BleepingComputer.com: Iexplorer audio in background/google redirects

Jump to content

Forum Guidelines

Posted Image Read the following topic before creating a new topic in this forum. It contains instructions on the what we would like you to post, which will enable us to help you more quickly.

Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help


Posted Image Unfortunately, with the amount of logs we receive per day, the average response time is 5 days. I want to assure you, though, that your topic will be looked at and responded to. So please be patient.


Posted Image DO NOT RUN ComboFix unless requested to.


Posted Image Only members of the Malware Response Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log.


Posted Image When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc.


Posted Image Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.
  • 8 Pages +
  • « First
  • 3
  • 4
  • 5
  • 6
  • 7
  • Last »
  • You cannot start a new topic
  • This topic is locked

Iexplorer audio in background/google redirects Leftovers

#61 User is offline   Patyfatycake 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 61
  • Joined: 01-February 12

Posted 12 February 2012 - 09:44 PM

15:43:33.0328 28400 TDSS rootkit removing tool 2.7.11.0 Feb 9 2012 10:12:57
15:43:34.0037 28400 ============================================================
15:43:34.0038 28400 Current date / time: 2012/02/13 15:43:34.0037
15:43:34.0038 28400 SystemInfo:
15:43:34.0038 28400
15:43:34.0038 28400 OS Version: 6.1.7600 ServicePack: 0.0
15:43:34.0038 28400 Product type: Workstation
15:43:34.0038 28400 ComputerName: LEWISKWONG-PC
15:43:34.0038 28400 UserName: Lewis Kwong
15:43:34.0038 28400 Windows directory: C:\Windows
15:43:34.0038 28400 System windows directory: C:\Windows
15:43:34.0038 28400 Running under WOW64
15:43:34.0038 28400 Processor architecture: Intel x64
15:43:34.0038 28400 Number of processors: 4
15:43:34.0038 28400 Page size: 0x1000
15:43:34.0038 28400 Boot type: Normal boot
15:43:34.0038 28400 ============================================================
15:43:34.0859 28400 Drive \Device\Harddisk0\DR0 - Size: 0x7470AFDE00 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:43:34.0864 28400 Drive \Device\Harddisk1\DR1 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
15:43:34.0865 28400 Drive \Device\Harddisk2\DR2 - Size: 0x1D63C0000 (7.35 Gb), SectorSize: 0x1000, Cylinders: 0x77, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
15:43:34.0869 28400 \Device\Harddisk0\DR0:
15:43:34.0869 28400 MBR used
15:43:34.0869 28400 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A380D41
15:43:34.0869 28400 \Device\Harddisk1\DR1:
15:43:34.0869 28400 MBR used
15:43:34.0869 28400 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A384C41
15:43:34.0869 28400 \Device\Harddisk2\DR2:
15:43:34.0870 28400 MBR used
15:43:34.0870 28400 \Device\Harddisk2\DR2\Partition0: MBR, Type 0xB, StartLBA 0x40, BlocksNum 0x1D637F
15:43:34.0874 28400 Initialize success
15:43:34.0874 28400 ============================================================
15:43:35.0584 17788 ============================================================
15:43:35.0584 17788 Scan started
15:43:35.0584 17788 Mode: Manual;
15:43:35.0584 17788 ============================================================
15:43:36.0645 17788 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
15:43:36.0646 17788 1394ohci - ok
15:43:36.0671 17788 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
15:43:36.0673 17788 ACPI - ok
15:43:36.0687 17788 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
15:43:36.0688 17788 AcpiPmi - ok
15:43:36.0721 17788 adfs (2f0683fd2df1d92e891caca14b45a8c1) C:\Windows\system32\drivers\adfs.sys
15:43:36.0722 17788 adfs - ok
15:43:36.0772 17788 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
15:43:36.0775 17788 adp94xx - ok
15:43:36.0805 17788 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
15:43:36.0807 17788 adpahci - ok
15:43:36.0833 17788 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
15:43:36.0834 17788 adpu320 - ok
15:43:36.0989 17788 AFD (b9384e03479d2506bc924c16a3db87bc) C:\Windows\system32\drivers\afd.sys
15:43:36.0991 17788 AFD - ok
15:43:37.0009 17788 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
15:43:37.0009 17788 agp440 - ok
15:43:37.0048 17788 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
15:43:37.0048 17788 aliide - ok
15:43:37.0075 17788 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
15:43:37.0076 17788 amdide - ok
15:43:37.0102 17788 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
15:43:37.0103 17788 AmdK8 - ok
15:43:37.0300 17788 amdkmdag (74687c33c4ad25a975bbb1ea1e8b3884) C:\Windows\system32\DRIVERS\atikmdag.sys
15:43:37.0338 17788 amdkmdag - ok
15:43:37.0379 17788 amdkmdap (c7f56ed86327a78e7f8a5cc503a98bd6) C:\Windows\system32\DRIVERS\atikmpag.sys
15:43:37.0380 17788 amdkmdap - ok
15:43:37.0405 17788 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
15:43:37.0406 17788 AmdPPM - ok
15:43:37.0457 17788 amdsata (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\DRIVERS\amdsata.sys
15:43:37.0458 17788 amdsata - ok
15:43:37.0469 17788 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
15:43:37.0470 17788 amdsbs - ok
15:43:37.0488 17788 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\DRIVERS\amdxata.sys
15:43:37.0489 17788 amdxata - ok
15:43:37.0553 17788 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
15:43:37.0554 17788 AppID - ok
15:43:37.0584 17788 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
15:43:37.0585 17788 arc - ok
15:43:37.0609 17788 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
15:43:37.0610 17788 arcsas - ok
15:43:37.0655 17788 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
15:43:37.0656 17788 AsyncMac - ok
15:43:37.0672 17788 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
15:43:37.0673 17788 atapi - ok
15:43:37.0750 17788 athr (cca705cdf038d5bc243203ce4416b345) C:\Windows\system32\DRIVERS\athrx.sys
15:43:37.0758 17788 athr - ok
15:43:37.0809 17788 AtiDCM - ok
15:43:37.0842 17788 atksgt - ok
15:43:37.0901 17788 avgntflt (b1224e6b086cd6548315b04ab575a23e) C:\Windows\system32\DRIVERS\avgntflt.sys
15:43:37.0902 17788 avgntflt - ok
15:43:37.0931 17788 avipbb (ed45f12cfa62b83765c9c1496758cc87) C:\Windows\system32\DRIVERS\avipbb.sys
15:43:37.0932 17788 avipbb - ok
15:43:37.0969 17788 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
15:43:37.0972 17788 b06bdrv - ok
15:43:38.0024 17788 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
15:43:38.0026 17788 b57nd60a - ok
15:43:38.0102 17788 BCM43XX (9e84a931dbee0292e38ed672f6293a99) C:\Windows\system32\DRIVERS\bcmwl664.sys
15:43:38.0109 17788 BCM43XX - ok
15:43:38.0145 17788 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
15:43:38.0145 17788 Beep - ok
15:43:38.0185 17788 BlackBox - ok
15:43:38.0208 17788 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
15:43:38.0208 17788 blbdrive - ok
15:43:38.0231 17788 bowser (91ce0d3dc57dd377e690a2d324022b08) C:\Windows\system32\DRIVERS\bowser.sys
15:43:38.0232 17788 bowser - ok
15:43:38.0253 17788 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
15:43:38.0254 17788 BrFiltLo - ok
15:43:38.0274 17788 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
15:43:38.0274 17788 BrFiltUp - ok
15:43:38.0333 17788 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
15:43:38.0334 17788 BridgeMP - ok
15:43:38.0369 17788 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
15:43:38.0371 17788 Brserid - ok
15:43:38.0395 17788 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
15:43:38.0395 17788 BrSerWdm - ok
15:43:38.0416 17788 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
15:43:38.0416 17788 BrUsbMdm - ok
15:43:38.0512 17788 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
15:43:38.0513 17788 BrUsbSer - ok
15:43:38.0538 17788 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
15:43:38.0539 17788 BTHMODEM - ok
15:43:38.0547 17788 catchme - ok
15:43:38.0586 17788 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
15:43:38.0587 17788 cdfs - ok
15:43:38.0615 17788 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
15:43:38.0616 17788 cdrom - ok
15:43:38.0651 17788 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
15:43:38.0652 17788 circlass - ok
15:43:38.0690 17788 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
15:43:38.0692 17788 CLFS - ok
15:43:38.0754 17788 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
15:43:38.0754 17788 CmBatt - ok
15:43:38.0765 17788 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
15:43:38.0765 17788 cmdide - ok
15:43:38.0792 17788 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
15:43:38.0795 17788 CNG - ok
15:43:38.0813 17788 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
15:43:38.0814 17788 Compbatt - ok
15:43:38.0840 17788 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
15:43:38.0840 17788 CompositeBus - ok
15:43:38.0913 17788 cpuz132 - ok
