerPort C:\WINDOWS\system32\DRIVERS\RimSerial.sys
10:19:02.0328 3976 RimVSerPort - ok
10:19:02.0390 3976 [ BFF70B98423F5B33D14F8438ECEBF650 ] risdptsk C:\WINDOWS\system32\DRIVERS\risdptsk.sys
10:19:02.0515 3976 risdptsk - ok
10:19:02.0546 3976 [ D8B0B4ADE32574B2D9C5CC34DC0DBBE7 ] ROOTMODEM C:\WINDOWS\system32\Drivers\RootMdm.sys
10:19:02.0765 3976 ROOTMODEM - ok
10:19:02.0812 3976 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\system32\rpcss.dll
10:19:02.0859 3976 RpcSs - ok
10:19:02.0890 3976 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
10:19:03.0109 3976 RSVP - ok
10:19:03.0125 3976 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
10:19:03.0328 3976 SamSs - ok
10:19:03.0375 3976 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
10:19:03.0625 3976 SCardSvr - ok
10:19:03.0687 3976 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
10:19:03.0906 3976 Schedule - ok
10:19:03.0984 3976 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
10:19:04.0078 3976 Secdrv - ok
10:19:04.0156 3976 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
10:19:04.0375 3976 seclogon - ok
10:19:04.0421 3976 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
10:19:04.0640 3976 SENS - ok
10:19:04.0718 3976 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\drivers\Serial.sys
10:19:04.0953 3976 Serial - ok
10:19:04.0984 3976 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\DRIVERS\sfloppy.sys
10:19:05.0171 3976 Sfloppy - ok
10:19:05.0218 3976 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
10:19:05.0250 3976 ShellHWDetection - ok
10:19:05.0265 3976 Simbad - ok
10:19:05.0546 3976 [ 23E3C83DFF7B09A97B01A85ED8A44478 ] Skype C2C Service C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
10:19:05.0781 3976 Skype C2C Service - ok
10:19:05.0843 3976 [ 8C4F0DCC6A5100D48F9B2F950CDD220F ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
10:19:05.0875 3976 SkypeUpdate - ok
10:19:05.0890 3976 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
10:19:06.0140 3976 SLIP - ok
10:19:06.0203 3976 [ BE6038E0A7D2E2FE69107E41A0265831 ] SNC C:\WINDOWS\system32\Drivers\SonyNC.sys
10:19:06.0265 3976 SNC - ok
10:19:06.0390 3976 [ E6B9AC754000A10E881F9EF4F7CB339C ] SOHCImp C:\Program Files\Common Files\Sony Shared\SOHLib\SOHCImp.exe
10:19:06.0421 3976 SOHCImp - ok
10:19:06.0421 3976 [ 3AB6AD4CB819B74506602171A5A3F5C2 ] SOHDBSvr C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe
10:19:06.0453 3976 SOHDBSvr - ok
10:19:06.0468 3976 [ 7FB8BDC60956E7E362B828B2CCFCEA5A ] SOHDms C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDms.exe
10:19:06.0500 3976 SOHDms - ok
10:19:06.0515 3976 [ C4F1005C35E95C55784C69907F749AD7 ] SOHDs C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDs.exe
10:19:06.0531 3976 SOHDs - ok
10:19:06.0546 3976 [ 689D63D0C98A56769EF078D0CEF345DD ] SOHPlMgr C:\Program Files\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe
10:19:06.0578 3976 SOHPlMgr - ok
10:19:06.0625 3976 [ DFADFC2C86662F40759BF02ADD27D569 ] sonypvs1 C:\WINDOWS\system32\DRIVERS\sonypvs1.sys
10:19:06.0625 3976 sonypvs1 ( UnsignedFile.Multi.Generic ) - warning
10:19:06.0625 3976 sonypvs1 - detected UnsignedFile.Multi.Generic (1)
10:19:06.0656 3976 [ A1ECEEAA5C5E74B2499EB51D38185B84 ] SONYPVU1 C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
10:19:06.0890 3976 SONYPVU1 - ok
10:19:06.0890 3976 Sparrow - ok
10:19:06.0937 3976 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
10:19:07.0156 3976 splitter - ok
10:19:07.0187 3976 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
10:19:07.0265 3976 Spooler - ok
10:19:07.0312 3976 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
10:19:07.0421 3976 sr - ok
10:19:07.0500 3976 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
10:19:07.0625 3976 srservice - ok
10:19:07.0687 3976 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
10:19:07.0812 3976 Srv - ok
10:19:07.0859 3976 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
10:19:07.0968 3976 SSDPSRV - ok
10:19:08.0093 3976 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
10:19:08.0343 3976 stisvc - ok
10:19:08.0406 3976 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
10:19:08.0625 3976 streamip - ok
10:19:08.0656 3976 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
10:19:08.0859 3976 swenum - ok
10:19:08.0921 3976 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
10:19:09.0140 3976 swmidi - ok
10:19:09.0140 3976 SwPrv - ok
10:19:09.0156 3976 symc810 - ok
10:19:09.0171 3976 symc8xx - ok
10:19:09.0187 3976 sym_hi - ok
10:19:09.0187 3976 sym_u3 - ok
