Jump to content


Photo

Hijacked Broswer, my analyzed log


  • This topic is locked This topic is locked
44 replies to this topic

#1 LuckysRevenge

LuckysRevenge

    Member

  • Helper Trainee
  • Pip
  • 27 posts

Posted 16 January 2012 - 06:00 PM

I use SUPERAntiSpyware, Malwarebytes, and TDSSKiller. All of these originally found and removed Trojans and Adware Tracking Cookies. Now they come up with no threats found. But every time I try to search something in Google (or any search engine) I see the link that I need. I know it's a legitimate link. I click it, it tries to go to said site, and then redirects to something with ads with what I searched. I uninstalled Firefox and resintalled it. Still there. I also tried downloading Google Chrome to see if it's just affected Firefox. It does the same on Google Chrome. So my friend told me about Hijack This! And now I'm posting my log. I hope someone can help me. Thanks for your time! Below is a copy of my log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 5:56:08 PM, on 1/16/2012
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16722)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe
C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files (x86)\MAGIX\Music_Maker_17_Premium_Download_Version

\MusicMaker.exe
C:\firefox.exe
C:\plugin-container.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =

http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows

\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride =

*.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:

\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} -

C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live

\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:

\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:

\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -

C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9}

- C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-

54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in

\TOSHIBAMediaControllerIE.dll
O3 - Toolbar: (no name) - {5911488E-9D1E-40ec-8CBB-06B231CC153F} - (no file)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program

Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKCU\..\Run: [DW6] "C:\Program Files (x86)\The Weather Channel FW\Desktop

\DesktopWeather.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware

\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search &

Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe

/autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User

'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe

/autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User

'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:

\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google

\Google Toolbar\Component

\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program

Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-

491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer

\WriterBrowserExtension.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} -

C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-

AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer

\skypeieplugin.dll
O15 - Trusted Zone: http://*.machinaesupremacy.com
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:

\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program

Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:

\windows\System32\alg.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:

\windows\System32\lsass.exe (file missing)
O23 - Service: FABS - Helping agent for MAGIX media database (Fabs) - MAGIX AG -

C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:

\windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program

Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:

\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files

(x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows

\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows

\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown

owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) -

Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner

- C:\windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner -

C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown

owner - C:\windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner -

C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner

- C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files (x86)\TOSHIBA

\TOSHIBA Service Station\TMachInfo.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - Unknown owner - C:

\Windows\system32\TODDSrv.exe (file missing)
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program

Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA HDD SSD Alert Service - TOSHIBA Corporation - C:\Program

Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
O23 - Service: TVersity Media Server (TVersityMediaServer) - Unknown owner - C:

\ProgramData\TVersity\Media Server\MediaServer.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown

owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown

owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:

\windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:

\windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) -

Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown

owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) -

Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101

(WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player

\wmpnetwk.exe (file missing)

--
End of file - 8646 bytes

Edit: Please read the Forum FAQ and post the other requested logs. We need the information in order to help you. And please don't double-space. Turn word wrap off in Notepad. :)

Edited by cnm, 16 January 2012 - 06:31 PM.


#2 cnm

cnm

    Mother Lion of SWI

  • Administrators
  • PipPipPipPipPip
  • 25,281 posts

Posted 17 January 2012 - 06:25 PM

Please read the Forum FAQ and post the other requested logs. We need the information in order to help you. And please don't double-space. Turn word wrap off in Notepad. :)

Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE


#3 LuckysRevenge

LuckysRevenge

    Member

  • Helper Trainee
  • Pip
  • 27 posts

Posted 19 January 2012 - 05:27 AM

Please read the Forum FAQ and post the other requested logs. We need the information in order to help you. And please don't double-space. Turn word wrap off in Notepad. :)


Will do :) Sorry about that

#4 cnm

cnm

    Mother Lion of SWI

  • Administrators
  • PipPipPipPipPip
  • 25,281 posts

Posted 28 January 2012 - 08:22 PM

Due to the lack of feedback this Topic is closed.

[Reopened]

Everyone else please begin a New Topic.

Edited by cnm, 01 February 2012 - 07:12 PM.

Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE


#5 cnm

cnm

    Mother Lion of SWI

  • Administrators
  • PipPipPipPipPip
  • 25,281 posts

Posted 01 February 2012 - 07:11 PM

Reopened at request of topic owner.

Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE


#6 LuckysRevenge

LuckysRevenge

    Member

  • Helper Trainee
  • Pip
  • 27 posts

Posted 01 February 2012 - 07:44 PM

Since I have been offline my MalwareBytes keeps finding something called PUP.Bitminer. It removes it but it does randomly come back. The last scan I did still found nothing, but I posted the log. I get a random webpage that pops up in a new tab on my Firefox that immediately goes to some fake News site. I click to exit the tab and it goes are you sure you want to leave this page? And I click Leave Page and it goes away. It also sometimes redirects when I click links in my Google searches, but that has stopped somewhat. But it does happen randomly.

Here are the logs I have gathered so far. These should be spaced correctly too, I hope I'm posting it right this time. Starting with:

DDS:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26
Run by Lucky at 18:41:31 on 2012-02-01
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.1916.823 [GMT -5:00]
.
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\ProgramData\TVersity\Media Server\MediaServer.exe
C:\windows\system32\SearchIndexer.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\windows\system32\taskhost.exe
C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Windows Media Player\wmprph.exe
C:\windows\SysWOW64\svchost.exe -k Akamai
C:\Program Files (x86)\BitTorrent\bittorrent.exe
C:\windows\system32\taskhost.exe
C:\Program Files (x86)\Windows Media Player\wmplayer.exe
C:\firefox.exe
C:\windows\SysWOW64\ping.exe
C:\windows\system32\conhost.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\system32\DllHost.exe
C:\windows\system32\DllHost.exe
C:\windows\SysWOW64\cmd.exe
C:\windows\system32\conhost.exe
C:\windows\SysWOW64\cscript.exe
C:\windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
uSearch Bar =
mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
uInternet Settings,ProxyOverride = *.local
mSearchAssistant =
mWinlogon: Userinit=userinit.exe,
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: TOSHIBA Media Controller Plug-in: {f3c88694-effa-4d78-b409-54b7b2535b14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
TB: {5911488E-9D1E-40ec-8CBB-06B231CC153F} - No File
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
TB: {66BD2442-241B-44CD-8C7A-B51037053CDB} - No File
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
LSP: mswsock.dll
Trusted Zone: machinaesupremacy.com
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: DhcpNameServer = 192.168.254.254
TCP: Interfaces\{240F3405-47D9-4F9F-8B58-A73D50B217CE} : DhcpNameServer = 192.168.254.254
TCP: Interfaces\{240F3405-47D9-4F9F-8B58-A73D50B217CE}\142726977237 : DhcpNameServer = 66.255.85.8 66.255.85.9
TCP: Interfaces\{240F3405-47D9-4F9F-8B58-A73D50B217CE}\2456C6B696E6F5E4F575962756C6563737F5637373633423 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{240F3405-47D9-4F9F-8B58-A73D50B217CE}\3507565646C496E6B637 : DhcpNameServer = 166.102.165.11 166.102.165.13 4.2.2.2
TCP: Interfaces\{240F3405-47D9-4F9F-8B58-A73D50B217CE}\7596C6C69616D637F6E60284F6D656 : DhcpNameServer = 68.87.73.246 68.87.71.230
TCP: Interfaces\{240F3405-47D9-4F9F-8B58-A73D50B217CE}\96D284F64756C6 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{240F3405-47D9-4F9F-8B58-A73D50B217CE}\B496165447F677E6 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{F5D895CD-7717-4AC0-AC47-71861EA45EB2} : DhcpNameServer = 192.168.1.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 consrv:ConServerDllInitialization,2 sxssrv,4
BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO-X64: 0x1 - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
TB-X64: {5911488E-9D1E-40ec-8CBB-06B231CC153F} - No File
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB-X64: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
TB-X64: {66BD2442-241B-44CD-8C7A-B51037053CDB} - No File
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Lucky\AppData\Roaming\Mozilla\Firefox\Profiles\z24e82vg.default\
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [2011-7-18 140672]
R2 Akamai;Akamai NetSession Interface;C:\windows\System32\svchost.exe -k Akamai [2009-7-13 20992]
R2 Fabs;FABS - Helping agent for MAGIX media database;C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [2009-8-27 1253376]
R3 FwLnk;FwLnk Driver;C:\windows\system32\DRIVERS\FwLnk.sys --> C:\windows\system32\DRIVERS\FwLnk.sys [?]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\windows\system32\DRIVERS\L1C62x64.sys --> C:\windows\system32\DRIVERS\L1C62x64.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\windows\system32\DRIVERS\vwifimp.sys --> C:\windows\system32\DRIVERS\vwifimp.sys [?]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-12-23 135664]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-12-23 135664]
S3 LVUSBS64;Logitech USB Monitor Filter;C:\windows\system32\drivers\LVUSBS64.sys --> C:\windows\system32\drivers\LVUSBS64.sys [?]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\system32\Drivers\RtsUStor.sys --> C:\windows\system32\Drivers\RtsUStor.sys [?]
S3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2010-6-18 51512]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-2-5 137560]
S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\system32\Drivers\usbaapl64.sys --> C:\windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?]
S4 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2008-8-7 3276800]
.
=============== Created Last 30 ================
.
2012-02-01 04:37:45 -------- d-----w- C:\updates
2012-01-31 00:53:11 -------- d-----w- C:\TDSSKiller_Quarantine
2012-01-19 13:34:57 -------- d-----w- C:\torrents
2012-01-17 22:16:20 -------- d-----w- C:\searchplugins
2012-01-17 22:16:20 -------- d-----w- C:\hyphenation
2012-01-17 22:16:20 -------- d-----w- C:\extensions
2012-01-17 22:16:20 -------- d-----w- C:\dictionaries
2012-01-17 22:16:20 -------- d-----w- C:\defaults
2012-01-17 22:16:20 -------- d-----w- C:\components
2012-01-17 22:16:15 -------- d-----w- C:\nss91B1.tmp
2012-01-17 00:01:55 982912 ----a-w- C:\windows\System32\drivers\dxgkrnl.sys
2012-01-16 23:37:19 961024 ----a-w- C:\windows\System32\CPFilters.dll
2012-01-16 23:37:19 642048 ----a-w- C:\windows\SysWow64\CPFilters.dll
2012-01-16 23:37:18 850432 ----a-w- C:\windows\SysWow64\sbe.dll
2012-01-16 23:37:18 259072 ----a-w- C:\windows\System32\mpg2splt.ax
2012-01-16 23:37:18 199680 ----a-w- C:\windows\SysWow64\mpg2splt.ax
2012-01-16 23:37:18 1118720 ----a-w- C:\windows\System32\sbe.dll
2012-01-16 23:37:15 43520 ----a-w- C:\windows\System32\csrsrv.dll
2012-01-16 23:37:13 499712 ----a-w- C:\windows\System32\drivers\afd.sys
2012-01-16 23:35:47 461312 ----a-w- C:\windows\System32\drivers\srv.sys
2012-01-16 23:34:55 723456 ----a-w- C:\windows\System32\EncDec.dll
2012-01-16 23:34:55 534528 ----a-w- C:\windows\SysWow64\EncDec.dll
2012-01-16 23:34:43 5507968 ----a-w- C:\windows\System32\ntoskrnl.exe
2012-01-16 23:34:41 3957120 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe
2012-01-16 23:34:41 3902336 ----a-w- C:\windows\SysWow64\ntoskrnl.exe
2012-01-16 23:34:38 77312 ----a-w- C:\windows\System32\packager.dll
2012-01-16 23:34:38 67072 ----a-w- C:\windows\SysWow64\packager.dll
2012-01-16 23:34:29 2048 ----a-w- C:\windows\SysWow64\tzres.dll
2012-01-16 23:34:29 2048 ----a-w- C:\windows\System32\tzres.dll
2012-01-16 23:33:48 1739160 ----a-w- C:\windows\System32\ntdll.dll
2012-01-16 23:33:47 1292592 ----a-w- C:\windows\SysWow64\ntdll.dll
2012-01-16 23:29:33 3141632 ----a-w- C:\windows\System32\win32k.sys
2012-01-16 23:29:31 90624 ----a-w- C:\windows\System32\drivers\bowser.sys
2012-01-16 22:29:56 388096 ----a-r- C:\Users\Lucky\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-01-16 22:29:55 -------- d-----w- C:\Program Files (x86)\Trend Micro
2012-01-16 20:27:36 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2012-01-16 20:27:36 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
.
==================== Find3M ====================
.
2012-01-17 00:01:55 662528 ----a-w- C:\windows\System32\XpsPrint.dll
2011-12-21 07:24:52 16096216 ----a-w- C:\xul.dll
2011-12-21 04:30:42 2106216 ----a-w- C:\D3DCompiler_43.dll
2011-12-21 04:30:42 1998168 ----a-w- C:\d3dx9_43.dll
2011-12-21 04:30:41 626688 ----a-w- C:\msvcr80.dll
2011-12-21 04:30:41 548864 ----a-w- C:\msvcp80.dll
2011-12-21 04:30:41 479232 ----a-w- C:\msvcm80.dll
2011-12-10 20:24:08 23152 ----a-w- C:\windows\System32\drivers\mbam.sys
2011-12-09 16:23:50 414368 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
.
============= FINISH: 18:42:54.53 ===============

