• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
    • Budfred

      PLEASE READ - Reversing upgrade   02/23/2017

      We have found that this new upgrade is somewhat of a disaster.  We are finding lots of glitches in being able to post and administer the forum.  Additionally, there are new costs associated with the upgrade that we simply cannot afford.  As a result, we have decided to reverse course and go back to the previous version of our software.  Since this will involve restoring it from a backup, we will lose posts that have been added since January 30 or possibly even some before that.    If you started a topic during that time, we urge you to make backups of your posts and you will need to start the topics over again after the change.  You can simply paste the copies of your posts that you created at that point.    If you joined the forum this month, you will need to re-register since your membership will be lost along with the posts.  Since you have a concealed password, we cannot simply restore your membership for you.   We are going to backup as much as we can so that it will reduce inconvenience for our members.  Unfortunately we cannot back everything up since much will be incompatible with the old version of our software.  We apologize for the confusion and regret the need to do this even though it is not viable to continue with this version of the software.   We plan to begin the process tomorrow evening and, if it goes smoothly, we shouldn't be offline for very long.  However, since we have not done this before, we are not sure how smoothly it will go.  We ask your patience as we proceed.
Sign in to follow this  
Followers 0
LuckysRevenge

Hijacked Broswer, my analyzed log

45 posts in this topic

I use SUPERAntiSpyware, Malwarebytes, and TDSSKiller. All of these originally found and removed Trojans and Adware Tracking Cookies. Now they come up with no threats found. But every time I try to search something in Google (or any search engine) I see the link that I need. I know it's a legitimate link. I click it, it tries to go to said site, and then redirects to something with ads with what I searched. I uninstalled Firefox and resintalled it. Still there. I also tried downloading Google Chrome to see if it's just affected Firefox. It does the same on Google Chrome. So my friend told me about Hijack This! And now I'm posting my log. I hope someone can help me. Thanks for your time! Below is a copy of my log:

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 5:56:08 PM, on 1/16/2012

Platform: Windows 7 (WinNT 6.00.3504)

MSIE: Internet Explorer v8.00 (8.00.7600.16722)

Boot mode: Normal

 

Running processes:

C:\Program Files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe

C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe

C:\Program Files (x86)\MAGIX\Music_Maker_17_Premium_Download_Version

 

\MusicMaker.exe

C:\firefox.exe

C:\plugin-container.exe

C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =

 

http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

 

http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

 

http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows

 

\SysWOW64\blank.htm

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride =

 

*.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

F2 - REG:system.ini: UserInit=userinit.exe,

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:

 

\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} -

 

C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live

 

\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:

 

\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:

 

\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -

 

C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9}

 

- C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

O2 - BHO: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-

 

54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in

 

\TOSHIBAMediaControllerIE.dll

O3 - Toolbar: (no name) - {5911488E-9D1E-40ec-8CBB-06B231CC153F} - (no file)

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program

 

Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKCU\..\Run: [DW6] "C:\Program Files (x86)\The Weather Channel FW\Desktop

 

\DesktopWeather.exe"

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware

 

\SUPERAntiSpyware.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search &

 

Destroy\TeaTimer.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe

 

/autoRun (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User

 

'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe

 

/autoRun (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User

 

'NETWORK SERVICE')

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:

 

\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google

 

\Google Toolbar\Component

 

\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html

O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program

 

Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-

 

491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer

 

\WriterBrowserExtension.dll

O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} -

 

C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-

 

AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer

 

\skypeieplugin.dll

O15 - Trusted Zone: http://*.machinaesupremacy.com

O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:

 

\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program

 

Files\SUPERAntiSpyware\SASCORE64.EXE

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:

 

\windows\System32\alg.exe (file missing)

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:

 

\windows\System32\lsass.exe (file missing)

O23 - Service: FABS - Helping agent for MAGIX media database (Fabs) - MAGIX AG -

 

C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:

 

\windows\system32\fxssvc.exe (file missing)

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program

 

Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:

 

\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files

 

(x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows

 

\system32\lsass.exe (file missing)

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows

 

\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown

 

owner - C:\windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) -

 

Unknown owner - C:\windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner

 

- C:\windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner -

 

C:\windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown

 

owner - C:\windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner -

 

C:\windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner

 

- C:\windows\system32\sppsvc.exe (file missing)

O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files (x86)\TOSHIBA

 

\TOSHIBA Service Station\TMachInfo.exe

O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - Unknown owner - C:

 

\Windows\system32\TODDSrv.exe (file missing)

O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program

 

Files\TOSHIBA\Power Saver\TosCoSrv.exe

O23 - Service: TOSHIBA HDD SSD Alert Service - TOSHIBA Corporation - C:\Program

 

Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe

O23 - Service: TVersity Media Server (TVersityMediaServer) - Unknown owner - C:

 

\ProgramData\TVersity\Media Server\MediaServer.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown

 

owner - C:\windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown

 

owner - C:\windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:

 

\windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:

 

\windows\system32\vssvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) -

 

Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown

 

owner - C:\windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) -

 

Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101

 

(WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player

 

\wmpnetwk.exe (file missing)

 

--

End of file - 8646 bytes

 

Edit: Please read the Forum FAQ and post the other requested logs. We need the information in order to help you. And please don't double-space. Turn word wrap off in Notepad. :)

Edited by cnm

Share this post


Link to post
Share on other sites

Please read the Forum FAQ and post the other requested logs. We need the information in order to help you. And please don't double-space. Turn word wrap off in Notepad. :)

Share this post


Link to post
Share on other sites

Please read the Forum FAQ and post the other requested logs. We need the information in order to help you. And please don't double-space. Turn word wrap off in Notepad. :)

 

Will do :) Sorry about that

Share this post


Link to post
Share on other sites

Due to the lack of feedback this Topic is closed.

 

[Reopened]

 

Everyone else please begin a New Topic.

Edited by cnm

Share this post


Link to post
Share on other sites

Since I have been offline my MalwareBytes keeps finding something called PUP.Bitminer. It removes it but it does randomly come back. The last scan I did still found nothing, but I posted the log. I get a random webpage that pops up in a new tab on my Firefox that immediately goes to some fake News site. I click to exit the tab and it goes are you sure you want to leave this page? And I click Leave Page and it goes away. It also sometimes redirects when I click links in my Google searches, but that has stopped somewhat. But it does happen randomly.

 

Here are the logs I have gathered so far. These should be spaced correctly too, I hope I'm posting it right this time. Starting with:

 

DDS:

 

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26

Run by Lucky at 18:41:31 on 2012-02-01

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.1916.823 [GMT -5:00]

.

SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\windows\system32\wininit.exe

C:\windows\system32\lsm.exe

C:\windows\system32\svchost.exe -k DcomLaunch

C:\windows\system32\svchost.exe -k RPCSS

C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\windows\system32\svchost.exe -k netsvcs

C:\windows\system32\svchost.exe -k LocalService

C:\windows\system32\svchost.exe -k NetworkService

C:\windows\System32\spoolsv.exe

C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE

C:\windows\System32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe

C:\Windows\system32\TODDSrv.exe

C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe

C:\ProgramData\TVersity\Media Server\MediaServer.exe

C:\windows\system32\SearchIndexer.exe

C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\windows\system32\Dwm.exe

C:\windows\Explorer.EXE

C:\windows\system32\taskhost.exe

C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe

C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE

C:\windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files\Windows Media Player\wmprph.exe

C:\windows\SysWOW64\svchost.exe -k Akamai

C:\Program Files (x86)\BitTorrent\bittorrent.exe

C:\windows\system32\taskhost.exe

C:\Program Files (x86)\Windows Media Player\wmplayer.exe

C:\firefox.exe

C:\windows\SysWOW64\ping.exe

C:\windows\system32\conhost.exe

C:\windows\system32\SearchProtocolHost.exe

C:\windows\system32\SearchFilterHost.exe

C:\windows\system32\DllHost.exe

C:\windows\system32\DllHost.exe

C:\windows\SysWOW64\cmd.exe

C:\windows\system32\conhost.exe

C:\windows\SysWOW64\cscript.exe

C:\windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = about:blank

uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA

uSearch Bar =

mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA

mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA

uInternet Settings,ProxyOverride = *.local

mSearchAssistant =

mWinlogon: Userinit=userinit.exe,

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO: TOSHIBA Media Controller Plug-in: {f3c88694-effa-4d78-b409-54b7b2535b14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll

TB: {5911488E-9D1E-40ec-8CBB-06B231CC153F} - No File

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File

TB: {66BD2442-241B-44CD-8C7A-B51037053CDB} - No File

uRun: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000

IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

LSP: mswsock.dll

Trusted Zone: machinaesupremacy.com

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

TCP: DhcpNameServer = 192.168.254.254

TCP: Interfaces\{240F3405-47D9-4F9F-8B58-A73D50B217CE} : DhcpNameServer = 192.168.254.254

TCP: Interfaces\{240F3405-47D9-4F9F-8B58-A73D50B217CE}\142726977237 : DhcpNameServer = 66.255.85.8 66.255.85.9

TCP: Interfaces\{240F3405-47D9-4F9F-8B58-A73D50B217CE}\2456C6B696E6F5E4F575962756C6563737F5637373633423 : DhcpNameServer = 192.168.2.1

TCP: Interfaces\{240F3405-47D9-4F9F-8B58-A73D50B217CE}\3507565646C496E6B637 : DhcpNameServer = 166.102.165.11 166.102.165.13 4.2.2.2

TCP: Interfaces\{240F3405-47D9-4F9F-8B58-A73D50B217CE}\7596C6C69616D637F6E60284F6D656 : DhcpNameServer = 68.87.73.246 68.87.71.230

TCP: Interfaces\{240F3405-47D9-4F9F-8B58-A73D50B217CE}\96D284F64756C6 : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{240F3405-47D9-4F9F-8B58-A73D50B217CE}\B496165447F677E6 : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{F5D895CD-7717-4AC0-AC47-71861EA45EB2} : DhcpNameServer = 192.168.1.1

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 consrv:ConServerDllInitialization,2 sxssrv,4

BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO-X64: 0x1 - No File

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO-X64: SkypeIEPluginBHO - No File

BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO-X64: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll

TB-X64: {5911488E-9D1E-40ec-8CBB-06B231CC153F} - No File

TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

TB-X64: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File

TB-X64: {66BD2442-241B-44CD-8C7A-B51037053CDB} - No File

Hosts: 127.0.0.1 www.spywareinfo.com

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Lucky\AppData\Roaming\Mozilla\Firefox\Profiles\z24e82vg.default\

FF - prefs.js: network.proxy.type - 0

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll

.

============= SERVICES / DRIVERS ===============

.

R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]

R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]

R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]

R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [2011-7-18 140672]

R2 Akamai;Akamai NetSession Interface;C:\windows\System32\svchost.exe -k Akamai [2009-7-13 20992]

R2 Fabs;FABS - Helping agent for MAGIX media database;C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [2009-8-27 1253376]

R3 FwLnk;FwLnk Driver;C:\windows\system32\DRIVERS\FwLnk.sys --> C:\windows\system32\DRIVERS\FwLnk.sys [?]

R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\windows\system32\DRIVERS\L1C62x64.sys --> C:\windows\system32\DRIVERS\L1C62x64.sys [?]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\windows\system32\DRIVERS\vwifimp.sys --> C:\windows\system32\DRIVERS\vwifimp.sys [?]

S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-12-23 135664]

S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-12-23 135664]

S3 LVUSBS64;Logitech USB Monitor Filter;C:\windows\system32\drivers\LVUSBS64.sys --> C:\windows\system32\drivers\LVUSBS64.sys [?]

S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\system32\Drivers\RtsUStor.sys --> C:\windows\system32\Drivers\RtsUStor.sys [?]

S3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2010-6-18 51512]

S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-2-5 137560]

S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\system32\Drivers\usbaapl64.sys --> C:\windows\system32\Drivers\usbaapl64.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?]

S4 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2008-8-7 3276800]

.

=============== Created Last 30 ================

.