10:19:09.0265 3976 [ 7576E391184A4581DD06D3BD93FD146C ] SynTP C:\WINDOWS\system32\DRIVERS\SynTP.sys
10:19:09.0296 3976 SynTP - ok
10:19:09.0343 3976 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
10:19:09.0562 3976 sysaudio - ok
10:19:09.0625 3976 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
10:19:09.0843 3976 SysmonLog - ok
10:19:09.0890 3976 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
10:19:10.0109 3976 TapiSrv - ok
10:19:10.0187 3976 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
10:19:10.0250 3976 Tcpip - ok
10:19:10.0343 3976 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
10:19:10.0546 3976 TDPIPE - ok
10:19:10.0562 3976 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
10:19:10.0781 3976 TDTCP - ok
10:19:10.0812 3976 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
10:19:11.0015 3976 TermDD - ok
10:19:11.0078 3976 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
10:19:11.0296 3976 TermService - ok
10:19:11.0328 3976 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
10:19:11.0359 3976 Themes - ok
10:19:11.0375 3976 TosIde - ok
10:19:11.0390 3976 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
10:19:11.0593 3976 TrkWks - ok
10:19:11.0734 3976 [ 63F6D08C54D5B3C1B12A6172032055C7 ] uCamMonitor C:\Program Files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
10:19:11.0750 3976 uCamMonitor - ok
10:19:11.0781 3976 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
10:19:11.0984 3976 Udfs - ok
10:19:12.0000 3976 ultra - ok
10:19:12.0125 3976 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
10:19:12.0343 3976 Update - ok
10:19:12.0421 3976 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
10:19:12.0546 3976 upnphost - ok
10:19:12.0562 3976 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
10:19:12.0781 3976 UPS - ok
10:19:12.0828 3976 [ D4FB6ECC60A428564BA8768B0E23C0FC ] USBAAPL C:\WINDOWS\system32\Drivers\usbaapl.sys
10:19:12.0875 3976 USBAAPL - ok
10:19:12.0921 3976 [ E919708DB44ED8543A7C017953148330 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys
10:19:13.0140 3976 usbaudio - ok
10:19:13.0203 3976 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
10:19:13.0421 3976 usbccgp - ok
10:19:13.0484 3976 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
10:19:13.0671 3976 usbehci - ok
10:19:13.0703 3976 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
10:19:13.0921 3976 usbhub - ok
10:19:13.0953 3976 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
10:19:14.0156 3976 usbscan - ok
10:19:14.0187 3976 [ A32426D9B14A089EAA1D922E0C5801A9 ] usbstor C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
10:19:14.0390 3976 usbstor - ok
10:19:14.0453 3976 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
10:19:14.0656 3976 usbuhci - ok
10:19:14.0671 3976 [ 63BBFCA7F390F4C49ED4B96BFB1633E0 ] usbvideo C:\WINDOWS\system32\Drivers\usbvideo.sys
10:19:14.0890 3976 usbvideo - ok
10:19:14.0937 3976 [ 8AFFFDA081CFF3057391FEDBBB483601 ] UTSCSI C:\WINDOWS\system32\UTSCSI.EXE
10:19:14.0984 3976 UTSCSI ( UnsignedFile.Multi.Generic ) - warning
10:19:14.0984 3976 UTSCSI - detected UnsignedFile.Multi.Generic (1)
10:19:15.0062 3976 [ 4E7135D6D0127067E4CFEE12259F895D ] VAIO Entertainment TV Device Arbitration Service C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe
10:19:15.0093 3976 VAIO Entertainment TV Device Arbitration Service ( UnsignedFile.Multi.Generic ) - warning
10:19:15.0093 3976 VAIO Entertainment TV Device Arbitration Service - detected UnsignedFile.Multi.Generic (1)
10:19:15.0203 3976 [ 1D5425783D92F34C63075FA0C4E2C3D5 ] VAIO Event Service C:\Program Files\sony\VAIO Event Service\VESMgr.exe
10:19:15.0250 3976 VAIO Event Service ( UnsignedFile.Multi.Generic ) - warning
10:19:15.0250 3976 VAIO Event Service - detected UnsignedFile.Multi.Generic (1)
10:19:15.0484 3976 [ 0ED1D51DCEC67F96CC313D02A1741CF3 ] VCFw C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
10:19:15.0859 3976 VCFw - ok
10:19:15.0875 3976 Vcsw - ok
10:19:15.0968 3976 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
10:19:16.0171 3976 VgaSave - ok
10:19:16.0187 3976 ViaIde - ok
10:19:16.0218 3976 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
10:19:16.0421 3976 VolSnap - ok
10:19:16.0500 3976 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
10:19:16.0609 3976 VSS - ok
10:19:16.0687 3976 [ 79EB419F4A694B4514249E0D3DB16ECF ] VzCdbSvc C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
10:19:16.0718 3976 VzCdbSvc ( UnsignedFile.Multi.Generic ) - warning
10:19:16.0718 3976 VzCdbSvc - detected UnsignedFile.Multi.Generic (1)
10:19:16.0750 3976 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