HiJackThis:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:05:50 PM, on 2/1/2012
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\BitTorrent\bittorrent.exe
C:\Program Files (x86)\Windows Media Player\wmplayer.exe
C:\firefox.exe
C:\plugin-container.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
O3 - Toolbar: (no name) - {5911488E-9D1E-40ec-8CBB-06B231CC153F} - (no file)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: http://*.machinaesupremacy.com
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: FABS - Helping agent for MAGIX media database (Fabs) - MAGIX AG - C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - Unknown owner - C:\Windows\system32\TODDSrv.exe (file missing)
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA HDD SSD Alert Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
O23 - Service: TVersity Media Server (TVersityMediaServer) - Unknown owner - C:\ProgramData\TVersity\Media Server\MediaServer.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 8399 bytes

I am scanning with F-Secure Online Scanner right now. But it's at 99% and finding 0 on everything. Would you like me to still post the log when it is through? And if there are any other scans you would like me to do just let me know I'll get on them ASAP.

#7 cnm

cnm

    Mother Lion of SWI

  • Administrators
  • PipPipPipPipPip
  • 25,281 posts

Posted 01 February 2012 - 10:20 PM

Yes, you can post the results. But generally please don't run anything I haven't asked for as it becomes confusing.

Please uninstall BitTorrent.
File sharing is dangerous as it exposes your computer to the internet.
In many cases P2P programs also represent a risk of infection from the program itself, as some have installed adware/spyware, or other programs without consent. Even if the program itself is clean, many P2P networks are riddled with malware, and it's often the newest, most difficult to remove malware. There are many risks associated with P2P programs, none are worth the risks. If you don't uninstall the P2P software, we will continue to clean your system, but realize that it's likely only a matter of time before you are infected again.

After that:
Please download ComboFix.exe to your Desktop. Visit this webpage for download links, and instructions for running the tool:
how-to-use-combofix. Be sure to read the whole page and note the graphics so you know what to expect.

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please go here to see a list of programs that should be disabled.

**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall**

Please include the C:\ComboFix.txt in your next reply for further review, and let me know what problems remain. If ComboFix caused any error message, reboot again should fix it.

Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE


#8 LuckysRevenge

LuckysRevenge

    Member

  • Helper Trainee
  • Pip
  • 27 posts

Posted 02 February 2012 - 12:52 AM

Here is my ComboFix Log (I hope it was ok to copy and paste this. I was unsure if you wanted me to attach this or not, but I figured that copying and pasting was ok):

ComboFix 12-01-30.02 - Lucky 02/02/2012 0:29.1.1 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.1916.930 [GMT -5:00]
Running from: c:\users\Lucky\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\firefox.exe
C:\nspr4.dll
C:\nss3.dll
C:\plc4.dll
C:\plds4.dll
c:\programdata\TorrentEasy\extensions.exe
c:\programdata\TorrentEasy\fdmbtsupp.dll
C:\softokn3.dll
c:\windows\assembly\temp\@
c:\windows\assembly\temp\bckfg.tmp
c:\windows\assembly\temp\cfg.ini
c:\windows\assembly\temp\keywords
c:\windows\system32\Thumbs.db
c:\windows\System64
c:\windows\SysWow64\ReadMe.txt
.
.
((((((((((((((((((((((((( Files Created from 2012-01-02 to 2012-02-02 )))))))))))))))))))))))))))))))
.
.
2012-02-02 05:36 . 2012-02-02 05:36 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-02-02 00:20 . 2012-02-02 00:20 -------- d-----w- c:\users\Lucky\AppData\Roaming\f-secure
2012-02-02 00:20 . 2012-02-02 00:20 -------- d-----w- c:\programdata\F-Secure
2012-02-01 23:53 . 2012-02-01 23:53 388096 ----a-r- c:\users\Lucky\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-02-01 04:37 . 2012-02-01 04:37 -------- d-----w- C:\updates
2012-01-31 00:53 . 2012-01-31 00:53 -------- d-----w- C:\TDSSKiller_Quarantine
2012-01-19 13:34 . 2012-01-19 13:35 -------- d-----w- C:\torrents
2012-01-17 22:16 . 2012-01-17 22:16 -------- d-----w- C:\hyphenation
2012-01-17 22:16 . 2012-01-17 22:16 -------- d-----w- C:\extensions
2012-01-17 22:16 . 2012-01-17 22:16 -------- d-----w- C:\dictionaries
2012-01-17 22:16 . 2012-01-17 22:16 -------- d-----w- C:\defaults
2012-01-17 22:16 . 2012-01-17 22:16 -------- d-----w- C:\components
2012-01-17 22:16 . 2012-01-17 22:16 -------- d-----w- C:\searchplugins
2012-01-17 22:16 . 2012-01-17 22:16 -------- d-----w- C:\nss91B1.tmp
2012-01-17 00:01 . 2012-01-17 00:01 982912 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2012-01-16 23:37 . 2010-12-23 06:07 961024 ----a-w- c:\windows\system32\CPFilters.dll
2012-01-16 23:37 . 2010-12-23 05:28 642048 ----a-w- c:\windows\SysWow64\CPFilters.dll
2012-01-16 23:37 . 2010-12-23 06:07 1118720 ----a-w- c:\windows\system32\sbe.dll
2012-01-16 23:37 . 2010-12-23 06:02 259072 ----a-w- c:\windows\system32\mpg2splt.ax
2012-01-16 23:37 . 2010-12-23 05:28 850432 ----a-w- c:\windows\SysWow64\sbe.dll
2012-01-16 23:37 . 2010-12-23 05:24 199680 ----a-w- c:\windows\SysWow64\mpg2splt.ax
2012-01-16 23:37 . 2011-10-26 05:19 43520 ----a-w- c:\windows\system32\csrsrv.dll
2012-01-16 23:37 . 2011-04-25 02:44 499712 ----a-w- c:\windows\system32\drivers\afd.sys
2012-01-16 23:35 . 2011-04-29 03:13 461312 ----a-w- c:\windows\system32\drivers\srv.sys
2012-01-16 23:34 . 2011-10-15 06:25 723456 ----a-w- c:\windows\system32\EncDec.dll
2012-01-16 23:34 . 2011-10-15 05:48 534528 ----a-w- c:\windows\SysWow64\EncDec.dll
2012-01-16 23:34 . 2011-06-23 05:29 5507968 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-01-16 23:34 . 2011-06-23 04:38 3957120 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-01-16 23:34 . 2011-06-23 04:38 3902336 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-01-16 23:34 . 2011-11-19 15:07 77312 ----a-w- c:\windows\system32\packager.dll
2012-01-16 23:34 . 2011-11-19 14:06 67072 ----a-w- c:\windows\SysWow64\packager.dll
2012-01-16 23:34 . 2011-11-05 05:17 2048 ----a-w- c:\windows\system32\tzres.dll
2012-01-16 23:34 . 2011-11-05 04:30 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-01-16 23:33 . 2011-11-17 07:14 1739160 ----a-w- c:\windows\system32\ntdll.dll
2012-01-16 23:33 . 2011-11-17 05:41 1292592 ----a-w- c:\windows\SysWow64\ntdll.dll
2012-01-16 23:29 . 2011-11-24 05:00 3141632 ----a-w- c:\windows\system32\win32k.sys
2012-01-16 23:29 . 2011-02-23 05:15 90624 ----a-w- c:\windows\system32\drivers\bowser.sys
2012-01-16 22:29 . 2012-01-16 22:29 -------- d-----w- c:\program files (x86)\Trend Micro
2012-01-16 20:27 . 2012-02-02 05:16 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-01-16 20:27 . 2012-01-16 20:28 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-09 16:23 . 2011-08-09 15:11 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-24 135664]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-24 135664]
R3 LVUSBS64;Logitech USB Monitor Filter;c:\windows\system32\drivers\LVUSBS64.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-10-06 51512]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-02-06 137560]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2008-08-07 3276800]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-11-05 140672]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [2009-08-27 1253376]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-24 03:06]
.
2012-02-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-24 03:06]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2010-03-10 520760]
"combofix"="c:\combofix\CF7840.3XE" [2009-07-14 344576]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
Trusted Zone: machinaesupremacy.com
TCP: DhcpNameServer = 192.168.254.254
TCP: Interfaces\{F5D895CD-7717-4AC0-AC47-71861EA45EB2}: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
WebBrowser-{66BD2442-241B-44CD-8C7A-B51037053CDB} - (no file)
HKLM-Run-(Default) - (no file)
AddRemove-{FBBC4667-2521-4E78-B1BD-8706F774549B} - c:\programdata\{249B9E04-F0FC-434D-B0D8-12D3EDFF3B77}\Best Buy Software Installer Setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_e286960.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CakewalkPlugIns\*,*]
"Description"="Cakewal"
"HelpFilePath"=""
"HelpFileTopic"=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CakewalkPlugIns\*D*]
"Description"="Cakewal"
"HelpFilePath"=""
"HelpFileTopic"=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\programdata\TVersity\Media Server\MediaServer.exe
.
**************************************************************************
.
Completion time: 2012-02-02 00:45:16 - machine was rebooted
ComboFix-quarantined-files.txt 2012-02-02 05:45
.
Pre-Run: 1,765,203,968 bytes free
Post-Run: 1,603,289,088 bytes free
.
- - End Of File - - 90B1C8A39AA800DCED4A745F9587ABD7

Does it look like I might still be infected? What should I do now. Thanks again for your time and helping me.

#9 cnm

cnm

    Mother Lion of SWI

  • Administrators
  • PipPipPipPipPip
  • 25,281 posts

Posted 02 February 2012 - 01:52 AM

(I hope it was ok to copy and paste this. I was unsure if you wanted me to attach this or not, but I figured that copying and pasting was ok):

We require that logs be copied and will delete any attachments. Please read the Instructions

It is never possible to say with absolute 100% certainty that a computer is free of malware, but yours appears clean.

  • Please download and install an updated Malwarebytes' Anti-Malware (MBAM). Follow the directions here to run a complete system scan with Malwarebytes' Anti-Malware and please post the report from the scan.
  • Security Check
  • Please download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE


#10 LuckysRevenge

LuckysRevenge

    Member

  • Helper Trainee
  • Pip
  • 27 posts

Posted 02 February 2012 - 03:29 AM

Security Check:

Results of screen317's Security Check version 0.99.30
Windows 7 x64 (UAC is enabled)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:

WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Spybot - Search & Destroy
Java™ 6 Update 26
Java™ SE Runtime Environment 6
Java version out of date!
Adobe Reader 9 Adobe Reader out of date!
````````````````````````````````
Process Check:
objlist.exe by Laurent

``````````End of Log````````````

MalwareBytes Log:

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.02.02.02

Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
Lucky :: LUCKY-PC [administrator]

2/2/2012 2:19:18 AM
mbam-log-2012-02-02 (02-19-18).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 416927
Time elapsed: 1 hour(s), 6 minute(s), 38 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#11 cnm

cnm

    Mother Lion of SWI

  • Administrators
  • PipPipPipPipPip
  • 25,281 posts

Posted 02 February 2012 - 04:41 PM

Please do these important security updates:
Update Adobe Reader (uncheck the option box for McAfee scan)
Updating Java:
  • Go here and download the latest version of Java:
  • Go to Start -> Control Panel -> Add or Remove Programs.
  • Search in the list for all previous installed versions of Java. (J2SE Runtime Environment.... )
    They should have this icon next to any that are there: Posted Image
    Select any found and choose Uninstall.
  • Then install the version you downloaded earlier.

