BleepingComputer.com: Malware Takes Over Computer 10 Secs After Bootup

Jump to content

Forum Guidelines

Posted Image Read the following topic before creating a new topic in this forum. It contains instructions on the what we would like you to post, which will enable us to help you more quickly.

Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help


Posted Image Unfortunately, with the amount of logs we receive per day, the average response time is 5 days. I want to assure you, though, that your topic will be looked at and responded to. So please be patient.


Posted Image DO NOT RUN ComboFix unless requested to.


Posted Image Only members of the Malware Response Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log.


Posted Image When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc.


Posted Image Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.
  • 4 Pages +
  • 1
  • 2
  • 3
  • Last »
  • You cannot start a new topic
  • This topic is locked

Malware Takes Over Computer 10 Secs After Bootup Take Over Happens Once Internet Access Established

#1 User is offline   NHGuy 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 117
  • Joined: 19-February 10

Posted 31 January 2012 - 07:45 AM

Every time I turn on my laptop everything proceeds as expected. Vista Desktop appears and connected to Internet via WLAN in about 45 seconds Within a minute hard drive is quiet. THEN IT HAPPENS! 100% Hard drive usage which continues for up to 15 Minutes. CPU Usage 100-75% during this time. If left unused all quiets down after 15 minutes and appears normal...EXCEPT random 20 second pulses of high CPU & HD usage and 30 to 90 second of high HD use when Firefox browser shut down. Very worried security and privacy risks.

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_30
Run by User at 20:27:26 on 2012-01-30
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2037.937 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files\USB Safely Remove\USBSRService.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k rpcss
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\Freemake\CaptureLib\CaptureLibService.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\TODDSrv.exe
C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\My Lockbox\mylbx.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\USB Safely Remove\USBSafelyRemove.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Users\User\Desktop\ProcessExplorer\procexp.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~4\office14\GROOVEEX.DLL
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~4\office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
uRun: [TOSCDSPD] c:\program files\toshiba\toscdspd\TOSCDSPD.exe
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [USB Safely Remove] c:\program files\usb safely remove\USBSafelyRemove.exe /startup
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [mylbx] c:\program files\my lockbox\mylbx.exe /a
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office14\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html
IE: Se&nd to OneNote - c:\progra~1\micros~4\office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
Trusted Zone: intuit.com\ttlc
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{10797319-1BAE-49B6-974E-C64C84F088E5} : DhcpNameServer = 209.18.47.61 209.18.47.62
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Notify: igfxcui - igfxdev.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~4\office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\user\appdata\roaming\mozilla\firefox\profiles\nzz2wp10.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF - prefs.js: network.proxy.gopher -
FF - prefs.js: network.proxy.gopher_port - 0
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\progra~1\micros~4\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~4\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\common files\mpdrm\NPMPDRM.dll
FF - plugin: c:\program files\foxit software\foxit reader\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\5.0.61118.0\npctrlui.dll
FF - plugin: c:\program files\nitro pdf\reader 2\npdf.dll
FF - plugin: c:\program files\nitro pdf\reader 2\npnitromozilla.dll
.
---- FIREFOX POLICIES ----
FF - user.js: google.homepage.dontask - true
.
============= SERVICES / DRIVERS ===============
.
R0 FSProFilter;FSPro File Filter;c:\windows\system32\drivers\FSPFltd.sys [2011-7-10 41912]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 165648]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2011-7-7 21504]
R2 FreemakeVideoCapture;FreemakeVideoCapture;c:\program files\freemake\capturelib\CaptureLibService.exe [2012-1-24 8704]
R2 USBSafelyRemoveService;USB Safely Remove Assistant;c:\program files\usb safely remove\USBSRService.exe [2011-8-8 257880]
R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [2007-2-28 7168]
R3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2008-11-17 3668480]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2011-4-27 65024]
R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2011-4-27 208944]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 libusb0;libusb-win32 - Kernel Driver, Version 1.2.4.0;c:\windows\system32\drivers\libusb0.sys [2010-6-24 21504]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2011-6-12 31125880]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2011-4-18 43392]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\common files\intuit\update service v4\IntuitUpdateService.exe [2011-8-25 13672]
S4 NitroReaderDriverReadSpool2;NitroPDFReaderDriverCreatorReadSpool2;c:\program files\nitro pdf\reader 2\NitroPDFReaderDriverService2.exe [2011-12-20 196904]
S4 WebUpdate4;Web Update Wizard Service V4;c:\windows\system32\WebUpdateSvc4.exe [2011-6-23 291088]
.
=============== Created Last 30 ================
.
2012-01-30 23:58:40 -------- d--h--w- c:\windows\msdownld.tmp
2012-01-30 01:21:09 6557240 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{8bbe6959-f267-40f8-843e-50349aba8188}\mpengine.dll
2012-01-28 01:26:19 -------- d-sh--w- C:\$RECYCLE.BIN
2012-01-28 01:26:18 -------- d-----w- c:\users\user\appdata\local\temp
2012-01-27 23:46:37 -------- d-----w- C:\MATS
2012-01-27 23:00:53 6557240 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2012-01-27 15:48:25 -------- d-----w- c:\program files\VideoLAN
2012-01-26 22:21:44 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2012-01-26 13:13:49 703824 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{2b4369b6-1ded-4aa8-b828-b3c20bbae8bf}\gapaengine.dll
2012-01-26 13:12:13 -------- d-----w- c:\program files\Microsoft Security Client
2012-01-25 14:15:34 -------- d-----w- c:\users\user\appdata\roaming\GlarySoft
2012-01-25 14:10:39 -------- d-----w- c:\program files\Glary Utilities
2012-01-25 12:48:46 677136 ----a-w- c:\programdata\microsoft\ehome\packages\mcespotlight\mcespotlight\SpotlightResources.dll
2012-01-24 16:30:05 -------- d-----w- c:\users\user\appdata\local\MetaGeek,_LLC
2012-01-24 16:24:29 -------- d-----w- c:\program files\MetaGeek
2012-01-24 16:04:19 -------- d-----w- c:\programdata\PassMark
2012-01-24 16:04:17 -------- d-----w- c:\program files\WirelessMon
2012-01-24 02:52:14 -------- d-----w- c:\program files\CCleaner
2012-01-23 20:12:47 -------- d-----w- c:\programdata\Freemake
2012-01-23 20:12:42 -------- d-----w- c:\program files\Freemake
2012-01-23 03:14:50 -------- d-----w- c:\program files\Belarc
2012-01-21 20:30:20 -------- d-----w- c:\program files\Speccy
2012-01-21 04:19:51 -------- d-----w- c:\program files\ESET
2012-01-21 03:03:10 221568 ----a-w- c:\windows\system32\drivers\netio.sys
2012-01-21 02:34:02 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2012-01-21 02:34:01 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2012-01-21 01:10:19 -------- d-----w- c:\program files\Windows Portable Devices
2012-01-21 00:46:17 2048 ----a-w- c:\windows\system32\winrsmgr.dll
2012-01-21 00:43:47 714240 ----a-w- c:\windows\system32\timedate.cpl
2012-01-21 00:43:40 797696 ----a-w- c:\windows\system32\FntCache.dll
2012-01-21 00:43:40 1068544 ----a-w- c:\windows\system32\DWrite.dll
2012-01-21 00:43:39 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2012-01-21 00:42:01 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2012-01-21 00:41:56 471552 ----a-w- c:\windows\system32\secproc_isv.dll
2012-01-21 00:41:56 471552 ----a-w- c:\windows\system32\secproc.dll
2012-01-21 00:41:51 526336 ----a-w- c:\windows\system32\RMActivate_isv.exe
2012-01-21 00:41:50 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2012-01-21 00:41:50 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2012-01-21 00:41:49 518144 ----a-w- c:\windows\system32\RMActivate.exe
2012-01-21 00:41:48 332288 ----a-w- c:\windows\system32\msdrm.dll
2012-01-21 00:41:48 152576 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2012-01-21 00:41:48 152064 ----a-w- c:\windows\system32\secproc_ssp.dll
2012-01-21 00:41:40 1696256 ----a-w- c:\windows\system32\gameux.dll
2012-01-21 00:41:36 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2012-01-21 00:37:05 310784 ----a-w- c:\windows\system32\unregmp2.exe
2012-01-21 00:37:05 1418752 ----a-w- c:\program files\windows media player\setup_wm.exe
2012-01-20 00:46:56 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2012-01-20 00:46:55 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll
2012-01-20 00:45:31 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2012-01-20 00:45:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2012-01-20 00:44:38 -------- d-----w- c:\windows\system32\xlive
2012-01-20 00:44:18 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE
2012-01-17 23:28:16 -------- d-----w- C:\HijackThis
2012-01-17 23:08:02 -------- d-----w- c:\program files\Trend Micro
2012-01-16 23:56:22 -------- d-----w- c:\users\user\appdata\local\temp(432)
2012-01-16 17:52:37 -------- d-----w- c:\program files\common files\Java(286)
2012-01-16 02:32:00 -------- d-----w- c:\program files\VS Revo Group
2012-01-11 14:11:12 440192 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-01-11 14:11:12 278528 ----a-w- c:\windows\system32\schannel.dll
2012-01-11 14:11:12 1259008 ----a-w- c:\windows\system32\lsasrv.dll
2012-01-11 14:11:11 9728 ----a-w- c:\windows\system32\lsass.exe
2012-01-11 14:11:11 72704 ----a-w- c:\windows\system32\secur32.dll
2012-01-11 14:11:11 377344 ----a-w- c:\windows\system32\winhttp.dll
2012-01-11 13:40:13 1205064 ----a-w- c:\windows\system32\ntdll.dll
2012-01-11 13:40:10 23552 ----a-w- c:\windows\system32\mciseq.dll
2012-01-11 13:40:10 189952 ----a-w- c:\windows\system32\winmm.dll
2012-01-11 13:40:09 66560 ----a-w- c:\windows\system32\packager.dll
2012-01-11 13:40:08 376320 ----a-w- c:\windows\system32\winsrv.dll
2012-01-11 13:40:05 497152 ----a-w- c:\windows\system32\qdvd.dll
2012-01-11 13:40:05 1314816 ----a-w- c:\windows\system32\quartz.dll
2012-01-04 03:19:53 -------- d-----w- c:\programdata\Media Center Programs
2012-01-03 22:10:16 626688 ----a-w- c:\program files\mozilla firefox\msvcr80.dll
2012-01-03 22:10:16 548864 ----a-w- c:\program files\mozilla firefox\msvcp80.dll
2012-01-03 22:10:16 479232 ----a-w- c:\program files\mozilla firefox\msvcm80.dll
2012-01-03 22:10:16 43992 ----a-w- c:\program files\mozilla firefox\mozutils.dll
2012-01-02 01:54:07 -------- d-----w- c:\program files\Sonalysts Combat Simulations
2012-01-02 01:45:57 -------- d-----w- c:\users\user\appdata\local\AMozilla
2012-01-02 01:45:41 -------- d-----w- c:\program files\common files\SystemEngines
2012-01-02 01:45:40 -------- d-----w- c:\users\user\appdata\roaming\AMozilla
2012-01-02 00:55:51 -------- d-----w- c:\program files\Sierra On-Line
2012-01-02 00:55:43 -------- d-----w- C:\Sierra
2012-01-02 00:42:51 30048 ----a-w- c:\windows\UNWISE.EXE
.
==================== Find3M ====================
.
2012-01-17 03:39:36 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-01-04 09:26:22 236576 ------w- c:\windows\system32\MpSigStub.exe
2011-12-20 15:10:38 17704 ----a-w- c:\windows\system32\nitrolocalui2.dll
2011-12-20 15:10:36 26408 ----a-w- c:\windows\system32\nitrolocalmon2.dll
2011-11-26 16:39:10 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2011-11-26 16:39:10 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2011-11-23 13:37:27 2043904 ----a-w- c:\windows\system32\win32k.sys
2011-11-17 01:16:32 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-08 14:42:19 2048 ----a-w- c:\windows\system32\tzres.dll
2011-11-03 22:47:42 1798144 ----a-w- c:\windows\system32\jscript9.dll
2011-11-03 22:40:21 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2011-11-03 22:39:47 1127424 ----a-w- c:\windows\system32\wininet.dll
2011-11-03 22:31:57 2382848 ----a-w- c:\windows\system32\mshtml.tlb
.
============= FINISH: 20:27:48.53 ===============