10:19:16.0968 3976 W32Time - ok
10:19:17.0031 3976 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
10:19:17.0234 3976 Wanarp - ok
10:19:17.0312 3976 [ BBCFEAB7E871CDDAC2D397EE7FA91FDC ] Wdf01000 C:\WINDOWS\system32\Drivers\wdf01000.sys
10:19:17.0359 3976 Wdf01000 - ok
10:19:17.0359 3976 WDICA - ok
10:19:17.0406 3976 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
10:19:17.0609 3976 wdmaud - ok
10:19:17.0671 3976 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
10:19:17.0890 3976 WebClient - ok
10:19:18.0000 3976 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
10:19:18.0203 3976 winmgmt - ok
10:19:18.0265 3976 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
10:19:18.0343 3976 WmdmPmSN - ok
10:19:18.0390 3976 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
10:19:18.0593 3976 WmiApSrv - ok
10:19:18.0703 3976 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
10:19:18.0796 3976 WMPNetworkSvc - ok
10:19:18.0859 3976 [ CF4DEF1BF66F06964DC0D91844239104 ] WpdUsb C:\WINDOWS\system32\DRIVERS\wpdusb.sys
10:19:18.0906 3976 WpdUsb - ok
10:19:18.0937 3976 WSearch - ok
10:19:19.0000 3976 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
10:19:19.0234 3976 WSTCODEC - ok
10:19:19.0312 3976 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
10:19:19.0515 3976 wuauserv - ok
10:19:19.0578 3976 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
10:19:19.0656 3976 WudfPf - ok
10:19:19.0687 3976 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
10:19:19.0703 3976 WudfRd - ok
10:19:19.0734 3976 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
10:19:19.0781 3976 WudfSvc - ok
10:19:19.0859 3976 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
10:19:20.0125 3976 WZCSVC - ok
10:19:20.0156 3976 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
10:19:20.0359 3976 xmlprov - ok
10:19:20.0390 3976 ================ Scan global ===============================
10:19:20.0453 3976 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
10:19:20.0515 3976 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
10:19:20.0531 3976 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
10:19:20.0546 3976 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
10:19:20.0562 3976 [Global] - ok
10:19:20.0562 3976 ================ Scan MBR ==================================
10:19:20.0578 3976 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
10:19:20.0984 3976 \Device\Harddisk0\DR0 - ok
10:19:20.0984 3976 ================ Scan VBR ==================================
10:19:20.0984 3976 [ 011901576EE4D74B2C8019CDFA89B7F7 ] \Device\Harddisk0\DR0\Partition1
10:19:21.0000 3976 \Device\Harddisk0\DR0\Partition1 - ok
10:19:21.0000 3976 ============================================================
10:19:21.0000 3976 Scan finished
10:19:21.0000 3976 ============================================================
10:19:21.0125 3692 Detected object count: 9
10:19:21.0125 3692 Actual detected object count: 9
10:19:50.0265 3692 C:\WINDOWS\system32\DRIVERS\ACPI.sys - copied to quarantine
10:19:50.0531 3692 Backup copy found, using it..
10:19:50.0562 3692 C:\WINDOWS\system32\DRIVERS\ACPI.sys - will be cured on reboot
10:19:50.0562 3692 ACPI ( Virus.Win32.Rloader.a ) - User select action: Cure
10:19:50.0562 3692 AWINDIS5 ( UnsignedFile.Multi.Generic ) - skipped by user
10:19:50.0562 3692 AWINDIS5 ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:19:50.0562 3692 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
10:19:50.0562 3692 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:19:50.0562 3692 Netaapl ( UnsignedFile.Multi.Generic ) - skipped by user
10:19:50.0562 3692 Netaapl ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:19:50.0578 3692 sonypvs1 ( UnsignedFile.Multi.Generic ) - skipped by user
10:19:50.0578 3692 sonypvs1 ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:19:50.0578 3692 UTSCSI ( UnsignedFile.Multi.Generic ) - skipped by user
10:19:50.0578 3692 UTSCSI ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:19:50.0578 3692 VAIO Entertainment TV Device Arbitration Service ( UnsignedFile.Multi.Generic ) - skipped by user
10:19:50.0578 3692 VAIO Entertainment TV Device Arbitration Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:19:50.0578 3692 VAIO Event Service ( UnsignedFile.Multi.Generic ) - skipped by user
10:19:50.0578 3692 VAIO Event Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:19:50.0593 3692 VzCdbSvc ( UnsignedFile.Multi.Generic ) - skipped by user
10:19:50.0593 3692 VzCdbSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:19:58.0703 2360 Deinitialize success
  • 0