15:43:38.0959 17788 cpuz133 (641243746597fbd650e5000d95811ea3) C:\Windows\system32\drivers\cpuz133_x64.sys
15:43:38.0959 17788 cpuz133 - ok
15:43:38.0978 17788 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
15:43:38.0978 17788 crcdisk - ok
15:43:39.0023 17788 CSC (4a6173c2279b498cd8f57cae504564cb) C:\Windows\system32\drivers\csc.sys
15:43:39.0026 17788 CSC - ok
15:43:39.0074 17788 DfsC (3f1dc527070acb87e40afe46ef6da749) C:\Windows\system32\Drivers\dfsc.sys
15:43:39.0075 17788 DfsC - ok
15:43:39.0098 17788 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
15:43:39.0098 17788 discache - ok
15:43:39.0140 17788 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
15:43:39.0141 17788 Disk - ok
15:43:39.0175 17788 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
15:43:39.0176 17788 drmkaud - ok
15:43:39.0203 17788 dtsoftbus01 (400582b09e0bb557d0ec28a945150eeb) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
15:43:39.0205 17788 dtsoftbus01 - ok
15:43:39.0243 17788 DXGKrnl (7cb7d2b73813ce05c7bc0f5f95d27cec) C:\Windows\System32\drivers\dxgkrnl.sys
15:43:39.0248 17788 DXGKrnl - ok
15:43:39.0279 17788 EagleX64 - ok
15:43:39.0374 17788 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
15:43:39.0391 17788 ebdrv - ok
15:43:39.0446 17788 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
15:43:39.0449 17788 elxstor - ok
15:43:39.0469 17788 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
15:43:39.0469 17788 ErrDev - ok
15:43:39.0500 17788 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
15:43:39.0501 17788 exfat - ok
15:43:39.0520 17788 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
15:43:39.0522 17788 fastfat - ok
15:43:39.0544 17788 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
15:43:39.0545 17788 fdc - ok
15:43:39.0563 17788 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
15:43:39.0564 17788 FileInfo - ok
15:43:39.0580 17788 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
15:43:39.0580 17788 Filetrace - ok
15:43:39.0594 17788 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
15:43:39.0594 17788 flpydisk - ok
15:43:39.0620 17788 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
15:43:39.0622 17788 FltMgr - ok
15:43:39.0648 17788 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
15:43:39.0649 17788 FsDepends - ok
15:43:39.0659 17788 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
15:43:39.0659 17788 Fs_Rec - ok
15:43:39.0681 17788 fvevol (b8b2a6e1558f8f5de5ce431c5b2c7b09) C:\Windows\system32\DRIVERS\fvevol.sys
15:43:39.0683 17788 fvevol - ok
15:43:39.0709 17788 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
15:43:39.0709 17788 gagp30kx - ok
15:43:39.0768 17788 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
15:43:39.0769 17788 GEARAspiWDM - ok
15:43:39.0793 17788 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
15:43:39.0793 17788 hcw85cir - ok
15:43:39.0845 17788 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
15:43:39.0847 17788 HdAudAddService - ok
15:43:39.0865 17788 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
15:43:39.0867 17788 HDAudBus - ok
15:43:39.0880 17788 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
15:43:39.0881 17788 HidBatt - ok
15:43:39.0903 17788 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
15:43:39.0904 17788 HidBth - ok
15:43:39.0924 17788 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
15:43:39.0924 17788 HidIr - ok
15:43:39.0959 17788 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
15:43:39.0959 17788 HidUsb - ok
15:43:39.0997 17788 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
15:43:39.0997 17788 HpSAMD - ok
15:43:40.0040 17788 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
15:43:40.0043 17788 HTTP - ok
15:43:40.0055 17788 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
15:43:40.0056 17788 hwpolicy - ok
15:43:40.0090 17788 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
15:43:40.0091 17788 i8042prt - ok
15:43:40.0124 17788 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys
15:43:40.0126 17788 iaStorV - ok
15:43:40.0177 17788 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
15:43:40.0177 17788 iirsp - ok
15:43:40.0296 17788 IntcAzAudAddService (9297bc7fb61f58670ee176dd18f4dd92) C:\Windows\system32\drivers\RTKVHD64.sys
15:43:40.0311 17788 IntcAzAudAddService - ok
15:43:40.0332 17788 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
15:43:40.0332 17788 intelide - ok
15:43:40.0357 17788 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
15:43:40.0358 17788 intelppm - ok
15:43:40.0370 17788 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:43:40.0371 17788 IpFilterDriver - ok
15:43:40.0407 17788 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
15:43:40.0407 17788 IPMIDRV - ok
15:43:40.0425 17788 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
15:43:40.0426 17788 IPNAT - ok
15:43:40.0458 17788 irda (05360b1ea5a2abf620d1d96ebd8bd8f1) C:\Windows\system32\DRIVERS\irda.sys
15:43:40.0459 17788 irda - ok
15:43:40.0476 17788 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
15:43:40.0477 17788 IRENUM - ok
15:43:40.0520 17788 irsir (d2ca12736624ba636f8357dc3ef0757e) C:\Windows\system32\DRIVERS\irsir.sys
15:43:40.0521 17788 irsir - ok
15:43:40.0542 17788 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
15:43:40.0542 17788 isapnp - ok
15:43:40.0567 17788 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
15:43:40.0569 17788 iScsiPrt - ok
15:43:40.0589 17788 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
15:43:40.0590 17788 kbdclass - ok
15:43:40.0605 17788 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
15:43:40.0605 17788 kbdhid - ok
15:43:40.0629 17788 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
15:43:40.0630 17788 KSecDD - ok
15:43:40.0647 17788 KSecPkg (bbe1bf6d9b661c354d4857d5fadb943b) C:\Windows\system32\Drivers\ksecpkg.sys
15:43:40.0648 17788 KSecPkg - ok
15:43:40.0667 17788 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
15:43:40.0667 17788 ksthunk - ok
15:43:40.0699 17788 lirsgt - ok
15:43:40.0716 17788 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
15:43:40.0717 17788 lltdio - ok
15:43:40.0755 17788 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
15:43:40.0756 17788 LSI_FC - ok
15:43:40.0772 17788 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
15:43:40.0773 17788 LSI_SAS - ok
15:43:40.0793 17788 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
15:43:40.0794 17788 LSI_SAS2 - ok
15:43:40.0805 17788 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
15:43:40.0806 17788 LSI_SCSI - ok
15:43:40.0832 17788 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
15:43:40.0834 17788 luafv - ok
15:43:40.0890 17788 ManyCam (d33e2b74cf8b3a652bf0a9fbd068e87a) C:\Windows\system32\DRIVERS\ManyCam_x64.sys
15:43:40.0891 17788 ManyCam - ok
15:43:40.0958 17788 MarvinBus (024da28053d57e9e32bee52600576bbb) C:\Windows\system32\DRIVERS\MarvinBus64.sys
15:43:40.0959 17788 MarvinBus - ok
15:43:41.0001 17788 MBAMProtector (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys
15:43:41.0001 17788 MBAMProtector - ok
15:43:41.0068 17788 mcdbus (79d51e7f5926e8ce1b3ebecebae28cff) C:\Windows\system32\DRIVERS\mcdbus.sys
15:43:41.0070 17788 mcdbus - ok
15:43:41.0090 17788 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
15:43:41.0090 17788 megasas - ok
15:43:41.0110 17788 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
15:43:41.0112 17788 MegaSR - ok
15:43:41.0143 17788 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
15:43:41.0144 17788 Modem - ok
15:43:41.0168 17788 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
15:43:41.0169 17788 monitor - ok
15:43:41.0199 17788 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
15:43:41.0200 17788 mouclass - ok
15:43:41.0226 17788 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
15:43:41.0227 17788 mouhid - ok
15:43:41.0242 17788 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
15:43:41.0243 17788 mountmgr - ok
15:43:41.0265 17788 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
15:43:41.0266 17788 mpio - ok
15:43:41.0288 17788 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
15:43:41.0289 17788 mpsdrv - ok
15:43:41.0343 17788 MQAC (cd22d2563039dda6793f7624719363a7) C:\Windows\system32\drivers\mqac.sys
15:43:41.0344 17788 MQAC - ok
15:43:41.0357 17788 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
15:43:41.0358 17788 MRxDAV - ok
15:43:41.0384 17788 mrxsmb (cfdcd8ca87c2a657debc150ac35b5e08) C:\Windows\system32\DRIVERS\mrxsmb.sys
15:43:41.0386 17788 mrxsmb - ok
15:43:41.0410 17788 mrxsmb10 (1bee517b220b7f024f411aec1571dd5a) C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:43:41.0412 17788 mrxsmb10 - ok
15:43:41.0429 17788 mrxsmb20 (6b2d5fef385828b6e485c1c90afb8195) C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:43:41.0430 17788 mrxsmb20 - ok
15:43:41.0444 17788 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
15:43:41.0445 17788 msahci - ok
15:43:41.0471 17788 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