You need a firewall and a good real-time antivirus.

Enable the Windows Firewall. The one in Windows 7 is very good. http://windows.micro...ewall-on-or-off

Please download and run the free version of Avast from http://www.avast.com...virus-download.

Registration is free.

Disable all your other security programs except the firewall.
In the user interface, click SCAN COMPUTER.
Under 'Full system scan', click 'Settings'.
Click 'Actions'.

Check "Automatically apply actions during scan'
Select 'Move to Chest' for all 3 buttons: Virus, PUP, Suspicious.

Under 'Full system scan', click 'Settings'.

Click Report file.
Check 'Generate report file'. (A log file is not written by default)
In 'File name' enter C:\avast.log
Check 'Infected items' and 'Hard errors'.
Click OK.

Under 'Full system scan' turn on Scan PUP.

Click the 'Start' button for 'Full system scan'

The scan will take a long time but you can do other things while it is running.
If it asks you to reboot, please do so.

Post the contents of C:\avast.log in your reply.


Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE


#12 LuckysRevenge

LuckysRevenge

    Member

  • Helper Trainee
  • Pip
  • 27 posts

Posted 02 February 2012 - 11:05 PM

The Advast is only at 9% at an hour and a half in so that might be a bit before I can post that, but I did notice this when I tried to turn on my Windows Firewall. I got this error message:

Windows Firewall can't change some of your settings.
Error code 0x80070424

#13 cnm

cnm

    Mother Lion of SWI

  • Administrators
  • PipPipPipPipPip
  • 25,281 posts

Posted 02 February 2012 - 11:45 PM

We'll work on that when Avast finishes. If you let it run overnight and it's still not done, kill it.

Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE


#14 LuckysRevenge

LuckysRevenge

    Member

  • Helper Trainee
  • Pip
  • 27 posts

Posted 03 February 2012 - 02:55 AM

The scan is done and I found 6 things. I tried to look for this log file but I can't find it anywhere on my computer, even when I go into Avast's program folders. It just pops up in the program itself and I can't copy and paste it. It moved it to the Chest. I can however re-write what it says in the Scan Results screen. I'm not sure where the text log file is, I have searched as much as I can and I can't find it.

Scan Results:

File Names:
1. C:\Windows\assembly\GAC_32\Desktop.ini
2. C:\Windows\assembly\GAC_64\Desktop.ini
3. C:\Windows\assembly\temp\U\00000002.@
4. C:\Windows\assembly\temp\U\80000004.@
5. C:\Windows\assembly\temp\U\80000032.@
6. C:\Windows\System32\consrv.dll

Severity
1. High
2. High
3. Low
4. High
5. High
6. High

Status
1. Threat: Win32:Sirefef-FQ [Drp]
2. Threat: Win32:Sirefef-HO [Rtk]
3. PUP: Win32:Agent-ANSR [PUP]
4. Threat: Win64:ZAccess-A [Trj]
5. Threat: Win32:DNSChanger-VJ [Trj]
6. Threat: Win32:Sirefef-HO [Rtk]

Action:

All Successfully moved to Chest

I couldn't find the log to copy and paste I'm really sorry I hope this was fine. I reread the Scan Results and made sure every thing is correct down to numbers and capitalization. Right now they are in the Chest and I haven't done anything to them.

#15 cnm

cnm

    Mother Lion of SWI

  • Administrators
  • PipPipPipPipPip
  • 25,281 posts

Posted 03 February 2012 - 12:09 PM

Good for Avast! It found the difficult ZeroAccess (Sirefef) infection and may have fixed it. I don't know why it didn't make the C:\avast.log though. Avast is great. Once a month it will pop up an ad for the advanced version but that is easily dismissed.

Now please download SystemLook from one of the links below and save it to your Desktop.
http://jpshortstuff..../SystemLook.exe
http://images.malwar.../SystemLook.exe
Double-click SystemLook.exe to run it.
Copy the content of the following codebox into the main textfield:
:filefind
consrv.dll
winsrv.dll
avast.log
:regfind
consrv
Click the 'Look' button to start the scan and wait for a few minutes until the "Look" button reappears.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE


#16 LuckysRevenge

LuckysRevenge

    Member

  • Helper Trainee
  • Pip
  • 27 posts

Posted 03 February 2012 - 12:13 PM

SystemLook 30.07.11 by jpshortstuff
Log created at 12:12 on 03/02/2012 by Lucky
Administrator - Elevation successful
WARNING: SystemLook running under WOW64. Use SystemLook_x64 for accurate results.

Invalid Context: filefindconsrv.dllwinsrv.dllavast.log:regfindconsrv

-= EOF =-

#17 LuckysRevenge

LuckysRevenge

    Member

  • Helper Trainee
  • Pip
  • 27 posts

Posted 03 February 2012 - 12:22 PM

Ignore the above post, sorry about that. I quickly saw my error and re-entered the information you gave me into the program, here is the log from SystemLook:

SystemLook 30.07.11 by jpshortstuff
Log created at 12:15 on 03/02/2012 by Lucky
Administrator - Elevation successful
WARNING: SystemLook running under WOW64. Use SystemLook_x64 for accurate results.

========== filefind ==========

Searching for "consrv.dll"
No files found.

Searching for "winsrv.dll"
C:\Windows\winsxs\amd64_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7600.16385_none_12738849b6063c52\winsrv.dll --a---- 214016 bytes [23:38 13/07/2009] [01:41 14/07/2009] 457B44AB6D502E55F64A867D4F35C76C
C:\Windows\winsxs\amd64_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7600.16850_none_128f0019b5f25b8f\winsrv.dll --a---- 214528 bytes [23:36 16/01/2012] [05:26 16/07/2011] 0CB6EBF4B461A6043353C570BD72A1E1
C:\Windows\winsxs\amd64_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7600.20995_none_12f25ea6cf2be9d0\winsrv.dll --a---- 214528 bytes [23:36 16/01/2012] [05:26 24/06/2011] 6D408ABD60A995A2DAB4BAAE38BCA04F
C:\Windows\winsxs\amd64_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7601.17641_none_14812d55b30fc4e1\winsrv.dll --a---- 214528 bytes [23:36 16/01/2012] [05:34 24/06/2011] EB6A48CC998E1090E44E8E7F1009A640
C:\Windows\winsxs\amd64_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7601.21756_none_1504fba6cc30ff4f\winsrv.dll --a---- 214528 bytes [23:36 16/01/2012] [05:27 24/06/2011] C13D05A015346DED3D722BE285814495

Searching for "avast.log"
No files found.

========== regfind ==========

Searching for "consrv"
No data found.

-= EOF =-

#18 cnm

cnm

    Mother Lion of SWI

  • Administrators
  • PipPipPipPipPip
  • 25,281 posts

Posted 03 February 2012 - 12:43 PM

Looks clean, but I should have given you the 64-bit.
Please delete SystemLook and download SystemLook (64-bit) to your Desktop.
Enter the same things in its window and click 'Look'.
When it finishes please post the new log.

Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE


#19 LuckysRevenge

LuckysRevenge

    Member

  • Helper Trainee
  • Pip
  • 27 posts

Posted 03 February 2012 - 12:51 PM

Here's the new log file:

SystemLook 30.07.11 by jpshortstuff
Log created at 12:46 on 03/02/2012 by Lucky
Administrator - Elevation successful

========== filefind ==========

Searching for "consrv.dll"
No files found.

Searching for "winsrv.dll"
C:\Windows\System32\winsrv.dll --a---- 214528 bytes [23:36 16/01/2012] [05:26 16/07/2011] 0CB6EBF4B461A6043353C570BD72A1E1
C:\Windows\winsxs\amd64_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7600.16385_none_12738849b6063c52\winsrv.dll --a---- 214016 bytes [23:38 13/07/2009] [01:41 14/07/2009] 457B44AB6D502E55F64A867D4F35C76C
C:\Windows\winsxs\amd64_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7600.16850_none_128f0019b5f25b8f\winsrv.dll --a---- 214528 bytes [23:36 16/01/2012] [05:26 16/07/2011] 0CB6EBF4B461A6043353C570BD72A1E1
C:\Windows\winsxs\amd64_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7600.20995_none_12f25ea6cf2be9d0\winsrv.dll --a---- 214528 bytes [23:36 16/01/2012] [05:26 24/06/2011] 6D408ABD60A995A2DAB4BAAE38BCA04F
C:\Windows\winsxs\amd64_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7601.17641_none_14812d55b30fc4e1\winsrv.dll --a---- 214528 bytes [23:36 16/01/2012] [05:34 24/06/2011] EB6A48CC998E1090E44E8E7F1009A640
C:\Windows\winsxs\amd64_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7601.21756_none_1504fba6cc30ff4f\winsrv.dll --a---- 214528 bytes [23:36 16/01/2012] [05:27 24/06/2011] C13D05A015346DED3D722BE285814495

Searching for "avast.log"
No files found.

========== regfind ==========

Searching for "consrv"
No data found.

-= EOF =-

I'm glad to know that things are looking clean. Now what's left in the Chest in the Avast program what should I do with that? Choose the delete option? And also I still can't turn on my Firewall without getting that error message and I also can't activiate the firewall that Avast gives me in their trial. I get an error message there too.

#20 cnm

cnm

    Mother Lion of SWI

  • Administrators
  • PipPipPipPipPip
  • 25,281 posts

Posted 03 February 2012 - 01:33 PM

We're not through yet, and you're not necessarily clean. We must proceed cautiously as fixing this infection incorrectly can lead to an unbootable PC. Disinfection looks very good so far, though.

Yes, please delete the things in the Chest.

Please download tdsskiller.exe and save it to your Desktop. Go here for information.

  • Double-click on TDSSKiller.exe to run the application.
  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue
  • If a suspicious file is detected, the default action will be Skip, click on Continue
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file in your next reply.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.

Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE


#21 LuckysRevenge

LuckysRevenge

    Member

  • Helper Trainee
  • Pip
  • 27 posts

Posted 03 February 2012 - 01:44 PM

Here is the TDSSKiller report:

13:43:16.0876 1444 TDSS rootkit removing tool 2.7.9.0 Feb 1 2012 09:28:49
13:43:17.0421 1444 ============================================================
13:43:17.0421 1444 Current date / time: 2012/02/03 13:43:17.0420
13:43:17.0421 1444 SystemInfo:
13:43:17.0421 1444
13:43:17.0421 1444 OS Version: 6.1.7600 ServicePack: 0.0
13:43:17.0421 1444 Product type: Workstation
13:43:17.0421 1444 ComputerName: LUCKY-PC
13:43:17.0421 1444 UserName: Lucky
13:43:17.0421 1444 Windows directory: C:\windows
13:43:17.0421 1444 System windows directory: C:\windows
13:43:17.0421 1444 Running under WOW64
13:43:17.0421 1444 Processor architecture: Intel x64
13:43:17.0421 1444 Number of processors: 1
13:43:17.0421 1444 Page size: 0x1000
13:43:17.0421 1444 Boot type: Normal boot
13:43:17.0421 1444 ============================================================
13:43:17.0787 1444 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
13:43:17.0791 1444 \Device\Harddisk0\DR0:
13:43:17.0792 1444 MBR used
13:43:17.0792 1444 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x1BCF2800
13:43:17.0825 1444 Initialize success
13:43:17.0825 1444 ============================================================
13:43:23.0523 3768 ============================================================
13:43:23.0523 3768 Scan started
13:43:23.0523 3768 Mode: Manual; SigCheck; TDLFS;
13:43:23.0523 3768 ============================================================
13:43:23.0825 3768 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\windows\system32\DRIVERS\1394ohci.sys
13:43:23.0920 3768 1394ohci - ok
13:43:24.0072 3768 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\windows\system32\DRIVERS\ACPI.sys
13:43:24.0091 3768 ACPI - ok
13:43:24.0203 3768 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\windows\system32\DRIVERS\acpipmi.sys
13:43:24.0224 3768 AcpiPmi - ok
13:43:24.0435 3768 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\DRIVERS\adp94xx.sys
13:43:24.0455 3768 adp94xx - ok
13:43:24.0575 3768 adpahci (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\DRIVERS\adpahci.sys
13:43:24.0638 3768 adpahci - ok
13:43:24.0769 3768 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\DRIVERS\adpu320.sys
13:43:24.0785 3768 adpu320 - ok
13:43:24.0914 3768 AFD (6ef20ddf3172e97d69f596fb90602f29) C:\windows\system32\drivers\afd.sys
13:43:24.0936 3768 AFD - ok
13:43:25.0040 3768 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\DRIVERS\agp440.sys
13:43:25.0053 3768 agp440 - ok
13:43:25.0197 3768 aliide (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\DRIVERS\aliide.sys
13:43:25.0210 3768 aliide - ok
13:43:25.0301 3768 amdide (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\DRIVERS\amdide.sys
13:43:25.0314 3768 amdide - ok
13:43:25.0414 3768 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\DRIVERS\amdk8.sys
13:43:25.0431 3768 AmdK8 - ok
13:43:25.0515 3768 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\DRIVERS\amdppm.sys
13:43:25.0532 3768 AmdPPM - ok
13:43:25.0630 3768 amdsata (7a4b413614c055935567cf88a9734d38) C:\windows\system32\DRIVERS\amdsata.sys
13:43:25.0644 3768 amdsata - ok
13:43:25.0733 3768 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\DRIVERS\amdsbs.sys
13:43:25.0748 3768 amdsbs - ok
13:43:25.0829 3768 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\windows\system32\DRIVERS\amdxata.sys
13:43:25.0841 3768 amdxata - ok
13:43:25.0928 3768 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\windows\system32\drivers\appid.sys
13:43:25.0950 3768 AppID - ok
13:43:26.0073 3768 arc (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\DRIVERS\arc.sys
13:43:26.0087 3768 arc - ok
13:43:26.0182 3768 arcsas (019af6924aefe7839f61c830227fe79c) C:\windows\system32\DRIVERS\arcsas.sys
13:43:26.0196 3768 arcsas - ok
13:43:26.0282 3768 aswFsBlk (ce6d8bcc4787704ea4feeb92b0d0caf8) C:\windows\system32\drivers\aswFsBlk.sys
13:43:26.0338 3768 aswFsBlk - ok
13:43:26.0429 3768 aswMonFlt (0debeb2e3fbd0bf5343125cce617f105) C:\windows\system32\drivers\aswMonFlt.sys
13:43:26.0441 3768 aswMonFlt - ok
13:43:26.0558 3768 aswRdr (952edc2e81f85d1781958d4128bf59f8) C:\windows\system32\drivers\aswRdr.sys
13:43:26.0570 3768 aswRdr - ok
13:43:26.0684 3768 aswSnx (dd383e2ac941c545a85ab72503da6c12) C:\windows\system32\drivers\aswSnx.sys
13:43:26.0706 3768 aswSnx - ok
13:43:26.0823 3768 aswSP (ef5403fb8b2dcb791ec365fdf6040a4a) C:\windows\system32\drivers\aswSP.sys
13:43:26.0839 3768 aswSP - ok
13:43:26.0946 3768 aswTdi (34165da5c6b30c0f9d61246bf8a28040) C:\windows\system32\drivers\aswTdi.sys
13:43:26.0958 3768 aswTdi - ok
13:43:27.0059 3768 AsyncMac (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys
13:43:27.0106 3768 AsyncMac - ok
13:43:27.0191 3768 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\DRIVERS\atapi.sys
13:43:27.0205 3768 atapi - ok
13:43:27.0314 3768 athr (d6cad7e5b05055bb8226bdcb1644da27) C:\windows\system32\DRIVERS\athrx.sys
13:43:27.0351 3768 athr - ok
13:43:27.0491 3768 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\windows\system32\DRIVERS\bxvbda.sys
13:43:27.0512 3768 b06bdrv - ok
13:43:27.0644 3768 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys
13:43:27.0664 3768 b57nd60a - ok
13:43:27.0776 3768 Beep (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys
13:43:27.0816 3768 Beep - ok
13:43:27.0916 3768 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\DRIVERS\blbdrive.sys
13:43:27.0933 3768 blbdrive - ok
13:43:28.0070 3768 bowser (19d20159708e152267e53b66677a4995) C:\windows\system32\DRIVERS\bowser.sys
13:43:28.0087 3768 bowser - ok
13:43:28.0161 3768 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\DRIVERS\BrFiltLo.sys
13:43:28.0180 3768 BrFiltLo - ok
13:43:28.0249 3768 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\DRIVERS\BrFiltUp.sys
13:43:28.0267 3768 BrFiltUp - ok
13:43:28.0383 3768 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\windows\system32\DRIVERS\bridge.sys
13:43:28.0426 3768 BridgeMP - ok
13:43:28.0526 3768 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\System32\Drivers\Brserid.sys
13:43:28.0546 3768 Brserid - ok
13:43:28.0628 3768 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys
13:43:28.0652 3768 BrSerWdm - ok
13:43:28.0726 3768 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys
13:43:28.0747 3768 BrUsbMdm - ok
13:43:28.0824 3768 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\windows\System32\Drivers\BrUsbSer.sys
13:43:28.0841 3768 BrUsbSer - ok
13:43:28.0921 3768 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\DRIVERS\bthmodem.sys
13:43:28.0941 3768 BTHMODEM - ok
13:43:28.0981 3768 catchme - ok
13:43:29.0049 3768 cdfs (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys
13:43:29.0091 3768 cdfs - ok
13:43:29.0172 3768 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\windows\system32\DRIVERS\cdrom.sys
13:43:29.0191 3768 cdrom - ok
13:43:29.0296 3768 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\DRIVERS\circlass.sys
13:43:29.0315 3768 circlass - ok
13:43:29.0410 3768 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys
13:43:29.0429 3768 CLFS - ok
13:43:29.0536 3768 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\DRIVERS\CmBatt.sys
13:43:29.0552 3768 CmBatt - ok
13:43:29.0634 3768 cmdide (e19d3f095812725d88f9001985b94edd) C:\windows\system32\DRIVERS\cmdide.sys
13:43:29.0646 3768 cmdide - ok
13:43:29.0726 3768 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\windows\system32\Drivers\cng.sys
13:43:29.0752 3768 CNG - ok
13:43:29.0859 3768 CnxtHdAudService (7247a4d0875f5f28919e0787e11b7b57) C:\windows\system32\drivers\CHDRT64.sys
13:43:29.0880 3768 CnxtHdAudService - ok
13:43:29.0969 3768 Compbatt (102de219c3f61415f964c88e9085ad14) C:\windows\system32\DRIVERS\compbatt.sys
13:43:29.0983 3768 Compbatt - ok
13:43:30.0081 3768 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\windows\system32\DRIVERS\CompositeBus.sys
13:43:30.0100 3768 CompositeBus - ok
13:43:30.0213 3768 crcdisk (1c827878a998c18847245fe1f34ee597) C:\windows\system32\DRIVERS\crcdisk.sys
13:43:30.0225 3768 crcdisk - ok
13:43:30.0364 3768 DfsC (9c253ce7311ca60fc11c774692a13208) C:\windows\system32\Drivers\dfsc.sys
13:43:30.0381 3768 DfsC - ok
13:43:30.0491 3768 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys
13:43:30.0532 3768 discache - ok
13:43:30.0622 3768 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\DRIVERS\disk.sys
13:43:30.0635 3768 Disk - ok
13:43:30.0749 3768 drmkaud (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys
13:43:30.0768 3768 drmkaud - ok
13:43:30.0861 3768 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\windows\System32\drivers\dxgkrnl.sys
13:43:30.0888 3768 DXGKrnl - ok
13:43:31.0060 3768 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\DRIVERS\evbda.sys
13:43:31.0113 3768 ebdrv - ok
13:43:31.0235 3768 elxstor (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\DRIVERS\elxstor.sys
13:43:31.0256 3768 elxstor - ok
13:43:31.0351 3768 ErrDev (34a3c54752046e79a126e15c51db409b) C:\windows\system32\DRIVERS\errdev.sys
13:43:31.0367 3768 ErrDev - ok
13:43:31.0505 3768 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys
13:43:31.0551 3768 exfat - ok
13:43:31.0646 3768 fastfat (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys
13:43:31.0693 3768 fastfat - ok
13:43:31.0789 3768 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\DRIVERS\fdc.sys
13:43:31.0806 3768 fdc - ok
13:43:31.0905 3768 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\windows\system32\drivers\fileinfo.sys
13:43:31.0919 3768 FileInfo - ok
13:43:31.0994 3768 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\windows\system32\drivers\filetrace.sys
13:43:32.0034 3768 Filetrace - ok
13:43:32.0135 3768 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\windows\system32\DRIVERS\flpydisk.sys
13:43:32.0151 3768 flpydisk - ok
13:43:32.0236 3768 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\windows\system32\drivers\fltmgr.sys
13:43:32.0253 3768 FltMgr - ok
13:43:32.0339 3768 FsDepends (d43703496149971890703b4b1b723eac) C:\windows\system32\drivers\FsDepends.sys
13:43:32.0353 3768 FsDepends - ok
13:43:32.0434 3768 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\windows\system32\drivers\Fs_Rec.sys
13:43:32.0446 3768 Fs_Rec - ok
13:43:32.0533 3768 fvevol (b8b2a6e1558f8f5de5ce431c5b2c7b09) C:\windows\system32\DRIVERS\fvevol.sys
13:43:32.0550 3768 fvevol - ok
13:43:32.0641 3768 FwLnk (60acb128e64c35c2b4e4aab1b0a5c293) C:\windows\system32\DRIVERS\FwLnk.sys
13:43:32.0655 3768 FwLnk - ok
13:43:32.0753 3768 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\windows\system32\DRIVERS\gagp30kx.sys
13:43:32.0766 3768 gagp30kx - ok
13:43:32.0855 3768 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\windows\system32\DRIVERS\GEARAspiWDM.sys
13:43:32.0865 3768 GEARAspiWDM - ok
13:43:33.0015 3768 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\windows\system32\drivers\hcw85cir.sys
13:43:33.0035 3768 hcw85cir - ok
13:43:33.0134 3768 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\windows\system32\drivers\HdAudio.sys
13:43:33.0157 3768 HdAudAddService - ok
13:43:33.0241 3768 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\windows\system32\DRIVERS\HDAudBus.sys
13:43:33.0261 3768 HDAudBus - ok
13:43:33.0337 3768 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\windows\system32\DRIVERS\HidBatt.sys
13:43:33.0354 3768 HidBatt - ok
13:43:33.0437 3768 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\windows\system32\DRIVERS\hidbth.sys
13:43:33.0458 3768 HidBth - ok
13:43:33.0538 3768 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\windows\system32\DRIVERS\hidir.sys
13:43:33.0558 3768 HidIr - ok
13:43:33.0639 3768 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\windows\system32\DRIVERS\hidusb.sys
13:43:33.0657 3768 HidUsb - ok
13:43:33.0747 3768 HpSAMD (0886d440058f203eba0e1825e4355914) C:\windows\system32\DRIVERS\HpSAMD.sys
13:43:33.0761 3768 HpSAMD - ok
13:43:33.0858 3768 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\windows\system32\drivers\HTTP.sys
13:43:33.0915 3768 HTTP - ok
13:43:33.0996 3768 hwpolicy (f17766a19145f111856378df337a5d79) C:\windows\system32\drivers\hwpolicy.sys
13:43:34.0009 3768 hwpolicy - ok
13:43:34.0098 3768 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\windows\system32\DRIVERS\i8042prt.sys
13:43:34.0116 3768 i8042prt - ok