#50
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,023 posts
TDSSKiller did catch another baddy.

Just a couple more and all going well, we will be good to go to clearing away the tools we have been using.

Next one now

Please download ComboFix from one of this location:

Link

* IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.

  • Double click on ComboFix.exe & follow the prompts.
  • Your desktop may go blank. This is normal.
  • ComboFix may reboot your machine. This is normal too.

**Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall**

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.
  • 0

#51
ferhampshire

ferhampshire

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
ComboFix ran smoothly, no white screens nor reboots :) Now, this is the log:


ComboFix 13-04-09.01 - Marita XoXo 04/11/2013 12:07:16.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.512 [GMT -7:00]
Running from: c:\documents and settings\Marita XoXo\Desktop\ComboFix.exe
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\E0413FE940FCAC790000E0405FB0B44C
c:\documents and settings\All Users\Application Data\E0413FE940FCAC790000E0405FB0B44C\E0413FE940FCAC790000E0405FB0B44C
c:\documents and settings\All Users\Application Data\E0413FE940FCAC790000E0405FB0B44C\E0413FE940FCAC790000E0405FB0B44C.ico
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\Marita XoXo\Application Data\Help\coredb\storage
c:\documents and settings\Marita XoXo\Application Data\PriceGong
c:\documents and settings\Marita XoXo\Application Data\PriceGong\Data\1.xml
c:\documents and settings\Marita XoXo\Application Data\PriceGong\Data\a.xml
c:\documents and settings\Marita XoXo\Application Data\PriceGong\Data\b.xml
c:\documents and settings\Marita XoXo\Application Data\PriceGong\Data\c.xml
c:\documents and settings\Marita XoXo\Application Data\PriceGong\Data\d.xml
c:\documents and settings\Marita XoXo\Application Data\PriceGong\Data\e.xml
c:\documents and settings\Marita XoXo\Application Data\PriceGong\Data\f.xml
c:\documents and settings\Marita XoXo\Application Data\PriceGong\Data\g.xml
c:\documents and settings\Marita XoXo\Application Data\PriceGong\Data\h.xml
c:\documents and settings\Marita XoXo\Application Data\PriceGong\Data\i.xml
c:\documents and settings\Marita XoXo\Application Data\PriceGong\Data\J.xml
c:\documents and settings\Marita XoXo\Application Data\PriceGong\Data\k.xml
c:\documents and settings\Marita XoXo\Application Data\PriceGong\Data\l.xml
c:\documents and settings\Marita XoXo\Application Data\PriceGong\Data\m.xml
c:\documents and settings\Marita XoXo\Application Data\PriceGong\Data\mru.xml
c:\documents and settings\Marita XoXo\Application Data\PriceGong\Data\n.xml
c:\documents and settings\Marita XoXo\Application Data\PriceGong\Data\o.xml
c:\documents and settings\Marita XoXo\Application Data\PriceGong\Data\p.xml
c:\documents and settings\Marita XoXo\Application Data\PriceGong\Data\q.xml
c:\documents and settings\Marita XoXo\Application Data\PriceGong\Data\r.xml
c:\documents and settings\Marita XoXo\Application Data\PriceGong\Data\s.xml
c:\documents and settings\Marita XoXo\Application Data\PriceGong\Data\t.xml
c:\documents and settings\Marita XoXo\Application Data\PriceGong\Data\u.xml
c:\documents and settings\Marita XoXo\Application Data\PriceGong\Data\v.xml
c:\documents and settings\Marita XoXo\Application Data\PriceGong\Data\w.xml
c:\documents and settings\Marita XoXo\Application Data\PriceGong\Data\x.xml
c:\documents and settings\Marita XoXo\Application Data\PriceGong\Data\y.xml
c:\documents and settings\Marita XoXo\Application Data\PriceGong\Data\z.xml
C:\Install.exe
c:\program files\LP
c:\program files\LP\C1AE\1.tmp
c:\program files\LP\C1AE\10.tmp
c:\program files\LP\C1AE\11.tmp
c:\program files\LP\C1AE\12.tmp
c:\program files\LP\C1AE\124.tmp
c:\program files\LP\C1AE\125.tmp
c:\program files\LP\C1AE\13.tmp
c:\program files\LP\C1AE\131.tmp
c:\program files\LP\C1AE\14.tmp
c:\program files\LP\C1AE\141.tmp
c:\program files\LP\C1AE\15.tmp
c:\program files\LP\C1AE\16.tmp
c:\program files\LP\C1AE\17.tmp
c:\program files\LP\C1AE\17A.tmp
c:\program files\LP\C1AE\17B.tmp
c:\program files\LP\C1AE\18.tmp
c:\program files\LP\C1AE\188.tmp
c:\program files\LP\C1AE\189.tmp
c:\program files\LP\C1AE\19.tmp
c:\program files\LP\C1AE\194.tmp
c:\program files\LP\C1AE\195.tmp
c:\program files\LP\C1AE\1A.tmp
c:\program files\LP\C1AE\1A1.tmp
c:\program files\LP\C1AE\1A2.tmp
c:\program files\LP\C1AE\1A3.tmp
c:\program files\LP\C1AE\1AC.tmp
c:\program files\LP\C1AE\1AD.tmp
c:\program files\LP\C1AE\1AE.tmp
c:\program files\LP\C1AE\1AF.tmp
c:\program files\LP\C1AE\1B.tmp
c:\program files\LP\C1AE\1C.tmp