15:43:41.0472 17788 msdsm - ok
15:43:41.0509 17788 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
15:43:41.0510 17788 Msfs - ok
15:43:41.0529 17788 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
15:43:41.0530 17788 mshidkmdf - ok
15:43:41.0543 17788 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
15:43:41.0543 17788 msisadrv - ok
15:43:41.0577 17788 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
15:43:41.0578 17788 MSKSSRV - ok
15:43:41.0632 17788 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
15:43:41.0633 17788 MSPCLOCK - ok
15:43:41.0684 17788 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
15:43:41.0684 17788 MSPQM - ok
15:43:41.0714 17788 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
15:43:41.0716 17788 MsRPC - ok
15:43:41.0735 17788 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
15:43:41.0735 17788 mssmbios - ok
15:43:41.0745 17788 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
15:43:41.0747 17788 MSTEE - ok
15:43:41.0762 17788 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
15:43:41.0763 17788 MTConfig - ok
15:43:41.0790 17788 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
15:43:41.0791 17788 Mup - ok
15:43:41.0834 17788 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
15:43:41.0836 17788 NativeWifiP - ok
15:43:41.0878 17788 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
15:43:41.0884 17788 NDIS - ok
15:43:41.0905 17788 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
15:43:41.0906 17788 NdisCap - ok
15:43:41.0937 17788 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
15:43:41.0938 17788 NdisTapi - ok
15:43:41.0951 17788 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
15:43:41.0952 17788 Ndisuio - ok
15:43:41.0972 17788 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
15:43:41.0974 17788 NdisWan - ok
15:43:42.0001 17788 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
15:43:42.0002 17788 NDProxy - ok
15:43:42.0178 17788 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
15:43:42.0178 17788 NetBIOS - ok
15:43:42.0197 17788 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
15:43:42.0199 17788 NetBT - ok
15:43:42.0236 17788 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
15:43:42.0237 17788 nfrd960 - ok
15:43:42.0270 17788 NLNdisMP (ad42fb061166af0643806800304bd76f) C:\Windows\system32\DRIVERS\nlndis.sys
15:43:42.0271 17788 NLNdisMP - ok
15:43:42.0284 17788 NLNdisPT (ad42fb061166af0643806800304bd76f) C:\Windows\system32\DRIVERS\nlndis.sys
15:43:42.0285 17788 NLNdisPT - ok
15:43:42.0335 17788 nltdi (75e6581de9a0b155edab6807e668be06) C:\Program Files\NetLimiter 3\nltdi.sys
15:43:42.0336 17788 nltdi - ok
15:43:42.0383 17788 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
15:43:42.0384 17788 Npfs - ok
15:43:42.0404 17788 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
15:43:42.0404 17788 nsiproxy - ok
15:43:42.0456 17788 Ntfs (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys
15:43:42.0464 17788 Ntfs - ok
15:43:42.0484 17788 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
15:43:42.0485 17788 Null - ok
15:43:42.0506 17788 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys
15:43:42.0507 17788 nvraid - ok
15:43:42.0526 17788 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys
15:43:42.0527 17788 nvstor - ok
15:43:42.0547 17788 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
15:43:42.0548 17788 nv_agp - ok
15:43:42.0581 17788 nxsIO32 - ok
15:43:42.0601 17788 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
15:43:42.0601 17788 ohci1394 - ok
15:43:42.0659 17788 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
15:43:42.0659 17788 Parport - ok
15:43:42.0679 17788 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
15:43:42.0680 17788 partmgr - ok
15:43:42.0702 17788 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
15:43:42.0703 17788 pci - ok
15:43:42.0726 17788 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
15:43:42.0726 17788 pciide - ok
15:43:42.0742 17788 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
15:43:42.0744 17788 pcmcia - ok
15:43:42.0756 17788 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
15:43:42.0757 17788 pcw - ok
15:43:42.0783 17788 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
15:43:42.0787 17788 PEAUTH - ok
15:43:42.0836 17788 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
15:43:42.0837 17788 PptpMiniport - ok
15:43:42.0851 17788 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
15:43:42.0852 17788 Processor - ok
15:43:42.0880 17788 PROCEXP151 - ok
15:43:42.0915 17788 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
15:43:42.0917 17788 Psched - ok
15:43:42.0961 17788 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
15:43:42.0969 17788 ql2300 - ok
15:43:42.0987 17788 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
15:43:42.0988 17788 ql40xx - ok
15:43:43.0007 17788 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
15:43:43.0008 17788 QWAVEdrv - ok
15:43:43.0023 17788 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
15:43:43.0023 17788 RasAcd - ok
15:43:43.0042 17788 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
15:43:43.0043 17788 RasAgileVpn - ok
15:43:43.0060 17788 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
15:43:43.0061 17788 Rasl2tp - ok
15:43:43.0079 17788 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
15:43:43.0080 17788 RasPppoe - ok
15:43:43.0099 17788 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
15:43:43.0100 17788 RasSstp - ok
15:43:43.0122 17788 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
15:43:43.0124 17788 rdbss - ok
15:43:43.0146 17788 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
15:43:43.0146 17788 rdpbus - ok
15:43:43.0158 17788 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
15:43:43.0159 17788 RDPCDD - ok
15:43:43.0190 17788 RDPDR (9706b84dbabfc4b4ca46c5a82b14dfa3) C:\Windows\system32\drivers\rdpdr.sys
15:43:43.0192 17788 RDPDR - ok
15:43:43.0214 17788 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
15:43:43.0215 17788 RDPENCDD - ok
15:43:43.0227 17788 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
15:43:43.0227 17788 RDPREFMP - ok
15:43:43.0243 17788 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
15:43:43.0245 17788 RDPWD - ok
15:43:43.0266 17788 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
15:43:43.0268 17788 rdyboost - ok
15:43:43.0338 17788 Revoflt (9c3ac71a9934b884fac567a8807e9c4d) C:\Windows\system32\DRIVERS\revoflt.sys
15:43:43.0338 17788 Revoflt - ok
15:43:43.0358 17788 RMCAST (77b3b747eb2413072b8e4306018d0c9b) C:\Windows\system32\DRIVERS\RMCAST.sys
15:43:43.0360 17788 RMCAST - ok
15:43:43.0380 17788 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
15:43:43.0381 17788 rspndr - ok
15:43:43.0422 17788 RTL8167 (b49dc435ae3695bac5623dd94b05732d) C:\Windows\system32\DRIVERS\Rt64win7.sys
15:43:43.0423 17788 RTL8167 - ok
15:43:43.0533 17788 RTLE8023x64 (f7fcc534eb2c95aa74e215ece65a875a) C:\Windows\system32\DRIVERS\Rtenic64.sys
15:43:43.0534 17788 RTLE8023x64 - ok
15:43:43.0554 17788 s3cap (88af6e02ab19df7fd07ecdf9c91e9af6) C:\Windows\system32\DRIVERS\vms3cap.sys
15:43:43.0554 17788 s3cap - ok
15:43:43.0621 17788 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
15:43:43.0621 17788 SASDIFSV - ok
15:43:43.0626 17788 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
15:43:43.0626 17788 SASKUTIL - ok
15:43:43.0680 17788 SbieDrv (035dd5d74ed74de036113cae60fe55b3) C:\Program Files\Sandboxie\SbieDrv.sys
15:43:43.0681 17788 SbieDrv - ok
15:43:43.0707 17788 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
15:43:43.0707 17788 sbp2port - ok
15:43:43.0751 17788 SCDEmu (07237c66e05da6778e9f3cb67fa00736) C:\Windows\system32\drivers\SCDEmu.sys
15:43:43.0752 17788 SCDEmu - ok
15:43:43.0768 17788 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
15:43:43.0769 17788 scfilter - ok
15:43:43.0782 17788 ScreamBAudioSvc - ok
15:43:43.0807 17788 Secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\SECDRV.SYS
15:43:43.0808 17788 Secdrv - ok
15:43:43.0838 17788 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
15:43:43.0838 17788 Serenum - ok
15:43:43.0856 17788 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
15:43:43.0857 17788 Serial - ok
15:43:43.0870 17788 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
15:43:43.0870 17788 sermouse - ok
15:43:43.0892 17788 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
15:43:43.0893 17788 sffdisk - ok
15:43:43.0910 17788 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
15:43:43.0911 17788 sffp_mmc - ok
15:43:43.0925 17788 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
15:43:43.0925 17788 sffp_sd - ok
15:43:43.0939 17788 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
15:43:43.0940 17788 sfloppy - ok
15:43:44.0013 17788 sftfs (6532f56e1bd7fe50e1352b909530c651) C:\Program Files (x86)\Microsoft Application Virtualization Client\drivers\sftfslh.sys
15:43:44.0017 17788 sftfs - ok