13:43:34.0209 3768 iaStor (bbb3b6df1abb0fe35802ede85cc1c011) C:\windows\system32\DRIVERS\iaStor.sys
13:43:34.0226 3768 iaStor - ok
13:43:34.0314 3768 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\windows\system32\DRIVERS\iaStorV.sys
13:43:34.0333 3768 iaStorV - ok
13:43:34.0626 3768 igfx (898ab5bfed7040d7ab07af01885eb944) C:\windows\system32\DRIVERS\igdkmd64.sys
13:43:34.0765 3768 igfx - ok
13:43:34.0848 3768 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\windows\system32\DRIVERS\iirsp.sys
13:43:34.0861 3768 iirsp - ok
13:43:34.0957 3768 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\windows\system32\DRIVERS\intelide.sys
13:43:34.0970 3768 intelide - ok
13:43:35.0057 3768 intelppm (ada036632c664caa754079041cf1f8c1) C:\windows\system32\DRIVERS\intelppm.sys
13:43:35.0074 3768 intelppm - ok
13:43:35.0175 3768 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\windows\system32\DRIVERS\ipfltdrv.sys
13:43:35.0216 3768 IpFilterDriver - ok
13:43:35.0296 3768 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\windows\system32\DRIVERS\IPMIDrv.sys
13:43:35.0313 3768 IPMIDRV - ok
13:43:35.0420 3768 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\windows\system32\drivers\ipnat.sys
13:43:35.0462 3768 IPNAT - ok
13:43:35.0610 3768 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\windows\system32\drivers\irenum.sys
13:43:35.0642 3768 IRENUM - ok
13:43:35.0723 3768 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\windows\system32\DRIVERS\isapnp.sys
13:43:35.0737 3768 isapnp - ok
13:43:35.0828 3768 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\windows\system32\DRIVERS\msiscsi.sys
13:43:35.0844 3768 iScsiPrt - ok
13:43:35.0943 3768 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\windows\system32\DRIVERS\kbdclass.sys
13:43:35.0956 3768 kbdclass - ok
13:43:36.0045 3768 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\windows\system32\DRIVERS\kbdhid.sys
13:43:36.0061 3768 kbdhid - ok
13:43:36.0145 3768 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\windows\system32\Drivers\ksecdd.sys
13:43:36.0159 3768 KSecDD - ok
13:43:36.0231 3768 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\windows\system32\Drivers\ksecpkg.sys
13:43:36.0245 3768 KSecPkg - ok
13:43:36.0328 3768 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\windows\system32\drivers\ksthunk.sys
13:43:36.0369 3768 ksthunk - ok
13:43:36.0467 3768 L1C (48686c29856f46443952a831424f8d6f) C:\windows\system32\DRIVERS\L1C62x64.sys
13:43:36.0482 3768 L1C - ok
13:43:36.0596 3768 lltdio (1538831cf8ad2979a04c423779465827) C:\windows\system32\DRIVERS\lltdio.sys
13:43:36.0637 3768 lltdio - ok
13:43:36.0760 3768 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\windows\system32\DRIVERS\lsi_fc.sys
13:43:36.0774 3768 LSI_FC - ok
13:43:36.0870 3768 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\windows\system32\DRIVERS\lsi_sas.sys
13:43:36.0883 3768 LSI_SAS - ok
13:43:36.0984 3768 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\windows\system32\DRIVERS\lsi_sas2.sys
13:43:36.0998 3768 LSI_SAS2 - ok
13:43:37.0101 3768 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\windows\system32\DRIVERS\lsi_scsi.sys
13:43:37.0116 3768 LSI_SCSI - ok
13:43:37.0202 3768 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys
13:43:37.0244 3768 luafv - ok
13:43:37.0338 3768 LVUSBS64 (5c3ff68267a5d242ee79ee01b993d6ce) C:\windows\system32\drivers\LVUSBS64.sys
13:43:37.0350 3768 LVUSBS64 - ok
13:43:37.0439 3768 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\DRIVERS\megasas.sys
13:43:37.0452 3768 megasas - ok
13:43:37.0537 3768 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\DRIVERS\MegaSR.sys
13:43:37.0554 3768 MegaSR - ok
13:43:37.0641 3768 Modem (800ba92f7010378b09f9ed9270f07137) C:\windows\system32\drivers\modem.sys
13:43:37.0682 3768 Modem - ok
13:43:37.0771 3768 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\windows\system32\DRIVERS\monitor.sys
13:43:37.0790 3768 monitor - ok
13:43:37.0874 3768 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\windows\system32\DRIVERS\mouclass.sys
13:43:37.0887 3768 mouclass - ok
13:43:37.0986 3768 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\windows\system32\DRIVERS\mouhid.sys
13:43:38.0003 3768 mouhid - ok
13:43:38.0081 3768 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\windows\system32\drivers\mountmgr.sys
13:43:38.0096 3768 mountmgr - ok
13:43:38.0185 3768 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\windows\system32\DRIVERS\mpio.sys
13:43:38.0200 3768 mpio - ok
13:43:38.0285 3768 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\windows\system32\drivers\mpsdrv.sys
13:43:38.0332 3768 mpsdrv - ok
13:43:38.0419 3768 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\windows\system32\drivers\mrxdav.sys
13:43:38.0442 3768 MRxDAV - ok
13:43:38.0536 3768 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\windows\system32\DRIVERS\mrxsmb.sys
13:43:38.0554 3768 mrxsmb - ok
13:43:38.0638 3768 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\windows\system32\DRIVERS\mrxsmb10.sys
13:43:38.0658 3768 mrxsmb10 - ok
13:43:38.0749 3768 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\windows\system32\DRIVERS\mrxsmb20.sys
13:43:38.0766 3768 mrxsmb20 - ok
13:43:38.0849 3768 msahci (5c37497276e3b3a5488b23a326a754b7) C:\windows\system32\DRIVERS\msahci.sys
13:43:38.0862 3768 msahci - ok
13:43:38.0944 3768 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\windows\system32\DRIVERS\msdsm.sys
13:43:38.0958 3768 msdsm - ok
13:43:39.0040 3768 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\windows\system32\drivers\Msfs.sys
13:43:39.0080 3768 Msfs - ok
13:43:39.0167 3768 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\windows\System32\drivers\mshidkmdf.sys
13:43:39.0207 3768 mshidkmdf - ok
13:43:39.0292 3768 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\windows\system32\DRIVERS\msisadrv.sys
13:43:39.0304 3768 msisadrv - ok
13:43:39.0407 3768 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\windows\system32\drivers\MSKSSRV.sys
13:43:39.0448 3768 MSKSSRV - ok
13:43:39.0547 3768 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\windows\system32\drivers\MSPCLOCK.sys
13:43:39.0586 3768 MSPCLOCK - ok
13:43:39.0678 3768 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\windows\system32\drivers\MSPQM.sys
13:43:39.0718 3768 MSPQM - ok
13:43:39.0802 3768 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\windows\system32\drivers\MsRPC.sys
13:43:39.0821 3768 MsRPC - ok
13:43:39.0901 3768 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\windows\system32\DRIVERS\mssmbios.sys
13:43:39.0915 3768 mssmbios - ok
13:43:39.0999 3768 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\windows\system32\drivers\MSTEE.sys
13:43:40.0039 3768 MSTEE - ok
13:43:40.0126 3768 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\windows\system32\DRIVERS\MTConfig.sys
13:43:40.0145 3768 MTConfig - ok
13:43:40.0228 3768 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\windows\system32\Drivers\mup.sys
13:43:40.0241 3768 Mup - ok
13:43:40.0356 3768 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\windows\system32\DRIVERS\nwifi.sys
13:43:40.0384 3768 NativeWifiP - ok
13:43:40.0486 3768 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\windows\system32\drivers\ndis.sys
13:43:40.0513 3768 NDIS - ok
13:43:40.0603 3768 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\windows\system32\DRIVERS\ndiscap.sys
13:43:40.0649 3768 NdisCap - ok
13:43:40.0732 3768 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\windows\system32\DRIVERS\ndistapi.sys
13:43:40.0772 3768 NdisTapi - ok
13:43:40.0859 3768 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\windows\system32\DRIVERS\ndisuio.sys
13:43:40.0904 3768 Ndisuio - ok
13:43:40.0976 3768 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\windows\system32\DRIVERS\ndiswan.sys
13:43:41.0018 3768 NdisWan - ok
13:43:41.0096 3768 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\windows\system32\drivers\NDProxy.sys
13:43:41.0138 3768 NDProxy - ok
13:43:41.0234 3768 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\windows\system32\DRIVERS\netbios.sys
13:43:41.0274 3768 NetBIOS - ok
13:43:41.0359 3768 NetBT (9162b273a44ab9dce5b44362731d062a) C:\windows\system32\DRIVERS\netbt.sys
13:43:41.0403 3768 NetBT - ok
13:43:41.0529 3768 nfrd960 (77889813be4d166cdab78ddba990da92) C:\windows\system32\DRIVERS\nfrd960.sys
13:43:41.0543 3768 nfrd960 - ok
13:43:41.0635 3768 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\windows\system32\drivers\Npfs.sys
13:43:41.0675 3768 Npfs - ok
13:43:41.0758 3768 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\windows\system32\drivers\nsiproxy.sys
13:43:41.0798 3768 nsiproxy - ok
13:43:41.0904 3768 Ntfs (356698a13c4630d5b31c37378d469196) C:\windows\system32\drivers\Ntfs.sys
13:43:41.0942 3768 Ntfs - ok
13:43:42.0019 3768 Null (9899284589f75fa8724ff3d16aed75c1) C:\windows\system32\drivers\Null.sys
13:43:42.0059 3768 Null - ok
13:43:42.0153 3768 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\windows\system32\DRIVERS\nvraid.sys
13:43:42.0167 3768 nvraid - ok
13:43:42.0277 3768 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\windows\system32\DRIVERS\nvstor.sys
13:43:42.0293 3768 nvstor - ok
13:43:42.0395 3768 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\windows\system32\DRIVERS\nv_agp.sys
13:43:42.0410 3768 nv_agp - ok
13:43:42.0488 3768 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\windows\system32\DRIVERS\ohci1394.sys
13:43:42.0506 3768 ohci1394 - ok
13:43:42.0613 3768 Parport (0086431c29c35be1dbc43f52cc273887) C:\windows\system32\DRIVERS\parport.sys
13:43:42.0631 3768 Parport - ok
13:43:42.0757 3768 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\windows\system32\drivers\partmgr.sys
13:43:42.0771 3768 partmgr - ok
13:43:42.0875 3768 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\windows\system32\DRIVERS\pci.sys
13:43:42.0891 3768 pci - ok
13:43:42.0967 3768 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\windows\system32\DRIVERS\pciide.sys
13:43:42.0980 3768 pciide - ok
13:43:43.0074 3768 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\windows\system32\DRIVERS\pcmcia.sys
13:43:43.0090 3768 pcmcia - ok
13:43:43.0177 3768 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\windows\system32\drivers\pcw.sys
13:43:43.0191 3768 pcw - ok
13:43:43.0279 3768 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\windows\system32\drivers\peauth.sys
13:43:43.0328 3768 PEAUTH - ok
13:43:43.0513 3768 PID_PEPI (087a343dfc337f37723dd7912de6b6cd) C:\windows\system32\DRIVERS\LV302V64.SYS
13:43:43.0566 3768 PID_PEPI - ok
13:43:43.0693 3768 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\windows\system32\DRIVERS\raspptp.sys
13:43:43.0735 3768 PptpMiniport - ok
13:43:43.0812 3768 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\windows\system32\DRIVERS\processr.sys
13:43:43.0830 3768 Processor - ok
13:43:43.0934 3768 Psched (ee992183bd8eaefd9973f352e587a299) C:\windows\system32\DRIVERS\pacer.sys
13:43:43.0976 3768 Psched - ok
13:43:44.0109 3768 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\windows\system32\DRIVERS\ql2300.sys
13:43:44.0145 3768 ql2300 - ok
13:43:44.0253 3768 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\windows\system32\DRIVERS\ql40xx.sys
13:43:44.0267 3768 ql40xx - ok
13:43:44.0359 3768 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\windows\system32\drivers\qwavedrv.sys
13:43:44.0381 3768 QWAVEdrv - ok
13:43:44.0453 3768 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\windows\system32\DRIVERS\rasacd.sys
13:43:44.0493 3768 RasAcd - ok
13:43:44.0577 3768 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\windows\system32\DRIVERS\AgileVpn.sys
13:43:44.0618 3768 RasAgileVpn - ok
13:43:44.0711 3768 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\windows\system32\DRIVERS\rasl2tp.sys
13:43:44.0753 3768 Rasl2tp - ok
13:43:44.0845 3768 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\windows\system32\DRIVERS\raspppoe.sys
13:43:44.0886 3768 RasPppoe - ok
13:43:44.0967 3768 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\windows\system32\DRIVERS\rassstp.sys
13:43:45.0008 3768 RasSstp - ok
13:43:45.0098 3768 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\windows\system32\DRIVERS\rdbss.sys