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-01-31 07:05:27
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 Hitachi_HTS541616J9SA00 rev.SB4OC7DP
Running: ht5c60eh.exe; Driver: C:\Users\User\AppData\Local\Temp\pwldapob.sys


---- Kernel code sections - GMER 1.0.15 ----

? C:\Windows\system32\Drivers\PROCEXP151.SYS The system cannot find the file specified. !
? C:\Users\User\AppData\Local\Temp\mbr.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3036] USER32.dll!SetWindowLongA 772FE7CD 5 Bytes JMP 63053A89 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3036] USER32.dll!SetWindowLongW 773013B4 5 Bytes JMP 63053A1B C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3036] USER32.dll!GetWindowInfo 7730428E 5 Bytes JMP 62DFC909 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3036] USER32.dll!TrackPopupMenu 773114F3 5 Bytes JMP 62DFCEBD C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3280] ntdll.dll!LdrLoadDll 77509378 5 Bytes JMP 62C7B750 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{9E978E60-11B0-9E0B-FF4C-8F22D224EA9E}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{9E978E60-11B0-9E0B-FF4C-8F22D224EA9E}@nagplcinnbafddhphghdbpeihdfg 0x6B 0x61 0x65 0x68 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{9E978E60-11B0-9E0B-FF4C-8F22D224EA9E}@oaapnebjccibdiphimkbeapcmkphil 0x6B 0x61 0x65 0x68 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{F9F8F5F5-F073-8CF0-A52C-9A50410506BE}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{F9F8F5F5-F073-8CF0-A52C-9A50410506BE}@pamcgjbbappmdghnjieboepbkljefcfc 0x6B 0x61 0x69 0x6E ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{F9F8F5F5-F073-8CF0-A52C-9A50410506BE}@oagciiffdlnepeniemheimplnpmkkm 0x6B 0x61 0x69 0x6E ...

---- EOF - GMER 1.0.15 ----

Attached File(s)


#2 User is offline   gringo_pr 

  • Bleepin Gringo
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 85,538
  • Joined: 03-July 08
  • Gender:Male
  • Location:Puerto rico

Posted 02 February 2012 - 09:07 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.
  • Do not run any other tool untill instructed to do so!


Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.

1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

    In your next post I need the following

  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?


Gringo
I will be online from 5-31 to 6-4 in a very limited amount

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic

Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

#3 User is offline   NHGuy 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 117
  • Joined: 19-February 10

Posted 02 February 2012 - 07:34 PM

Hi Gringo,


Sorry for late reply. Was out all day. Thanks for helping.

Computer is still acting the same..perhaps a bit worst when I turned it on tonight.

Comofix took quite awhile to finish. It re-booted once. Still lots of HD & network activity.

Registry key... message appeared no matter what I attempted to start.