15:43:44.0038 17788 sftplay (e6ff02b1bd81ea2f6894066d5cb6d91e) C:\Program Files (x86)\Microsoft Application Virtualization Client\drivers\sftplaylh.sys
15:43:44.0040 17788 sftplay - ok
15:43:44.0077 17788 Sftredir (cffb30b10c66f9a8c6a70d105bd4de8d) C:\Windows\system32\DRIVERS\Sftredirlh.sys
15:43:44.0077 17788 Sftredir - ok
15:43:44.0103 17788 sftvol (baf32ef413025559c23754afcabca90a) C:\Program Files (x86)\Microsoft Application Virtualization Client\drivers\sftvollh.sys
15:43:44.0104 17788 sftvol - ok
15:43:44.0148 17788 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
15:43:44.0149 17788 SiSRaid2 - ok
15:43:44.0165 17788 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
15:43:44.0166 17788 SiSRaid4 - ok
15:43:44.0183 17788 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
15:43:44.0184 17788 Smb - ok
15:43:44.0216 17788 speedfan - ok
15:43:44.0251 17788 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
15:43:44.0252 17788 spldr - ok
15:43:44.0297 17788 srvnet (26e84d3649019c3244622e654dfcd75b) C:\Windows\system32\DRIVERS\srvnet.sys
15:43:44.0298 17788 srvnet - ok
15:43:44.0344 17788 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
15:43:44.0345 17788 stexstor - ok
15:43:44.0375 17788 storflt (ffd7a6f15b14234b5b0e5d49e7961895) C:\Windows\system32\DRIVERS\vmstorfl.sys
15:43:44.0376 17788 storflt - ok
15:43:44.0402 17788 storvsc (8fccbefc5c440b3c23454656e551b09a) C:\Windows\system32\DRIVERS\storvsc.sys
15:43:44.0403 17788 storvsc - ok
15:43:44.0436 17788 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
15:43:44.0437 17788 swenum - ok
15:43:44.0490 17788 tap0901 (f0b9d3ed88e56d3cd713dff21e42aaf0) C:\Windows\system32\DRIVERS\tap0901.sys
15:43:44.0491 17788 tap0901 - ok
15:43:44.0546 17788 Tcpip (912107716bab424c7870e8e6af5e07e1) C:\Windows\system32\drivers\tcpip.sys
15:43:44.0556 17788 Tcpip - ok
15:43:44.0629 17788 TCPIP6 (912107716bab424c7870e8e6af5e07e1) C:\Windows\system32\DRIVERS\tcpip.sys
15:43:44.0639 17788 TCPIP6 - ok
15:43:44.0678 17788 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
15:43:44.0679 17788 tcpipreg - ok
15:43:44.0707 17788 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
15:43:44.0708 17788 TDPIPE - ok
15:43:44.0718 17788 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
15:43:44.0719 17788 TDTCP - ok
15:43:44.0746 17788 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
15:43:44.0747 17788 tdx - ok
15:43:44.0783 17788 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
15:43:44.0784 17788 TermDD - ok
15:43:44.0815 17788 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
15:43:44.0816 17788 tssecsrv - ok
15:43:44.0852 17788 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
15:43:44.0853 17788 tunnel - ok
15:43:44.0883 17788 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
15:43:44.0884 17788 uagp35 - ok
15:43:44.0909 17788 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
15:43:44.0911 17788 udfs - ok
15:43:45.0089 17788 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
15:43:45.0090 17788 uliagpkx - ok
15:43:45.0126 17788 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
15:43:45.0127 17788 umbus - ok
15:43:45.0146 17788 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
15:43:45.0147 17788 UmPass - ok
15:43:45.0209 17788 USBAAPL64 (f724b03c3dfaacf08d17d38bf3333583) C:\Windows\system32\Drivers\usbaapl64.sys
15:43:45.0209 17788 USBAAPL64 - ok
15:43:45.0232 17788 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys
15:43:45.0232 17788 usbccgp - ok
15:43:45.0263 17788 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
15:43:45.0265 17788 usbcir - ok
15:43:45.0280 17788 usbehci (2ea4aff7be7eb4632e3aa8595b0803b5) C:\Windows\system32\DRIVERS\usbehci.sys
15:43:45.0281 17788 usbehci - ok
15:43:45.0311 17788 usbhub (4c9042b8df86c1e8e6240c218b99b39b) C:\Windows\system32\DRIVERS\usbhub.sys
15:43:45.0313 17788 usbhub - ok
15:43:45.0331 17788 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
15:43:45.0332 17788 usbohci - ok
15:43:45.0364 17788 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
15:43:45.0365 17788 usbprint - ok
15:43:45.0396 17788 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
15:43:45.0397 17788 usbscan - ok
15:43:45.0415 17788 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:43:45.0416 17788 USBSTOR - ok
15:43:45.0429 17788 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
15:43:45.0429 17788 usbuhci - ok
15:43:45.0505 17788 VBoxDrv (c40fecb0bd5da4e40690ef9ae4558a8c) C:\Windows\system32\DRIVERS\VBoxDrv.sys
15:43:45.0506 17788 VBoxDrv - ok
15:43:45.0554 17788 VBoxNetAdp (b3fc2d5f35e05e12c28f786c140d1cbd) C:\Windows\system32\DRIVERS\VBoxNetAdp.sys
15:43:45.0555 17788 VBoxNetAdp - ok
15:43:45.0596 17788 VBoxNetFlt (91ef7f61587323cb1658fe919d091ec3) C:\Windows\system32\DRIVERS\VBoxNetFlt.sys
15:43:45.0597 17788 VBoxNetFlt - ok
15:43:45.0643 17788 VBoxUSBMon (cf8b6507670127041ca78ef82c56ee45) C:\Windows\system32\DRIVERS\VBoxUSBMon.sys
15:43:45.0644 17788 VBoxUSBMon - ok
15:43:45.0667 17788 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
15:43:45.0667 17788 vdrvroot - ok
15:43:45.0695 17788 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
15:43:45.0695 17788 vga - ok
15:43:45.0714 17788 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
15:43:45.0715 17788 VgaSave - ok
15:43:45.0739 17788 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
15:43:45.0741 17788 vhdmp - ok
15:43:45.0763 17788 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
15:43:45.0763 17788 viaide - ok
15:43:45.0792 17788 vmbus (1501699d7eda984abc4155a7da5738d1) C:\Windows\system32\DRIVERS\vmbus.sys
15:43:45.0793 17788 vmbus - ok
15:43:45.0807 17788 VMBusHID (ae10c35761889e65a6f7176937c5592c) C:\Windows\system32\DRIVERS\VMBusHID.sys
15:43:45.0808 17788 VMBusHID - ok
15:43:45.0879 17788 vmm (c117cedfb9bfeadb29106fdac1358470) C:\Windows\system32\Drivers\vmm.sys
15:43:45.0881 17788 vmm - ok
15:43:45.0897 17788 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
15:43:45.0898 17788 volmgr - ok
15:43:45.0933 17788 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
15:43:45.0935 17788 volmgrx - ok
15:43:45.0969 17788 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
15:43:45.0971 17788 volsnap - ok
15:43:45.0989 17788 VPCNetS2 (bc2ea40b98b5e866d9a4f98afb66b682) C:\Windows\system32\DRIVERS\VMNetSrv.sys
15:43:45.0989 17788 VPCNetS2 - ok
15:43:46.0024 17788 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
15:43:46.0025 17788 vsmraid - ok
15:43:46.0041 17788 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
15:43:46.0042 17788 vwifibus - ok
15:43:46.0070 17788 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
15:43:46.0071 17788 vwififlt - ok
15:43:46.0107 17788 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
15:43:46.0107 17788 WacomPen - ok
15:43:46.0134 17788 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
15:43:46.0135 17788 WANARP - ok
15:43:46.0139 17788 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
15:43:46.0140 17788 Wanarpv6 - ok
15:43:46.0167 17788 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
15:43:46.0167 17788 Wd - ok
15:43:46.0201 17788 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
15:43:46.0205 17788 Wdf01000 - ok
15:43:46.0246 17788 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
15:43:46.0247 17788 WfpLwf - ok
15:43:46.0261 17788 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
15:43:46.0262 17788 WIMMount - ok
15:43:46.0329 17788 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
15:43:46.0329 17788 WmiAcpi - ok
15:43:46.0370 17788 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
15:43:46.0371 17788 ws2ifsl - ok
15:43:46.0424 17788 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
15:43:46.0425 17788 WudfPf - ok
15:43:46.0443 17788 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
15:43:46.0445 17788 WUDFRd - ok
15:43:46.0522 17788 X6va005 - ok
15:43:46.0552 17788 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
15:43:46.0574 17788 \Device\Harddisk0\DR0 - ok
15:43:46.0578 17788 MBR (0x1B8) (739b36f7a373fc81121d831231b6d311) \Device\Harddisk1\DR1
15:43:46.0625 17788 \Device\Harddisk1\DR1 - ok
15:43:46.0635 17788 MBR (0x1B8) (25a853d87f74184ae65b48f3c5d1c82b) \Device\Harddisk2\DR2
15:43:54.0576 17788 \Device\Harddisk2\DR2 - ok
15:43:54.0579 17788 Boot (0x1200) (171de11d02b1efc15d660c1ed5704821) \Device\Harddisk0\DR0\Partition0
15:43:54.0580 17788 \Device\Harddisk0\DR0\Partition0 - ok
15:43:54.0584 17788 Boot (0x1200) (7ac837e18f15223021a3577c0b55cef0) \Device\Harddisk1\DR1\Partition0
15:43:54.0585 17788 \Device\Harddisk1\DR1\Partition0 - ok
15:43:54.0589 17788 Boot (0x1200) (91073f833efec86258282df3873e997f) \Device\Harddisk2\DR2\Partition0
15:43:54.0590 17788 \Device\Harddisk2\DR2\Partition0 - ok
15:43:54.0590 17788 ============================================================
15:43:54.0590 17788 Scan finished
15:43:54.0590 17788 ============================================================
15:43:54.0603 27840 Detected object count: 0
15:43:54.0603 27840 Actual detected object count: 0