13:43:45.0142 3768 rdbss - ok
13:43:45.0225 3768 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\windows\system32\DRIVERS\rdpbus.sys
13:43:45.0245 3768 rdpbus - ok
13:43:45.0321 3768 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\windows\system32\DRIVERS\RDPCDD.sys
13:43:45.0363 3768 RDPCDD - ok
13:43:45.0457 3768 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\windows\system32\drivers\rdpencdd.sys
13:43:45.0498 3768 RDPENCDD - ok
13:43:45.0576 3768 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\windows\system32\drivers\rdprefmp.sys
13:43:45.0616 3768 RDPREFMP - ok
13:43:45.0696 3768 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\windows\system32\drivers\RDPWD.sys
13:43:45.0739 3768 RDPWD - ok
13:43:45.0822 3768 rdyboost (634b9a2181d98f15941236886164ec8b) C:\windows\system32\drivers\rdyboost.sys
13:43:45.0838 3768 rdyboost - ok
13:43:45.0962 3768 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\windows\system32\DRIVERS\rspndr.sys
13:43:46.0003 3768 rspndr - ok
13:43:46.0098 3768 RSUSBSTOR (907c4464381b5ebdfdc60f6c7d0dedfc) C:\windows\system32\Drivers\RtsUStor.sys
13:43:46.0120 3768 RSUSBSTOR - ok
13:43:46.0209 3768 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
13:43:46.0220 3768 SASDIFSV - ok
13:43:46.0305 3768 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
13:43:46.0314 3768 SASKUTIL - ok
13:43:46.0398 3768 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\windows\system32\DRIVERS\sbp2port.sys
13:43:46.0412 3768 sbp2port - ok
13:43:46.0545 3768 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\windows\system32\DRIVERS\scfilter.sys
13:43:46.0586 3768 scfilter - ok
13:43:46.0698 3768 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys
13:43:46.0738 3768 secdrv - ok
13:43:46.0853 3768 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\windows\system32\DRIVERS\serenum.sys
13:43:46.0869 3768 Serenum - ok
13:43:46.0968 3768 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\windows\system32\DRIVERS\serial.sys
13:43:46.0986 3768 Serial - ok
13:43:47.0090 3768 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\windows\system32\DRIVERS\sermouse.sys
13:43:47.0107 3768 sermouse - ok
13:43:47.0211 3768 sffdisk (a554811bcd09279536440c964ae35bbf) C:\windows\system32\DRIVERS\sffdisk.sys
13:43:47.0230 3768 sffdisk - ok
13:43:47.0322 3768 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\windows\system32\DRIVERS\sffp_mmc.sys
13:43:47.0342 3768 sffp_mmc - ok
13:43:47.0421 3768 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\windows\system32\DRIVERS\sffp_sd.sys
13:43:47.0440 3768 sffp_sd - ok
13:43:47.0528 3768 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\windows\system32\DRIVERS\sfloppy.sys
13:43:47.0544 3768 sfloppy - ok
13:43:47.0645 3768 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\windows\system32\DRIVERS\SiSRaid2.sys
13:43:47.0658 3768 SiSRaid2 - ok
13:43:47.0742 3768 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\windows\system32\DRIVERS\sisraid4.sys
13:43:47.0755 3768 SiSRaid4 - ok
13:43:47.0856 3768 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\windows\system32\DRIVERS\smb.sys
13:43:47.0897 3768 Smb - ok
13:43:47.0989 3768 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\windows\system32\drivers\spldr.sys
13:43:48.0002 3768 spldr - ok
13:43:48.0129 3768 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\windows\system32\DRIVERS\srv.sys
13:43:48.0150 3768 srv - ok
13:43:48.0234 3768 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\windows\system32\DRIVERS\srv2.sys
13:43:48.0269 3768 srv2 - ok
13:43:48.0354 3768 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\windows\system32\DRIVERS\srvnet.sys
13:43:48.0372 3768 srvnet - ok
13:43:48.0466 3768 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\windows\system32\DRIVERS\stexstor.sys
13:43:48.0479 3768 stexstor - ok
13:43:48.0570 3768 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\windows\system32\DRIVERS\swenum.sys
13:43:48.0583 3768 swenum - ok
13:43:48.0704 3768 SynTP (470c47daba9ca3966f0ab3f835d7d135) C:\windows\system32\DRIVERS\SynTP.sys
13:43:48.0720 3768 SynTP - ok
13:43:48.0859 3768 Tcpip (f18f56efc0bfb9c87ba01c37b27f4da5) C:\windows\system32\drivers\tcpip.sys
13:43:48.0900 3768 Tcpip - ok
13:43:49.0026 3768 TCPIP6 (f18f56efc0bfb9c87ba01c37b27f4da5) C:\windows\system32\DRIVERS\tcpip.sys
13:43:49.0066 3768 TCPIP6 - ok
13:43:49.0146 3768 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\windows\system32\drivers\tcpipreg.sys
13:43:49.0187 3768 tcpipreg - ok
13:43:49.0288 3768 tdcmdpst (fd542b661bd22fa69ca789ad0ac58c29) C:\windows\system32\DRIVERS\tdcmdpst.sys
13:43:49.0300 3768 tdcmdpst - ok
13:43:49.0417 3768 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\windows\system32\drivers\tdpipe.sys
13:43:49.0457 3768 TDPIPE - ok
13:43:49.0575 3768 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\windows\system32\drivers\tdtcp.sys
13:43:49.0620 3768 TDTCP - ok
13:43:49.0718 3768 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\windows\system32\DRIVERS\tdx.sys
13:43:49.0760 3768 tdx - ok
13:43:49.0837 3768 TermDD (c448651339196c0e869a355171875522) C:\windows\system32\DRIVERS\termdd.sys
13:43:49.0851 3768 TermDD - ok
13:43:50.0042 3768 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\windows\system32\DRIVERS\tssecsrv.sys
13:43:50.0082 3768 tssecsrv - ok
13:43:50.0205 3768 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\windows\system32\DRIVERS\tunnel.sys
13:43:50.0250 3768 tunnel - ok
13:43:50.0342 3768 TVALZ (550b567f9364d8f7684c3fb3ea665a72) C:\windows\system32\DRIVERS\TVALZ_O.SYS
13:43:50.0352 3768 TVALZ - ok
13:43:50.0490 3768 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\windows\system32\DRIVERS\uagp35.sys
13:43:50.0504 3768 uagp35 - ok
13:43:50.0537 3768 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\windows\system32\DRIVERS\udfs.sys
13:43:50.0581 3768 udfs - ok
13:43:50.0688 3768 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\windows\system32\DRIVERS\uliagpkx.sys
13:43:50.0702 3768 uliagpkx - ok
13:43:50.0792 3768 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\windows\system32\DRIVERS\umbus.sys
13:43:50.0809 3768 umbus - ok
13:43:50.0900 3768 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\windows\system32\DRIVERS\umpass.sys
13:43:50.0917 3768 UmPass - ok
13:43:51.0029 3768 USBAAPL64 (54d4b48d443e7228bf64cf7cdc3118ac) C:\windows\system32\Drivers\usbaapl64.sys
13:43:51.0035 3768 USBAAPL64 ( UnsignedFile.Multi.Generic ) - warning
13:43:51.0035 3768 USBAAPL64 - detected UnsignedFile.Multi.Generic (1)
13:43:51.0133 3768 usbaudio (77b01bc848298223a95d4ec23e1785a1) C:\windows\system32\drivers\usbaudio.sys
13:43:51.0158 3768 usbaudio - ok
13:43:51.0239 3768 usbccgp (b26afb54a534d634523c4fb66765b026) C:\windows\system32\DRIVERS\usbccgp.sys
13:43:51.0256 3768 usbccgp - ok
13:43:51.0361 3768 usbcir (af0892a803fdda7492f595368e3b68e7) C:\windows\system32\DRIVERS\usbcir.sys
13:43:51.0381 3768 usbcir - ok
13:43:51.0458 3768 usbehci (cb490987a7f6928a04bb838e3bd8a936) C:\windows\system32\DRIVERS\usbehci.sys
13:43:51.0495 3768 usbehci - ok
13:43:51.0576 3768 usbhub (18124ef0a881a00ee222d02a3ee30270) C:\windows\system32\DRIVERS\usbhub.sys
13:43:51.0596 3768 usbhub - ok
13:43:51.0688 3768 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\windows\system32\DRIVERS\usbohci.sys
13:43:51.0704 3768 usbohci - ok
13:43:51.0793 3768 usbprint (73188f58fb384e75c4063d29413cee3d) C:\windows\system32\DRIVERS\usbprint.sys
13:43:51.0812 3768 usbprint - ok
13:43:51.0888 3768 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\windows\system32\DRIVERS\USBSTOR.SYS
13:43:51.0906 3768 USBSTOR - ok
13:43:51.0983 3768 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\windows\system32\DRIVERS\usbuhci.sys
13:43:52.0000 3768 usbuhci - ok
13:43:52.0102 3768 usbvideo (d501e12614b00a3252073101d6a1a74b) C:\windows\system32\Drivers\usbvideo.sys
13:43:52.0124 3768 usbvideo - ok
13:43:52.0225 3768 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\windows\system32\DRIVERS\vdrvroot.sys
13:43:52.0237 3768 vdrvroot - ok
13:43:52.0340 3768 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\windows\system32\DRIVERS\vgapnp.sys
13:43:52.0360 3768 vga - ok
13:43:52.0441 3768 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\windows\System32\drivers\vga.sys
13:43:52.0486 3768 VgaSave - ok
13:43:52.0586 3768 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\windows\system32\DRIVERS\vhdmp.sys
13:43:52.0602 3768 vhdmp - ok
13:43:52.0693 3768 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\windows\system32\DRIVERS\viaide.sys
13:43:52.0706 3768 viaide - ok
13:43:52.0785 3768 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\windows\system32\DRIVERS\volmgr.sys
13:43:52.0799 3768 volmgr - ok
13:43:52.0887 3768 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\windows\system32\drivers\volmgrx.sys
13:43:52.0906 3768 volmgrx - ok
13:43:52.0983 3768 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\windows\system32\DRIVERS\volsnap.sys
13:43:53.0010 3768 volsnap - ok
13:43:53.0090 3768 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\windows\system32\DRIVERS\vsmraid.sys
13:43:53.0105 3768 vsmraid - ok
13:43:53.0191 3768 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\windows\system32\DRIVERS\vwifibus.sys
13:43:53.0211 3768 vwifibus - ok
13:43:53.0300 3768 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\windows\system32\DRIVERS\vwififlt.sys
13:43:53.0322 3768 vwififlt - ok
13:43:53.0414 3768 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\windows\system32\DRIVERS\vwifimp.sys
13:43:53.0435 3768 vwifimp - ok
13:43:53.0534 3768 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\windows\system32\DRIVERS\wacompen.sys
13:43:53.0551 3768 WacomPen - ok
13:43:53.0635 3768 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\windows\system32\DRIVERS\wanarp.sys
13:43:53.0675 3768 WANARP - ok
13:43:53.0694 3768 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\windows\system32\DRIVERS\wanarp.sys
13:43:53.0741 3768 Wanarpv6 - ok
13:43:53.0846 3768 Wd (72889e16ff12ba0f235467d6091b17dc) C:\windows\system32\DRIVERS\wd.sys
13:43:53.0858 3768 Wd - ok
13:43:53.0944 3768 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\windows\system32\drivers\Wdf01000.sys
13:43:53.0967 3768 Wdf01000 - ok
13:43:54.0098 3768 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\windows\system32\DRIVERS\wfplwf.sys
13:43:54.0138 3768 WfpLwf - ok
13:43:54.0215 3768 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\windows\system32\drivers\wimmount.sys
13:43:54.0228 3768 WIMMount - ok
13:43:54.0397 3768 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\windows\system32\DRIVERS\WinUsb.sys
13:43:54.0418 3768 WinUsb - ok
13:43:54.0517 3768 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\windows\system32\DRIVERS\wmiacpi.sys
13:43:54.0534 3768 WmiAcpi - ok
13:43:54.0654 3768 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\windows\system32\drivers\ws2ifsl.sys
13:43:54.0695 3768 ws2ifsl - ok
13:43:54.0813 3768 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\windows\system32\drivers\WudfPf.sys
13:43:54.0859 3768 WudfPf - ok
13:43:54.0937 3768 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\windows\system32\DRIVERS\WUDFRd.sys
13:43:54.0980 3768 WUDFRd - ok
13:43:55.0108 3768 xnacc (4a5ce13408945e525503b5f73d29b9c5) C:\windows\system32\DRIVERS\xnacc.sys
13:43:55.0135 3768 xnacc - ok
13:43:55.0247 3768 xusb21 (2ee48cfce7ca8e0db4c44c7476c0943b) C:\windows\system32\DRIVERS\xusb21.sys
13:43:55.0262 3768 xusb21 - ok
13:43:55.0336 3768 MBR (0x1B8) (5b5e648d12fcadc244c1ec30318e1eb9) \Device\Harddisk0\DR0
13:43:56.0296 3768 \Device\Harddisk0\DR0 - ok
13:43:56.0333 3768 Boot (0x1200) (12ed94b2a4568d7a52620f742ad8b077) \Device\Harddisk0\DR0\Partition0
13:43:56.0334 3768 \Device\Harddisk0\DR0\Partition0 - ok
13:43:56.0339 3768 ============================================================
13:43:56.0339 3768 Scan finished
13:43:56.0339 3768 ============================================================
13:43:56.0358 1580 Detected object count: 1
13:43:56.0358 1580 Actual detected object count: 1
13:44:00.0447 1580 USBAAPL64 ( UnsignedFile.Multi.Generic ) - skipped by user
13:44:00.0447 1580 USBAAPL64 ( UnsignedFile.Multi.Generic ) - User select action: Skip