I rebooted system and after 10 minutes of HD & network activity things have quieted down.

Here is requested log

ComboFix 12-02-02.02 - User 02/02/2012 18:53:41.7.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2037.1297 [GMT -5:00]
Running from: c:\users\User\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\Packet.dll
c:\windows\system32\wpcap.dll
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
-------\Service_NPF
.
.
((((((((((((((((((((((((( Files Created from 2012-01-03 to 2012-02-03 )))))))))))))))))))))))))))))))
.
.
2012-02-03 00:07 . 2012-02-03 00:07 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-02-03 00:07 . 2012-02-03 00:07 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-02-02 02:39 . 2012-02-02 02:39 -------- d-----w- c:\users\User\AppData\Roaming\origUSBSafelyRemove
2012-02-01 23:33 . 2012-01-06 01:19 6557240 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9309DD11-F18F-416E-91DA-8DC6B3B8C5A4}\mpengine.dll
2012-02-01 01:28 . 2011-08-31 22:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-01-30 23:58 . 2012-01-30 23:58 -------- d--h--w- c:\windows\msdownld.tmp
2012-01-27 23:46 . 2012-01-27 23:46 -------- d-----w- C:\MATS
2012-01-27 23:00 . 2012-01-06 01:19 6557240 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-01-27 22:13 . 2012-01-27 22:13 -------- d-----w- c:\users\User\AppData\Roaming\toshiba
2012-01-27 15:49 . 2012-01-27 15:49 -------- d-----w- c:\users\User\AppData\Roaming\vlc
2012-01-27 15:48 . 2012-01-27 15:48 -------- d-----w- c:\program files\VideoLAN
2012-01-26 22:21 . 2011-12-21 07:24 121816 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2012-01-26 13:13 . 2012-01-26 13:13 703824 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2B4369B6-1DED-4AA8-B828-B3C20BBAE8BF}\gapaengine.dll
2012-01-26 13:12 . 2012-01-26 13:12 -------- d-----w- c:\program files\Microsoft Security Client
2012-01-25 14:15 . 2012-01-25 14:15 -------- d-----w- c:\users\User\AppData\Roaming\GlarySoft
2012-01-25 14:10 . 2012-01-25 14:10 -------- d-----w- c:\program files\Glary Utilities
2012-01-25 12:48 . 2012-01-25 12:48 677136 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-01-24 16:30 . 2012-01-24 16:30 -------- d-----w- c:\users\User\AppData\Local\MetaGeek,_LLC
2012-01-24 16:24 . 2012-01-24 16:24 -------- d-----w- c:\program files\MetaGeek
2012-01-24 16:04 . 2012-01-24 16:04 -------- d-----w- c:\programdata\PassMark
2012-01-24 16:04 . 2012-01-24 16:04 -------- d-----w- c:\program files\WirelessMon
2012-01-24 02:52 . 2012-01-24 02:53 -------- d-----w- c:\program files\CCleaner
2012-01-23 20:12 . 2012-01-25 02:34 -------- d-----w- c:\programdata\Freemake
2012-01-23 20:12 . 2012-01-25 02:34 -------- d-----w- c:\program files\Freemake
2012-01-23 03:14 . 2012-01-23 03:14 -------- d-----w- c:\program files\Belarc
2012-01-21 20:30 . 2012-01-21 20:30 -------- d-----w- c:\program files\Speccy
2012-01-21 04:19 . 2012-01-21 04:19 -------- d-----w- c:\program files\ESET
2012-01-21 03:03 . 2010-04-05 20:00 221568 ----a-w- c:\windows\system32\drivers\netio.sys
2012-01-21 02:34 . 2011-03-03 15:40 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2012-01-21 02:34 . 2011-03-03 13:35 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2012-01-21 01:10 . 2012-01-21 01:10 -------- d-----w- c:\program files\Windows Portable Devices
2012-01-21 00:46 . 2009-10-09 21:56 2048 ----a-w- c:\windows\system32\winrsmgr.dll
2012-01-21 00:45 . 2009-10-09 21:56 20480 ----a-w- c:\windows\system32\winrshost.exe
2012-01-21 00:45 . 2009-10-09 21:56 40448 ----a-w- c:\windows\system32\winrs.exe
2012-01-21 00:45 . 2009-10-09 21:56 10240 ----a-w- c:\windows\system32\winrssrv.dll
2012-01-21 00:45 . 2009-10-09 21:56 41472 ----a-w- c:\windows\system32\pwrshplugin.dll
2012-01-21 00:45 . 2009-10-09 21:55 79872 ----a-w- c:\windows\system32\wecutil.exe
2012-01-21 00:45 . 2009-10-09 21:55 146944 ----a-w- c:\windows\system32\wecsvc.dll
2012-01-21 00:45 . 2009-10-09 21:55 81408 ----a-w- c:\windows\system32\wevtfwd.dll
2012-01-21 00:45 . 2009-10-09 21:55 56320 ----a-w- c:\windows\system32\wecapi.dll
2012-01-21 00:45 . 2009-08-01 06:27 201184 ----a-w- c:\windows\system32\winrm.vbs
2012-01-21 00:45 . 2009-10-09 21:56 241152 ----a-w- c:\windows\system32\winrscmd.dll
2012-01-21 00:43 . 2009-10-23 17:10 714240 ----a-w- c:\windows\system32\timedate.cpl
2012-01-21 00:43 . 2011-02-22 13:33 1068544 ----a-w- c:\windows\system32\DWrite.dll
2012-01-21 00:43 . 2011-02-22 13:33 797696 ----a-w- c:\windows\system32\FntCache.dll
2012-01-21 00:42 . 2011-12-01 15:21 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2012-01-21 00:41 . 2010-01-25 12:00 471552 ----a-w- c:\windows\system32\secproc_isv.dll
2012-01-21 00:41 . 2010-01-25 12:00 471552 ----a-w- c:\windows\system32\secproc.dll
2012-01-21 00:41 . 2010-01-25 08:21 526336 ----a-w- c:\windows\system32\RMActivate_isv.exe
2012-01-21 00:41 . 2010-01-25 08:21 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2012-01-21 00:41 . 2010-01-25 08:21 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2012-01-21 00:41 . 2010-01-25 08:21 518144 ----a-w- c:\windows\system32\RMActivate.exe
2012-01-21 00:41 . 2010-01-25 12:00 152576 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2012-01-21 00:41 . 2010-01-25 12:00 152064 ----a-w- c:\windows\system32\secproc_ssp.dll
2012-01-21 00:41 . 2010-01-25 11:58 332288 ----a-w- c:\windows\system32\msdrm.dll
2012-01-21 00:41 . 2010-08-26 16:34 1696256 ----a-w- c:\windows\system32\gameux.dll
2012-01-21 00:37 . 2009-09-10 14:58 1418752 ----a-w- c:\program files\Windows Media Player\setup_wm.exe
2012-01-21 00:37 . 2009-09-10 14:58 310784 ----a-w- c:\windows\system32\unregmp2.exe
2012-01-20 00:46 . 2010-05-26 16:41 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2012-01-20 00:46 . 2010-05-26 16:41 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll
2012-01-20 00:45 . 2009-09-04 22:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2012-01-20 00:45 . 2009-09-04 22:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2012-01-20 00:44 . 2012-01-20 00:44 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE
2012-01-17 23:08 . 2012-01-17 23:08 -------- d-----w- c:\program files\Trend Micro
2012-01-17 03:41 . 2012-01-17 03:41 -------- d-----w- c:\windows\Sun
2012-01-17 03:40 . 2012-01-17 03:40 -------- d-----w- c:\program files\Common Files\Java
2012-01-17 03:39 . 2012-01-17 03:39 -------- d-----w- c:\program files\Java
2012-01-16 02:32 . 2012-01-16 02:32 -------- d-----w- c:\program files\VS Revo Group
2012-01-11 14:11 . 2011-11-17 06:48 440192 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-01-11 14:11 . 2011-11-16 16:23 278528 ----a-w- c:\windows\system32\schannel.dll
2012-01-11 14:11 . 2011-11-16 16:21 1259008 ----a-w- c:\windows\system32\lsasrv.dll
2012-01-11 14:11 . 2011-11-16 16:23 377344 ----a-w- c:\windows\system32\winhttp.dll
2012-01-11 14:11 . 2011-11-16 16:23 72704 ----a-w- c:\windows\system32\secur32.dll