#62 User is offline   m0le 

  • I know the drill!
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Instructor
  • Posts: 29,115
  • Joined: 24-July 08
  • Gender:Male
  • Location:London, UK

Posted 12 February 2012 - 09:52 PM

This isn't following the pattern of these new TDL4 detections.

I would like you to run this tool for me - fixTDSS

Download it to your desktop and start the program

Follow the prompts and OK any security prompts

When it is complete it will say the infection was cleared or no infection was found - let me know what it says
If I have helped you fix your PC then please donate. Thanks

Posted Image
m0le is a proud member of UNITE (Unified Network of Instructors and Trusted Eliminators)

#63 User is offline   Patyfatycake 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 61
  • Joined: 01-February 12

Posted 12 February 2012 - 10:09 PM

No infections were found.

#64 User is offline   m0le 

  • I know the drill!
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Instructor
  • Posts: 29,115
  • Joined: 24-July 08
  • Gender:Male
  • Location:London, UK

Posted 13 February 2012 - 12:21 PM

We'll go after atapi.sys then

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    :filefind
atapi.sys


  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
If I have helped you fix your PC then please donate. Thanks

Posted Image
m0le is a proud member of UNITE (Unified Network of Instructors and Trusted Eliminators)

#65 User is offline   Patyfatycake 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 61
  • Joined: 01-February 12

Posted 13 February 2012 - 01:39 PM

SystemLook 27.08.10 by jpshortstuff
Log created at 07:30 on 14/02/2012 by Lewis Kwong
Administrator - Elevation successful

========== filefind ==========

Searching for "atapi.sys"
C:\Windows\ERDNT\cache64\atapi.sys --a---- 24128 bytes [11:18 01/02/2012] [01:52 14/07/2009] 02062C0B390B7729EDC9E69C680A6F3C
C:\Windows\System32\drivers\atapi.sys --a---- 24128 bytes [23:19 13/07/2009] [01:52 14/07/2009] 02062C0B390B7729EDC9E69C680A6F3C
C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys --ah--- 24128 bytes [23:19 13/07/2009] [01:52 14/07/2009] 02062C0B390B7729EDC9E69C680A6F3C
C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys --ah--- 24128 bytes [23:19 13/07/2009] [01:52 14/07/2009] 02062C0B390B7729EDC9E69C680A6F3C

-= EOF =-

#66 User is offline   m0le 

  • I know the drill!
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Instructor
  • Posts: 29,115
  • Joined: 24-July 08
  • Gender:Male
  • Location:London, UK

Posted 13 February 2012 - 02:41 PM

Okay, one more run of Combofix.