#22 cnm

cnm

    Mother Lion of SWI

  • Administrators
  • PipPipPipPipPip
  • 25,281 posts

Posted 03 February 2012 - 02:08 PM

Looks good. USBAAPL64 is the legitimate Apple Mobile Device USB Driver, which you presumably installed.

Please do these important security updates:
Update Adobe Reader (uncheck the option box for McAfee scan)
Updating Java:
  • Go here and download the latest version of Java:
  • Go to Start -> Control Panel -> Add or Remove Programs.
  • Search in the list for all previous installed versions of Java. (J2SE Runtime Environment.... )
    They should have this icon next to any that are there: Posted Image
    Select any found and choose Uninstall.
  • Then install the version you downloaded earlier.

Now please see if you can Turn on Windows Firewall.
Tell me any error messages you get.

Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE


#23 LuckysRevenge

LuckysRevenge

    Member

  • Helper Trainee
  • Pip
  • 27 posts

Posted 03 February 2012 - 06:06 PM

When I installed Adobe and it began to run it gave me an error saying that I did not have a program associated with this file for it to run. That I needed to select program for Adobe to run to make it useable.

So I continued to install Java, that's running.

I tried to turn my Windows Firewall on and it still gave me this error message:

Windows Firewall can't change some of your settings.
Error code 0x80070424

#24 cnm

cnm

    Mother Lion of SWI

  • Administrators
  • PipPipPipPipPip
  • 25,281 posts

Posted 03 February 2012 - 06:26 PM

Microsoft has a page about that error. http://support.micro....com/kb/2530126

I think you are free of malware now, so try their Method 2:

Method 2: Start the Windows Firewall Services manually.
You can start the Windows Firewall services manually as well as make sure it starts automatically in the future. To do this, follow the steps below:

Click the Start button, then type Services in the Search programs and files box (Windows 7) or in the Start search box (Windows Vista).
Right-click Services. Note: there will be a cogwheel located next to it. Then click Run as administrator. If prompted, enter your administrator user name and password, then press Enter.
Scroll until you see Windows Firewall. Double click Windows Firewall.
Click the drop down menu next to Startup type, then choose Automatic.
Under Service status, if it is listed as Stopped, click Start.
Click Apply, then click OK.
Scroll until you see Base Filtering Engine. Double click Base Filtering Engine.
Under Service status, if it is listed as Stopped, click Start.
Click Apply, then click OK.
Restart Windows. Windows Firewall should be enabled.


Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE


#25 LuckysRevenge

LuckysRevenge

    Member

  • Helper Trainee
  • Pip
  • 27 posts

Posted 03 February 2012 - 06:40 PM

Windows Firewall does not appear in this list. :(

#26 cnm

cnm

    Mother Lion of SWI

  • Administrators
  • PipPipPipPipPip
  • 25,281 posts

Posted 03 February 2012 - 07:09 PM

First, about Adobe. You want Adobe Reader, not Adobe. I gave you the link:
Update Adobe Reader (uncheck the option box for McAfee scan)
What happens when you click that link? If anything other than these:
http://get.adobe.com/reader or get.adobe.reader
is in the address bar, please let me know. If you are in the right place then do the Download.

Proceeding with getting your Windows Firewall to work:
Please download Farbar Service Scanner and run it on the computer with the issue.
  • Check all the boxes.
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE


#27 LuckysRevenge

LuckysRevenge

    Member

  • Helper Trainee
  • Pip
  • 27 posts

Posted 03 February 2012 - 08:19 PM

Here is the Farbar log:

Farbar Service Scanner Version: 02-02-2012
Ran by Lucky (administrator) on 03-02-2012 at 20:12:28
Microsoft Windows 7 Home Premium (X64)
Boot Mode: Nerwork
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.


Windows Firewall:
=============
mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.

MpsSvc Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open MpsSvc registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open MpsSvc registry key. The service key does not exist.
Checking ServiceDll: Attention! Unable to open MpsSvc registry key. The service key does not exist.


Firewall Disabled Policy:
==================


System Restore:
============
SDRSVC Service is not running. Checking service configuration:
The start type of SDRSVC service is OK.
The ImagePath of SDRSVC service is OK.
The ServiceDll of SDRSVC service is OK.

VSS Service is not running. Checking service configuration:
The start type of VSS service is OK.
The ImagePath of VSS service is OK.


System Restore Disabled Policy:
========================


Security Center:
============
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.


Windows Update:
===========
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.

BITS Service is not running. Checking service configuration:
The start type of BITS service is OK.
The ImagePath of BITS service is OK.
The ServiceDll of BITS service is OK.

EventSystem Service is not running. Checking service configuration:
The start type of EventSystem service is OK.
The ImagePath of EventSystem service is OK.
The ServiceDll of EventSystem service is OK.


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll
[2009-07-13 19:09] - [2009-07-13 20:41] - 0824832 ____A (Microsoft Corporation) AECAB449567D1846DAD63ECE49E893E3

C:\Windows\System32\bfe.dll
[2009-07-13 19:09] - [2009-07-13 20:40] - 0703488 ____A (Microsoft Corporation) 4992C609A6315671463E30F6512BC022

C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll
[2009-07-13 18:36] - [2009-07-13 20:41] - 0170496 ____A (Microsoft Corporation) 765A27C3279CE11D14CB9E4F5869FCA5

C:\Windows\System32\vssvc.exe
[2009-07-13 18:39] - [2009-07-13 20:39] - 1598976 ____A (Microsoft Corporation) 787898BF9FB6D7BD87A36E2D95C899BA

C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll
[2009-07-13 19:36] - [2009-07-13 20:41] - 2418176 ____A (Microsoft Corporation) 38340204A2D0228F1E87740FC5E554A7

C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit

Also to add I just ended up restarting my computer and it won't load at all. I'm running in Savfemode with the Network on so I can still access the internet, I'm freaking out I don't know what to do. When I start up normally I get to my login. I put my password in. Then it stays on Welcome forever. When that finally goes away it's a blank black screen. So I turned off my computer , turned it back on and I clicked F8 to load Safe Mode with Network. What should I do?
**** End of log ****

#28 LuckysRevenge

LuckysRevenge

    Member

  • Helper Trainee
  • Pip
  • 27 posts

Posted 03 February 2012 - 08:25 PM

Reason for the Restart was Microsoft Security Essentials had an update and told me I needed to reboot. That's why I clicked for the Restart.

#29 cnm

cnm

    Mother Lion of SWI

  • Administrators
  • PipPipPipPipPip
  • 25,281 posts

Posted 03 February 2012 - 08:28 PM

Copy the contents of the below code box to Notepad; Save As FixReg.reg to your Desktop; make sure File Type: is set to All Files (*.*).
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager\SubSystems]
"Windows"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\
  74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,63,\
  00,73,00,72,00,73,00,73,00,2e,00,65,00,78,00,65,00,20,00,4f,00,62,00,6a,00,\
  65,00,63,00,74,00,44,00,69,00,72,00,65,00,63,00,74,00,6f,00,72,00,79,00,3d,\
  00,5c,00,57,00,69,00,6e,00,64,00,6f,00,77,00,73,00,20,00,53,00,68,00,61,00,\
  72,00,65,00,64,00,53,00,65,00,63,00,74,00,69,00,6f,00,6e,00,3d,00,31,00,30,\
  00,32,00,34,00,2c,00,32,00,30,00,34,00,38,00,30,00,2c,00,37,00,36,00,38,00,\
  20,00,57,00,69,00,6e,00,64,00,6f,00,77,00,73,00,3d,00,4f,00,6e,00,20,00,53,\
  00,75,00,62,00,53,00,79,00,73,00,74,00,65,00,6d,00,54,00,79,00,70,00,65,00,\
  3d,00,57,00,69,00,6e,00,64,00,6f,00,77,00,73,00,20,00,53,00,65,00,72,00,76,\
  00,65,00,72,00,44,00,6c,00,6c,00,3d,00,62,00,61,00,73,00,65,00,73,00,72,00,\
  76,00,2c,00,31,00,20,00,53,00,65,00,72,00,76,00,65,00,72,00,44,00,6c,00,6c,\
  00,3d,00,77,00,69,00,6e,00,73,00,72,00,76,00,3a,00,55,00,73,00,65,00,72,00,\
  53,00,65,00,72,00,76,00,65,00,72,00,44,00,6c,00,6c,00,49,00,6e,00,69,00,74,\
  00,69,00,61,00,6c,00,69,00,7a,00,61,00,74,00,69,00,6f,00,6e,00,2c,00,33,00,\
  20,00,53,00,65,00,72,00,76,00,65,00,72,00,44,00,6c,00,6c,00,3d,00,77,00,69,\
  00,6e,00,73,00,72,00,76,00,3a,00,43,00,6f,00,6e,00,53,00,65,00,72,00,76,00,\
  65,00,72,00,44,00,6c,00,6c,00,49,00,6e,00,69,00,74,00,69,00,61,00,6c,00,69,\
  00,7a,00,61,00,74,00,69,00,6f,00,6e,00,2c,00,32,00,20,00,53,00,65,00,72,00,\
  76,00,65,00,72,00,44,00,6c,00,6c,00,3d,00,73,00,78,00,73,00,73,00,72,00,76,\
  00,2c,00,34,00,20,00,50,00,72,00,6f,00,66,00,69,00,6c,00,65,00,43,00,6f,00,\
  6e,00,74,00,72,00,6f,00,6c,00,3d,00,4f,00,66,00,66,00,20,00,4d,00,61,00,78,\
  00,52,00,65,00,71,00,75,00,65,00,73,00,74,00,54,00,68,00,72,00,65,00,61,00,\
  64,00,73,00,3d,00,31,00,36,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Session Manager\SubSystems] 
"Windows"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\
  74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,63,\
  00,73,00,72,00,73,00,73,00,2e,00,65,00,78,00,65,00,20,00,4f,00,62,00,6a,00,\
  65,00,63,00,74,00,44,00,69,00,72,00,65,00,63,00,74,00,6f,00,72,00,79,00,3d,\
  00,5c,00,57,00,69,00,6e,00,64,00,6f,00,77,00,73,00,20,00,53,00,68,00,61,00,\
  72,00,65,00,64,00,53,00,65,00,63,00,74,00,69,00,6f,00,6e,00,3d,00,31,00,30,\
  00,32,00,34,00,2c,00,32,00,30,00,34,00,38,00,30,00,2c,00,37,00,36,00,38,00,\
  20,00,57,00,69,00,6e,00,64,00,6f,00,77,00,73,00,3d,00,4f,00,6e,00,20,00,53,\
  00,75,00,62,00,53,00,79,00,73,00,74,00,65,00,6d,00,54,00,79,00,70,00,65,00,\
  3d,00,57,00,69,00,6e,00,64,00,6f,00,77,00,73,00,20,00,53,00,65,00,72,00,76,\
  00,65,00,72,00,44,00,6c,00,6c,00,3d,00,62,00,61,00,73,00,65,00,73,00,72,00,\
  76,00,2c,00,31,00,20,00,53,00,65,00,72,00,76,00,65,00,72,00,44,00,6c,00,6c,\
  00,3d,00,77,00,69,00,6e,00,73,00,72,00,76,00,3a,00,55,00,73,00,65,00,72,00,\
  53,00,65,00,72,00,76,00,65,00,72,00,44,00,6c,00,6c,00,49,00,6e,00,69,00,74,\
  00,69,00,61,00,6c,00,69,00,7a,00,61,00,74,00,69,00,6f,00,6e,00,2c,00,33,00,\
  20,00,53,00,65,00,72,00,76,00,65,00,72,00,44,00,6c,00,6c,00,3d,00,77,00,69,\
  00,6e,00,73,00,72,00,76,00,3a,00,43,00,6f,00,6e,00,53,00,65,00,72,00,76,00,\
  65,00,72,00,44,00,6c,00,6c,00,49,00,6e,00,69,00,74,00,69,00,61,00,6c,00,69,\
  00,7a,00,61,00,74,00,69,00,6f,00,6e,00,2c,00,32,00,20,00,53,00,65,00,72,00,\
  76,00,65,00,72,00,44,00,6c,00,6c,00,3d,00,73,00,78,00,73,00,73,00,72,00,76,\
  00,2c,00,34,00,20,00,50,00,72,00,6f,00,66,00,69,00,6c,00,65,00,43,00,6f,00,\
  6e,00,74,00,72,00,6f,00,6c,00,3d,00,4f,00,66,00,66,00,20,00,4d,00,61,00,78,\
  00,52,00,65,00,71,00,75,00,65,00,73,00,74,00,54,00,68,00,72,00,65,00,61,00,\
  64,00,73,00,3d,00,31,00,36,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems]
"Windows"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\
  74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,63,\
  00,73,00,72,00,73,00,73,00,2e,00,65,00,78,00,65,00,20,00,4f,00,62,00,6a,00,\
  65,00,63,00,74,00,44,00,69,00,72,00,65,00,63,00,74,00,6f,00,72,00,79,00,3d,\
  00,5c,00,57,00,69,00,6e,00,64,00,6f,00,77,00,73,00,20,00,53,00,68,00,61,00,\
  72,00,65,00,64,00,53,00,65,00,63,00,74,00,69,00,6f,00,6e,00,3d,00,31,00,30,\
  00,32,00,34,00,2c,00,32,00,30,00,34,00,38,00,30,00,2c,00,37,00,36,00,38,00,\
  20,00,57,00,69,00,6e,00,64,00,6f,00,77,00,73,00,3d,00,4f,00,6e,00,20,00,53,\
  00,75,00,62,00,53,00,79,00,73,00,74,00,65,00,6d,00,54,00,79,00,70,00,65,00,\
  3d,00,57,00,69,00,6e,00,64,00,6f,00,77,00,73,00,20,00,53,00,65,00,72,00,76,\
  00,65,00,72,00,44,00,6c,00,6c,00,3d,00,62,00,61,00,73,00,65,00,73,00,72,00,\
  76,00,2c,00,31,00,20,00,53,00,65,00,72,00,76,00,65,00,72,00,44,00,6c,00,6c,\
  00,3d,00,77,00,69,00,6e,00,73,00,72,00,76,00,3a,00,55,00,73,00,65,00,72,00,\
  53,00,65,00,72,00,76,00,65,00,72,00,44,00,6c,00,6c,00,49,00,6e,00,69,00,74,\
  00,69,00,61,00,6c,00,69,00,7a,00,61,00,74,00,69,00,6f,00,6e,00,2c,00,33,00,\
  20,00,53,00,65,00,72,00,76,00,65,00,72,00,44,00,6c,00,6c,00,3d,00,77,00,69,\
  00,6e,00,73,00,72,00,76,00,3a,00,43,00,6f,00,6e,00,53,00,65,00,72,00,76,00,\
  65,00,72,00,44,00,6c,00,6c,00,49,00,6e,00,69,00,74,00,69,00,61,00,6c,00,69,\
  00,7a,00,61,00,74,00,69,00,6f,00,6e,00,2c,00,32,00,20,00,53,00,65,00,72,00,\
  76,00,65,00,72,00,44,00,6c,00,6c,00,3d,00,73,00,78,00,73,00,73,00,72,00,76,\
  00,2c,00,34,00,20,00,50,00,72,00,6f,00,66,00,69,00,6c,00,65,00,43,00,6f,00,\
  6e,00,74,00,72,00,6f,00,6c,00,3d,00,4f,00,66,00,66,00,20,00,4d,00,61,00,78,\
  00,52,00,65,00,71,00,75,00,65,00,73,00,74,00,54,00,68,00,72,00,65,00,61,00,\
  64,00,73,00,3d,00,31,00,36,00,00,00
Close Notepad.