2012-01-11 14:11 . 2011-11-16 14:12 9728 ----a-w- c:\windows\system32\lsass.exe
2012-01-11 13:40 . 2011-11-18 20:23 1205064 ----a-w- c:\windows\system32\ntdll.dll
2012-01-11 13:40 . 2011-10-14 16:03 189952 ----a-w- c:\windows\system32\winmm.dll
2012-01-11 13:40 . 2011-10-14 16:00 23552 ----a-w- c:\windows\system32\mciseq.dll
2012-01-11 13:40 . 2011-11-18 17:47 66560 ----a-w- c:\windows\system32\packager.dll
2012-01-11 13:40 . 2011-11-25 15:59 376320 ----a-w- c:\windows\system32\winsrv.dll
2012-01-11 13:40 . 2011-10-25 15:58 1314816 ----a-w- c:\windows\system32\quartz.dll
2012-01-11 13:40 . 2011-10-25 15:58 497152 ----a-w- c:\windows\system32\qdvd.dll
2012-01-04 03:19 . 2012-01-04 03:19 -------- d-----w- c:\programdata\Media Center Programs
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-31 12:44 . 2011-07-07 12:45 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-01-17 03:39 . 2011-08-07 13:20 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-12-20 15:10 . 2011-10-08 14:09 17704 ----a-w- c:\windows\system32\nitrolocalui2.dll
2011-12-20 15:10 . 2011-10-08 14:09 26408 ----a-w- c:\windows\system32\nitrolocalmon2.dll
2011-11-26 16:39 . 2011-11-26 16:39 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2011-11-26 16:39 . 2011-11-26 16:39 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2011-11-23 13:37 . 2011-12-13 22:43 2043904 ----a-w- c:\windows\system32\win32k.sys
2011-11-17 01:16 . 2011-07-10 12:26 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-08 14:42 . 2011-12-13 22:43 2048 ----a-w- c:\windows\system32\tzres.dll
2011-12-21 07:24 . 2012-01-26 22:21 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2006-11-10 417792]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-14 1348904]
"mylbx"="c:\program files\My Lockbox\mylbx.exe" [2011-06-21 1984832]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Users^User^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^_uninst_34665514.lnk]
backup=c:\windows\pss\_uninst_34665514.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Wisdom-soft ScreenHunter 5.1 Pro]
0 [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\00TCrdMain]
2007-01-17 21:46 534648 ----a-w- c:\program files\Toshiba\FlashCards\TCrdMain.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\1570795875]
2007-02-06 18:48 71432 ----a-w- c:\program files\Toshiba Registration\Activation.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\740751906]
2007-02-06 18:48 71432 ----a-w- c:\program files\Toshiba Registration\Registration.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]
2010-03-13 18:54 91520 ----a-w- c:\program files\Microsoft Office\Office14\BCSSync.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Camera Assistant Software]
2007-02-13 16:30 405504 ----a-w- c:\program files\Camera Assistant Software for Toshiba\traybar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2008-02-12 00:13 166424 ----a-w- c:\windows\System32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HSON]
2006-12-08 00:49 55416 ----a-w- c:\program files\Toshiba\TBS\HSON.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2008-02-12 00:13 141848 ----a-w- c:\windows\System32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OfficeSyncProcess]
2011-07-22 04:07 718720 ----a-w- c:\program files\Microsoft Office\Office14\MSOSYNC.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2008-02-12 00:13 133656 ----a-w- c:\windows\System32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
2011-06-15 06:19 307200 ----a-w- c:\program files\PowerISO\PWRISOVM.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2007-02-07 01:50 4374528 ----a-w- c:\windows\RtHDVCpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmoothView]
2007-01-19 06:24 448632 ----a-w- c:\program files\Toshiba\SmoothView\SmoothView.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-06-09 18:06 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPwrMain]
2006-12-20 07:16 411768 ----a-w- c:\program files\Toshiba\Power Saver\TPwrMain.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirtualCloneDrive]
2011-03-07 13:33 89456 ----a-w- c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-19 07:38 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-19 07:33 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Xvid]
2011-01-17 19:41 8192 ----a-w- c:\program files\Xvid\CheckUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-03 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2012-01-25 14:50]
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html
IE: Se&nd to OneNote - c:\progra~1\MICROS~4\Office14\ONBttnIE.dll/105
Trusted Zone: intuit.com\ttlc
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
FF - ProfilePath - c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\nzz2wp10.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF - prefs.js: network.proxy.gopher -
FF - prefs.js: network.proxy.gopher_port - 0
FF - prefs.js: network.proxy.type - 0
FF - user.js: google.homepage.dontask - true
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-02-02 19:13
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
TOSCDSPD = c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe?/i????????q????????8???p?????????
.
scanning hidden files ...
.
.
C:\Antenna
.
scan completed successfully
hidden files: 1
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3268968842-424931062-820137530-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{9E978E60-11B0-9E0B-FF4C-8F22D224EA9E}*]
@Allowed: (Read) (RestrictedCode)
"nagplcinnbafddhphghdbpeihdfg"=hex:6b,61,65,68,6f,70,61,6e,6b,66,6d,68,62,68,
61,6d,6d,62,6a,6a,61,6a,00,77
"oaapnebjccibdiphimkbeapcmkphil"=hex:6b,61,65,68,6c,70,66,6d,6e,68,6c,61,70,64,
65,66,69,68,62,64,67,6d,00,77
.
[HKEY_USERS\S-1-5-21-3268968842-424931062-820137530-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{F9F8F5F5-F073-8CF0-A52C-9A50410506BE}*]
@Allowed: (Read) (RestrictedCode)
"pamcgjbbappmdghnjieboepbkljefcfc"=hex:6b,61,69,6e,6a,67,64,6b,6a,6f,6b,70,6a,
6c,63,6a,68,63,6b,61,67,6b,00,77
"oagciiffdlnepeniemheimplnpmkkm"=hex:6b,61,69,6e,6a,67,64,6b,6a,6f,6b,70,6a,6c,
63,6a,68,63,6b,61,67,6b,00,77
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
------------------------ Other Running Processes ------------------------
.
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
c:\windows\system32\msiexec.exe
c:\windows\system32\TODDSrv.exe
c:\program files\Toshiba\Power Saver\TosCoSrv.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\wbem\unsecapp.exe
.
**************************************************************************
.
Completion time: 2012-02-02 19:19:39 - machine was rebooted
ComboFix-quarantined-files.txt 2012-02-03 00:19
ComboFix2.txt 2012-01-28 01:26
.
Pre-Run: 50,145,538,048 bytes free
Post-Run: 49,828,618,240 bytes free
.
- - End Of File - - C8897D0925DB19D1B781172CD700A0AB