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the box below into it:

Quote

FCopy::
C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys | C:\Windows\System32\drivers\atapi.sys


Save this as CFScript.txt, in the same location as Comfix.exe (called ComboFix.exe in the below graphic)


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

If the program requests for you to update Combofix then click Yes.

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.
If I have helped you fix your PC then please donate. Thanks

Posted Image
m0le is a proud member of UNITE (Unified Network of Instructors and Trusted Eliminators)

#67 User is offline   Patyfatycake 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 61
  • Joined: 01-February 12

Posted 13 February 2012 - 09:20 PM

ComboFix 12-02-11.03 - Lewis Kwong 14/02/2012 14:26:22.9.4 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.8190.5476 [GMT 13:00]
Running from: c:\users\Lewis Kwong\Desktop\ComboFix.exe
Command switches used :: c:\users\Lewis Kwong\Desktop\CFScript.txt
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Lewis Kwong\AppData\Roaming\mIRC\logs\status.log
.
.
((((((((((((((((((((((((( Files Created from 2012-01-14 to 2012-02-14 )))))))))))))))))))))))))))))))
.
.
2012-02-14 02:08 . 2012-02-14 02:08 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-02-13 08:54 . 2012-02-13 08:56 -------- d-----w- c:\users\Lewis Kwong\.TRPKCachev3
2012-02-13 01:19 . 2012-02-13 01:19 -------- d-----w- c:\program files (x86)\Resource Kit
2012-02-09 03:34 . 2012-02-09 03:34 -------- d-----w- c:\users\Lewis Kwong\DoctorWeb
2012-02-08 22:57 . 2012-02-08 23:00 -------- d-----w- c:\program files (x86)\Driver Cleaner Pro
2012-02-08 01:08 . 2012-02-08 01:08 -------- d-----w- C:\_OTL
2012-02-06 06:59 . 2012-02-06 06:59 -------- d-----w- c:\users\Lewis Kwong\AppData\Local\Locktime
2012-02-06 06:59 . 2012-02-06 06:59 -------- d-----w- c:\program files\NetLimiter 3
2012-02-04 07:07 . 2012-02-04 07:07 -------- d-----w- C:\Down
2012-02-03 05:39 . 2012-02-03 21:25 -------- d-----w- C:\files
2012-02-02 22:48 . 2012-02-02 22:48 -------- d-----w- c:\users\Lewis Kwong\AppData\Roaming\Malwarebytes
2012-02-02 22:48 . 2012-02-02 22:48 -------- d-----w- c:\programdata\Malwarebytes
2012-02-02 22:48 . 2012-02-02 22:48 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-02-02 22:48 . 2011-12-10 02:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-02 11:14 . 2012-02-02 11:14 -------- d-----w- C:\TDSSKiller_Quarantine
2012-02-02 02:49 . 2012-02-09 03:04 -------- d-----w- c:\program files (x86)\Astroburn Toolbar
2012-02-02 02:49 . 2012-02-02 02:49 -------- d-----w- c:\programdata\Astroburn Lite
2012-02-02 02:49 . 2012-02-02 02:49 -------- d-----w- c:\program files (x86)\Astroburn Lite
2012-02-02 01:45 . 2011-04-23 06:51 537850 ----a-w- C:\HaxFix.exe
2012-02-01 20:33 . 2012-02-13 08:26 6832 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2012-02-01 20:19 . 2012-02-03 19:01 35712 ----a-w- c:\windows\SysWow64\drivers\BlackBox.sys
2012-02-01 12:17 . 2012-02-01 12:17 -------- d-----w- c:\program files (x86)\ESET
2012-02-01 09:40 . 2012-02-14 02:11 -------- d-----w- c:\users\Lewis Kwong\AppData\Local\TSVNCache
2012-01-31 09:57 . 2012-01-31 09:57 -------- d-----w- c:\programdata\Media Center Programs
2012-01-31 06:01 . 2012-01-31 06:01 -------- d-----w- c:\users\Lewis Kwong\AppData\Roaming\Atari
2012-01-26 07:54 . 2012-01-26 07:54 -------- d-----r- c:\users\Lewis Kwong\AppData\Roaming\SecuROM
2012-01-26 07:53 . 2012-01-26 07:53 178800 ----a-w- c:\windows\SysWow64\CmdLineExt_x64.dll
2012-01-24 01:33 . 2012-02-09 06:42 -------- d-----w- c:\users\Lewis Kwong\AppData\Roaming\.tribot
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-14 02:10 . 2010-12-20 23:42 4194304 ----a-w- c:\windows\ServiceProfiles\NetworkService\msmqlog.bin
2011-12-02 10:45 . 2011-12-02 02:49 43520 ----a-w- c:\windows\SysWow64\CmdLineExt03.dll
2011-12-02 09:48 . 2011-12-02 09:48 279616 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2011-12-01 20:12 . 2011-12-13 22:28 377344 ----a-w- c:\windows\system32\hpb64.dll
2011-12-01 20:11 . 2011-12-13 22:28 309760 ----a-w- c:\windows\SysWow64\hpb.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2009-07-14 . B133FDA5CD4E5E3A8900216B76FA804C . 858112 . . [6.1.7600.16385] .. c:\windows\SysWOW64\user32.dll
[7] 2009-07-14 . E8B0FFC209E504CB7E79FC24E6C085F0 . 833024 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
.
((((((((((((((((((((((((((((( SnapShot_2012-02-12_03.24.25 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-03-09 05:57 . 2012-02-14 02:12 69842 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-02-14 02:12 33566 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-03-08 10:12 . 2012-02-14 02:12 15890 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1183503601-1514928044-3675566121-1001_UserData.bin
- 2010-03-10 09:42 . 2012-02-12 03:26 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-03-10 09:42 . 2012-02-14 02:12 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-03-10 09:42 . 2012-02-12 03:26 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-03-10 09:42 . 2012-02-14 02:12 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2012-02-12 03:22 . 2012-02-12 03:22 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-02-14 02:10 . 2012-02-14 02:10 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-02-12 03:22 . 2012-02-12 03:22 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-02-14 02:10 . 2012-02-14 02:10 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 02:34 . 2012-02-11 20:28 9699328 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2009-07-14 02:34 . 2012-02-13 12:23 9699328 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2000-10-11 00:50 . 2000-10-11 00:50 1000448 c:\windows\Installer\4b60a78.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FlashGet 3"="c:\program files (x86)\FlashGet Network\FlashGet 3\Flashget3.exe" [2009-12-22 2127408]
"ManyCam"="c:\program files (x86)\ManyCam 2.4\ManyCam.exe" [2010-04-21 1824040]
"Octoshape Streaming Services"="c:\users\Lewis Kwong\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" [2009-01-08 70936]
"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2010-03-12 319792]
"Gadwin PrintScreen Pro"="c:\program files (x86)\Gadwin Systems\PrintScreenPro\PrintScreenPro.exe" [2010-10-14 507904]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-02-03 5487488]
"NetLimiter"="c:\program files\NetLimiter 3\NLClientApp.exe" [2011-03-21 2910208]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-02 98304]
"ATICustomerCare"="c:\program files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" [2009-06-14 307200]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"PWRISOVM.EXE"="c:\program files (x86)\PowerISO\PWRISOVM.EXE" [2009-11-09 180224]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2010-12-12 281768]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"Diamondback"="c:\program files (x86)\Razer\Diamondback 3G\razerhid.exe" [2007-08-01 147456]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\SysWOW64\Macromed\Flash\FlashUtil10x_ActiveX.exe" [2011-11-08 243360]
.
c:\users\Lewis Kwong\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
MagicDisc.lnk - c:\program files (x86)\MagicDisc\MagicDisc.exe [2011-10-13 576000]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AtiDCM;AtiDCM;c:\users\Lewis Kwong\AppData\Local\Temp\atdcm64a.sys [x]
R3 BlackBox;BlackBox SR2; [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 NLNdisPT;NetLimiter Ndis Protocol Service;c:\windows\system32\DRIVERS\nlndis.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2009-09-25 4924336]
R3 PROCEXP151;PROCEXP151;c:\windows\system32\Drivers\PROCEXP151.SYS [x]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [x]
R3 RTLE8023x64;Realtek 10/100/1000 PCI-E NIC Family NDIS XP(x64) Driver;c:\windows\system32\DRIVERS\Rtenic64.sys [x]
R3 ScreamBAudioSvc;ScreamBee Audio;c:\windows\system32\drivers\ScreamingBAudio64.sys [x]
R3 sftfs;sftfs;c:\program files (x86)\Microsoft Application Virtualization Client\drivers\sftfslh.sys [2009-09-23 712536]
R3 sftplay;sftplay;c:\program files (x86)\Microsoft Application Virtualization Client\drivers\sftplaylh.sys [2009-09-23 261480]
R3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
R3 sftvol;sftvol;c:\program files (x86)\Microsoft Application Virtualization Client\drivers\sftvollh.sys [2009-09-23 17752]
R3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2009-09-23 203608]
R3 X6va005;X6va005;c:\users\LEWISK~1\AppData\Local\Temp\005B360.tmp [x]
R4 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2009-09-25 819600]
R4 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2009-09-23 447848]
S1 nltdi;nltdi;c:\program files\NetLimiter 3\nltdi.sys [2011-03-21 88200]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [x]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-09-25 140672]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-04-28 136360]
S2 cpuz133;cpuz133;c:\windows\system32\drivers\cpuz133_x64.sys [x]
S2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;c:\program files (x86)\Hi-Rez Studios\HiPatchService.exe [2012-02-07 8704]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
S2 Realtek8185;Realtek8185;c:\program files (x86)\Realtek\RTL8185 Wireless LAN Utility\RtlService.exe [2009-07-09 36864]
S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2010-12-07 2228008]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam_x64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 NLNdisMP;NLNdisMP;c:\windows\system32\DRIVERS\nlndis.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [x]
S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1183503601-1514928044-3675566121-1001Core.job
- c:\users\Lewis Kwong\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-14 21:01]
.
2012-02-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1183503601-1514928044-3675566121-1001UA.job
- c:\users\Lewis Kwong\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-14 21:01]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EFEED92A-A33D-4873-BA8F-32BAA631E54D}"= "c:\program files (x86)\Astroburn Toolbar\ABToolbar64.dll" [BU]
.
[HKEY_CLASSES_ROOT\CLSID\{EFEED92A-A33D-4873-BA8F-32BAA631E54D}]
[HKEY_CLASSES_ROOT\ABToolbar.ToolBandObj.1]
[HKEY_CLASSES_ROOT\TypeLib\{142EECD7-B6CA-4e29-AE5D-A4798EF4FD7F}]
[HKEY_CLASSES_ROOT\ABToolbar.ToolBandObj]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2010-03-20 20:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2010-03-20 20:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2010-03-20 20:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2010-03-20 20:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2010-03-20 20:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2010-03-20 20:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2010-03-20 20:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2010-03-20 20:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2010-03-20 20:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-02-24 11780712]
"MsmqIntCert"="mqrt.dll" [2009-07-14 247808]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.co.nz/
mLocal Page = c:\windows\system32\blank.htm
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: kuaiche.com\software
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.1.254
DPF: {3D3BF1F8-9696-4A5E-B4F1-49101C997B70} - hxxp://www.freetalker.com/VaxSIPUserAgentCAB.cab
FF - ProfilePath - c:\users\Lewis Kwong\AppData\Roaming\Mozilla\Firefox\Profiles\8eb6968l.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.nz/
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF - prefs.js: network.proxy.ftp - 125.164.121.103
FF - prefs.js: network.proxy.ftp_port - 8080
FF - prefs.js: network.proxy.gopher - 125.164.121.103
FF - prefs.js: network.proxy.gopher_port - 8080
FF - prefs.js: network.proxy.http - 125.164.121.103
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.socks - 125.164.121.103
FF - prefs.js: network.proxy.socks_port - 8080
FF - prefs.js: network.proxy.ssl - 125.164.121.103
FF - prefs.js: network.proxy.ssl_port - 8080
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_7de0ed9.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va005]
"ImagePath"="\??\c:\users\LEWISK~1\AppData\Local\Temp\005B360.tmp"
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\xampp\mysql\bin\mysqld.exe
c:\program files (x86)\Smith Micro\StuffIt 2010\ArcNameService.exe
c:\program files (x86)\Realtek\RTL8185 Wireless LAN Utility\RtWlan.exe
c:\program files (x86)\Razer\Diamondback 3G\razerofa.exe
.
**************************************************************************
.
Completion time: 2012-02-14 15:19:46 - machine was rebooted
ComboFix-quarantined-files.txt 2012-02-14 02:19
ComboFix2.txt 2012-02-12 03:32
ComboFix3.txt 2012-02-12 00:46
ComboFix4.txt 2012-02-11 20:50
ComboFix5.txt 2012-02-14 01:23
.
Pre-Run: 84,723,191,808 bytes free
Post-Run: 84,662,681,600 bytes free
.
- - End Of File - - 0F57F3ABC87C0B1E75AD129BB44759B2