2012-02-01 04:37:45 -------- d-----w- C:\updates

2012-01-31 00:53:11 -------- d-----w- C:\TDSSKiller_Quarantine

2012-01-19 13:34:57 -------- d-----w- C:\torrents

2012-01-17 22:16:20 -------- d-----w- C:\searchplugins

2012-01-17 22:16:20 -------- d-----w- C:\hyphenation

2012-01-17 22:16:20 -------- d-----w- C:\extensions

2012-01-17 22:16:20 -------- d-----w- C:\dictionaries

2012-01-17 22:16:20 -------- d-----w- C:\defaults

2012-01-17 22:16:20 -------- d-----w- C:\components

2012-01-17 22:16:15 -------- d-----w- C:\nss91B1.tmp

2012-01-17 00:01:55 982912 ----a-w- C:\windows\System32\drivers\dxgkrnl.sys

2012-01-16 23:37:19 961024 ----a-w- C:\windows\System32\CPFilters.dll

2012-01-16 23:37:19 642048 ----a-w- C:\windows\SysWow64\CPFilters.dll

2012-01-16 23:37:18 850432 ----a-w- C:\windows\SysWow64\sbe.dll

2012-01-16 23:37:18 259072 ----a-w- C:\windows\System32\mpg2splt.ax

2012-01-16 23:37:18 199680 ----a-w- C:\windows\SysWow64\mpg2splt.ax

2012-01-16 23:37:18 1118720 ----a-w- C:\windows\System32\sbe.dll

2012-01-16 23:37:15 43520 ----a-w- C:\windows\System32\csrsrv.dll

2012-01-16 23:37:13 499712 ----a-w- C:\windows\System32\drivers\afd.sys

2012-01-16 23:35:47 461312 ----a-w- C:\windows\System32\drivers\srv.sys

2012-01-16 23:34:55 723456 ----a-w- C:\windows\System32\EncDec.dll

2012-01-16 23:34:55 534528 ----a-w- C:\windows\SysWow64\EncDec.dll

2012-01-16 23:34:43 5507968 ----a-w- C:\windows\System32\ntoskrnl.exe

2012-01-16 23:34:41 3957120 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe

2012-01-16 23:34:41 3902336 ----a-w- C:\windows\SysWow64\ntoskrnl.exe

2012-01-16 23:34:38 77312 ----a-w- C:\windows\System32\packager.dll

2012-01-16 23:34:38 67072 ----a-w- C:\windows\SysWow64\packager.dll

2012-01-16 23:34:29 2048 ----a-w- C:\windows\SysWow64\tzres.dll

2012-01-16 23:34:29 2048 ----a-w- C:\windows\System32\tzres.dll

2012-01-16 23:33:48 1739160 ----a-w- C:\windows\System32\ntdll.dll

2012-01-16 23:33:47 1292592 ----a-w- C:\windows\SysWow64\ntdll.dll

2012-01-16 23:29:33 3141632 ----a-w- C:\windows\System32\win32k.sys

2012-01-16 23:29:31 90624 ----a-w- C:\windows\System32\drivers\bowser.sys

2012-01-16 22:29:56 388096 ----a-r- C:\Users\Lucky\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2012-01-16 22:29:55 -------- d-----w- C:\Program Files (x86)\Trend Micro

2012-01-16 20:27:36 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy

2012-01-16 20:27:36 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy

.

==================== Find3M ====================

.

2012-01-17 00:01:55 662528 ----a-w- C:\windows\System32\XpsPrint.dll

2011-12-21 07:24:52 16096216 ----a-w- C:\xul.dll

2011-12-21 04:30:42 2106216 ----a-w- C:\D3DCompiler_43.dll

2011-12-21 04:30:42 1998168 ----a-w- C:\d3dx9_43.dll

2011-12-21 04:30:41 626688 ----a-w- C:\msvcr80.dll

2011-12-21 04:30:41 548864 ----a-w- C:\msvcp80.dll

2011-12-21 04:30:41 479232 ----a-w- C:\msvcm80.dll

2011-12-10 20:24:08 23152 ----a-w- C:\windows\System32\drivers\mbam.sys

2011-12-09 16:23:50 414368 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl

.

============= FINISH: 18:42:54.53 ===============

 

HiJackThis:

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 7:05:50 PM, on 2/1/2012

Platform: Windows 7 (WinNT 6.00.3504)

MSIE: Internet Explorer v9.00 (9.00.8112.16421)

Boot mode: Normal

 

Running processes:

C:\Program Files (x86)\BitTorrent\bittorrent.exe

C:\Program Files (x86)\Windows Media Player\wmplayer.exe

C:\firefox.exe

C:\plugin-container.exe

C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

F2 - REG:system.ini: UserInit=userinit.exe,

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

O2 - BHO: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll

O3 - Toolbar: (no name) - {5911488E-9D1E-40ec-8CBB-06B231CC153F} - (no file)

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html

O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O15 - Trusted Zone: http://*.machinaesupremacy.com

O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)

O23 - Service: FABS - Helping agent for MAGIX media database (Fabs) - MAGIX AG - C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)

O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe

O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - Unknown owner - C:\Windows\system32\TODDSrv.exe (file missing)

O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe

O23 - Service: TOSHIBA HDD SSD Alert Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe

O23 - Service: TVersity Media Server (TVersityMediaServer) - Unknown owner - C:\ProgramData\TVersity\Media Server\MediaServer.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

 

--

End of file - 8399 bytes

 

I am scanning with F-Secure Online Scanner right now. But it's at 99% and finding 0 on everything. Would you like me to still post the log when it is through? And if there are any other scans you would like me to do just let me know I'll get on them ASAP.

Share this post


Link to post
Share on other sites

Yes, you can post the results. But generally please don't run anything I haven't asked for as it becomes confusing.

 

Please uninstall BitTorrent.

File sharing is dangerous as it exposes your computer to the internet.

In many cases P2P programs also represent a risk of infection from the program itself, as some have installed adware/spyware, or other programs without consent. Even if the program itself is clean, many P2P networks are riddled with malware, and it's often the newest, most difficult to remove malware. There are many risks associated with P2P programs, none are worth the risks. If you don't uninstall the P2P software, we will continue to clean your system, but realize that it's likely only a matter of time before you are infected again.

 

After that:

Please download ComboFix.exe to your Desktop. Visit this webpage for download links, and instructions for running the tool:

how-to-use-combofix. Be sure to read the whole page and note the graphics so you know what to expect.

 

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

 

Please go here to see a list of programs that should be disabled.

 

**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall**

 

Please include the C:\ComboFix.txt in your next reply for further review, and let me know what problems remain. If ComboFix caused any error message, reboot again should fix it.

Share this post


Link to post
Share on other sites

Here is my ComboFix Log (I hope it was ok to copy and paste this. I was unsure if you wanted me to attach this or not, but I figured that copying and pasting was ok):

 

ComboFix 12-01-30.02 - Lucky 02/02/2012 0:29.1.1 - x64

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.1916.930 [GMT -5:00]

Running from: c:\users\Lucky\Desktop\ComboFix.exe

SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\firefox.exe

C:\nspr4.dll

C:\nss3.dll

C:\plc4.dll

C:\plds4.dll

c:\programdata\TorrentEasy\extensions.exe

c:\programdata\TorrentEasy\fdmbtsupp.dll

C:\softokn3.dll

c:\windows\assembly\temp\@

c:\windows\assembly\temp\bckfg.tmp

c:\windows\assembly\temp\cfg.ini

c:\windows\assembly\temp\keywords

c:\windows\system32\Thumbs.db

c:\windows\System64

c:\windows\SysWow64\ReadMe.txt

.

.

((((((((((((((((((((((((( Files Created from 2012-01-02 to 2012-02-02 )))))))))))))))))))))))))))))))

.

.

2012-02-02 05:36 . 2012-02-02 05:36 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-02-02 00:20 . 2012-02-02 00:20 -------- d-----w- c:\users\Lucky\AppData\Roaming\f-secure

2012-02-02 00:20 . 2012-02-02 00:20 -------- d-----w- c:\programdata\F-Secure

2012-02-01 23:53 . 2012-02-01 23:53 388096 ----a-r- c:\users\Lucky\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2012-02-01 04:37 . 2012-02-01 04:37 -------- d-----w- C:\updates

2012-01-31 00:53 . 2012-01-31 00:53 -------- d-----w- C:\TDSSKiller_Quarantine

2012-01-19 13:34 . 2012-01-19 13:35 -------- d-----w- C:\torrents

2012-01-17 22:16 . 2012-01-17 22:16 -------- d-----w- C:\hyphenation

2012-01-17 22:16 . 2012-01-17 22:16 -------- d-----w- C:\extensions

2012-01-17 22:16 . 2012-01-17 22:16 -------- d-----w- C:\dictionaries

2012-01-17 22:16 . 2012-01-17 22:16 -------- d-----w- C:\defaults

2012-01-17 22:16 . 2012-01-17 22:16 -------- d-----w- C:\components

2012-01-17 22:16 . 2012-01-17 22:16 -------- d-----w- C:\searchplugins

2012-01-17 22:16 . 2012-01-17 22:16 -------- d-----w- C:\nss91B1.tmp

2012-01-17 00:01 . 2012-01-17 00:01 982912 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys

2012-01-16 23:37 . 2010-12-23 06:07 961024 ----a-w- c:\windows\system32\CPFilters.dll

2012-01-16 23:37 . 2010-12-23 05:28 642048 ----a-w- c:\windows\SysWow64\CPFilters.dll

2012-01-16 23:37 . 2010-12-23 06:07 1118720 ----a-w- c:\windows\system32\sbe.dll

2012-01-16 23:37 . 2010-12-23 06:02 259072 ----a-w- c:\windows\system32\mpg2splt.ax

2012-01-16 23:37 . 2010-12-23 05:28 850432 ----a-w- c:\windows\SysWow64\sbe.dll

2012-01-16 23:37 . 2010-12-23 05:24 199680 ----a-w- c:\windows\SysWow64\mpg2splt.ax

2012-01-16 23:37 . 2011-10-26 05:19 43520 ----a-w- c:\windows\system32\csrsrv.dll

2012-01-16 23:37 . 2011-04-25 02:44 499712 ----a-w- c:\windows\system32\drivers\afd.sys

2012-01-16 23:35 . 2011-04-29 03:13 461312 ----a-w- c:\windows\system32\drivers\srv.sys

2012-01-16 23:34 . 2011-10-15 06:25 723456 ----a-w- c:\windows\system32\EncDec.dll

2012-01-16 23:34 . 2011-10-15 05:48 534528 ----a-w- c:\windows\SysWow64\EncDec.dll

2012-01-16 23:34 . 2011-06-23 05:29 5507968 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-01-16 23:34 . 2011-06-23 04:38 3957120 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2012-01-16 23:34 . 2011-06-23 04:38 3902336 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2012-01-16 23:34 . 2011-11-19 15:07 77312 ----a-w- c:\windows\system32\packager.dll

2012-01-16 23:34 . 2011-11-19 14:06 67072 ----a-w- c:\windows\SysWow64\packager.dll

2012-01-16 23:34 . 2011-11-05 05:17 2048 ----a-w- c:\windows\system32\tzres.dll

2012-01-16 23:34 . 2011-11-05 04:30 2048 ----a-w- c:\windows\SysWow64\tzres.dll

2012-01-16 23:33 . 2011-11-17 07:14 1739160 ----a-w- c:\windows\system32\ntdll.dll

2012-01-16 23:33 . 2011-11-17 05:41 1292592 ----a-w- c:\windows\SysWow64\ntdll.dll

2012-01-16 23:29 . 2011-11-24 05:00 3141632 ----a-w- c:\windows\system32\win32k.sys

2012-01-16 23:29 . 2011-02-23 05:15 90624 ----a-w- c:\windows\system32\drivers\bowser.sys

2012-01-16 22:29 . 2012-01-16 22:29 -------- d-----w- c:\program files (x86)\Trend Micro

2012-01-16 20:27 . 2012-02-02 05:16 -------- d-----w- c:\programdata\Spybot - Search & Destroy

2012-01-16 20:27 . 2012-01-16 20:28 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-12-09 16:23 . 2011-08-09 15:11 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

@=""

.

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-24 135664]

R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-24 135664]

R3 LVUSBS64;Logitech USB Monitor Filter;c:\windows\system32\drivers\LVUSBS64.sys [x]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]

R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-10-06 51512]

R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-02-06 137560]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R4 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2008-08-07 3276800]

S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]

S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-11-05 140672]

S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]

S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [2009-08-27 1253376]

S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [x]

S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WS2IFSL

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

Akamai REG_MULTI_SZ Akamai

.

Contents of the 'Scheduled Tasks' folder

.

2012-02-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-24 03:06]

.