c:\program files\LP\C1AE\1C9.tmp
c:\program files\LP\C1AE\1D.tmp
c:\program files\LP\C1AE\1E.tmp
c:\program files\LP\C1AE\1F.tmp
c:\program files\LP\C1AE\1FD.tmp
c:\program files\LP\C1AE\1FF.tmp
c:\program files\LP\C1AE\2.tmp
c:\program files\LP\C1AE\20.tmp
c:\program files\LP\C1AE\200.tmp
c:\program files\LP\C1AE\21.exe
c:\program files\LP\C1AE\21.tmp
c:\program files\LP\C1AE\22.tmp
c:\program files\LP\C1AE\23.tmp
c:\program files\LP\C1AE\23F.tmp
c:\program files\LP\C1AE\24.tmp
c:\program files\LP\C1AE\242.tmp
c:\program files\LP\C1AE\243.tmp
c:\program files\LP\C1AE\246.tmp
c:\program files\LP\C1AE\24D.tmp
c:\program files\LP\C1AE\24E.tmp
c:\program files\LP\C1AE\25.tmp
c:\program files\LP\C1AE\26.tmp
c:\program files\LP\C1AE\27.tmp
c:\program files\LP\C1AE\29.tmp
c:\program files\LP\C1AE\2E4.tmp
c:\program files\LP\C1AE\3.tmp
c:\program files\LP\C1AE\326.tmp
c:\program files\LP\C1AE\327.tmp
c:\program files\LP\C1AE\332.tmp
c:\program files\LP\C1AE\33F.tmp
c:\program files\LP\C1AE\396.tmp
c:\program files\LP\C1AE\4.tmp
c:\program files\LP\C1AE\43.tmp
c:\program files\LP\C1AE\451.tmp
c:\program files\LP\C1AE\48.tmp
c:\program files\LP\C1AE\4B3.tmp
c:\program files\LP\C1AE\5.tmp
c:\program files\LP\C1AE\6.tmp
c:\program files\LP\C1AE\7.tmp
c:\program files\LP\C1AE\8.tmp
c:\program files\LP\C1AE\9.tmp
c:\program files\LP\C1AE\A.tmp
c:\program files\LP\C1AE\B.tmp
c:\program files\LP\C1AE\C.tmp
c:\program files\LP\C1AE\D.tmp
c:\program files\LP\C1AE\E.tmp
c:\program files\LP\C1AE\E4.tmp
c:\program files\LP\C1AE\F.tmp
C:\Thumbs.db
c:\windows\setup.exe
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\system32\Thumbs.db
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
c:\windows\system32\URTTemp\regtlib.exe
.
.
((((((((((((((((((((((((( Files Created from 2013-03-11 to 2013-04-11 )))))))))))))))))))))))))))))))
.
.
2013-04-11 17:19 . 2013-04-11 17:19 -------- d-----w- C:\TDSSKiller_Quarantine
2013-04-07 20:26 . 2013-04-11 07:22 -------- d-----w- C:\i386
2013-04-07 18:03 . 2013-04-07 18:03 -------- d-----w- C:\_OTL
2013-04-07 18:03 . 2011-07-12 22:55 2237440 ----a-w- C:\OTLPE.exe
2013-04-07 17:55 . 2013-04-07 14:37 331805736 ----a-w- C:\WindowsXP-KB936929-SP3-x86-ENU.exe
2013-04-06 23:56 . 2013-04-06 23:56 -------- d-----w- C:\FRST
2013-04-06 03:40 . 2013-04-06 03:48 -------- d-----w- c:\documents and settings\All Users\Application Data\HitmanPro
2013-04-06 02:03 . 2013-04-06 02:03 -------- d-----w- c:\documents and settings\Marita XoXo\Application Data\Malwarebytes
2013-04-06 01:36 . 2013-04-06 01:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2013-04-06 01:36 . 2013-04-11 07:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-04-06 01:36 . 2013-04-04 21:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-04-06 01:25 . 2013-04-06 01:25 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2013-04-06 01:21 . 2013-04-06 01:22 -------- d-----w- c:\documents and settings\Administrator
2013-03-18 00:09 . 2013-03-18 00:09 -------- d-----w- c:\program files\Common Files\Skype
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-04-11 17:21 . 2004-08-03 23:07 187776 ----a-w- c:\windows\system32\drivers\acpi.sys
2013-03-22 02:26 . 2012-05-03 07:03 693976 -c--a-w- c:\windows\system32\FlashPlayerApp.exe
2013-03-22 02:26 . 2012-02-07 20:06 73432 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-03-08 09:33 . 2013-03-08 09:33 263064 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Facebook Update"="c:\documents and settings\Marita XoXo\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe" [2012-07-12 138096]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2013-01-08 18705664]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-06-12 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-06-12 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-06-12 137752]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-05-26 1512744]
"AzMixerSel"="c:\program files\Realtek\Audio\Drivers\AzMixerSel.exe" [2009-05-14 53248]
"VAIO Recovery"="c:\windows\Sonysys\VAIO Recovery\PartSeal.exe" [2008-08-22 18432]
"SonyPowerCfg"="c:\program files\Sony\VAIO Power Management\SPMgr.exe" [2009-03-26 217088]
"Switcher.exe"="c:\program files\Sony\Wireless Switch Setting Utility\Switcher.exe" [2008-07-22 503808]
"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2008-05-16 315392]
"VAIO Update 4"="c:\program files\Sony\VAIO Update 4\VAIOUpdt.exe" [2008-06-12 866144]
"PartSeal"="c:\windows\Sonysys\VAIO Recovery\PartSeal.exe" [2008-08-22 18432]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-30 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-03-07 421160]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-18 946352]