#68 User is offline   m0le 

  • I know the drill!
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Instructor
  • Posts: 29,115
  • Joined: 24-July 08
  • Gender:Male
  • Location:London, UK

Posted 13 February 2012 - 09:23 PM

That seems to have got rid of the returning driver message.

How are the symptoms now?
If I have helped you fix your PC then please donate. Thanks

Posted Image
m0le is a proud member of UNITE (Unified Network of Instructors and Trusted Eliminators)

#69 User is offline   Patyfatycake 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 61
  • Joined: 01-February 12

Posted 13 February 2012 - 09:30 PM

There no svchost blocked on malware bytes. There is the little weird url in the bottom left of chrome still and some blocks from malwarebytes on chrome. I havn't experienced any full redirects though.

#70 User is offline   m0le 

  • I know the drill!
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Instructor
  • Posts: 29,115
  • Joined: 24-July 08
  • Gender:Male
  • Location:London, UK

Posted 13 February 2012 - 09:35 PM

Okay, that's an improvement. Looks like the main enemy has departed.

Please run ESET's online scanner so we can pick out anything else

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.

  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Under scan settings, check Posted Image and check Remove found threats
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology

  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • Copy and paste the resulting log in your next reply

If no log is generated that means nothing was found. Please let me know if this happens.
If I have helped you fix your PC then please donate. Thanks

Posted Image
m0le is a proud member of UNITE (Unified Network of Instructors and Trusted Eliminators)

#71 User is offline   Patyfatycake 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 61
  • Joined: 01-February 12

Posted 14 February 2012 - 03:44 PM

I couldn't find a full log but this is what it found.