2012-02-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-24 03:06]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2010-03-10 520760]

"combofix"="c:\combofix\CF7840.3XE" [2009-07-14 344576]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = about:blank

mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html

Trusted Zone: machinaesupremacy.com

TCP: DhcpNameServer = 192.168.254.254

TCP: Interfaces\{F5D895CD-7717-4AC0-AC47-71861EA45EB2}: DhcpNameServer = 192.168.1.1

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

Toolbar-Locked - (no file)

WebBrowser-{66BD2442-241B-44CD-8C7A-B51037053CDB} - (no file)

HKLM-Run-(Default) - (no file)

AddRemove-{FBBC4667-2521-4E78-B1BD-8706F774549B} - c:\programdata\{249B9E04-F0FC-434D-B0D8-12D3EDFF3B77}\Best Buy Software Installer Setup.exe

.

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]

"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_e286960.dll"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CakewalkPlugIns\*,*]

"Description"="Cakewal"

"HelpFilePath"=""

"HelpFileTopic"=""

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CakewalkPlugIns\*D*]

"Description"="Cakewal"

"HelpFilePath"=""

"HelpFileTopic"=""

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\programdata\TVersity\Media Server\MediaServer.exe

.

**************************************************************************

.

Completion time: 2012-02-02 00:45:16 - machine was rebooted

ComboFix-quarantined-files.txt 2012-02-02 05:45

.

Pre-Run: 1,765,203,968 bytes free

Post-Run: 1,603,289,088 bytes free

.

- - End Of File - - 90B1C8A39AA800DCED4A745F9587ABD7

 

Does it look like I might still be infected? What should I do now. Thanks again for your time and helping me.

Share this post


Link to post
Share on other sites
(I hope it was ok to copy and paste this. I was unsure if you wanted me to attach this or not, but I figured that copying and pasting was ok):
We require that logs be copied and will delete any attachments. Please read the Instructions

 

It is never possible to say with absolute 100% certainty that a computer is free of malware, but yours appears clean.

 

  • Please download and install an updated Malwarebytes' Anti-Malware (MBAM). Follow the directions here to run a complete system scan with Malwarebytes' Anti-Malware and please post the report from the scan.

  • Security Check
    • Please download Security Check by screen317 from here.
    • Save it to your Desktop.
    • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Share this post


Link to post
Share on other sites

Security Check:

 

Results of screen317's Security Check version 0.99.30

Windows 7 x64 (UAC is enabled)

Internet Explorer 9

``````````````````````````````

Antivirus/Firewall Check:

WMI entry may not exist for antivirus; attempting automatic update.

```````````````````````````````

Anti-malware/Other Utilities Check:

Spybot - Search & Destroy

Java 6 Update 26

Java SE Runtime Environment 6

Java version out of date!

Adobe Reader 9 Adobe Reader out of date!

````````````````````````````````

Process Check:

objlist.exe by Laurent

``````````End of Log````````````

 

MalwareBytes Log:

 

Malwarebytes Anti-Malware 1.60.1.1000

www.malwarebytes.org

 

Database version: v2012.02.02.02

 

Windows 7 x64 NTFS

Internet Explorer 9.0.8112.16421

Lucky :: LUCKY-PC [administrator]

 

2/2/2012 2:19:18 AM

mbam-log-2012-02-02 (02-19-18).txt

 

Scan type: Full scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 416927

Time elapsed: 1 hour(s), 6 minute(s), 38 second(s)

 

Memory Processes Detected: 0

(No malicious items detected)

 

Memory Modules Detected: 0

(No malicious items detected)

 

Registry Keys Detected: 0

(No malicious items detected)

 

Registry Values Detected: 0

(No malicious items detected)

 

Registry Data Items Detected: 0

(No malicious items detected)

 

Folders Detected: 0

(No malicious items detected)

 

Files Detected: 0

(No malicious items detected)

 

(end)

Share this post


Link to post
Share on other sites

Please do these important security updates:

Update Adobe Reader (uncheck the option box for McAfee scan)

Updating Java:

  • Go here and download the latest version of Java:
  • Go to Start -> Control Panel -> Add or Remove Programs.
  • Search in the list for all previous installed versions of Java. (J2SE Runtime Environment.... )
    They should have this icon next to any that are there: javaicon.gif
    Select any found and choose Uninstall.
  • Then install the version you downloaded earlier.

 

You need a firewall and a good real-time antivirus.

 

Enable the Windows Firewall. The one in Windows 7 is very good. http://windows.microsoft.com/en-US/windows-vista/Turn-Windows-Firewall-on-or-off

 

Please download and run the free version of Avast from http://www.avast.com/free-antivirus-download.

Registration is free.

 

Disable all your other security programs except the firewall.

In the user interface, click SCAN COMPUTER.

Under '
Full system scan
', click 'Settings'.

Click 'Actions'.

Check "Automatically apply actions during scan'

Select 'Move to Chest' for all 3 buttons: Virus, PUP, Suspicious.

Under '
Full system scan
', click 'Settings'.

Click Report file.

Check 'Generate report file'. (A log file is not written by default)

In 'File name' enter
C:\avast.log

Check 'Infected items' and 'Hard errors'.

Click OK.

Under '
Full system scan
' turn on Scan PUP.

 

Click the '
Start
' button for '
Full system scan
'

 

The scan will take a long time but you can do other things while it is running.

If it asks you to reboot, please do so.

 

Post the contents of
C:\avast.log
in your reply.

Share this post


Link to post
Share on other sites

The Advast is only at 9% at an hour and a half in so that might be a bit before I can post that, but I did notice this when I tried to turn on my Windows Firewall. I got this error message:

 

Windows Firewall can't change some of your settings.

Error code 0x80070424

Share this post


Link to post
Share on other sites

We'll work on that when Avast finishes. If you let it run overnight and it's still not done, kill it.

Share this post


Link to post
Share on other sites

The scan is done and I found 6 things. I tried to look for this log file but I can't find it anywhere on my computer, even when I go into Avast's program folders. It just pops up in the program itself and I can't copy and paste it. It moved it to the Chest. I can however re-write what it says in the Scan Results screen. I'm not sure where the text log file is, I have searched as much as I can and I can't find it.

 

Scan Results:

 

File Names:

1. C:\Windows\assembly\GAC_32\Desktop.ini

2. C:\Windows\assembly\GAC_64\Desktop.ini

3. C:\Windows\assembly\temp\U\00000002.@

4. C:\Windows\assembly\temp\U\80000004.@

5. C:\Windows\assembly\temp\U\80000032.@

6. C:\Windows\System32\consrv.dll

 

Severity

1. High

2. High

3. Low

4. High

5. High

6. High

 

Status

1. Threat: Win32:Sirefef-FQ [Drp]

2. Threat: Win32:Sirefef-HO [Rtk]

3. PUP: Win32:Agent-ANSR [PUP]

4. Threat: Win64:ZAccess-A [Trj]

5. Threat: Win32:DNSChanger-VJ [Trj]

6. Threat: Win32:Sirefef-HO [Rtk]

 

Action:

 

All Successfully moved to Chest

 

I couldn't find the log to copy and paste I'm really sorry I hope this was fine. I reread the Scan Results and made sure every thing is correct down to numbers and capitalization. Right now they are in the Chest and I haven't done anything to them.

Share this post


Link to post
Share on other sites

Good for Avast! It found the difficult ZeroAccess (Sirefef) infection and may have fixed it. I don't know why it didn't make the C:\avast.log though. Avast is great. Once a month it will pop up an ad for the advanced version but that is easily dismissed.

 

Now please download SystemLook from one of the links below and save it to your Desktop.

http://jpshortstuff.247fixes.com/SystemLook.exe

http://images.malwareremoval.com/jpshortstuff/SystemLook.exe

Double-click SystemLook.exe to run it.

Copy the content of the following codebox into the main textfield:

:filefind
consrv.dll
winsrv.dll
avast.log
:regfind
consrv

Click the 'Look' button to start the scan and wait for a few minutes until the "Look" button reappears.

When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

Share this post


Link to post
Share on other sites

SystemLook 30.07.11 by jpshortstuff

Log created at 12:12 on 03/02/2012 by Lucky

Administrator - Elevation successful

WARNING: SystemLook running under WOW64. Use SystemLook_x64 for accurate results.

 

Invalid Context: filefindconsrv.dllwinsrv.dllavast.log:regfindconsrv

 

-= EOF =-

Share this post


Link to post
Share on other sites

Ignore the above post, sorry about that. I quickly saw my error and re-entered the information you gave me into the program, here is the log from SystemLook:

 

SystemLook 30.07.11 by jpshortstuff

Log created at 12:15 on 03/02/2012 by Lucky

Administrator - Elevation successful

WARNING: SystemLook running under WOW64. Use SystemLook_x64 for accurate results.

 

========== filefind ==========

 

Searching for "consrv.dll"

No files found.

 

Searching for "winsrv.dll"

C:\Windows\winsxs\amd64_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7600.16385_none_12738849b6063c52\winsrv.dll --a---- 214016 bytes [23:38 13/07/2009] [01:41 14/07/2009] 457B44AB6D502E55F64A867D4F35C76C

C:\Windows\winsxs\amd64_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7600.16850_none_128f0019b5f25b8f\winsrv.dll --a---- 214528 bytes [23:36 16/01/2012] [05:26 16/07/2011] 0CB6EBF4B461A6043353C570BD72A1E1

C:\Windows\winsxs\amd64_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7600.20995_none_12f25ea6cf2be9d0\winsrv.dll --a---- 214528 bytes [23:36 16/01/2012] [05:26 24/06/2011] 6D408ABD60A995A2DAB4BAAE38BCA04F

C:\Windows\winsxs\amd64_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7601.17641_none_14812d55b30fc4e1\winsrv.dll --a---- 214528 bytes [23:36 16/01/2012] [05:34 24/06/2011] EB6A48CC998E1090E44E8E7F1009A640

C:\Windows\winsxs\amd64_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7601.21756_none_1504fba6cc30ff4f\winsrv.dll --a---- 214528 bytes [23:36 16/01/2012] [05:27 24/06/2011] C13D05A015346DED3D722BE285814495

 

Searching for "avast.log"

No files found.

 

========== regfind ==========

 

Searching for "consrv"

No data found.

 

-= EOF =-

Share this post


Link to post
Share on other sites

Looks clean, but I should have given you the 64-bit.

Please delete SystemLook and download SystemLook (64-bit) to your Desktop.

Enter the same things in its window and click 'Look'.

When it finishes please post the new log.

Share this post


Link to post
Share on other sites

Here's the new log file:

 

SystemLook 30.07.11 by jpshortstuff

Log created at 12:46 on 03/02/2012 by Lucky

Administrator - Elevation successful

 

========== filefind ==========

 

Searching for "consrv.dll"

No files found.

 

Searching for "winsrv.dll"

C:\Windows\System32\winsrv.dll --a---- 214528 bytes [23:36 16/01/2012] [05:26 16/07/2011] 0CB6EBF4B461A6043353C570BD72A1E1

C:\Windows\winsxs\amd64_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7600.16385_none_12738849b6063c52\winsrv.dll --a---- 214016 bytes [23:38 13/07/2009] [01:41 14/07/2009] 457B44AB6D502E55F64A867D4F35C76C

C:\Windows\winsxs\amd64_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7600.16850_none_128f0019b5f25b8f\winsrv.dll --a---- 214528 bytes [23:36 16/01/2012] [05:26 16/07/2011] 0CB6EBF4B461A6043353C570BD72A1E1

C:\Windows\winsxs\amd64_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7600.20995_none_12f25ea6cf2be9d0\winsrv.dll --a---- 214528 bytes [23:36 16/01/2012] [05:26 24/06/2011] 6D408ABD60A995A2DAB4BAAE38BCA04F

C:\Windows\winsxs\amd64_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7601.17641_none_14812d55b30fc4e1\winsrv.dll --a---- 214528 bytes [23:36 16/01/2012] [05:34 24/06/2011] EB6A48CC998E1090E44E8E7F1009A640

C:\Windows\winsxs\amd64_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7601.21756_none_1504fba6cc30ff4f\winsrv.dll --a---- 214528 bytes [23:36 16/01/2012] [05:27 24/06/2011] C13D05A015346DED3D722BE285814495

 

Searching for "avast.log"

No files found.

 

========== regfind ==========

 

Searching for "consrv"

No data found.

 

-= EOF =-

 

I'm glad to know that things are looking clean. Now what's left in the Chest in the Avast program what should I do with that? Choose the delete option? And also I still can't turn on my Firewall without getting that error message and I also can't activiate the firewall that Avast gives me in their trial. I get an error message there too.

Share this post


Link to post
Share on other sites

We're not through yet, and you're not necessarily clean. We must proceed cautiously as fixing this infection incorrectly can lead to an unbootable PC. Disinfection looks very good so far, though.