.
c:\documents and settings\Marita XoXo\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2009-03-18 16:02 73728 ----a-w- c:\windows\system32\VESWinlogon.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
.
R2 RaAutoInstSrv_AM10;Cisco Valet Connector Service;c:\program files\Cisco Systems\Cisco Valet Connector\CiscoAdapterSvc.exe [12/25/2012 1:22 PM 529024]
R2 uCamMonitor;CamMonitor;c:\program files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [6/24/2009 4:21 AM 104960]
R2 VCFw;VAIO Content Folder Watcher;c:\program files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [1/14/2009 1:38 PM 5184872]
R3 5U876UVC;Sony Visual Communication Camera;c:\windows\system32\drivers\5U876.sys [6/24/2009 3:01 AM 91776]
R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\drivers\ArcSoftKsUFilter.sys [6/24/2009 4:21 AM 14336]
R3 AWINDIS5;AWINDIS5 Protocol Driver;c:\windows\system32\AWINDIS5.SYS [6/24/2009 2:33 AM 16194]
R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [6/23/2009 9:49 AM 39424]
S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [4/5/2013 6:36 PM 418376]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [4/5/2013 6:36 PM 701512]
S2 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [1/31/2013 11:38 AM 3289208]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [1/8/2013 12:55 PM 161536]
S3 AM10;Cisco AM10 Driver;c:\windows\system32\drivers\AM10XP.sys [12/25/2012 1:22 PM 816672]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [6/24/2009 2:24 AM 1684736]
S3 hitmanpro37;HitmanPro 3.7 Support Driver;\??\c:\windows\system32\drivers\hitmanpro37.sys --> c:\windows\system32\drivers\hitmanpro37.sys [?]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [4/5/2013 6:36 PM 22856]
S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [1/19/2010 11:16 PM 17408]
S3 SOHCImp;VAIO Media plus Content Importer;c:\program files\Common Files\Sony Shared\SOHLib\SOHCImp.exe [6/24/2009 4:29 AM 120104]
S3 SOHDBSvr;VAIO Media plus Database Manager;c:\program files\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe [6/24/2009 4:29 AM 70952]
S3 SOHDms;VAIO Media plus Digital Media Server;c:\program files\Common Files\Sony Shared\SOHLib\SOHDms.exe [6/24/2009 4:29 AM 390440]
S3 SOHDs;VAIO Media plus Device Searcher;c:\program files\Common Files\Sony Shared\SOHLib\SOHDs.exe [6/24/2009 4:29 AM 75048]
S3 SOHPlMgr;VAIO Media plus Playlist Manager;c:\program files\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe [6/24/2009 4:29 AM 91432]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 12590272
*NewlyCreated* - 46953564
*Deregistered* - 12590272
*Deregistered* - 46953564
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{59e8dce8-3307-11df-bafd-0026433d86e1}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe ie.vbs
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7e55a2eb-5e58-11e1-bcd4-001f3afa8c1a}]
\Shell\AutoRun\command - G:\Autorun.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8266ae36-268e-11e0-bbfb-001f3afa8c1a}]
\Shell\AutoRun\command - F:\urDrive.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-03-19 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 20:34]
.
2013-03-28 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-86660588-3392484834-3996328194-1006Core.job
- c:\documents and settings\Marita XoXo\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [2012-06-07 12:10]
.
2013-04-11 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-86660588-3392484834-3996328194-1006UA.job
- c:\documents and settings\Marita XoXo\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [2012-06-07 12:10]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.ask.com/?l=dis&o=15387
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.1.1 24.200.241.37 24.202.72.13
FF - ProfilePath - c:\documents and settings\Marita XoXo\Application Data\Mozilla\Firefox\Profiles\z9zagv29.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 51414
FF - prefs.js: network.proxy.type - 0
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe
HKLM-Run-Wondershare Helper Compact.exe - c:\program files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
SafeBoot-46953564.sys
AddRemove-com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 - c:\program files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-04-11 12:18
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(732)
c:\windows\system32\VESWinlogon.dll
.
Completion time: 2013-04-11 12:22:21
ComboFix-quarantined-files.txt 2013-04-11 19:22
.
Pre-Run: 37,861,609,472 bytes free
Post-Run: 37,801,705,472 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
.
- - End Of File - - 8BAC58C188E1E268A9C8B26444EFFEDE
  • 0