#4 User is offline   gringo_pr 

  • Bleepin Gringo
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 85,538
  • Joined: 03-July 08
  • Gender:Male
  • Location:Puerto rico

Posted 02 February 2012 - 08:03 PM

Hello

I want you to run this tool for me next.

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

I will be online from 5-31 to 6-4 in a very limited amount

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic

Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

#5 User is offline   NHGuy 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 117
  • Joined: 19-February 10

Posted 02 February 2012 - 08:08 PM

Shall I un-install combofix before I run TDSSKiller?

#6 User is offline   NHGuy 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 117
  • Joined: 19-February 10

Posted 02 February 2012 - 08:19 PM

I'll run it without uninstalling combofix.

#7 User is offline   gringo_pr 

  • Bleepin Gringo
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 85,538
  • Joined: 03-July 08
  • Gender:Male
  • Location:Puerto rico

Posted 02 February 2012 - 08:21 PM

leave combofix we will use it again


gringo
I will be online from 5-31 to 6-4 in a very limited amount

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic

Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

#8 User is offline   NHGuy 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 117
  • Joined: 19-February 10

Posted 02 February 2012 - 08:26 PM

It found nothing!


20:21:11.0793 1696 TDSS rootkit removing tool 2.7.9.0 Feb 1 2012 09:28:49
20:21:12.0214 1696 ============================================================
20:21:12.0214 1696 Current date / time: 2012/02/02 20:21:12.0214
20:21:12.0214 1696 SystemInfo:
20:21:12.0214 1696
20:21:12.0214 1696 OS Version: 6.0.6002 ServicePack: 2.0
20:21:12.0214 1696 Product type: Workstation
20:21:12.0214 1696 ComputerName: USER-PC
20:21:12.0214 1696 UserName: User
20:21:12.0214 1696 Windows directory: C:\Windows
20:21:12.0214 1696 System windows directory: C:\Windows
20:21:12.0214 1696 Processor architecture: Intel x86
20:21:12.0214 1696 Number of processors: 2
20:21:12.0214 1696 Page size: 0x1000
20:21:12.0214 1696 Boot type: Normal boot
20:21:12.0214 1696 ============================================================
20:21:14.0975 1696 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
20:21:14.0975 1696 \Device\Harddisk0\DR0:
20:21:14.0975 1696 MBR used
20:21:14.0975 1696 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x1272B000
20:21:15.0006 1696 Initialize success
20:21:15.0006 1696 ============================================================
20:21:18.0719 1844 ============================================================
20:21:18.0719 1844 Scan started
20:21:18.0719 1844 Mode: Manual;
20:21:18.0719 1844 ============================================================
20:21:19.0640 1844 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
20:21:19.0640 1844 ACPI - ok
20:21:19.0733 1844 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
20:21:19.0749 1844 adp94xx - ok
20:21:19.0874 1844 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
20:21:19.0889 1844 adpahci - ok
20:21:19.0998 1844 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
20:21:20.0014 1844 adpu160m - ok
20:21:20.0045 1844 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
20:21:20.0045 1844 adpu320 - ok
20:21:20.0232 1844 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
20:21:20.0232 1844 AFD - ok
20:21:20.0404 1844 AgereSoftModem (ce91b158fa490cf4c4d487a4130f4660) C:\Windows\system32\DRIVERS\AGRSM.sys
20:21:20.0451 1844 AgereSoftModem - ok
20:21:20.0591 1844 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
20:21:20.0607 1844 agp440 - ok
20:21:20.0669 1844 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
20:21:20.0669 1844 aic78xx - ok
20:21:20.0716 1844 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
20:21:20.0716 1844 aliide - ok
20:21:20.0825 1844 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
20:21:20.0825 1844 amdagp - ok
20:21:20.0856 1844 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
20:21:20.0856 1844 amdide - ok
20:21:20.0919 1844 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
20:21:20.0919 1844 AmdK7 - ok
20:21:21.0028 1844 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
20:21:21.0044 1844 AmdK8 - ok
20:21:21.0122 1844 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
20:21:21.0200 1844 arc - ok
20:21:21.0621 1844 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
20:21:21.0636 1844 arcsas - ok
20:21:21.0761 1844 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
20:21:21.0777 1844 AsyncMac - ok
20:21:21.0855 1844 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
20:21:21.0855 1844 atapi - ok
20:21:22.0011 1844 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
20:21:22.0011 1844 Beep - ok
20:21:22.0073 1844 blbdrive - ok
20:21:22.0120 1844 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
20:21:22.0120 1844 bowser - ok
20:21:22.0214 1844 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
20:21:22.0214 1844 BrFiltLo - ok
20:21:22.0307 1844 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
20:21:22.0307 1844 BrFiltUp - ok
20:21:22.0385 1844 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
20:21:22.0401 1844 Brserid - ok
20:21:22.0448 1844 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
20:21:22.0448 1844 BrSerWdm - ok
20:21:22.0526 1844 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
20:21:22.0526 1844 BrUsbMdm - ok
20:21:22.0572 1844 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
20:21:22.0572 1844 BrUsbSer - ok
20:21:22.0650 1844 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
20:21:22.0650 1844 BTHMODEM - ok
20:21:22.0838 1844 catchme - ok
20:21:22.0962 1844 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
20:21:22.0978 1844 cdfs - ok
20:21:23.0040 1844 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
20:21:23.0056 1844 cdrom - ok
20:21:23.0196 1844 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
20:21:23.0196 1844 circlass - ok
20:21:23.0259 1844 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
20:21:23.0259 1844 CLFS - ok
20:21:23.0446 1844 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
20:21:23.0446 1844 CmBatt - ok
20:21:23.0493 1844 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
20:21:23.0493 1844 cmdide - ok
20:21:23.0540 1844 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
20:21:23.0540 1844 Compbatt - ok
20:21:23.0649 1844 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
20:21:23.0649 1844 crcdisk - ok
20:21:23.0680 1844 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
20:21:23.0680 1844 Crusoe - ok
20:21:23.0774 1844 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
20:21:23.0774 1844 DfsC - ok
20:21:23.0945 1844 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
20:21:23.0961 1844 disk - ok
20:21:24.0039 1844 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
20:21:24.0039 1844 drmkaud - ok
20:21:24.0179 1844 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
20:21:24.0195 1844 DXGKrnl - ok
20:21:24.0335 1844 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
20:21:24.0335 1844 E1G60 - ok
20:21:24.0444 1844 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
20:21:24.0444 1844 Ecache - ok
20:21:24.0585 1844 ElbyCDIO (d71233d7ccc2e64f8715a20428d5a33b) C:\Windows\system32\Drivers\ElbyCDIO.sys
20:21:24.0585 1844 ElbyCDIO - ok
20:21:24.0663 1844 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
20:21:24.0678 1844 elxstor - ok
20:21:24.0866 1844 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
20:21:24.0866 1844 exfat - ok
20:21:24.0928 1844 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
20:21:24.0928 1844 fastfat - ok
20:21:25.0053 1844 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
20:21:25.0053 1844 fdc - ok
20:21:25.0131 1844 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
20:21:25.0131 1844 FileInfo - ok
20:21:25.0162 1844 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
20:21:25.0178 1844 Filetrace - ok
20:21:25.0271 1844 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
20:21:25.0271 1844 flpydisk - ok
20:21:25.0349 1844 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
20:21:25.0365 1844 FltMgr - ok
20:21:25.0599 1844 FSProFilter (3528c9ec493ca524a877d217c7d51600) C:\Windows\system32\Drivers\FSPFltd.sys
20:21:25.0677 1844 FSProFilter - ok
20:21:25.0708 1844 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
20:21:25.0708 1844 Fs_Rec - ok
20:21:25.0786 1844 FwLnk (cbc22823628544735625b280665e434e) C:\Windows\system32\DRIVERS\FwLnk.sys
20:21:25.0786 1844 FwLnk - ok
20:21:25.0895 1844 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
20:21:25.0895 1844 gagp30kx - ok
20:21:25.0973 1844 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
20:21:25.0973 1844 HdAudAddService - ok
20:21:26.0114 1844 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
20:21:26.0129 1844 HDAudBus - ok
20:21:26.0238 1844 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
20:21:26.0238 1844 HidBth - ok
20:21:26.0285 1844 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
20:21:26.0285 1844 HidIr - ok
20:21:26.0348 1844 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
20:21:26.0348 1844 HidUsb - ok
20:21:26.0472 1844 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
20:21:26.0472 1844 HpCISSs - ok
20:21:26.0519 1844 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
20:21:26.0535 1844 HTTP - ok
20:21:26.0722 1844 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
20:21:26.0784 1844 i2omp - ok
20:21:27.0112 1844 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
20:21:27.0112 1844 i8042prt - ok
20:21:27.0315 1844 ialm (9378d57e2b96c0a185d844770ad49948) C:\Windows\system32\DRIVERS\igdkmd32.sys