 

Yes, please delete the things in the Chest.

 

Please download tdsskiller.exe and save it to your Desktop. Go here for information.

 


  • Double-click on TDSSKiller.exe to run the application.
  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue
  • If a suspicious file is detected, the default action will be Skip, click on Continue
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file in your next reply.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.

Share this post


Link to post
Share on other sites

Here is the TDSSKiller report:

 

13:43:16.0876 1444 TDSS rootkit removing tool 2.7.9.0 Feb 1 2012 09:28:49

13:43:17.0421 1444 ============================================================

13:43:17.0421 1444 Current date / time: 2012/02/03 13:43:17.0420

13:43:17.0421 1444 SystemInfo:

13:43:17.0421 1444

13:43:17.0421 1444 OS Version: 6.1.7600 ServicePack: 0.0

13:43:17.0421 1444 Product type: Workstation

13:43:17.0421 1444 ComputerName: LUCKY-PC

13:43:17.0421 1444 UserName: Lucky

13:43:17.0421 1444 Windows directory: C:\windows

13:43:17.0421 1444 System windows directory: C:\windows

13:43:17.0421 1444 Running under WOW64

13:43:17.0421 1444 Processor architecture: Intel x64

13:43:17.0421 1444 Number of processors: 1

13:43:17.0421 1444 Page size: 0x1000

13:43:17.0421 1444 Boot type: Normal boot

13:43:17.0421 1444 ============================================================

13:43:17.0787 1444 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

13:43:17.0791 1444 \Device\Harddisk0\DR0:

13:43:17.0792 1444 MBR used

13:43:17.0792 1444 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x1BCF2800

13:43:17.0825 1444 Initialize success

13:43:17.0825 1444 ============================================================

13:43:23.0523 3768 ============================================================

13:43:23.0523 3768 Scan started

13:43:23.0523 3768 Mode: Manual; SigCheck; TDLFS;

13:43:23.0523 3768 ============================================================

13:43:23.0825 3768 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\windows\system32\DRIVERS\1394ohci.sys

13:43:23.0920 3768 1394ohci - ok

13:43:24.0072 3768 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\windows\system32\DRIVERS\ACPI.sys

13:43:24.0091 3768 ACPI - ok

13:43:24.0203 3768 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\windows\system32\DRIVERS\acpipmi.sys

13:43:24.0224 3768 AcpiPmi - ok

13:43:24.0435 3768 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\DRIVERS\adp94xx.sys

13:43:24.0455 3768 adp94xx - ok

13:43:24.0575 3768 adpahci (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\DRIVERS\adpahci.sys

13:43:24.0638 3768 adpahci - ok

13:43:24.0769 3768 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\DRIVERS\adpu320.sys

13:43:24.0785 3768 adpu320 - ok

13:43:24.0914 3768 AFD (6ef20ddf3172e97d69f596fb90602f29) C:\windows\system32\drivers\afd.sys

13:43:24.0936 3768 AFD - ok

13:43:25.0040 3768 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\DRIVERS\agp440.sys

13:43:25.0053 3768 agp440 - ok

13:43:25.0197 3768 aliide (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\DRIVERS\aliide.sys

13:43:25.0210 3768 aliide - ok

13:43:25.0301 3768 amdide (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\DRIVERS\amdide.sys

13:43:25.0314 3768 amdide - ok

13:43:25.0414 3768 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\DRIVERS\amdk8.sys

13:43:25.0431 3768 AmdK8 - ok

13:43:25.0515 3768 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\DRIVERS\amdppm.sys

13:43:25.0532 3768 AmdPPM - ok

13:43:25.0630 3768 amdsata (7a4b413614c055935567cf88a9734d38) C:\windows\system32\DRIVERS\amdsata.sys

13:43:25.0644 3768 amdsata - ok

13:43:25.0733 3768 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\DRIVERS\amdsbs.sys

13:43:25.0748 3768 amdsbs - ok

13:43:25.0829 3768 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\windows\system32\DRIVERS\amdxata.sys

13:43:25.0841 3768 amdxata - ok

13:43:25.0928 3768 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\windows\system32\drivers\appid.sys

13:43:25.0950 3768 AppID - ok

13:43:26.0073 3768 arc (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\DRIVERS\arc.sys

13:43:26.0087 3768 arc - ok

13:43:26.0182 3768 arcsas (019af6924aefe7839f61c830227fe79c) C:\windows\system32\DRIVERS\arcsas.sys

13:43:26.0196 3768 arcsas - ok

13:43:26.0282 3768 aswFsBlk (ce6d8bcc4787704ea4feeb92b0d0caf8) C:\windows\system32\drivers\aswFsBlk.sys

13:43:26.0338 3768 aswFsBlk - ok

13:43:26.0429 3768 aswMonFlt (0debeb2e3fbd0bf5343125cce617f105) C:\windows\system32\drivers\aswMonFlt.sys

13:43:26.0441 3768 aswMonFlt - ok

13:43:26.0558 3768 aswRdr (952edc2e81f85d1781958d4128bf59f8) C:\windows\system32\drivers\aswRdr.sys

13:43:26.0570 3768 aswRdr - ok

13:43:26.0684 3768 aswSnx (dd383e2ac941c545a85ab72503da6c12) C:\windows\system32\drivers\aswSnx.sys

13:43:26.0706 3768 aswSnx - ok

13:43:26.0823 3768 aswSP (ef5403fb8b2dcb791ec365fdf6040a4a) C:\windows\system32\drivers\aswSP.sys

13:43:26.0839 3768 aswSP - ok

13:43:26.0946 3768 aswTdi (34165da5c6b30c0f9d61246bf8a28040) C:\windows\system32\drivers\aswTdi.sys

13:43:26.0958 3768 aswTdi - ok

13:43:27.0059 3768 AsyncMac (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys

13:43:27.0106 3768 AsyncMac - ok

13:43:27.0191 3768 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\DRIVERS\atapi.sys

13:43:27.0205 3768 atapi - ok

13:43:27.0314 3768 athr (d6cad7e5b05055bb8226bdcb1644da27) C:\windows\system32\DRIVERS\athrx.sys

13:43:27.0351 3768 athr - ok

13:43:27.0491 3768 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\windows\system32\DRIVERS\bxvbda.sys

13:43:27.0512 3768 b06bdrv - ok

13:43:27.0644 3768 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys

13:43:27.0664 3768 b57nd60a - ok

13:43:27.0776 3768 Beep (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys

13:43:27.0816 3768 Beep - ok

13:43:27.0916 3768 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\DRIVERS\blbdrive.sys

13:43:27.0933 3768 blbdrive - ok

13:43:28.0070 3768 bowser (19d20159708e152267e53b66677a4995) C:\windows\system32\DRIVERS\bowser.sys

13:43:28.0087 3768 bowser - ok

13:43:28.0161 3768 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\DRIVERS\BrFiltLo.sys

13:43:28.0180 3768 BrFiltLo - ok

13:43:28.0249 3768 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\DRIVERS\BrFiltUp.sys

13:43:28.0267 3768 BrFiltUp - ok

13:43:28.0383 3768 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\windows\system32\DRIVERS\bridge.sys

13:43:28.0426 3768 BridgeMP - ok

13:43:28.0526 3768 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\System32\Drivers\Brserid.sys

13:43:28.0546 3768 Brserid - ok

13:43:28.0628 3768 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys

13:43:28.0652 3768 BrSerWdm - ok

13:43:28.0726 3768 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys

13:43:28.0747 3768 BrUsbMdm - ok

13:43:28.0824 3768 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\windows\System32\Drivers\BrUsbSer.sys

13:43:28.0841 3768 BrUsbSer - ok

13:43:28.0921 3768 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\DRIVERS\bthmodem.sys

13:43:28.0941 3768 BTHMODEM - ok

13:43:28.0981 3768 catchme - ok

13:43:29.0049 3768 cdfs (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys

13:43:29.0091 3768 cdfs - ok

13:43:29.0172 3768 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\windows\system32\DRIVERS\cdrom.sys

13:43:29.0191 3768 cdrom - ok

13:43:29.0296 3768 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\DRIVERS\circlass.sys

13:43:29.0315 3768 circlass - ok

13:43:29.0410 3768 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys

13:43:29.0429 3768 CLFS - ok

13:43:29.0536 3768 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\DRIVERS\CmBatt.sys

13:43:29.0552 3768 CmBatt - ok

13:43:29.0634 3768 cmdide (e19d3f095812725d88f9001985b94edd) C:\windows\system32\DRIVERS\cmdide.sys

13:43:29.0646 3768 cmdide - ok

13:43:29.0726 3768 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\windows\system32\Drivers\cng.sys

13:43:29.0752 3768 CNG - ok

13:43:29.0859 3768 CnxtHdAudService (7247a4d0875f5f28919e0787e11b7b57) C:\windows\system32\drivers\CHDRT64.sys

13:43:29.0880 3768 CnxtHdAudService - ok

13:43:29.0969 3768 Compbatt (102de219c3f61415f964c88e9085ad14) C:\windows\system32\DRIVERS\compbatt.sys

13:43:29.0983 3768 Compbatt - ok

13:43:30.0081 3768 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\windows\system32\DRIVERS\CompositeBus.sys

13:43:30.0100 3768 CompositeBus - ok

13:43:30.0213 3768 crcdisk (1c827878a998c18847245fe1f34ee597) C:\windows\system32\DRIVERS\crcdisk.sys

13:43:30.0225 3768 crcdisk - ok

13:43:30.0364 3768 DfsC (9c253ce7311ca60fc11c774692a13208) C:\windows\system32\Drivers\dfsc.sys

13:43:30.0381 3768 DfsC - ok

13:43:30.0491 3768 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys

13:43:30.0532 3768 discache - ok

13:43:30.0622 3768 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\DRIVERS\disk.sys

13:43:30.0635 3768 Disk - ok

13:43:30.0749 3768 drmkaud (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys

13:43:30.0768 3768 drmkaud - ok

13:43:30.0861 3768 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\windows\System32\drivers\dxgkrnl.sys

13:43:30.0888 3768 DXGKrnl - ok

13:43:31.0060 3768 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\DRIVERS\evbda.sys

13:43:31.0113 3768 ebdrv - ok

13:43:31.0235 3768 elxstor (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\DRIVERS\elxstor.sys

13:43:31.0256 3768 elxstor - ok

13:43:31.0351 3768 ErrDev (34a3c54752046e79a126e15c51db409b) C:\windows\system32\DRIVERS\errdev.sys

13:43:31.0367 3768 ErrDev - ok

13:43:31.0505 3768 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys

13:43:31.0551 3768 exfat - ok

13:43:31.0646 3768 fastfat (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys

13:43:31.0693 3768 fastfat - ok

13:43:31.0789 3768 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\DRIVERS\fdc.sys

13:43:31.0806 3768 fdc - ok

13:43:31.0905 3768 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\windows\system32\drivers\fileinfo.sys

13:43:31.0919 3768 FileInfo - ok

13:43:31.0994 3768 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\windows\system32\drivers\filetrace.sys

13:43:32.0034 3768 Filetrace - ok

13:43:32.0135 3768 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\windows\system32\DRIVERS\flpydisk.sys

13:43:32.0151 3768 flpydisk - ok

13:43:32.0236 3768 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\windows\system32\drivers\fltmgr.sys

13:43:32.0253 3768 FltMgr - ok

13:43:32.0339 3768 FsDepends (d43703496149971890703b4b1b723eac) C:\windows\system32\drivers\FsDepends.sys

13:43:32.0353 3768 FsDepends - ok

13:43:32.0434 3768 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\windows\system32\drivers\Fs_Rec.sys

13:43:32.0446 3768 Fs_Rec - ok

13:43:32.0533 3768 fvevol (b8b2a6e1558f8f5de5ce431c5b2c7b09) C:\windows\system32\DRIVERS\fvevol.sys

13:43:32.0550 3768 fvevol - ok

13:43:32.0641 3768 FwLnk (60acb128e64c35c2b4e4aab1b0a5c293) C:\windows\system32\DRIVERS\FwLnk.sys

13:43:32.0655 3768 FwLnk - ok

13:43:32.0753 3768 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\windows\system32\DRIVERS\gagp30kx.sys

13:43:32.0766 3768 gagp30kx - ok

13:43:32.0855 3768 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\windows\system32\DRIVERS\GEARAspiWDM.sys

13:43:32.0865 3768 GEARAspiWDM - ok

13:43:33.0015 3768 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\windows\system32\drivers\hcw85cir.sys