C:\HaxFix.exe multiple threats deleted - quarantined
C:\Program Files (x86)\Ubisoft\The Settlers 7 - Paths to a Kingdom\Data\Base\_Dbg\Bin\Release\1911.dll a variant of Win32/Packed.VMProtect.AAA trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Windows\SysWOW64\user32.dll.vir Win32/Patched.NBG trojan deleted - quarantined
C:\Qoobox\Quarantine\C\Windows\SysWOW64\win26D4.tmp.vir Win32/Patched.NBG trojan deleted - quarantined
C:\Qoobox\Quarantine\C\Windows\SysWOW64\winC308.tmp.vir Win32/Patched.NBG trojan deleted - quarantined
C:\Users\Lewis Kwong\Desktop\the.settlers.7.crack.rar a variant of Win32/Packed.VMProtect.AAA trojan deleted - quarantined
C:\Users\Lewis Kwong\Documents\IDM\inter.rar probably a variant of Win32/TrojanDropper.Delf.HEVUQRN trojan deleted - quarantined
C:\Users\Lewis Kwong\Downloads\rzr-set7-repack-mbb.rar a variant of Win32/Packed.VMProtect.AAA trojan deleted - quarantined
C:\Users\Lewis Kwong\Downloads\TS7CRACK-Razor1911.rar a variant of Win32/Packed.VMProtect.AAA trojan deleted - quarantined
C:\Users\Lewis Kwong\Downloads\James.Camerons.Avatar.The.Game-RELOADED\rld-avtr.iso Win32/Packed.VMProtect.D trojan deleted - quarantined
C:\Users\Lewis Kwong\Downloads\MS Office 2007 ULTIMATE [GR420]\MS Office 2007 ULTIMATE.iso probably a variant of Win32/Agent.FGHQVIS trojan deleted - quarantined
C:\Windows\pss\PowerReg Scheduler.exe.CommonStartup Win32/PowerReg application cleaned by deleting - quarantined
C:\Windows\System32\user32.dll Win32/Patched.NBG trojan unable to clean
C:\Windows\SysWOW64\user32.dll Win32/Patched.NBG trojan unable to clean
C:\Windows\winsxs\Temp\PendingDeletes\$$DeleteMe.user32.dll.01cce15ac4dcb9c4.0000 Win32/Patched.NBG trojan deleted - quarantined
C:\Windows\winsxs\Temp\PendingDeletes\$$DeleteMe.user32.dll.01cce2025b132610.0000 Win32/Patched.NBG trojan deleted - quarantined
C:\Windows\winsxs\Temp\PendingDeletes\$$DeleteMe.user32.dll.01cce20cff776106.0000 Win32/Patched.NBG trojan deleted - quarantined
E:\Software\ad4.402.installer.exe a variant of Win32/NetTool.AccessDiver.AA application deleted - quarantined
E:\Software\Antivirus\avira_antivir_premium_with_license.rar a variant of Win32/Injector.YD trojan deleted - quarantined
E:\Software\Antivirus\Internet.Security.2010.15.00.00.rar a variant of Win32/Injector.YD trojan deleted - quarantined
E:\Software\Internet.Download.Manager.v5.14.3.WinAll.Incl.Keygen.and.Patch-CRD\cjg0185a.rar probably a variant of Win32/TrojanDropper.Delf.HEVUQRN trojan deleted - quarantined
E:\Software\Internet.Download.Manager.v5.14.3.WinAll.Incl.Keygen.and.Patch-CRD\cjg0185a.zip probably a variant of Win32/TrojanDropper.Delf.HEVUQRN trojan deleted - quarantined
E:\Software\IP Changer\IP Changer.zip probably unknown NewHeur_PE virus deleted - quarantined
E:\Software\MorphVOX Pro v3.0.5 [ENG] [+patch]\MorphVOX Pro v3.0.5 [ENG] [patch]\patch\morphvox.pro.3.0.5.build.39239-patch.exe a variant of Win32/HackTool.Patcher.A application cleaned by deleting - quarantined
E:\Website\Forums\IPB 2.3.6 - Nulled by TrioxX\Addons\IPB Mods\_iNV23__Portal_System_3.0.4.rar Win32/Virut.NBP virus deleted - quarantined
Operating memory Win32/Patched.NBG trojan

#72 User is offline   m0le 

  • I know the drill!
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Instructor
  • Posts: 29,115
  • Joined: 24-July 08
  • Gender:Male
  • Location:London, UK

Posted 14 February 2012 - 06:39 PM

Keygens and cracks are bringing infections into your machine here. As well as being illegal, 'Cracks' and 'Keygens' are often associated or loaded with malware, and should be avoided (along with 'crack' sites).

This is the problem we still have though.

C:\Windows\System32\user32.dll Win32/Patched.NBG trojan unable to clean
C:\Windows\SysWOW64\user32.dll Win32/Patched.NBG trojan unable to clean




We need to replace the infected files in the Recovery Environment. This failed when Combofix ran.


First we need to copy a clean file to replace the infected one.

Please do this:
  • Click on the Start button, then click on Run...


  • In the empty "Open:" box provided, type cmd and press Enter This will launch a Command Prompt window (looks like DOS).


  • Copy the entire blue text below to the clipboard by highlighting all of it and pressing Ctrl+C (or after highlighting, right-click and select Copy).

    copy c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll C:\ /y


  • In the Command Prompt window, paste the copied text by right-clicking and selecting Paste.


  • Press Enter. When successfully, you should get this message within the Command Prompt: "1 file(s) copied"

  • Exit the Command Prompt window.

Now we need to boot into the Recovery Environment:

Reboot your computer. Combofix should have installed the recovery console so this should already be available.

Follow the instructions here to start it

Next

Type cd system32\drivers and press Enter.
Type ren user32.dll user32.vir and press Enter.
Then type copy C:\user32.dll user32.dll and press Enter.

Now do the following

Type cd system32\sysWOW64 and press Enter.
Type ren user32.dll user32.vir and press Enter.
Then type copy C:\user32.dll user32.dll and press Enter.

Now type exit and press Enter to reboot your computer into normal mode.

Then please run Combofix and post the log

Thanks :thumbup2:
If I have helped you fix your PC then please donate. Thanks

Posted Image
m0le is a proud member of UNITE (Unified Network of Instructors and Trusted Eliminators)

#73 User is offline   Patyfatycake 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 61
  • Joined: 01-February 12

Posted 14 February 2012 - 08:27 PM

None directories u wanted in command prompt seemed to work
Did you mean the system32 directory not system32/driverS?
and C:\Windows\SysWOW64 not C:\Windows\system32\syswow64?

I have done this to what i believe the directories you inteded were.

Edit:Now the computer gets to the windows icon and after it restarts.

This post has been edited by Patyfatycake: 14 February 2012 - 08:36 PM

#74 User is offline   m0le 

  • I know the drill!
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Instructor
  • Posts: 29,115
  • Joined: 24-July 08
  • Gender:Male
  • Location:London, UK

Posted 14 February 2012 - 08:56 PM

View PostPatyfatycake, on 14 February 2012 - 08:27 PM, said:

None directories u wanted in command prompt seemed to work
Did you mean the system32 directory not system32/driverS?
and C:\Windows\SysWOW64 not C:\Windows\system32\syswow64?

I have done this to what i believe the directories you inteded were.


I did mean those file paths. Sorry about that, but well dealt with.

Quote

Edit:Now the computer gets to the windows icon and after it restarts.


TDSS often does this. Can you boot into safe mode?
If I have helped you fix your PC then please donate. Thanks

Posted Image
m0le is a proud member of UNITE (Unified Network of Instructors and Trusted Eliminators)

#75 User is offline   Patyfatycake 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 61
  • Joined: 01-February 12

Posted 14 February 2012 - 09:01 PM

View Postm0le, on 14 February 2012 - 08:56 PM, said:

View PostPatyfatycake, on 14 February 2012 - 08:27 PM, said:

None directories u wanted in command prompt seemed to work
Did you mean the system32 directory not system32/driverS?
and C:\Windows\SysWOW64 not C:\Windows\system32\syswow64?

I have done this to what i believe the directories you inteded were.


I did mean those file paths. Sorry about that, but well dealt with.

Quote

Edit:Now the computer gets to the windows icon and after it restarts.


TDSS often does this. Can you boot into safe mode?

Thanks & no

This post has been edited by Patyfatycake: 14 February 2012 - 09:02 PM

Share this topic:


  • 8 Pages +
  • « First
  • 3
  • 4
  • 5
  • 6
  • 7
  • Last »
  • You cannot start a new topic
  • This topic is locked

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users