20:21:27.0346 1844 ialm - ok
20:21:27.0486 1844 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
20:21:27.0486 1844 iaStorV - ok
20:21:27.0642 1844 igfx (9378d57e2b96c0a185d844770ad49948) C:\Windows\system32\DRIVERS\igdkmd32.sys
20:21:27.0674 1844 igfx - ok
20:21:27.0783 1844 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
20:21:27.0798 1844 iirsp - ok
20:21:27.0954 1844 IntcAzAudAddService (f92f433a1b38041b365bfd4b021e42d2) C:\Windows\system32\drivers\RTKVHDA.sys
20:21:28.0001 1844 IntcAzAudAddService - ok
20:21:28.0142 1844 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
20:21:28.0142 1844 intelide - ok
20:21:28.0204 1844 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
20:21:28.0204 1844 intelppm - ok
20:21:28.0376 1844 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:21:28.0376 1844 IpFilterDriver - ok
20:21:28.0391 1844 IpInIp - ok
20:21:28.0438 1844 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
20:21:28.0438 1844 IPMIDRV - ok
20:21:28.0485 1844 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
20:21:28.0485 1844 IPNAT - ok
20:21:28.0610 1844 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
20:21:28.0610 1844 IRENUM - ok
20:21:28.0656 1844 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
20:21:28.0656 1844 isapnp - ok
20:21:28.0703 1844 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
20:21:28.0719 1844 iScsiPrt - ok
20:21:28.0812 1844 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
20:21:28.0812 1844 iteatapi - ok
20:21:28.0875 1844 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
20:21:28.0875 1844 iteraid - ok
20:21:28.0922 1844 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
20:21:28.0937 1844 kbdclass - ok
20:21:29.0031 1844 kbdhid (d2600cb17b7408b4a83f231dc9a11ac3) C:\Windows\system32\drivers\kbdhid.sys
20:21:29.0031 1844 kbdhid - ok
20:21:29.0062 1844 KR10I (1e0d65f7ffeb4e99b2eec1ccb5754cc8) C:\Windows\system32\drivers\kr10i.sys
20:21:29.0249 1844 KR10I - ok
20:21:29.0296 1844 KR10N (a1963360e74931222a67356c8ad48378) C:\Windows\system32\drivers\kr10n.sys
20:21:29.0436 1844 KR10N - ok
20:21:29.0592 1844 KR3NPXP (485e005cd51ff502fb16483eb4b69c17) C:\Windows\system32\drivers\kr3npxp.sys
20:21:29.0795 1844 KR3NPXP - ok
20:21:30.0029 1844 KSecDD (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
20:21:30.0029 1844 KSecDD - ok
20:21:30.0201 1844 libusb0 (b280c4608ac389da9515a35ac4cab0fd) C:\Windows\system32\drivers\libusb0.sys
20:21:30.0232 1844 libusb0 - ok
20:21:30.0294 1844 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
20:21:30.0294 1844 lltdio - ok
20:21:30.0372 1844 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
20:21:30.0372 1844 LSI_FC - ok
20:21:30.0497 1844 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
20:21:30.0497 1844 LSI_SAS - ok
20:21:30.0544 1844 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
20:21:30.0560 1844 LSI_SCSI - ok
20:21:30.0669 1844 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
20:21:30.0684 1844 luafv - ok
20:21:30.0747 1844 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
20:21:30.0762 1844 megasas - ok
20:21:30.0903 1844 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
20:21:30.0903 1844 Modem - ok
20:21:30.0981 1844 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
20:21:30.0981 1844 monitor - ok
20:21:31.0028 1844 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
20:21:31.0028 1844 mouclass - ok
20:21:31.0121 1844 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
20:21:31.0137 1844 mouhid - ok
20:21:31.0184 1844 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
20:21:31.0184 1844 MountMgr - ok
20:21:31.0262 1844 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\Windows\system32\DRIVERS\MpFilter.sys
20:21:31.0262 1844 MpFilter - ok
20:21:31.0418 1844 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
20:21:31.0418 1844 mpio - ok
20:21:31.0480 1844 MpNWMon (2c3489660d4a8d514c123c3f0d67df46) C:\Windows\system32\DRIVERS\MpNWMon.sys
20:21:31.0480 1844 MpNWMon - ok
20:21:31.0527 1844 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
20:21:31.0527 1844 mpsdrv - ok
20:21:31.0636 1844 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
20:21:31.0652 1844 Mraid35x - ok
20:21:31.0698 1844 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
20:21:31.0714 1844 MRxDAV - ok
20:21:31.0792 1844 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
20:21:31.0808 1844 mrxsmb - ok
20:21:31.0917 1844 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:21:31.0932 1844 mrxsmb10 - ok
20:21:31.0979 1844 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:21:31.0995 1844 mrxsmb20 - ok
20:21:32.0042 1844 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
20:21:32.0042 1844 msahci - ok
20:21:32.0151 1844 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
20:21:32.0151 1844 msdsm - ok
20:21:32.0198 1844 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
20:21:32.0213 1844 Msfs - ok
20:21:32.0276 1844 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
20:21:32.0291 1844 msisadrv - ok
20:21:32.0416 1844 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
20:21:32.0432 1844 MSKSSRV - ok
20:21:32.0510 1844 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
20:21:32.0510 1844 MSPCLOCK - ok
20:21:32.0666 1844 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
20:21:32.0666 1844 MSPQM - ok
20:21:32.0728 1844 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
20:21:32.0728 1844 MsRPC - ok
20:21:32.0853 1844 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
20:21:32.0853 1844 mssmbios - ok
20:21:32.0900 1844 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
20:21:32.0900 1844 MSTEE - ok
20:21:32.0946 1844 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
20:21:32.0946 1844 Mup - ok
20:21:33.0087 1844 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
20:21:33.0102 1844 NativeWifiP - ok
20:21:33.0180 1844 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
20:21:33.0196 1844 NDIS - ok
20:21:33.0352 1844 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
20:21:33.0368 1844 NdisTapi - ok
20:21:33.0399 1844 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
20:21:33.0399 1844 Ndisuio - ok
20:21:33.0461 1844 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
20:21:33.0461 1844 NdisWan - ok
20:21:33.0570 1844 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
20:21:33.0570 1844 NDProxy - ok
20:21:33.0633 1844 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
20:21:33.0648 1844 NetBIOS - ok
20:21:33.0695 1844 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
20:21:33.0695 1844 netbt - ok
20:21:33.0914 1844 NETw3v32 (ea30bd026a7d1b745a37516880c4ac1b) C:\Windows\system32\DRIVERS\NETw3v32.sys
20:21:33.0960 1844 NETw3v32 - ok
20:21:34.0226 1844 NETw5v32 (8de67bd902095a13329fd82c85a1fa09) C:\Windows\system32\DRIVERS\NETw5v32.sys
20:21:34.0366 1844 NETw5v32 - ok
20:21:34.0475 1844 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
20:21:34.0475 1844 nfrd960 - ok
20:21:34.0522 1844 NisDrv (7b01c6172cfd0b10116175e09200d4b4) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
20:21:34.0538 1844 NisDrv - ok
20:21:34.0694 1844 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
20:21:34.0694 1844 Npfs - ok
20:21:34.0740 1844 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
20:21:34.0740 1844 nsiproxy - ok
20:21:34.0834 1844 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
20:21:34.0850 1844 Ntfs - ok
20:21:34.0959 1844 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
20:21:34.0959 1844 ntrigdigi - ok
20:21:35.0021 1844 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
20:21:35.0021 1844 Null - ok
20:21:35.0052 1844 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
20:21:35.0052 1844 nvraid - ok
20:21:35.0177 1844 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
20:21:35.0177 1844 nvstor - ok
20:21:35.0208 1844 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
20:21:35.0208 1844 nv_agp - ok
20:21:35.0224 1844 NwlnkFlt - ok
20:21:35.0255 1844 NwlnkFwd - ok
20:21:35.0318 1844 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
20:21:35.0318 1844 ohci1394 - ok
20:21:35.0474 1844 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
20:21:35.0489 1844 Parport - ok
20:21:35.0520 1844 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
20:21:35.0520 1844 partmgr - ok
20:21:35.0552 1844 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
20:21:35.0552 1844 Parvdm - ok
20:21:35.0598 1844 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
20:21:35.0614 1844 pci - ok
20:21:35.0708 1844 pciide (3b1901e401473e03eb8c874271e50c26) C:\Windows\system32\drivers\pciide.sys
20:21:35.0708 1844 pciide - ok
20:21:35.0786 1844 pcmcia (3bb2244f343b610c29c98035504c9b75) C:\Windows\system32\DRIVERS\pcmcia.sys
20:21:35.0801 1844 pcmcia - ok
20:21:35.0957 1844 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
20:21:35.0988 1844 PEAUTH - ok
20:21:36.0191 1844 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
20:21:36.0191 1844 PptpMiniport - ok
20:21:36.0238 1844 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
20:21:36.0238 1844 Processor - ok
20:21:36.0363 1844 PROCEXP151 - ok
20:21:36.0472 1844 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
20:21:36.0472 1844 PSched - ok
20:21:36.0534 1844 PxHelp20 (81088114178112618b1c414a65e50f7c) C:\Windows\system32\Drivers\PxHelp20.sys
20:21:36.0550 1844 PxHelp20 - ok
20:21:36.0722 1844 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
20:21:36.0737 1844 ql2300 - ok
20:21:36.0862 1844 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
20:21:36.0862 1844 ql40xx - ok
20:21:36.0924 1844 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
20:21:36.0924 1844 QWAVEdrv - ok
20:21:36.0971 1844 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
20:21:36.0971 1844 RasAcd - ok