13:43:33.0035 3768 hcw85cir - ok

13:43:33.0134 3768 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\windows\system32\drivers\HdAudio.sys

13:43:33.0157 3768 HdAudAddService - ok

13:43:33.0241 3768 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\windows\system32\DRIVERS\HDAudBus.sys

13:43:33.0261 3768 HDAudBus - ok

13:43:33.0337 3768 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\windows\system32\DRIVERS\HidBatt.sys

13:43:33.0354 3768 HidBatt - ok

13:43:33.0437 3768 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\windows\system32\DRIVERS\hidbth.sys

13:43:33.0458 3768 HidBth - ok

13:43:33.0538 3768 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\windows\system32\DRIVERS\hidir.sys

13:43:33.0558 3768 HidIr - ok

13:43:33.0639 3768 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\windows\system32\DRIVERS\hidusb.sys

13:43:33.0657 3768 HidUsb - ok

13:43:33.0747 3768 HpSAMD (0886d440058f203eba0e1825e4355914) C:\windows\system32\DRIVERS\HpSAMD.sys

13:43:33.0761 3768 HpSAMD - ok

13:43:33.0858 3768 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\windows\system32\drivers\HTTP.sys

13:43:33.0915 3768 HTTP - ok

13:43:33.0996 3768 hwpolicy (f17766a19145f111856378df337a5d79) C:\windows\system32\drivers\hwpolicy.sys

13:43:34.0009 3768 hwpolicy - ok

13:43:34.0098 3768 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\windows\system32\DRIVERS\i8042prt.sys

13:43:34.0116 3768 i8042prt - ok

13:43:34.0209 3768 iaStor (bbb3b6df1abb0fe35802ede85cc1c011) C:\windows\system32\DRIVERS\iaStor.sys

13:43:34.0226 3768 iaStor - ok

13:43:34.0314 3768 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\windows\system32\DRIVERS\iaStorV.sys

13:43:34.0333 3768 iaStorV - ok

13:43:34.0626 3768 igfx (898ab5bfed7040d7ab07af01885eb944) C:\windows\system32\DRIVERS\igdkmd64.sys

13:43:34.0765 3768 igfx - ok

13:43:34.0848 3768 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\windows\system32\DRIVERS\iirsp.sys

13:43:34.0861 3768 iirsp - ok

13:43:34.0957 3768 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\windows\system32\DRIVERS\intelide.sys

13:43:34.0970 3768 intelide - ok

13:43:35.0057 3768 intelppm (ada036632c664caa754079041cf1f8c1) C:\windows\system32\DRIVERS\intelppm.sys

13:43:35.0074 3768 intelppm - ok

13:43:35.0175 3768 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\windows\system32\DRIVERS\ipfltdrv.sys

13:43:35.0216 3768 IpFilterDriver - ok

13:43:35.0296 3768 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\windows\system32\DRIVERS\IPMIDrv.sys

13:43:35.0313 3768 IPMIDRV - ok

13:43:35.0420 3768 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\windows\system32\drivers\ipnat.sys

13:43:35.0462 3768 IPNAT - ok

13:43:35.0610 3768 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\windows\system32\drivers\irenum.sys

13:43:35.0642 3768 IRENUM - ok

13:43:35.0723 3768 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\windows\system32\DRIVERS\isapnp.sys

13:43:35.0737 3768 isapnp - ok

13:43:35.0828 3768 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\windows\system32\DRIVERS\msiscsi.sys

13:43:35.0844 3768 iScsiPrt - ok

13:43:35.0943 3768 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\windows\system32\DRIVERS\kbdclass.sys

13:43:35.0956 3768 kbdclass - ok

13:43:36.0045 3768 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\windows\system32\DRIVERS\kbdhid.sys

13:43:36.0061 3768 kbdhid - ok

13:43:36.0145 3768 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\windows\system32\Drivers\ksecdd.sys

13:43:36.0159 3768 KSecDD - ok

13:43:36.0231 3768 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\windows\system32\Drivers\ksecpkg.sys

13:43:36.0245 3768 KSecPkg - ok

13:43:36.0328 3768 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\windows\system32\drivers\ksthunk.sys

13:43:36.0369 3768 ksthunk - ok

13:43:36.0467 3768 L1C (48686c29856f46443952a831424f8d6f) C:\windows\system32\DRIVERS\L1C62x64.sys

13:43:36.0482 3768 L1C - ok

13:43:36.0596 3768 lltdio (1538831cf8ad2979a04c423779465827) C:\windows\system32\DRIVERS\lltdio.sys

13:43:36.0637 3768 lltdio - ok

13:43:36.0760 3768 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\windows\system32\DRIVERS\lsi_fc.sys

13:43:36.0774 3768 LSI_FC - ok

13:43:36.0870 3768 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\windows\system32\DRIVERS\lsi_sas.sys

13:43:36.0883 3768 LSI_SAS - ok

13:43:36.0984 3768 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\windows\system32\DRIVERS\lsi_sas2.sys

13:43:36.0998 3768 LSI_SAS2 - ok

13:43:37.0101 3768 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\windows\system32\DRIVERS\lsi_scsi.sys

13:43:37.0116 3768 LSI_SCSI - ok

13:43:37.0202 3768 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys

13:43:37.0244 3768 luafv - ok

13:43:37.0338 3768 LVUSBS64 (5c3ff68267a5d242ee79ee01b993d6ce) C:\windows\system32\drivers\LVUSBS64.sys

13:43:37.0350 3768 LVUSBS64 - ok

13:43:37.0439 3768 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\DRIVERS\megasas.sys

13:43:37.0452 3768 megasas - ok

13:43:37.0537 3768 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\DRIVERS\MegaSR.sys

13:43:37.0554 3768 MegaSR - ok

13:43:37.0641 3768 Modem (800ba92f7010378b09f9ed9270f07137) C:\windows\system32\drivers\modem.sys

13:43:37.0682 3768 Modem - ok

13:43:37.0771 3768 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\windows\system32\DRIVERS\monitor.sys

13:43:37.0790 3768 monitor - ok

13:43:37.0874 3768 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\windows\system32\DRIVERS\mouclass.sys

13:43:37.0887 3768 mouclass - ok

13:43:37.0986 3768 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\windows\system32\DRIVERS\mouhid.sys

13:43:38.0003 3768 mouhid - ok

13:43:38.0081 3768 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\windows\system32\drivers\mountmgr.sys

13:43:38.0096 3768 mountmgr - ok

13:43:38.0185 3768 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\windows\system32\DRIVERS\mpio.sys

13:43:38.0200 3768 mpio - ok

13:43:38.0285 3768 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\windows\system32\drivers\mpsdrv.sys

13:43:38.0332 3768 mpsdrv - ok

13:43:38.0419 3768 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\windows\system32\drivers\mrxdav.sys

13:43:38.0442 3768 MRxDAV - ok

13:43:38.0536 3768 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\windows\system32\DRIVERS\mrxsmb.sys

13:43:38.0554 3768 mrxsmb - ok

13:43:38.0638 3768 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\windows\system32\DRIVERS\mrxsmb10.sys

13:43:38.0658 3768 mrxsmb10 - ok

13:43:38.0749 3768 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\windows\system32\DRIVERS\mrxsmb20.sys

13:43:38.0766 3768 mrxsmb20 - ok

13:43:38.0849 3768 msahci (5c37497276e3b3a5488b23a326a754b7) C:\windows\system32\DRIVERS\msahci.sys

13:43:38.0862 3768 msahci - ok

13:43:38.0944 3768 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\windows\system32\DRIVERS\msdsm.sys

13:43:38.0958 3768 msdsm - ok

13:43:39.0040 3768 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\windows\system32\drivers\Msfs.sys

13:43:39.0080 3768 Msfs - ok

13:43:39.0167 3768 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\windows\System32\drivers\mshidkmdf.sys

13:43:39.0207 3768 mshidkmdf - ok

13:43:39.0292 3768 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\windows\system32\DRIVERS\msisadrv.sys

13:43:39.0304 3768 msisadrv - ok

13:43:39.0407 3768 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\windows\system32\drivers\MSKSSRV.sys

13:43:39.0448 3768 MSKSSRV - ok

13:43:39.0547 3768 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\windows\system32\drivers\MSPCLOCK.sys

13:43:39.0586 3768 MSPCLOCK - ok

13:43:39.0678 3768 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\windows\system32\drivers\MSPQM.sys

13:43:39.0718 3768 MSPQM - ok

13:43:39.0802 3768 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\windows\system32\drivers\MsRPC.sys

13:43:39.0821 3768 MsRPC - ok

13:43:39.0901 3768 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\windows\system32\DRIVERS\mssmbios.sys

13:43:39.0915 3768 mssmbios - ok

13:43:39.0999 3768 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\windows\system32\drivers\MSTEE.sys

13:43:40.0039 3768 MSTEE - ok

13:43:40.0126 3768 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\windows\system32\DRIVERS\MTConfig.sys

13:43:40.0145 3768 MTConfig - ok

13:43:40.0228 3768 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\windows\system32\Drivers\mup.sys

13:43:40.0241 3768 Mup - ok

13:43:40.0356 3768 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\windows\system32\DRIVERS\nwifi.sys

13:43:40.0384 3768 NativeWifiP - ok

13:43:40.0486 3768 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\windows\system32\drivers\ndis.sys

13:43:40.0513 3768 NDIS - ok

13:43:40.0603 3768 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\windows\system32\DRIVERS\ndiscap.sys

13:43:40.0649 3768 NdisCap - ok

13:43:40.0732 3768 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\windows\system32\DRIVERS\ndistapi.sys

13:43:40.0772 3768 NdisTapi - ok

13:43:40.0859 3768 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\windows\system32\DRIVERS\ndisuio.sys

13:43:40.0904 3768 Ndisuio - ok

13:43:40.0976 3768 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\windows\system32\DRIVERS\ndiswan.sys

13:43:41.0018 3768 NdisWan - ok

13:43:41.0096 3768 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\windows\system32\drivers\NDProxy.sys

13:43:41.0138 3768 NDProxy - ok

13:43:41.0234 3768 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\windows\system32\DRIVERS\netbios.sys

13:43:41.0274 3768 NetBIOS - ok

13:43:41.0359 3768 NetBT (9162b273a44ab9dce5b44362731d062a) C:\windows\system32\DRIVERS\netbt.sys

13:43:41.0403 3768 NetBT - ok

13:43:41.0529 3768 nfrd960 (77889813be4d166cdab78ddba990da92) C:\windows\system32\DRIVERS\nfrd960.sys

13:43:41.0543 3768 nfrd960 - ok

13:43:41.0635 3768 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\windows\system32\drivers\Npfs.sys

13:43:41.0675 3768 Npfs - ok

13:43:41.0758 3768 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\windows\system32\drivers\nsiproxy.sys

13:43:41.0798 3768 nsiproxy - ok

13:43:41.0904 3768 Ntfs (356698a13c4630d5b31c37378d469196) C:\windows\system32\drivers\Ntfs.sys

13:43:41.0942 3768 Ntfs - ok

13:43:42.0019 3768 Null (9899284589f75fa8724ff3d16aed75c1) C:\windows\system32\drivers\Null.sys

13:43:42.0059 3768 Null - ok

13:43:42.0153 3768 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\windows\system32\DRIVERS\nvraid.sys

13:43:42.0167 3768 nvraid - ok

13:43:42.0277 3768 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\windows\system32\DRIVERS\nvstor.sys

13:43:42.0293 3768 nvstor - ok

13:43:42.0395 3768 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\windows\system32\DRIVERS\nv_agp.sys

13:43:42.0410 3768 nv_agp - ok

13:43:42.0488 3768 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\windows\system32\DRIVERS\ohci1394.sys

13:43:42.0506 3768 ohci1394 - ok

13:43:42.0613 3768 Parport (0086431c29c35be1dbc43f52cc273887) C:\windows\system32\DRIVERS\parport.sys

13:43:42.0631 3768 Parport - ok

13:43:42.0757 3768 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\windows\system32\drivers\partmgr.sys

13:43:42.0771 3768 partmgr - ok

13:43:42.0875 3768 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\windows\system32\DRIVERS\pci.sys

13:43:42.0891 3768 pci - ok

13:43:42.0967 3768 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\windows\system32\DRIVERS\pciide.sys

13:43:42.0980 3768 pciide - ok

13:43:43.0074 3768 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\windows\system32\DRIVERS\pcmcia.sys

13:43:43.0090 3768 pcmcia - ok

13:43:43.0177 3768 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\windows\system32\drivers\pcw.sys

13:43:43.0191 3768 pcw - ok

13:43:43.0279 3768 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\windows\system32\drivers\peauth.sys

13:43:43.0328 3768 PEAUTH - ok

13:43:43.0513 3768 PID_PEPI (087a343dfc337f37723dd7912de6b6cd) C:\windows\system32\DRIVERS\LV302V64.SYS

13:43:43.0566 3768 PID_PEPI - ok

13:43:43.0693 3768 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\windows\system32\DRIVERS\raspptp.sys

13:43:43.0735 3768 PptpMiniport - ok

13:43:43.0812 3768 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\windows\system32\DRIVERS\processr.sys

13:43:43.0830 3768 Processor - ok

13:43:43.0934 3768 Psched (ee992183bd8eaefd9973f352e587a299) C:\windows\system32\DRIVERS\pacer.sys

13:43:43.0976 3768 Psched - ok

13:43:44.0109 3768 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\windows\system32\DRIVERS\ql2300.sys

13:43:44.0145 3768 ql2300 - ok

13:43:44.0253 3768 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\windows\system32\DRIVERS\ql40xx.sys

13:43:44.0267 3768 ql40xx - ok

13:43:44.0359 3768 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\windows\system32\drivers\qwavedrv.sys

13:43:44.0381 3768 QWAVEdrv - ok

13:43:44.0453 3768 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\windows\system32\DRIVERS\rasacd.sys

13:43:44.0493 3768 RasAcd - ok

13:43:44.0577 3768 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\windows\system32\DRIVERS\AgileVpn.sys

13:43:44.0618 3768 RasAgileVpn - ok

13:43:44.0711 3768 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\windows\system32\DRIVERS\rasl2tp.sys

13:43:44.0753 3768 Rasl2tp - ok

13:43:44.0845 3768 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\windows\system32\DRIVERS\raspppoe.sys

13:43:44.0886 3768 RasPppoe - ok

13:43:44.0967 3768 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\windows\system32\DRIVERS\rassstp.sys

13:43:45.0008 3768 RasSstp - ok

13:43:45.0098 3768 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\windows\system32\DRIVERS\rdbss.sys

13:43:45.0142 3768 rdbss - ok

13:43:45.0225 3768 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\windows\system32\DRIVERS\rdpbus.sys

13:43:45.0245 3768 rdpbus - ok

13:43:45.0321 3768 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\windows\system32\DRIVERS\RDPCDD.sys

13:43:45.0363 3768 RDPCDD - ok

13:43:45.0457 3768 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\windows\system32\drivers\rdpencdd.sys

13:43:45.0498 3768 RDPENCDD - ok

13:43:45.0576 3768 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\windows\system32\drivers\rdprefmp.sys

13:43:45.0616 3768 RDPREFMP - ok

13:43:45.0696 3768 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\windows\system32\drivers\RDPWD.sys

13:43:45.0739 3768 RDPWD - ok

13:43:45.0822 3768 rdyboost (634b9a2181d98f15941236886164ec8b) C:\windows\system32\drivers\rdyboost.sys

13:43:45.0838 3768 rdyboost - ok

13:43:45.0962 3768 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\windows\system32\DRIVERS\rspndr.sys

13:43:46.0003 3768 rspndr - ok

13:43:46.0098 3768 RSUSBSTOR (907c4464381b5ebdfdc60f6c7d0dedfc) C:\windows\system32\Drivers\RtsUStor.sys

13:43:46.0120 3768 RSUSBSTOR - ok

13:43:46.0209 3768 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS

13:43:46.0220 3768 SASDIFSV - ok

13:43:46.0305 3768 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS

13:43:46.0314 3768 SASKUTIL - ok

13:43:46.0398 3768 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\windows\system32\DRIVERS\sbp2port.sys

13:43:46.0412 3768 sbp2port - ok

13:43:46.0545 3768 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\windows\system32\DRIVERS\scfilter.sys

13:43:46.0586 3768 scfilter - ok

13:43:46.0698 3768 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys

13:43:46.0738 3768 secdrv - ok

13:43:46.0853 3768 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\windows\system32\DRIVERS\serenum.sys

13:43:46.0869 3768 Serenum - ok

13:43:46.0968 3768 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\windows\system32\DRIVERS\serial.sys

13:43:46.0986 3768 Serial - ok

13:43:47.0090 3768 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\windows\system32\DRIVERS\sermouse.sys

13:43:47.0107 3768 sermouse - ok

13:43:47.0211 3768 sffdisk (a554811bcd09279536440c964ae35bbf) C:\windows\system32\DRIVERS\sffdisk.sys

13:43:47.0230 3768 sffdisk - ok

13:43:47.0322 3768 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\windows\system32\DRIVERS\sffp_mmc.sys

13:43:47.0342 3768 sffp_mmc - ok

13:43:47.0421 3768 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\windows\system32\DRIVERS\sffp_sd.sys

13:43:47.0440 3768 sffp_sd - ok

13:43:47.0528 3768 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\windows\system32\DRIVERS\sfloppy.sys

13:43:47.0544 3768 sfloppy - ok

13:43:47.0645 3768 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\windows\system32\DRIVERS\SiSRaid2.sys

13:43:47.0658 3768 SiSRaid2 - ok

13:43:47.0742 3768 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\windows\system32\DRIVERS\sisraid4.sys

13:43:47.0755 3768 SiSRaid4 - ok

13:43:47.0856 3768 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\windows\system32\DRIVERS\smb.sys

13:43:47.0897 3768 Smb - ok

13:43:47.0989 3768 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\windows\system32\drivers\spldr.sys

13:43:48.0002 3768 spldr - ok

13:43:48.0129 3768 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\windows\system32\DRIVERS\srv.sys

13:43:48.0150 3768 srv - ok

13:43:48.0234 3768 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\windows\system32\DRIVERS\srv2.sys

13:43:48.0269 3768 srv2 - ok

13:43:48.0354 3768 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\windows\system32\DRIVERS\srvnet.sys

13:43:48.0372 3768 srvnet - ok

13:43:48.0466 3768 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\windows\system32\DRIVERS\stexstor.sys

13:43:48.0479 3768 stexstor - ok

13:43:48.0570 3768 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\windows\system32\DRIVERS\swenum.sys

13:43:48.0583 3768 swenum - ok

13:43:48.0704 3768 SynTP (470c47daba9ca3966f0ab3f835d7d135) C:\windows\system32\DRIVERS\SynTP.sys

13:43:48.0720 3768 SynTP - ok

13:43:48.0859 3768 Tcpip (f18f56efc0bfb9c87ba01c37b27f4da5) C:\windows\system32\drivers\tcpip.sys

13:43:48.0900 3768 Tcpip - ok

13:43:49.0026 3768 TCPIP6 (f18f56efc0bfb9c87ba01c37b27f4da5) C:\windows\system32\DRIVERS\tcpip.sys

13:43:49.0066 3768 TCPIP6 - ok

13:43:49.0146 3768 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\windows\system32\drivers\tcpipreg.sys

13:43:49.0187 3768 tcpipreg - ok

13:43:49.0288 3768 tdcmdpst (fd542b661bd22fa69ca789ad0ac58c29) C:\windows\system32\DRIVERS\tdcmdpst.sys

13:43:49.0300 3768 tdcmdpst - ok

13:43:49.0417 3768 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\windows\system32\drivers\tdpipe.sys

13:43:49.0457 3768 TDPIPE - ok

13:43:49.0575 3768 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\windows\system32\drivers\tdtcp.sys

13:43:49.0620 3768 TDTCP - ok

13:43:49.0718 3768 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\windows\system32\DRIVERS\tdx.sys

13:43:49.0760 3768 tdx - ok

13:43:49.0837 3768 TermDD (c448651339196c0e869a355171875522) C:\windows\system32\DRIVERS\termdd.sys

13:43:49.0851 3768 TermDD - ok

13:43:50.0042 3768 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\windows\system32\DRIVERS\tssecsrv.sys

13:43:50.0082 3768 tssecsrv - ok

13:43:50.0205 3768 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\windows\system32\DRIVERS\tunnel.sys

13:43:50.0250 3768 tunnel - ok

13:43:50.0342 3768 TVALZ (550b567f9364d8f7684c3fb3ea665a72) C:\windows\system32\DRIVERS\TVALZ_O.SYS

13:43:50.0352 3768 TVALZ - ok

13:43:50.0490 3768 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\windows\system32\DRIVERS\uagp35.sys

13:43:50.0504 3768 uagp35 - ok

13:43:50.0537 3768 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\windows\system32\DRIVERS\udfs.sys

13:43:50.0581 3768 udfs - ok

13:43:50.0688 3768 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\windows\system32\DRIVERS\uliagpkx.sys

13:43:50.0702 3768 uliagpkx - ok

13:43:50.0792 3768 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\windows\system32\DRIVERS\umbus.sys

13:43:50.0809 3768 umbus - ok

13:43:50.0900 3768 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\windows\system32\DRIVERS\umpass.sys

13:43:50.0917 3768 UmPass - ok

13:43:51.0029 3768 USBAAPL64 (54d4b48d443e7228bf64cf7cdc3118ac) C:\windows\system32\Drivers\usbaapl64.sys

13:43:51.0035 3768 USBAAPL64 ( UnsignedFile.Multi.Generic ) - warning

13:43:51.0035 3768 USBAAPL64 - detected UnsignedFile.Multi.Generic (1)

13:43:51.0133 3768 usbaudio (77b01bc848298223a95d4ec23e1785a1) C:\windows\system32\drivers\usbaudio.sys

13:43:51.0158 3768 usbaudio - ok

13:43:51.0239 3768 usbccgp (b26afb54a534d634523c4fb66765b026) C:\windows\system32\DRIVERS\usbccgp.sys

13:43:51.0256 3768 usbccgp - ok

13:43:51.0361 3768 usbcir (af0892a803fdda7492f595368e3b68e7) C:\windows\system32\DRIVERS\usbcir.sys

13:43:51.0381 3768 usbcir - ok

13:43:51.0458 3768 usbehci (cb490987a7f6928a04bb838e3bd8a936) C:\windows\system32\DRIVERS\usbehci.sys

13:43:51.0495 3768 usbehci - ok

13:43:51.0576 3768 usbhub (18124ef0a881a00ee222d02a3ee30270) C:\windows\system32\DRIVERS\usbhub.sys

13:43:51.0596 3768 usbhub - ok

13:43:51.0688 3768 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\windows\system32\DRIVERS\usbohci.sys

13:43:51.0704 3768 usbohci - ok

13:43:51.0793 3768 usbprint (73188f58fb384e75c4063d29413cee3d) C:\windows\system32\DRIVERS\usbprint.sys

13:43:51.0812 3768 usbprint - ok

13:43:51.0888 3768 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\windows\system32\DRIVERS\USBSTOR.SYS

13:43:51.0906 3768 USBSTOR - ok

13:43:51.0983 3768 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\windows\system32\DRIVERS\usbuhci.sys

13:43:52.0000 3768 usbuhci - ok

13:43:52.0102 3768 usbvideo (d501e12614b00a3252073101d6a1a74b) C:\windows\system32\Drivers\usbvideo.sys

13:43:52.0124 3768 usbvideo - ok

13:43:52.0225 3768 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\windows\system32\DRIVERS\vdrvroot.sys

13:43:52.0237 3768 vdrvroot - ok

13:43:52.0340 3768 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\windows\system32\DRIVERS\vgapnp.sys

13:43:52.0360 3768 vga - ok

13:43:52.0441 3768 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\windows\System32\drivers\vga.sys

13:43:52.0486 3768 VgaSave - ok

13:43:52.0586 3768 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\windows\system32\DRIVERS\vhdmp.sys

13:43:52.0602 3768 vhdmp - ok

13:43:52.0693 3768 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\windows\system32\DRIVERS\viaide.sys

13:43:52.0706 3768 viaide - ok

13:43:52.0785 3768 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\windows\system32\DRIVERS\volmgr.sys

13:43:52.0799 3768 volmgr - ok

13:43:52.0887 3768 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\windows\system32\drivers\volmgrx.sys

13:43:52.0906 3768 volmgrx - ok

13:43:52.0983 3768 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\windows\system32\DRIVERS\volsnap.sys

13:43:53.0010 3768 volsnap - ok

13:43:53.0090 3768 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\windows\system32\DRIVERS\vsmraid.sys

13:43:53.0105 3768 vsmraid - ok

13:43:53.0191 3768 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\windows\system32\DRIVERS\vwifibus.sys

13:43:53.0211 3768 vwifibus - ok

13:43:53.0300 3768 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\windows\system32\DRIVERS\vwififlt.sys