Locate FixReg.reg on your Desktop. Right-click on it , and select Run as Administrator and answer 'Yes' when asked if you want to merge with the registry.

Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE


#30 LuckysRevenge

LuckysRevenge

    Member

  • Helper Trainee
  • Pip
  • 27 posts

Posted 03 February 2012 - 08:34 PM

Ok I just did it. What's next.

#31 cnm

cnm

    Mother Lion of SWI

  • Administrators
  • PipPipPipPipPip
  • 25,281 posts

Posted 03 February 2012 - 08:45 PM

Can you boot now?

Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE


#32 LuckysRevenge

LuckysRevenge

    Member

  • Helper Trainee
  • Pip
  • 27 posts

Posted 03 February 2012 - 09:11 PM

Yes, now I'm back to normal Windows. The strange thing was it looked like it was going to stay a blank screen again. So I left it feeling like it didn't work, but I didn't turn it off. I played a game while I just left it there and all the sudden Windows loaded and it was in the middle of a Windows Security Essentials Update, like it had rebooted in the middle of it's update. Which was strange since it appeared to me before it had finished and asked me to reboot. It gave me an error saying the Firewall was still not operating and when I tried to close the program it gave me the same error that the Adobe Reader update gave me which reads:

This file does not have a program associated with it for performing this action. Please install a program or, if one is already installed, create an association in the Default Program control panel

#33 cnm

cnm

    Mother Lion of SWI

  • Administrators
  • PipPipPipPipPip
  • 25,281 posts

Posted 03 February 2012 - 09:17 PM

Follow the directions in Restore Default Windows 7 File Extension Type Associations

Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE


#34 LuckysRevenge

LuckysRevenge

    Member

  • Helper Trainee
  • Pip
  • 27 posts

Posted 03 February 2012 - 09:27 PM

Follow the directions in Restore Default Windows 7 File Extension Type Associations


So just download the ZIP file and merge all of these to my computer?

#35 cnm

cnm

    Mother Lion of SWI

  • Administrators
  • PipPipPipPipPip
  • 25,281 posts

Posted 03 February 2012 - 09:33 PM

Yes - a little confusing, isn't it.

To download all available file extension fixes below in one ZIP folder, click on the Download button below and save the ZIP file to your desktop. Open the ZIP file, and extract (drag and drop) the REG file for the file extension you want to restore to your desktop. Now you could just pick up at step 3 above.

Sounds like after you extract the .reg files you have to merge them one by one. In my experience you can merge from within the zip. Open the zip file, then right click a .reg and select 'Merge' - see if that works for you. If not extract at least the pdf.reg and double-click it.

Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE


#36 LuckysRevenge

LuckysRevenge

    Member

  • Helper Trainee
  • Pip
  • 27 posts

Posted 03 February 2012 - 09:51 PM

Just a little bit :)

I have officially Merged every .reg file to my computer. What's my next step?

PS: Thanks a trillion for all your hard work and helping me through my computer problems, I greatly appreciate it!!

#37 cnm

cnm

    Mother Lion of SWI

  • Administrators
  • PipPipPipPipPip
  • 25,281 posts

Posted 03 February 2012 - 10:01 PM

We still need to get your Windows Firewall to work.

Farbar Service Scanner showed some possibly damaged files.

Please go to windows\System32\cmd.exe. Right-click it and select 'Run as Administrator'.

In the command window enter this at the prompt:
sfc /scannow

It will take a long time to run.

Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE


#38 LuckysRevenge

LuckysRevenge

    Member

  • Helper Trainee
  • Pip
  • 27 posts

Posted 03 February 2012 - 10:25 PM

Ok it's scanning now, what should I do once it's done? Will this fix those problems as it's scanning?

#39 cnm

cnm

    Mother Lion of SWI

  • Administrators
  • PipPipPipPipPip
  • 25,281 posts

Posted 03 February 2012 - 10:55 PM

If you haven't done it yet, try again to update Adobe Reader.

If SFC finds any damaged files it will try to replace them. That might solve the Windows Firewall problem, but no guarantee.

The next thing I'll want you to try is Balon's procedure Here. It worked for several people when other things didn't.

Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE


#40 LuckysRevenge

LuckysRevenge

    Member

  • Helper Trainee
  • Pip
  • 27 posts

Posted 04 February 2012 - 12:32 AM

I still got the same errors on the Adobe Reader and trying to turn on my Firewall. So I'm going to follow your link and try that. I'll update you soon.

#41 cnm

cnm

    Mother Lion of SWI

  • Administrators
  • PipPipPipPipPip
  • 25,281 posts

Posted 04 February 2012 - 12:39 AM

Getting late. I'll be back with you tomorrow..

Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE


#42 LuckysRevenge

LuckysRevenge

    Member

  • Helper Trainee
  • Pip
  • 27 posts

Posted 04 February 2012 - 01:29 AM

Looks like Adobe Reader is working and so is my Firewall! :D

If there's anything else you think I should do let me know

#43 cnm

cnm

    Mother Lion of SWI

  • Administrators
  • PipPipPipPipPip
  • 25,281 posts

Posted 04 February 2012 - 11:28 AM

You should be in good shape now, and with Avast and the Windows Firewall you are well equipped to ward off future evil. You don't really need any other protection.

I'll keep this thread open for a few days in case you have any questions or new problems.

I see that although you are a Helper Trainee, you haven't actually done any training yet. I hope you'll get started on it as I think you show real aptitude. You should have gotten a PM from Budfred telling you how to proceed.

Please do this cleanup:

Start > Run and enter 'combofix /uninstall'. Note the space after 'combofix'. Among other things your Restore Points will be purged and a new clean one created.

Delete the DDS files and Security Check folder from your Desktop, also TDSSKiller and anything else we put on your Desktop.


Advice for malware prevention:

Configure Windows to do automatic updates or get into the habit of checking Windows Update regularly. They usually have security updates every month. You can set Windows to notify you of Updates so that you can choose, but only do this if you believe you are able to understand which ones are needed. This is a crucial security measure.

Keep MalwareBytes Anti-Malware updated and run it whenever you suspect a problem.

The free FileHippo Update Checker makes it easy to keep all your programs up to date - run it every few weeks.

Note that there are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately. It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information. Ask in a security forum that you trust if you are not sure. If you are unsure and looking for anti-spyware programs, you may be able to find out if it is a rogue here:

http://www.systemloo...p?type=filename

A similar category of programs is now called "scareware." Scareware programs are active infections that will pop-up on your computer and tell you that you are infected. If you look closely, it will usually have a name that looks like it might be legitimate, but it is NOT one of the programs you installed. It tells you to click and install it right away. If you click on any part of it, including the 'X' to close it, you may actually help it infect your computer further. Keeping protection updated and running resident protection can help prevent these infections. If it happens anyway, get offline as quickly as you can. Pull the internet connection cable or shut down the computer if you have to. Contact someone to help by using another computer if possible. These programs are also sometimes called 'rogues', but they are different from the rogues mentioned above.

For much more old but still useful information, read Tony Klein's excellent article: How did I get infected in the first place

Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE


#44 LuckysRevenge

LuckysRevenge

    Member

  • Helper Trainee
  • Pip
  • 27 posts

Posted 04 February 2012 - 12:21 PM

Thank you so much, you have been awesome! Thanks for sticking by me through this long ordeal. This is what I really want to learn. I hadn't had a chance to get into the Boot Camp and learn because of my living situation, but now I can. And I have decent internet to start it up :)

I uninstalled Bit Torrent, I wish there was a safer way to download. I guess I've always been a supporter of file sharing, but my computer's health comes first.

Everything seems to be running great so far. No pop-ups, no redirects. After every internet usage at night I would run CCleaner, SUPERAntiSpyware, and Malwarebytes.

I now also have my windows update running now. I had turned those off, because I thought they were unnecessary. But they are set to auto now. I also have to free up room on my computer. It's pretty much packed to the brim with music. And external hard drive should be coming my way soon. I'm running on 4gb of HD space atm.

#45 cnm

cnm

    Mother Lion of SWI

  • Administrators
  • PipPipPipPipPip
  • 25,281 posts

Posted 14 February 2012 - 03:05 PM

Glad we could help. :)

If you need this topic reopened, please tell the moderating team by replying here with the address of the thread. This applies only to the original topic starter. Everyone else please begin a New Topic.

Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button