20:21:37.0096 1844 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
20:21:37.0096 1844 Rasl2tp - ok
20:21:37.0158 1844 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
20:21:37.0158 1844 RasPppoe - ok
20:21:37.0190 1844 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
20:21:37.0205 1844 RasSstp - ok
20:21:37.0330 1844 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
20:21:37.0330 1844 rdbss - ok
20:21:37.0361 1844 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
20:21:37.0361 1844 RDPCDD - ok
20:21:37.0439 1844 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
20:21:37.0439 1844 rdpdr - ok
20:21:37.0564 1844 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
20:21:37.0564 1844 RDPENCDD - ok
20:21:37.0611 1844 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
20:21:37.0626 1844 RDPWD - ok
20:21:37.0704 1844 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
20:21:37.0720 1844 rspndr - ok
20:21:37.0845 1844 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
20:21:37.0845 1844 sbp2port - ok
20:21:37.0923 1844 SCDEmu (9feb2026a460916d1a1198b460632630) C:\Windows\system32\drivers\SCDEmu.sys
20:21:38.0032 1844 SCDEmu - ok
20:21:38.0204 1844 sdbus (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys
20:21:38.0204 1844 sdbus - ok
20:21:38.0250 1844 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
20:21:38.0266 1844 secdrv - ok
20:21:38.0297 1844 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
20:21:38.0297 1844 Serenum - ok
20:21:38.0406 1844 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
20:21:38.0422 1844 Serial - ok
20:21:38.0469 1844 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
20:21:38.0469 1844 sermouse - ok
20:21:38.0531 1844 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\DRIVERS\sffdisk.sys
20:21:38.0547 1844 sffdisk - ok
20:21:38.0640 1844 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
20:21:38.0640 1844 sffp_mmc - ok
20:21:38.0687 1844 sffp_sd (9f66a46c55d6f1ccabc79bb7afccc545) C:\Windows\system32\DRIVERS\sffp_sd.sys
20:21:38.0687 1844 sffp_sd - ok
20:21:38.0718 1844 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
20:21:38.0718 1844 sfloppy - ok
20:21:38.0765 1844 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
20:21:38.0765 1844 sisagp - ok
20:21:38.0874 1844 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
20:21:38.0890 1844 SiSRaid2 - ok
20:21:38.0921 1844 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
20:21:38.0921 1844 SiSRaid4 - ok
20:21:38.0984 1844 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
20:21:38.0984 1844 Smb - ok
20:21:39.0108 1844 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
20:21:39.0108 1844 spldr - ok
20:21:39.0186 1844 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
20:21:39.0186 1844 srv - ok
20:21:39.0311 1844 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
20:21:39.0311 1844 srv2 - ok
20:21:39.0358 1844 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
20:21:39.0358 1844 srvnet - ok
20:21:39.0467 1844 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
20:21:39.0467 1844 swenum - ok
20:21:39.0592 1844 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
20:21:39.0608 1844 Symc8xx - ok
20:21:39.0623 1844 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
20:21:39.0639 1844 Sym_hi - ok
20:21:39.0654 1844 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
20:21:39.0670 1844 Sym_u3 - ok
20:21:39.0810 1844 SynTP (70534d1e4f9ac990536d5fb5b550b3de) C:\Windows\system32\DRIVERS\SynTP.sys
20:21:39.0810 1844 SynTP - ok
20:21:39.0935 1844 Tcpip (16731b631f28f63cd9f4cb60940e7ddd) C:\Windows\system32\drivers\tcpip.sys
20:21:39.0951 1844 Tcpip - ok
20:21:40.0138 1844 Tcpip6 (16731b631f28f63cd9f4cb60940e7ddd) C:\Windows\system32\DRIVERS\tcpip.sys
20:21:40.0154 1844 Tcpip6 - ok
20:21:40.0278 1844 tcpipreg (3fc13f09af9be487c7b4fac4070a036c) C:\Windows\system32\drivers\tcpipreg.sys
20:21:40.0294 1844 tcpipreg - ok
20:21:40.0356 1844 tdcmdpst (1825bceb47bf41c5a9f0e44de82fc27a) C:\Windows\system32\DRIVERS\tdcmdpst.sys
20:21:40.0356 1844 tdcmdpst - ok
20:21:40.0481 1844 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
20:21:40.0481 1844 TDPIPE - ok
20:21:40.0512 1844 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
20:21:40.0512 1844 TDTCP - ok
20:21:40.0559 1844 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
20:21:40.0575 1844 tdx - ok
20:21:40.0684 1844 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
20:21:40.0700 1844 TermDD - ok
20:21:40.0762 1844 tifm21 (e4c85c291ddb3dc5e4a2f227ca465ba6) C:\Windows\system32\drivers\tifm21.sys
20:21:40.0762 1844 tifm21 - ok
20:21:40.0918 1844 Tosrfcom - ok
20:21:40.0980 1844 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
20:21:40.0980 1844 tssecsrv - ok
20:21:41.0058 1844 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
20:21:41.0074 1844 tunmp - ok
20:21:41.0183 1844 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
20:21:41.0183 1844 tunnel - ok
20:21:41.0230 1844 TVALZ (792a8b80f8188aba4b2be271583f3e46) C:\Windows\system32\DRIVERS\TVALZ_O.SYS
20:21:41.0230 1844 TVALZ - ok
20:21:41.0277 1844 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
20:21:41.0277 1844 uagp35 - ok
20:21:41.0402 1844 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
20:21:41.0402 1844 udfs - ok
20:21:41.0480 1844 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
20:21:41.0480 1844 uliagpkx - ok
20:21:41.0526 1844 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
20:21:41.0526 1844 uliahci - ok
20:21:41.0651 1844 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
20:21:41.0667 1844 UlSata - ok
20:21:41.0745 1844 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
20:21:41.0745 1844 ulsata2 - ok
20:21:41.0776 1844 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
20:21:41.0776 1844 umbus - ok
20:21:41.0916 1844 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
20:21:41.0916 1844 usbccgp - ok
20:21:41.0963 1844 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
20:21:41.0963 1844 usbcir - ok
20:21:42.0026 1844 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
20:21:42.0026 1844 usbehci - ok
20:21:42.0150 1844 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
20:21:42.0166 1844 usbhub - ok
20:21:42.0213 1844 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
20:21:42.0213 1844 usbohci - ok
20:21:42.0322 1844 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
20:21:42.0322 1844 usbprint - ok
20:21:42.0369 1844 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:21:42.0384 1844 USBSTOR - ok
20:21:42.0416 1844 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
20:21:42.0431 1844 usbuhci - ok
20:21:42.0556 1844 usbvideo (0a6b81f01bc86399482e27e6fda7b33b) C:\Windows\system32\Drivers\usbvideo.sys
20:21:42.0572 1844 usbvideo - ok
20:21:42.0634 1844 UVCFTR (0d09f77f46dd3be73c3e5949428d6995) C:\Windows\system32\DRIVERS\UVCFTR_S.SYS
20:21:42.0634 1844 UVCFTR - ok
20:21:42.0743 1844 VClone (fce98c43b5c5db8e0da8ea0e2b45e044) C:\Windows\system32\DRIVERS\VClone.sys
20:21:42.0759 1844 VClone - ok
20:21:42.0806 1844 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
20:21:42.0806 1844 vga - ok
20:21:42.0852 1844 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
20:21:42.0852 1844 VgaSave - ok
20:21:42.0977 1844 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
20:21:42.0977 1844 viaagp - ok
20:21:43.0008 1844 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
20:21:43.0024 1844 ViaC7 - ok
20:21:43.0055 1844 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
20:21:43.0055 1844 viaide - ok
20:21:43.0180 1844 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
20:21:43.0180 1844 volmgr - ok
20:21:43.0242 1844 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
20:21:43.0258 1844 volmgrx - ok
20:21:43.0367 1844 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
20:21:43.0383 1844 volsnap - ok
20:21:43.0430 1844 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
20:21:43.0430 1844 vsmraid - ok
20:21:43.0476 1844 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
20:21:43.0476 1844 WacomPen - ok
20:21:43.0601 1844 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
20:21:43.0601 1844 Wanarp - ok
20:21:43.0617 1844 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
20:21:43.0632 1844 Wanarpv6 - ok
20:21:43.0695 1844 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
20:21:43.0695 1844 Wd - ok
20:21:43.0851 1844 WDC_SAM (d6efaf429fd30c5df613d220e344cce7) C:\Windows\system32\DRIVERS\wdcsam.sys
20:21:43.0851 1844 WDC_SAM - ok
20:21:43.0913 1844 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
20:21:43.0929 1844 Wdf01000 - ok
20:21:44.0178 1844 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
20:21:44.0178 1844 WmiAcpi - ok
20:21:44.0241 1844 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
20:21:44.0241 1844 WpdUsb - ok
20:21:44.0303 1844 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
20:21:44.0303 1844 ws2ifsl - ok
20:21:44.0475 1844 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
20:21:44.0490 1844 WUDFRd - ok
20:21:44.0553 1844 yukonwlh (1dd951cf8a69fa2bea82f3e3a811fa95) C:\Windows\system32\DRIVERS\yk60x86.sys
20:21:44.0553 1844 yukonwlh - ok
20:21:44.0615 1844 MBR (0x1B8) (5b5e648d12fcadc244c1ec30318e1eb9) \Device\Harddisk0\DR0
20:21:44.0662 1844 \Device\Harddisk0\DR0 - ok
20:21:44.0662 1844 Boot (0x1200) (9cfca460e65be9ee1e922a1ed351d11a) \Device\Harddisk0\DR0\Partition0
20:21:44.0662 1844 \Device\Harddisk0\DR0\Partition0 - ok
20:21:44.0678 1844 ============================================================
20:21:44.0678 1844 Scan finished
20:21:44.0678 1844 ============================================================
20:21:44.0724 3376 Detected object count: 0
20:21:44.0724 3376 Actual detected object count: 0
20:23:59.0056 3600 Deinitialize success