13:43:53.0322 3768 vwififlt - ok

13:43:53.0414 3768 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\windows\system32\DRIVERS\vwifimp.sys

13:43:53.0435 3768 vwifimp - ok

13:43:53.0534 3768 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\windows\system32\DRIVERS\wacompen.sys

13:43:53.0551 3768 WacomPen - ok

13:43:53.0635 3768 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\windows\system32\DRIVERS\wanarp.sys

13:43:53.0675 3768 WANARP - ok

13:43:53.0694 3768 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\windows\system32\DRIVERS\wanarp.sys

13:43:53.0741 3768 Wanarpv6 - ok

13:43:53.0846 3768 Wd (72889e16ff12ba0f235467d6091b17dc) C:\windows\system32\DRIVERS\wd.sys

13:43:53.0858 3768 Wd - ok

13:43:53.0944 3768 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\windows\system32\drivers\Wdf01000.sys

13:43:53.0967 3768 Wdf01000 - ok

13:43:54.0098 3768 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\windows\system32\DRIVERS\wfplwf.sys

13:43:54.0138 3768 WfpLwf - ok

13:43:54.0215 3768 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\windows\system32\drivers\wimmount.sys

13:43:54.0228 3768 WIMMount - ok

13:43:54.0397 3768 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\windows\system32\DRIVERS\WinUsb.sys

13:43:54.0418 3768 WinUsb - ok

13:43:54.0517 3768 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\windows\system32\DRIVERS\wmiacpi.sys

13:43:54.0534 3768 WmiAcpi - ok

13:43:54.0654 3768 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\windows\system32\drivers\ws2ifsl.sys

13:43:54.0695 3768 ws2ifsl - ok

13:43:54.0813 3768 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\windows\system32\drivers\WudfPf.sys

13:43:54.0859 3768 WudfPf - ok

13:43:54.0937 3768 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\windows\system32\DRIVERS\WUDFRd.sys

13:43:54.0980 3768 WUDFRd - ok

13:43:55.0108 3768 xnacc (4a5ce13408945e525503b5f73d29b9c5) C:\windows\system32\DRIVERS\xnacc.sys

13:43:55.0135 3768 xnacc - ok

13:43:55.0247 3768 xusb21 (2ee48cfce7ca8e0db4c44c7476c0943b) C:\windows\system32\DRIVERS\xusb21.sys

13:43:55.0262 3768 xusb21 - ok

13:43:55.0336 3768 MBR (0x1B8) (5b5e648d12fcadc244c1ec30318e1eb9) \Device\Harddisk0\DR0

13:43:56.0296 3768 \Device\Harddisk0\DR0 - ok

13:43:56.0333 3768 Boot (0x1200) (12ed94b2a4568d7a52620f742ad8b077) \Device\Harddisk0\DR0\Partition0

13:43:56.0334 3768 \Device\Harddisk0\DR0\Partition0 - ok

13:43:56.0339 3768 ============================================================

13:43:56.0339 3768 Scan finished

13:43:56.0339 3768 ============================================================

13:43:56.0358 1580 Detected object count: 1

13:43:56.0358 1580 Actual detected object count: 1

13:44:00.0447 1580 USBAAPL64 ( UnsignedFile.Multi.Generic ) - skipped by user

13:44:00.0447 1580 USBAAPL64 ( UnsignedFile.Multi.Generic ) - User select action: Skip

Share this post


Link to post
Share on other sites

Looks good. USBAAPL64 is the legitimate Apple Mobile Device USB Driver, which you presumably installed.

 

Please do these important security updates:

Update Adobe Reader (uncheck the option box for McAfee scan)

Updating Java:

  • Go here and download the latest version of Java:
  • Go to Start -> Control Panel -> Add or Remove Programs.
  • Search in the list for all previous installed versions of Java. (J2SE Runtime Environment.... )
    They should have this icon next to any that are there: javaicon.gif
    Select any found and choose Uninstall.
  • Then install the version you downloaded earlier.

 

Now please see if you can Turn on Windows Firewall.

Tell me any error messages you get.

Share this post


Link to post
Share on other sites

When I installed Adobe and it began to run it gave me an error saying that I did not have a program associated with this file for it to run. That I needed to select program for Adobe to run to make it useable.

 

So I continued to install Java, that's running.

 

I tried to turn my Windows Firewall on and it still gave me this error message:

 

Windows Firewall can't change some of your settings.

Error code 0x80070424

Share this post


Link to post
Share on other sites

Microsoft has a page about that error. http://support.microsoft.com/kb/2530126

 

I think you are free of malware now, so try their Method 2:

Method 2: Start the Windows Firewall Services manually.

You can start the Windows Firewall services manually as well as make sure it starts automatically in the future. To do this, follow the steps below:

 

Click the Start button, then type Services in the Search programs and files box (Windows 7) or in the Start search box (Windows Vista).

Right-click Services. Note: there will be a cogwheel located next to it. Then click Run as administrator. If prompted, enter your administrator user name and password, then press Enter.

Scroll until you see Windows Firewall. Double click Windows Firewall.

Click the drop down menu next to Startup type, then choose Automatic.

Under Service status, if it is listed as Stopped, click Start.

Click Apply, then click OK.

Scroll until you see Base Filtering Engine. Double click Base Filtering Engine.

Under Service status, if it is listed as Stopped, click Start.

Click Apply, then click OK.

Restart Windows. Windows Firewall should be enabled.

Share this post


Link to post
Share on other sites

First, about Adobe. You want Adobe Reader, not Adobe. I gave you the link:

Update Adobe Reader (uncheck the option box for McAfee scan)

What happens when you click that link? If anything other than these:

http://get.adobe.com/reader or get.adobe.reader

is in the address bar, please let me know. If you are in the right place then do the Download.

 

Proceeding with getting your Windows Firewall to work:

Please download Farbar Service Scanner and run it on the computer with the issue.

  • Check all the boxes.
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

Share this post


Link to post
Share on other sites

Here is the Farbar log:

 

Farbar Service Scanner Version: 02-02-2012

Ran by Lucky (administrator) on 03-02-2012 at 20:12:28

Microsoft Windows 7 Home Premium (X64)

Boot Mode: Nerwork

****************************************************************

 

Internet Services:

============

 

Connection Status:

==============

Localhost is accessible.

LAN connected.

Google IP is accessible.

Yahoo IP is accessible.

 

 

Windows Firewall:

=============

mpsdrv Service is not running. Checking service configuration:

The start type of mpsdrv service is OK.

The ImagePath of mpsdrv service is OK.

 

MpsSvc Service is not running. Checking service configuration:

Checking Start type: Attention! Unable to open MpsSvc registry key. The service key does not exist.

Checking ImagePath: Attention! Unable to open MpsSvc registry key. The service key does not exist.

Checking ServiceDll: Attention! Unable to open MpsSvc registry key. The service key does not exist.

 

 

Firewall Disabled Policy:

==================

 

 

System Restore:

============

SDRSVC Service is not running. Checking service configuration:

The start type of SDRSVC service is OK.

The ImagePath of SDRSVC service is OK.

The ServiceDll of SDRSVC service is OK.

 

VSS Service is not running. Checking service configuration:

The start type of VSS service is OK.

The ImagePath of VSS service is OK.

 

 

System Restore Disabled Policy:

========================

 

 

Security Center:

============

wscsvc Service is not running. Checking service configuration:

The start type of wscsvc service is OK.

The ImagePath of wscsvc service is OK.

The ServiceDll of wscsvc service is OK.

 

 

Windows Update:

===========

wuauserv Service is not running. Checking service configuration:

The start type of wuauserv service is OK.

The ImagePath of wuauserv service is OK.

The ServiceDll of wuauserv service is OK.

 

BITS Service is not running. Checking service configuration:

The start type of BITS service is OK.

The ImagePath of BITS service is OK.

The ServiceDll of BITS service is OK.

 

EventSystem Service is not running. Checking service configuration:

The start type of EventSystem service is OK.

The ImagePath of EventSystem service is OK.

The ServiceDll of EventSystem service is OK.

 

 

File Check:

========

C:\Windows\System32\nsisvc.dll => MD5 is legit

C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit

C:\Windows\System32\dhcpcore.dll => MD5 is legit

C:\Windows\System32\drivers\afd.sys => MD5 is legit

C:\Windows\System32\drivers\tdx.sys => MD5 is legit

C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit

C:\Windows\System32\dnsrslvr.dll => MD5 is legit

C:\Windows\System32\mpssvc.dll

[2009-07-13 19:09] - [2009-07-13 20:41] - 0824832 ____A (Microsoft Corporation) AECAB449567D1846DAD63ECE49E893E3

 

C:\Windows\System32\bfe.dll

[2009-07-13 19:09] - [2009-07-13 20:40] - 0703488 ____A (Microsoft Corporation) 4992C609A6315671463E30F6512BC022

 

C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit

C:\Windows\System32\SDRSVC.dll

[2009-07-13 18:36] - [2009-07-13 20:41] - 0170496 ____A (Microsoft Corporation) 765A27C3279CE11D14CB9E4F5869FCA5

 

C:\Windows\System32\vssvc.exe

[2009-07-13 18:39] - [2009-07-13 20:39] - 1598976 ____A (Microsoft Corporation) 787898BF9FB6D7BD87A36E2D95C899BA

 

C:\Windows\System32\wscsvc.dll => MD5 is legit

C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit

C:\Windows\System32\wuaueng.dll

[2009-07-13 19:36] - [2009-07-13 20:41] - 2418176 ____A (Microsoft Corporation) 38340204A2D0228F1E87740FC5E554A7

 

C:\Windows\System32\qmgr.dll => MD5 is legit

C:\Windows\System32\es.dll => MD5 is legit

C:\Windows\System32\cryptsvc.dll => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\System32\rpcss.dll => MD5 is legit

 

Also to add I just ended up restarting my computer and it won't load at all. I'm running in Savfemode with the Network on so I can still access the internet, I'm freaking out I don't know what to do. When I start up normally I get to my login. I put my password in. Then it stays on Welcome forever. When that finally goes away it's a blank black screen. So I turned off my computer , turned it back on and I clicked F8 to load Safe Mode with Network. What should I do?

**** End of log ****

Share this post


Link to post
Share on other sites

Reason for the Restart was Microsoft Security Essentials had an update and told me I needed to reboot. That's why I clicked for the Restart.

Share this post


Link to post
Share on other sites

Copy the contents of the below code box to Notepad; Save As FixReg.reg to your Desktop; make sure File Type: is set to All Files (*.*).