#52
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,023 posts
Hello ferhampshire,

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

KillAll::

Driver::
hitmanpro37

File::
c:\windows\system32\drivers\hitmanpro37.sys

Reboot::


Save this as CFScript.txt, in the same location as ComboFix.exe

Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it will produce a log for you at C:\ComboFix.txt. Please post that here for further review.

After that

Note: this is different to OTLPE that we used earlier.

  • Download OTL to your desktop.
  • Double click on the icon to run it.
  • Under the Custom Scans/Fixes box at the bottom, paste in the following


    :Reg
    [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]

    [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]

    [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]

    [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • It will produce a log for you on reboot, please post that log in your next reply.
So when you return please post
  • ComboFix.txt
  • OTL.txt

  • 0

#53
ferhampshire

ferhampshire

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
Hi emeraldnzl!! Ok so I have attached the requested logs :)

Attached Files


  • 0

#54
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,023 posts
Hello again ferhampshire,

All looking good. :)

Almost there now. Just one last scan to make sure we haven't missed anything and then we will clear away the tools we have been using.

Please run a free online scan with the ESET Online Scanner

Vista / Win7 users: Right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator.

Note: This scan works with Internet Explorer or Mozilla FireFox.

If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.

  • Click the green ESET Online Scanner box
  • Tick the box next to YES, I accept the Terms of Use
    then click on: Start
  • You may see a panel towards the top of the screen telling you the website wants to install an addon... click and allow it to install. If your firewall asks whether you want to allow installation, say yes.
  • Make sure that the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click on Start
  • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close, make sure you copy the logfile first!
  • Then click on: Finish
  • Use notepad to open the logfile located at C:\Program Files (x86)\ESET\ESET Online Scanner\log.txt.
  • Copy and paste that log as a reply to this topic.