#9 User is offline   gringo_pr 

  • Bleepin Gringo
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 85,538
  • Joined: 03-July 08
  • Gender:Male
  • Location:Puerto rico

Posted 02 February 2012 - 08:48 PM

Hello

This is the tool I would like you to try and run next.

Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.


Gringo
I will be online from 5-31 to 6-4 in a very limited amount

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic

Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

#10 User is offline   NHGuy 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 117
  • Joined: 19-February 10

Posted 02 February 2012 - 09:18 PM

Hi, Bad news. Program stopped working message appeared during AVAST scan. I don't think it saved a log.

#11 User is offline   gringo_pr 

  • Bleepin Gringo
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 85,538
  • Joined: 03-July 08
  • Gender:Male
  • Location:Puerto rico

Posted 02 February 2012 - 09:37 PM

try it once more and see if it does the same thing


gringo
I will be online from 5-31 to 6-4 in a very limited amount

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic

Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

#12 User is offline   NHGuy 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 117
  • Joined: 19-February 10

Posted 02 February 2012 - 09:50 PM

OK.

Will do.

#13 User is offline   gringo_pr 

  • Bleepin Gringo
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 85,538
  • Joined: 03-July 08
  • Gender:Male
  • Location:Puerto rico

Posted 02 February 2012 - 10:09 PM

keep me informed - I will be back in a little while


gringo
I will be online from 5-31 to 6-4 in a very limited amount

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic

Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

#14 User is offline   NHGuy 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 117
  • Joined: 19-February 10

Posted 02 February 2012 - 10:25 PM

When a bit longer but stopped.

Now what?

#15 User is offline   NHGuy 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 117
  • Joined: 19-February 10

Posted 02 February 2012 - 10:31 PM

Sorry "Went" a bit longer. But it stopped.

Share this topic:


  • 4 Pages +
  • 1
  • 2
  • 3
  • Last »
  • You cannot start a new topic
  • This topic is locked

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users