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager\SubSystems]
"Windows"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\
 74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,63,\
 00,73,00,72,00,73,00,73,00,2e,00,65,00,78,00,65,00,20,00,4f,00,62,00,6a,00,\
 65,00,63,00,74,00,44,00,69,00,72,00,65,00,63,00,74,00,6f,00,72,00,79,00,3d,\
 00,5c,00,57,00,69,00,6e,00,64,00,6f,00,77,00,73,00,20,00,53,00,68,00,61,00,\
 72,00,65,00,64,00,53,00,65,00,63,00,74,00,69,00,6f,00,6e,00,3d,00,31,00,30,\
 00,32,00,34,00,2c,00,32,00,30,00,34,00,38,00,30,00,2c,00,37,00,36,00,38,00,\
 20,00,57,00,69,00,6e,00,64,00,6f,00,77,00,73,00,3d,00,4f,00,6e,00,20,00,53,\
 00,75,00,62,00,53,00,79,00,73,00,74,00,65,00,6d,00,54,00,79,00,70,00,65,00,\
 3d,00,57,00,69,00,6e,00,64,00,6f,00,77,00,73,00,20,00,53,00,65,00,72,00,76,\
 00,65,00,72,00,44,00,6c,00,6c,00,3d,00,62,00,61,00,73,00,65,00,73,00,72,00,\
 76,00,2c,00,31,00,20,00,53,00,65,00,72,00,76,00,65,00,72,00,44,00,6c,00,6c,\
 00,3d,00,77,00,69,00,6e,00,73,00,72,00,76,00,3a,00,55,00,73,00,65,00,72,00,\
 53,00,65,00,72,00,76,00,65,00,72,00,44,00,6c,00,6c,00,49,00,6e,00,69,00,74,\
 00,69,00,61,00,6c,00,69,00,7a,00,61,00,74,00,69,00,6f,00,6e,00,2c,00,33,00,\
 20,00,53,00,65,00,72,00,76,00,65,00,72,00,44,00,6c,00,6c,00,3d,00,77,00,69,\
 00,6e,00,73,00,72,00,76,00,3a,00,43,00,6f,00,6e,00,53,00,65,00,72,00,76,00,\
 65,00,72,00,44,00,6c,00,6c,00,49,00,6e,00,69,00,74,00,69,00,61,00,6c,00,69,\
 00,7a,00,61,00,74,00,69,00,6f,00,6e,00,2c,00,32,00,20,00,53,00,65,00,72,00,\
 76,00,65,00,72,00,44,00,6c,00,6c,00,3d,00,73,00,78,00,73,00,73,00,72,00,76,\
 00,2c,00,34,00,20,00,50,00,72,00,6f,00,66,00,69,00,6c,00,65,00,43,00,6f,00,\
 6e,00,74,00,72,00,6f,00,6c,00,3d,00,4f,00,66,00,66,00,20,00,4d,00,61,00,78,\
 00,52,00,65,00,71,00,75,00,65,00,73,00,74,00,54,00,68,00,72,00,65,00,61,00,\
 64,00,73,00,3d,00,31,00,36,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Session Manager\SubSystems] 
"Windows"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\
 74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,63,\
 00,73,00,72,00,73,00,73,00,2e,00,65,00,78,00,65,00,20,00,4f,00,62,00,6a,00,\
 65,00,63,00,74,00,44,00,69,00,72,00,65,00,63,00,74,00,6f,00,72,00,79,00,3d,\
 00,5c,00,57,00,69,00,6e,00,64,00,6f,00,77,00,73,00,20,00,53,00,68,00,61,00,\
 72,00,65,00,64,00,53,00,65,00,63,00,74,00,69,00,6f,00,6e,00,3d,00,31,00,30,\
 00,32,00,34,00,2c,00,32,00,30,00,34,00,38,00,30,00,2c,00,37,00,36,00,38,00,\
 20,00,57,00,69,00,6e,00,64,00,6f,00,77,00,73,00,3d,00,4f,00,6e,00,20,00,53,\
 00,75,00,62,00,53,00,79,00,73,00,74,00,65,00,6d,00,54,00,79,00,70,00,65,00,\
 3d,00,57,00,69,00,6e,00,64,00,6f,00,77,00,73,00,20,00,53,00,65,00,72,00,76,\
 00,65,00,72,00,44,00,6c,00,6c,00,3d,00,62,00,61,00,73,00,65,00,73,00,72,00,\
 76,00,2c,00,31,00,20,00,53,00,65,00,72,00,76,00,65,00,72,00,44,00,6c,00,6c,\
 00,3d,00,77,00,69,00,6e,00,73,00,72,00,76,00,3a,00,55,00,73,00,65,00,72,00,\
 53,00,65,00,72,00,76,00,65,00,72,00,44,00,6c,00,6c,00,49,00,6e,00,69,00,74,\
 00,69,00,61,00,6c,00,69,00,7a,00,61,00,74,00,69,00,6f,00,6e,00,2c,00,33,00,\
 20,00,53,00,65,00,72,00,76,00,65,00,72,00,44,00,6c,00,6c,00,3d,00,77,00,69,\
 00,6e,00,73,00,72,00,76,00,3a,00,43,00,6f,00,6e,00,53,00,65,00,72,00,76,00,\
 65,00,72,00,44,00,6c,00,6c,00,49,00,6e,00,69,00,74,00,69,00,61,00,6c,00,69,\
 00,7a,00,61,00,74,00,69,00,6f,00,6e,00,2c,00,32,00,20,00,53,00,65,00,72,00,\
 76,00,65,00,72,00,44,00,6c,00,6c,00,3d,00,73,00,78,00,73,00,73,00,72,00,76,\
 00,2c,00,34,00,20,00,50,00,72,00,6f,00,66,00,69,00,6c,00,65,00,43,00,6f,00,\
 6e,00,74,00,72,00,6f,00,6c,00,3d,00,4f,00,66,00,66,00,20,00,4d,00,61,00,78,\
 00,52,00,65,00,71,00,75,00,65,00,73,00,74,00,54,00,68,00,72,00,65,00,61,00,\
 64,00,73,00,3d,00,31,00,36,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems]
"Windows"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\
 74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,63,\
 00,73,00,72,00,73,00,73,00,2e,00,65,00,78,00,65,00,20,00,4f,00,62,00,6a,00,\
 65,00,63,00,74,00,44,00,69,00,72,00,65,00,63,00,74,00,6f,00,72,00,79,00,3d,\
 00,5c,00,57,00,69,00,6e,00,64,00,6f,00,77,00,73,00,20,00,53,00,68,00,61,00,\
 72,00,65,00,64,00,53,00,65,00,63,00,74,00,69,00,6f,00,6e,00,3d,00,31,00,30,\
 00,32,00,34,00,2c,00,32,00,30,00,34,00,38,00,30,00,2c,00,37,00,36,00,38,00,\
 20,00,57,00,69,00,6e,00,64,00,6f,00,77,00,73,00,3d,00,4f,00,6e,00,20,00,53,\
 00,75,00,62,00,53,00,79,00,73,00,74,00,65,00,6d,00,54,00,79,00,70,00,65,00,\
 3d,00,57,00,69,00,6e,00,64,00,6f,00,77,00,73,00,20,00,53,00,65,00,72,00,76,\
 00,65,00,72,00,44,00,6c,00,6c,00,3d,00,62,00,61,00,73,00,65,00,73,00,72,00,\
 76,00,2c,00,31,00,20,00,53,00,65,00,72,00,76,00,65,00,72,00,44,00,6c,00,6c,\
 00,3d,00,77,00,69,00,6e,00,73,00,72,00,76,00,3a,00,55,00,73,00,65,00,72,00,\
 53,00,65,00,72,00,76,00,65,00,72,00,44,00,6c,00,6c,00,49,00,6e,00,69,00,74,\
 00,69,00,61,00,6c,00,69,00,7a,00,61,00,74,00,69,00,6f,00,6e,00,2c,00,33,00,\
 20,00,53,00,65,00,72,00,76,00,65,00,72,00,44,00,6c,00,6c,00,3d,00,77,00,69,\
 00,6e,00,73,00,72,00,76,00,3a,00,43,00,6f,00,6e,00,53,00,65,00,72,00,76,00,\
 65,00,72,00,44,00,6c,00,6c,00,49,00,6e,00,69,00,74,00,69,00,61,00,6c,00,69,\
 00,7a,00,61,00,74,00,69,00,6f,00,6e,00,2c,00,32,00,20,00,53,00,65,00,72,00,\
 76,00,65,00,72,00,44,00,6c,00,6c,00,3d,00,73,00,78,00,73,00,73,00,72,00,76,\
 00,2c,00,34,00,20,00,50,00,72,00,6f,00,66,00,69,00,6c,00,65,00,43,00,6f,00,\
 6e,00,74,00,72,00,6f,00,6c,00,3d,00,4f,00,66,00,66,00,20,00,4d,00,61,00,78,\
 00,52,00,65,00,71,00,75,00,65,00,73,00,74,00,54,00,68,00,72,00,65,00,61,00,\
 64,00,73,00,3d,00,31,00,36,00,00,00

Close Notepad.

 

Locate FixReg.reg on your Desktop. Right-click on it , and select Run as Administrator and answer 'Yes' when asked if you want to merge with the registry.

Share this post


Link to post
Share on other sites

Yes, now I'm back to normal Windows. The strange thing was it looked like it was going to stay a blank screen again. So I left it feeling like it didn't work, but I didn't turn it off. I played a game while I just left it there and all the sudden Windows loaded and it was in the middle of a Windows Security Essentials Update, like it had rebooted in the middle of it's update. Which was strange since it appeared to me before it had finished and asked me to reboot. It gave me an error saying the Firewall was still not operating and when I tried to close the program it gave me the same error that the Adobe Reader update gave me which reads:

 

This file does not have a program associated with it for performing this action. Please install a program or, if one is already installed, create an association in the Default Program control panel

Share this post


Link to post
Share on other sites

Yes - a little confusing, isn't it.

 

To download all available file extension fixes below in one ZIP folder, click on the Download button below and save the ZIP file to your desktop. Open the ZIP file, and extract (drag and drop) the REG file for the file extension you want to restore to your desktop. Now you could just pick up at step 3 above.

Sounds like after you extract the .reg files you have to merge them one by one. In my experience you can merge from within the zip. Open the zip file, then right click a .reg and select 'Merge' - see if that works for you. If not extract at least the pdf.reg and double-click it.

Share this post


Link to post
Share on other sites

Just a little bit :)

 

I have officially Merged every .reg file to my computer. What's my next step?

 

PS: Thanks a trillion for all your hard work and helping me through my computer problems, I greatly appreciate it!!

Share this post


Link to post
Share on other sites

We still need to get your Windows Firewall to work.

 

Farbar Service Scanner showed some possibly damaged files.

 

Please go to windows\System32\cmd.exe. Right-click it and select 'Run as Administrator'.

 

In the command window enter this at the prompt:

sfc /scannow

 

It will take a long time to run.

Share this post


Link to post
Share on other sites

If you haven't done it yet, try again to update Adobe Reader.

 

If SFC finds any damaged files it will try to replace them. That might solve the Windows Firewall problem, but no guarantee.

 

The next thing I'll want you to try is Balon's procedure Here. It worked for several people when other things didn't.

Share this post


Link to post
Share on other sites

I still got the same errors on the Adobe Reader and trying to turn on my Firewall. So I'm going to follow your link and try that. I'll update you soon.

Share this post


Link to post
Share on other sites

You should be in good shape now, and with Avast and the Windows Firewall you are well equipped to ward off future evil. You don't really need any other protection.

 

I'll keep this thread open for a few days in case you have any questions or new problems.

 

I see that although you are a Helper Trainee, you haven't actually done any training yet. I hope you'll get started on it as I think you show real aptitude. You should have gotten a PM from Budfred telling you how to proceed.

 

Please do this cleanup:

 

Start > Run and enter 'combofix /uninstall'. Note the space after 'combofix'. Among other things your Restore Points will be purged and a new clean one created.

 

Delete the DDS files and Security Check folder from your Desktop, also TDSSKiller and anything else we put on your Desktop.

 

 

Advice for malware prevention:

 

Configure Windows to do automatic updates or get into the habit of checking Windows Update regularly. They usually have security updates every month. You can set Windows to notify you of Updates so that you can choose, but only do this if you believe you are able to understand which ones are needed. This is a crucial security measure.

 

Keep MalwareBytes Anti-Malware updated and run it whenever you suspect a problem.

 

The free FileHippo Update Checker makes it easy to keep all your programs up to date - run it every few weeks.

 

Note that there are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately. It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information. Ask in a security forum that you trust if you are not sure. If you are unsure and looking for anti-spyware programs, you may be able to find out if it is a rogue here:

 

http://www.systemlookup.com/search.php?type=filename

 

A similar category of programs is now called "scareware." Scareware programs are active infections that will pop-up on your computer and tell you that you are infected. If you look closely, it will usually have a name that looks like it might be legitimate, but it is NOT one of the programs you installed. It tells you to click and install it right away. If you click on any part of it, including the 'X' to close it, you may actually help it infect your computer further. Keeping protection updated and running resident protection can help prevent these infections. If it happens anyway, get offline as quickly as you can. Pull the internet connection cable or shut down the computer if you have to. Contact someone to help by using another computer if possible. These programs are also sometimes called 'rogues', but they are different from the rogues mentioned above.

 

For much more old but still useful information, read Tony Klein's excellent article: How did I get infected in the first place

Share this post


Link to post
Share on other sites

Thank you so much, you have been awesome! Thanks for sticking by me through this long ordeal. This is what I really want to learn. I hadn't had a chance to get into the Boot Camp and learn because of my living situation, but now I can. And I have decent internet to start it up :)

 

I uninstalled Bit Torrent, I wish there was a safer way to download. I guess I've always been a supporter of file sharing, but my computer's health comes first.

 

Everything seems to be running great so far. No pop-ups, no redirects. After every internet usage at night I would run CCleaner, SUPERAntiSpyware, and Malwarebytes.

 

I now also have my windows update running now. I had turned those off, because I thought they were unnecessary. But they are set to auto now. I also have to free up room on my computer. It's pretty much packed to the brim with music. And external hard drive should be coming my way soon. I'm running on 4gb of HD space atm.

Share this post


Link to post
Share on other sites

Glad we could help. :)

 

If you need this topic reopened, please tell the moderating team by replying here with the address of the thread. This applies only to the original topic starter. Everyone else please begin a New Topic.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  
Followers 0