  • 0

#55
ferhampshire

ferhampshire

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
Hi emeraldnzl! I followed the steps in your last post...ESET found 3 threats and when it finished it didn't give me alog...I searched for it but was unable to find it so I ran another scan and this time it didn't find any threats and still didn't get a log....
  • 0

Advertisements


#56
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,023 posts
How is your machine now?
  • 0

#57
ferhampshire

ferhampshire

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
It works great, no problems whatsoever since it rebooted normally yesterday :)
  • 0

#58
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,023 posts
Hello ferhampshire,

I think your machines is good to go now. :thumbsup:

It's been a pleasure working with you. :)

We have a couple of last steps to perform and then you're all set.

Follow these steps to uninstall Combofix and tools used in the removal of malware. This will also clean out and reset your Restore Points.

  • Go to Start > Programs > Accessories and click on Run
  • Copy and paste the the bolded text below in the box then hit OK

    Combofix /Uninstall

    Posted Image
Step 2
  • Double-click OTL.exe to run it. (Vista users, please right click on OTL.exe and select "Run as an Administrator")
  • Click on the CleanUp! button
  • Click Yes to begin the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.
To uninstall ESET OnlineScanner

Go to Start and type in the Search programs and files box ESET

Click on the ESET folder

Right Click on OnlineScannerUninstaller and run as Administrator

Click yes to run

Any other tools remaining may be deleted.

-------------------------------------------------------------------------------------------------------------------

A reminder: Remember to (re-install if uninstalled during cleaning) update and turn back on any anti-malware programs you may have turned off during the cleaning process.
-------------------------------------------------------------------------------------------------------------------

Here are some things that I think are worth having a look at if you don't already know about them:

---------------------------------------------------------------------------------------------------------------------

It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article Strong passwords: How to create and use them.

----------------------------------------------------------------------------------------------------------------------

Regularly check that your Java is up to date. Older versions are vunerable to malicious attack.

  • Download Java for Windows

    Reboot your computer.
    You also need to unininstall older versions of Java.
  • Click Start > Control Panel > Add or Remove Programs
  • Remove all Java updates except the latest one you have just installed.
--------------------------------------------------------------------------------------------------------------------

To help protect your computer in the future:



If you do not already have automatic updates set then it is recommended that you do set Windows to check, download and install your updates automatically.

* Click Start > Control Panel > System and Security > Windows Update
* Under Windows Update click on Turn automatic updating on or off
* Check items shown to ensure you receive updates automatically. Click OK.

Here are three good antivirus free for personal use:Here are two good firewalls free for personal use:


Microsoft Security Essentials together with Windows Firewall (which comes with Windows) is probably a good choice for the run of the mill user. This because it is light on resources, it is unobtrusive (it works away in the background without interrupting) and you don't have to be an expert. Firewalls have a habit of flagging suspicious files and asking the user to decide whether to accept the file or not. Often the run of the mill user has no idea about what a particular file does and just says no to everything... down the track they wonder why programs they use regularly suddenly stop working or maybe they try and download something they frequently downloaded in the past but now find they can't.

Note: Do not use more than one anti-virus or firewall. Running two or more real-time anti-virus, anti-spyware and firewall monitors at the same time can cause a conflict. That conflict can result in slow computer performance, error messages, crashes of the programs or other types of failure. You will very likely end up with little or no protection.

Note 2: If you are already running a anti-spyware program e.g. Malwarbytes you may need to configure it to run with your AV otherwise you may have conflict. Uninstalling it and reinstalling it after you have installed your AV may be sufficient.

Be aware of what emails you open and websites you visit.

Go here for some good advice about how to prevent infection.

A fun way to check your online safety literacy.

Quiz - getsafeonline

Have a safe and happy computing day!
  • 0

#59
ferhampshire

ferhampshire

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
Hello emeraldnzl, I followed your last instructions and I was unable to perform some of them, but it doesn't matter, the computer works perfectly and I haven't had any more issues! I really wanna thank you for all your help, it was a learning process and I love the way your tutorials were so well explained and easy to follow....Thank you for staying with me and helping me all the way til the end :) I'm gonna make sure I click that donate button, I can't give much because I am really broke, otherwise I would have gotten it fixed at a shop but my financial situation it's not the best right now, but I will donate something for your kind help.....Again, Thank you very much and have a great day!!!! :)
  • 0

#60
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,023 posts

I'm gonna make sure I click that donate button, I can't give much because I am really broke,


Don't worry about that it's the thought that counts. :)

.Again, Thank you very much and have a great day!!!!


You are very welcome. I will keep this topic open for a day or two in case any issues arise. :happy:
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP