Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows Firewall Disabled and Google Redirects


  • This topic is locked This topic is locked
11 replies to this topic

#1 BerenFortis

BerenFortis

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:19 AM

Posted 04 October 2011 - 11:46 AM

Here is my original thread regarding this issue:

http://www.bleepingcomputer.com/forums/topic421522.html

In a nutshell, I noticed a few days ago that my Windows Firewall was down. I went to turn it back on, at which point I received "error code 0x8007042c". I ran some scans with AVG and Malwarebytes to see if I'd caught any viruses, and unsurprisingly I had. I managed to delete a pretty good handful, but my results on Google were still being redirected and I continued to receive more viruses. I went to this site:

http://answers.microsoft.com/en-us/windows/forum/windows_7-security/error-code-0x80070422-cant-turn-on-firewall/e5ee6823-98f8-4575-a254-00a038b17e34

And attempted most of the suggestions there. None of them worked. At this point I downloaded Comodo Firewall, but that of course didn't solve the virus problem. So I came to BleepingComputer and made the aforementioned thread.

With the very gracious help of cryptodan, I ran a SUPERAntiSpyware scan (which picked up a few more viruses) as well as a GMER scan. The GMER scan was inconclusive, which I will explain in a moment.

I also ran an ESET scan, which picked up a few more viruses. All of these logs can be seen in the original thread.

Now, I just finished getting the recommend logs. Here's the DDS.txt:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_22
Run by Callow at 9:05:12 on 2011-10-04
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3767.2127 [GMT -7:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: COMODO Defense+ *Enabled/Updated* {CE351521-78FA-2048-BB22-B68A4A5CA7EC}
FW: COMODO Firewall *Enabled* {4D6F75E0-14AF-2E9E-AACD-24CDCF08AA2A}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Launch Manager\dsiwmis.exe
C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Acer\Acer Updater\UpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgemca.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\PLFSetI.exe
C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\COMODO\COMODO GeekBuddy\CLPS.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
C:\Program Files (x86)\Launch Manager\LMworker.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Windows\SysWOW64\ping.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Users\Callow\Downloads\Defogger.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://acer.msn.com
uDefault_Page_URL = hxxp://acer.msn.com
mDefault_Page_URL = hxxp://acer.msn.com
mStart Page = hxxp://acer.msn.com
uInternet Settings,ProxyOverride = *.local
mURLSearchHooks: H - No File
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
uRun: [Google Update] "C:\Users\Callow\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [SuiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
mRun: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d
mRun: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"
mRun: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k
mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [COMODO] C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLA.exe
mRun: [CPA] C:\Program Files\COMODO\COMODO GeekBuddy\VALA.exe
StartupFolder: C:\Users\Callow\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{A5A94F28-A861-413A-A599-1E564662C9BC} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{A5A94F28-A861-413A-A599-1E564662C9BC}\84652565051627B6 : DhcpNameServer = 68.87.69.146 68.87.85.98
TCP: Interfaces\{A5A94F28-A861-413A-A599-1E564662C9BC}\8563753443 : DhcpNameServer = 192.168.1.1 184.16.33.54
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs: C:\Windows\SysWOW64\guard32.dll
SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 consrv:ConServerDllInitialization,2 sxssrv,4
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun-x64: [SuiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
mRun-x64: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d
mRun-x64: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"
mRun-x64: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k
mRun-x64: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [COMODO] C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLA.exe
mRun-x64: [CPA] C:\Program Files\COMODO\COMODO GeekBuddy\VALA.exe
AppInit_DLLs-X64: C:\Windows\SysWOW64\guard32.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Callow\AppData\Roaming\Mozilla\Firefox\Profiles\7qxsqnbg.default\
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: C:\Users\Callow\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;C:\Windows\system32\DRIVERS\AVGIDSEH.Sys --> C:\Windows\system32\DRIVERS\AVGIDSEH.Sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;C:\Windows\system32\DRIVERS\cmdguard.sys --> C:\Windows\system32\DRIVERS\cmdguard.sys [?]
R1 cmdHlp;COMODO Internet Security Helper Driver;C:\Windows\system32\DRIVERS\cmdhlp.sys --> C:\Windows\system32\DRIVERS\cmdhlp.sys [?]
R1 mwlPSDFilter;mwlPSDFilter;C:\Windows\system32\DRIVERS\mwlPSDFilter.sys --> C:\Windows\system32\DRIVERS\mwlPSDFilter.sys [?]
R1 mwlPSDNServ;mwlPSDNServ;C:\Windows\system32\DRIVERS\mwlPSDNServ.sys --> C:\Windows\system32\DRIVERS\mwlPSDNServ.sys [?]
R1 mwlPSDVDisk;mwlPSDVDisk;C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys --> C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys [?]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-9-1 5265248]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-8-2 192776]
R2 CLPSLS;COMODO livePCsupport Service;C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe [2011-5-25 161080]
R2 DsiWMIService;Dritek WMI Service;C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2010-11-16 321104]
R2 ePowerSvc;Acer ePower Service;C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [2011-3-13 868896]
R2 GREGService;GREGService;C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [2010-1-8 23584]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-16 13336]
R2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-6-1 2804568]
R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2010-6-28 255744]
R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-11-16 2320920]
R2 Updater Service;Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2010-11-16 243232]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys --> C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys [?]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys --> C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys [?]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?]
R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?]
R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]
R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-9-14 219496]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2010-10-20 821664]
S2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-9-14 508264]
S3 MWLService;MyWinLocker Service;C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [2010-5-26 305520]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
S3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2011-10-04 09:22:21 -------- d-----w- C:\Program Files (x86)\ESET
2011-10-03 06:20:20 -------- d-----w- C:\Users\Callow\AppData\Roaming\SUPERAntiSpyware.com
2011-10-03 06:19:58 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2011-10-03 06:19:58 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2011-10-02 01:37:21 -------- d-----w- C:\ProgramData\SecTaskMan
2011-10-02 01:37:13 -------- d-----w- C:\Program Files (x86)\Security Task Manager
2011-10-02 01:16:39 -------- d--h--w- C:\VritualRoot
2011-10-02 01:01:23 -------- d-----w- C:\ProgramData\Comodo
2011-10-02 01:01:19 -------- d-----w- C:\Program Files\COMODO
2011-10-02 01:01:18 1700352 ----a-w- C:\Windows\SysWow64\gdiplus.dll
2011-10-02 01:01:18 1060864 ----a-w- C:\Windows\SysWow64\mfc71.dll
2011-10-02 01:00:12 -------- d-----w- C:\ProgramData\Comodo Downloader
2011-10-02 00:03:43 -------- d-----w- C:\2D7BF861284F1844B504A6DEBB35
2011-10-01 23:51:44 -------- d-----w- C:\Windows\System32\SPReview
2011-10-01 23:50:28 -------- d-----w- C:\Windows\System32\EventProviders
2011-10-01 12:53:22 -------- d-----we C:\Windows\system64
2011-09-24 21:59:47 -------- d-----w- C:\Users\Callow\AppData\Roaming\AVG2012
2011-09-24 21:59:09 -------- d-----w- C:\ProgramData\AVG2012
2011-09-23 10:29:43 -------- d-----w- C:\Program Files (x86)\MSECache
2011-09-22 07:12:35 -------- d-----w- C:\Program Files (x86)\File Type Assistant
2011-09-21 01:24:19 -------- d-sh--w- C:\found.000
2011-09-20 11:22:33 -------- d-----w- C:\Users\Callow\AppData\Local\Microsoft Help
2011-09-20 11:15:00 -------- d-----w- C:\Users\Callow\AppData\Roaming\SoftGrid Client
2011-09-20 11:15:00 -------- d-----w- C:\Users\Callow\AppData\Local\SoftGrid Client
2011-09-20 11:14:03 -------- d-----w- C:\Program Files (x86)\Microsoft Application Virtualization Client
2011-09-20 11:13:21 -------- d-----w- C:\Users\Callow\AppData\Roaming\TP
2011-09-17 02:59:28 -------- d-----w- C:\Users\Callow\AppData\Local\{00A33A8A-8DC9-4169-A1C6-7D2AF4D58B89}
.
==================== Find3M ====================
.
2011-10-01 23:59:44 175616 ----a-w- C:\Windows\System32\msclmd.dll
2011-10-01 23:59:44 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2011-09-01 00:00:50 25416 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-08-08 13:08:58 46672 ----a-w- C:\Windows\System32\drivers\avgmfx64.sys
2011-07-22 05:22:26 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2011-07-22 04:54:18 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-07-16 05:41:50 362496 ----a-w- C:\Windows\System32\wow64win.dll
2011-07-16 05:41:49 243200 ----a-w- C:\Windows\System32\wow64.dll
2011-07-16 05:41:49 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2011-07-16 05:39:10 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2011-07-16 05:37:12 421888 ----a-w- C:\Windows\System32\KernelBase.dll
2011-07-16 04:29:19 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2011-07-16 04:26:00 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2011-07-16 04:25:37 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2011-07-16 04:24:23 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2011-07-16 04:24:22 272384 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2011-07-16 02:21:44 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2011-07-16 02:21:41 2048 ----a-w- C:\Windows\SysWow64\user.exe
2011-07-16 02:17:19 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2011-07-16 02:17:19 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-16 02:17:19 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2011-07-16 02:17:19 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2011-07-12 18:34:00 96104 ----a-w- C:\Windows\System32\dns-sd.exe
2011-07-12 18:34:00 85864 ----a-w- C:\Windows\System32\dnssd.dll
2011-07-12 18:34:00 61288 ----a-w- C:\Windows\System32\jdns_sd.dll
2011-07-12 18:34:00 212840 ----a-w- C:\Windows\System32\dnssdX.dll
2011-07-12 18:20:54 83816 ----a-w- C:\Windows\SysWow64\dns-sd.exe
2011-07-12 18:20:54 73064 ----a-w- C:\Windows\SysWow64\dnssd.dll
2011-07-12 18:20:54 50536 ----a-w- C:\Windows\SysWow64\jdns_sd.dll
2011-07-12 18:20:54 178536 ----a-w- C:\Windows\SysWow64\dnssdX.dll
2011-07-11 08:14:36 375376 ----a-w- C:\Windows\System32\drivers\avgtdia.sys
2011-07-11 08:14:08 29776 ----a-w- C:\Windows\System32\drivers\AVGIDSFilter.sys
2011-07-11 08:14:06 26704 ----a-w- C:\Windows\System32\drivers\AVGIDSEH.sys
2011-07-11 08:14:06 120400 ----a-w- C:\Windows\System32\drivers\AVGIDSDriver.sys
2011-07-11 08:13:44 282704 ----a-w- C:\Windows\System32\drivers\avgldx64.sys
2011-07-11 08:13:42 37456 ----a-w- C:\Windows\System32\drivers\avgrkx64.sys
2011-07-09 05:26:20 2048 ----a-w- C:\Windows\System32\tzres.dll
2011-07-09 04:29:46 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2011-07-09 02:46:28 288768 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
.
============= FINISH: 9:06:31.01 ===============


And the Attach.txt should be attached, unless I goofed it up.

Lastly, I have no GMER log to post as it turned up inconclusive. A window would pop up after the scan saying "No system modifications detected." For the record, many of the boxes were unchecked when I scanned, and I was unable to check them. I don't know if that's normal or not, but I'm just throwing it out there.

So I think that's it. Hopefully that covered everything. o_o

Attached Files


Edited by BerenFortis, 04 October 2011 - 11:52 AM.


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,569 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:19 PM

Posted 09 October 2011 - 08:36 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) ( 511KB ) to your desktop. Double click the aswMBR.exe to run it

  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
  • Please post the contents of that log in your next reply.
There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.

===

Please Download
TDSSKiller.zip

>>> Double-click on TDSSKiller.exe to run the application.
  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue
    Posted Image
  • If a suspicious file is detected, the default action will be Skip, click on Continue
    Posted Image
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.

Please post the logs and wait for my next instructions.

#3 BerenFortis

BerenFortis
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:19 AM

Posted 09 October 2011 - 11:56 PM

Thanks for your help!

Alright, I just ran the avast scan (it finished within seconds), and got this log:

aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-10-09 21:38:22
-----------------------------
21:38:22.333 OS Version: Windows x64 6.1.7601 Service Pack 1
21:38:22.333 Number of processors: 4 586 0x2505
21:38:22.334 ComputerName: EVERLASTING UserName: Callow
21:38:26.601 Initialize success
21:38:55.824 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
21:38:55.831 Disk 0 Vendor: WDC_WD32 01.0 Size: 305245MB BusType: 3
21:38:55.852 Disk 0 MBR read successfully
21:38:55.855 Disk 0 MBR scan
21:38:55.857 Disk 0 Windows 7 default MBR code
21:38:55.861 Service scanning
21:38:57.885 Modules scanning
21:38:57.895 Disk 0 trace - called modules:
21:38:57.902 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
21:38:57.913 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006fec060]
21:38:57.917 3 CLASSPNP.SYS[fffff8800180143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004ff4050]
21:38:57.923 Scan finished successfully
21:39:27.085 Disk 0 MBR has been saved successfully to "C:\Users\Callow\Desktop\MBR.dat"
21:39:27.086 The log file has been saved successfully to "C:\Users\Callow\Desktop\aswMBR.txt"


And this is the TDSSKiller log (the scan was inconclusive):

21:50:07.0101 6240 TDSS rootkit removing tool 2.6.6.0 Oct 7 2011 12:45:24
21:50:07.0638 6240 ============================================================
21:50:07.0638 6240 Current date / time: 2011/10/09 21:50:07.0638
21:50:07.0638 6240 SystemInfo:
21:50:07.0638 6240
21:50:07.0639 6240 OS Version: 6.1.7601 ServicePack: 1.0
21:50:07.0639 6240 Product type: Workstation
21:50:07.0639 6240 ComputerName: EVERLASTING
21:50:07.0640 6240 UserName: Callow
21:50:07.0640 6240 Windows directory: C:\Windows
21:50:07.0640 6240 System windows directory: C:\Windows
21:50:07.0640 6240 Running under WOW64
21:50:07.0640 6240 Processor architecture: Intel x64
21:50:07.0640 6240 Number of processors: 4
21:50:07.0640 6240 Page size: 0x1000
21:50:07.0640 6240 Boot type: Normal boot
21:50:07.0640 6240 ============================================================
21:50:08.0182 6240 Initialize success
21:51:05.0957 2072 ============================================================
21:51:05.0957 2072 Scan started
21:51:05.0957 2072 Mode: Manual;
21:51:05.0957 2072 ============================================================
21:51:07.0306 2072 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
21:51:07.0309 2072 1394ohci - ok
21:51:07.0384 2072 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
21:51:07.0389 2072 ACPI - ok
21:51:07.0440 2072 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
21:51:07.0443 2072 AcpiPmi - ok
21:51:07.0535 2072 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
21:51:07.0554 2072 adp94xx - ok
21:51:07.0578 2072 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
21:51:07.0584 2072 adpahci - ok
21:51:07.0606 2072 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
21:51:07.0610 2072 adpu320 - ok
21:51:07.0686 2072 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
21:51:07.0692 2072 AFD - ok
21:51:07.0749 2072 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
21:51:07.0751 2072 agp440 - ok
21:51:07.0780 2072 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
21:51:07.0782 2072 aliide - ok
21:51:07.0824 2072 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
21:51:07.0825 2072 amdide - ok
21:51:07.0885 2072 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
21:51:07.0887 2072 AmdK8 - ok
21:51:07.0899 2072 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
21:51:07.0902 2072 AmdPPM - ok
21:51:07.0986 2072 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
21:51:07.0989 2072 amdsata - ok
21:51:08.0018 2072 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
21:51:08.0021 2072 amdsbs - ok
21:51:08.0051 2072 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
21:51:08.0052 2072 amdxata - ok
21:51:08.0102 2072 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
21:51:08.0106 2072 AppID - ok
21:51:08.0148 2072 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
21:51:08.0150 2072 arc - ok
21:51:08.0163 2072 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
21:51:08.0169 2072 arcsas - ok
21:51:08.0229 2072 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
21:51:08.0231 2072 AsyncMac - ok
21:51:08.0250 2072 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
21:51:08.0252 2072 atapi - ok
21:51:08.0334 2072 athr (e642491f64e58cd5bc8fb8b347dcf65f) C:\Windows\system32\DRIVERS\athrx.sys
21:51:08.0402 2072 athr - ok
21:51:08.0521 2072 AVGIDSDriver (e29ea1a0ec7ab9fa2dc7e75a03f12a4f) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
21:51:08.0524 2072 AVGIDSDriver - ok
21:51:08.0541 2072 AVGIDSEH (f823d184b8e8ffb8da3ead45dbf5bd6a) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
21:51:08.0543 2072 AVGIDSEH - ok
21:51:08.0557 2072 AVGIDSFilter (ed2b25bd7fe35d1944211968842d30da) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
21:51:08.0559 2072 AVGIDSFilter - ok
21:51:08.0599 2072 Avgldx64 (dadfccfb036da99fa83e7e1d29290a6c) C:\Windows\system32\DRIVERS\avgldx64.sys
21:51:08.0603 2072 Avgldx64 - ok
21:51:08.0647 2072 Avgmfx64 (36b1a5843695766eac714daffc5b84d1) C:\Windows\system32\DRIVERS\avgmfx64.sys
21:51:08.0649 2072 Avgmfx64 - ok
21:51:08.0705 2072 Avgrkx64 (1102239fb724527f1febbbbccf6bf313) C:\Windows\system32\DRIVERS\avgrkx64.sys
21:51:08.0706 2072 Avgrkx64 - ok
21:51:08.0755 2072 Avgtdia (11f36d3ea82d9db9aa05a476a210551b) C:\Windows\system32\DRIVERS\avgtdia.sys
21:51:08.0759 2072 Avgtdia - ok
21:51:08.0865 2072 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
21:51:08.0872 2072 b06bdrv - ok
21:51:08.0915 2072 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
21:51:08.0920 2072 b57nd60a - ok
21:51:09.0009 2072 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
21:51:09.0010 2072 Beep - ok
21:51:09.0073 2072 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
21:51:09.0075 2072 blbdrive - ok
21:51:09.0125 2072 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
21:51:09.0126 2072 bowser - ok
21:51:09.0143 2072 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
21:51:09.0144 2072 BrFiltLo - ok
21:51:09.0155 2072 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
21:51:09.0157 2072 BrFiltUp - ok
21:51:09.0173 2072 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
21:51:09.0178 2072 Brserid - ok
21:51:09.0188 2072 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
21:51:09.0191 2072 BrSerWdm - ok
21:51:09.0209 2072 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
21:51:09.0210 2072 BrUsbMdm - ok
21:51:09.0232 2072 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
21:51:09.0234 2072 BrUsbSer - ok
21:51:09.0248 2072 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
21:51:09.0253 2072 BTHMODEM - ok
21:51:09.0294 2072 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
21:51:09.0297 2072 cdfs - ok
21:51:09.0346 2072 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
21:51:09.0349 2072 cdrom - ok
21:51:09.0363 2072 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
21:51:09.0366 2072 circlass - ok
21:51:09.0405 2072 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
21:51:09.0410 2072 CLFS - ok
21:51:09.0443 2072 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
21:51:09.0445 2072 CmBatt - ok
21:51:09.0492 2072 cmdGuard (0020e6598d80b92e4d8618554c4843ab) C:\Windows\system32\DRIVERS\cmdguard.sys
21:51:09.0495 2072 cmdGuard - ok
21:51:09.0519 2072 cmdHlp (7a2af19b01bf433c23ac1111610acf84) C:\Windows\system32\DRIVERS\cmdhlp.sys
21:51:09.0523 2072 cmdHlp - ok
21:51:09.0549 2072 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
21:51:09.0550 2072 cmdide - ok
21:51:09.0597 2072 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
21:51:09.0603 2072 CNG - ok
21:51:09.0637 2072 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
21:51:09.0638 2072 Compbatt - ok
21:51:09.0686 2072 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
21:51:09.0687 2072 CompositeBus - ok
21:51:09.0715 2072 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
21:51:09.0717 2072 crcdisk - ok
21:51:09.0812 2072 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
21:51:09.0814 2072 DfsC - ok
21:51:09.0838 2072 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
21:51:09.0839 2072 discache - ok
21:51:09.0890 2072 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
21:51:09.0891 2072 Disk - ok
21:51:09.0944 2072 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
21:51:09.0946 2072 drmkaud - ok
21:51:10.0043 2072 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
21:51:10.0061 2072 DXGKrnl - ok
21:51:10.0162 2072 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
21:51:10.0219 2072 ebdrv - ok
21:51:10.0307 2072 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
21:51:10.0315 2072 elxstor - ok
21:51:10.0405 2072 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
21:51:10.0406 2072 ErrDev - ok
21:51:10.0434 2072 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
21:51:10.0454 2072 exfat - ok
21:51:10.0477 2072 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
21:51:10.0480 2072 fastfat - ok
21:51:10.0508 2072 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
21:51:10.0510 2072 fdc - ok
21:51:10.0544 2072 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
21:51:10.0545 2072 FileInfo - ok
21:51:10.0559 2072 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
21:51:10.0561 2072 Filetrace - ok
21:51:10.0585 2072 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
21:51:10.0587 2072 flpydisk - ok
21:51:10.0623 2072 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
21:51:10.0629 2072 FltMgr - ok
21:51:10.0664 2072 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
21:51:10.0666 2072 FsDepends - ok
21:51:10.0684 2072 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
21:51:10.0685 2072 Fs_Rec - ok
21:51:10.0733 2072 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
21:51:10.0736 2072 fvevol - ok
21:51:10.0760 2072 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
21:51:10.0762 2072 gagp30kx - ok
21:51:10.0789 2072 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
21:51:10.0791 2072 GEARAspiWDM - ok
21:51:10.0827 2072 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
21:51:10.0829 2072 hcw85cir - ok
21:51:10.0881 2072 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
21:51:10.0884 2072 HdAudAddService - ok
21:51:10.0918 2072 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
21:51:10.0921 2072 HDAudBus - ok
21:51:10.0969 2072 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
21:51:10.0971 2072 HECIx64 - ok
21:51:10.0993 2072 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
21:51:10.0994 2072 HidBatt - ok
21:51:11.0007 2072 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
21:51:11.0010 2072 HidBth - ok
21:51:11.0020 2072 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
21:51:11.0022 2072 HidIr - ok
21:51:11.0053 2072 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
21:51:11.0055 2072 HidUsb - ok
21:51:11.0104 2072 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
21:51:11.0106 2072 HpSAMD - ok
21:51:11.0178 2072 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
21:51:11.0186 2072 HTTP - ok
21:51:11.0216 2072 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
21:51:11.0216 2072 hwpolicy - ok
21:51:11.0233 2072 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
21:51:11.0235 2072 i8042prt - ok
21:51:11.0264 2072 iaStor (1384872112e8e7fd5786eceb8bddf4c9) C:\Windows\system32\DRIVERS\iaStor.sys
21:51:11.0271 2072 iaStor - ok
21:51:11.0332 2072 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
21:51:11.0337 2072 iaStorV - ok
21:51:11.0672 2072 igfx (174bcac474de13b2650e444cf124828e) C:\Windows\system32\DRIVERS\igdkmd64.sys
21:51:11.0884 2072 igfx - ok
21:51:11.0941 2072 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
21:51:11.0943 2072 iirsp - ok
21:51:12.0020 2072 Impcd (dd587a55390ed2295bce6d36ad567da9) C:\Windows\system32\DRIVERS\Impcd.sys
21:51:12.0022 2072 Impcd - ok
21:51:12.0082 2072 inspect (fc863d6ec8fc977ac4be6ca7ddc10dae) C:\Windows\system32\DRIVERS\inspect.sys
21:51:12.0085 2072 inspect - ok
21:51:12.0172 2072 IntcAzAudAddService (235362d403d9d677514649d88db31914) C:\Windows\system32\drivers\RTKVHD64.sys
21:51:12.0219 2072 IntcAzAudAddService - ok
21:51:12.0282 2072 IntcDAud (fc727061c0f47c8059e88e05d5c8e381) C:\Windows\system32\DRIVERS\IntcDAud.sys
21:51:12.0285 2072 IntcDAud - ok
21:51:12.0325 2072 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
21:51:12.0326 2072 intelide - ok
21:51:12.0402 2072 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
21:51:12.0404 2072 intelppm - ok
21:51:12.0448 2072 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:51:12.0450 2072 IpFilterDriver - ok
21:51:12.0485 2072 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
21:51:12.0488 2072 IPMIDRV - ok
21:51:12.0518 2072 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
21:51:12.0521 2072 IPNAT - ok
21:51:12.0556 2072 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
21:51:12.0558 2072 IRENUM - ok
21:51:12.0582 2072 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
21:51:12.0584 2072 isapnp - ok
21:51:12.0624 2072 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
21:51:12.0628 2072 iScsiPrt - ok
21:51:12.0677 2072 k57nd60a (37e053a2cf8f0082b689ed74106e0cec) C:\Windows\system32\DRIVERS\k57nd60a.sys
21:51:12.0682 2072 k57nd60a - ok
21:51:12.0718 2072 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
21:51:12.0720 2072 kbdclass - ok
21:51:12.0781 2072 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
21:51:12.0781 2072 kbdhid - ok
21:51:12.0806 2072 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
21:51:12.0808 2072 KSecDD - ok
21:51:12.0849 2072 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
21:51:12.0852 2072 KSecPkg - ok
21:51:12.0863 2072 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
21:51:12.0866 2072 ksthunk - ok
21:51:12.0955 2072 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
21:51:12.0957 2072 lltdio - ok
21:51:13.0030 2072 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
21:51:13.0033 2072 LSI_FC - ok
21:51:13.0044 2072 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
21:51:13.0046 2072 LSI_SAS - ok
21:51:13.0058 2072 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
21:51:13.0060 2072 LSI_SAS2 - ok
21:51:13.0073 2072 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
21:51:13.0075 2072 LSI_SCSI - ok
21:51:13.0095 2072 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
21:51:13.0097 2072 luafv - ok
21:51:13.0125 2072 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
21:51:13.0128 2072 megasas - ok
21:51:13.0156 2072 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
21:51:13.0160 2072 MegaSR - ok
21:51:13.0184 2072 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
21:51:13.0188 2072 Modem - ok
21:51:13.0207 2072 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
21:51:13.0208 2072 monitor - ok
21:51:13.0222 2072 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
21:51:13.0226 2072 mouclass - ok
21:51:13.0249 2072 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
21:51:13.0250 2072 mouhid - ok
21:51:13.0285 2072 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
21:51:13.0288 2072 mountmgr - ok
21:51:13.0338 2072 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
21:51:13.0341 2072 mpio - ok
21:51:13.0399 2072 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
21:51:13.0401 2072 mpsdrv - ok
21:51:13.0449 2072 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
21:51:13.0452 2072 MRxDAV - ok
21:51:13.0495 2072 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
21:51:13.0499 2072 mrxsmb - ok
21:51:13.0546 2072 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:51:13.0550 2072 mrxsmb10 - ok
21:51:13.0581 2072 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:51:13.0583 2072 mrxsmb20 - ok
21:51:13.0617 2072 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
21:51:13.0618 2072 msahci - ok
21:51:13.0657 2072 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
21:51:13.0660 2072 msdsm - ok
21:51:13.0708 2072 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
21:51:13.0709 2072 Msfs - ok
21:51:13.0724 2072 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
21:51:13.0726 2072 mshidkmdf - ok
21:51:13.0788 2072 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
21:51:13.0789 2072 msisadrv - ok
21:51:13.0854 2072 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
21:51:13.0855 2072 MSKSSRV - ok
21:51:13.0880 2072 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
21:51:13.0881 2072 MSPCLOCK - ok
21:51:13.0905 2072 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
21:51:13.0907 2072 MSPQM - ok
21:51:13.0941 2072 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
21:51:13.0946 2072 MsRPC - ok
21:51:13.0989 2072 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
21:51:13.0991 2072 mssmbios - ok
21:51:14.0017 2072 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
21:51:14.0019 2072 MSTEE - ok
21:51:14.0046 2072 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
21:51:14.0048 2072 MTConfig - ok
21:51:14.0084 2072 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
21:51:14.0086 2072 Mup - ok
21:51:14.0128 2072 mwlPSDFilter (6ffecc25b39dc7652a0cec0ada9db589) C:\Windows\system32\DRIVERS\mwlPSDFilter.sys
21:51:14.0129 2072 mwlPSDFilter - ok
21:51:14.0168 2072 mwlPSDNServ (0befe32ca56d6ee89d58175725596a85) C:\Windows\system32\DRIVERS\mwlPSDNServ.sys
21:51:14.0170 2072 mwlPSDNServ - ok
21:51:14.0198 2072 mwlPSDVDisk (d43bc633b8660463e446e28e14a51262) C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys
21:51:14.0201 2072 mwlPSDVDisk - ok
21:51:14.0258 2072 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
21:51:14.0263 2072 NativeWifiP - ok
21:51:14.0332 2072 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
21:51:14.0344 2072 NDIS - ok
21:51:14.0368 2072 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
21:51:14.0370 2072 NdisCap - ok
21:51:14.0391 2072 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
21:51:14.0394 2072 NdisTapi - ok
21:51:14.0444 2072 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
21:51:14.0446 2072 Ndisuio - ok
21:51:14.0488 2072 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
21:51:14.0491 2072 NdisWan - ok
21:51:14.0526 2072 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
21:51:14.0530 2072 NDProxy - ok
21:51:14.0553 2072 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
21:51:14.0555 2072 NetBIOS - ok
21:51:14.0594 2072 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
21:51:14.0597 2072 NetBT - ok
21:51:14.0652 2072 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
21:51:14.0654 2072 nfrd960 - ok
21:51:14.0679 2072 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
21:51:14.0681 2072 Npfs - ok
21:51:14.0697 2072 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
21:51:14.0698 2072 nsiproxy - ok
21:51:14.0766 2072 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
21:51:14.0799 2072 Ntfs - ok
21:51:14.0837 2072 NTIDrvr (ee3ba1024594d5d09e314f206b94069e) C:\Windows\system32\drivers\NTIDrvr.sys
21:51:14.0839 2072 NTIDrvr - ok
21:51:14.0863 2072 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
21:51:14.0865 2072 Null - ok
21:51:14.0913 2072 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
21:51:14.0917 2072 nvraid - ok
21:51:14.0947 2072 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
21:51:14.0951 2072 nvstor - ok
21:51:14.0988 2072 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
21:51:14.0991 2072 nv_agp - ok
21:51:15.0034 2072 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
21:51:15.0037 2072 ohci1394 - ok
21:51:15.0093 2072 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
21:51:15.0095 2072 Parport - ok
21:51:15.0143 2072 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
21:51:15.0146 2072 partmgr - ok
21:51:15.0176 2072 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
21:51:15.0179 2072 pci - ok
21:51:15.0201 2072 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
21:51:15.0203 2072 pciide - ok
21:51:15.0220 2072 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
21:51:15.0224 2072 pcmcia - ok
21:51:15.0254 2072 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
21:51:15.0256 2072 pcw - ok
21:51:15.0292 2072 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
21:51:15.0300 2072 PEAUTH - ok
21:51:15.0385 2072 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
21:51:15.0387 2072 PptpMiniport - ok
21:51:15.0417 2072 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
21:51:15.0420 2072 Processor - ok
21:51:15.0487 2072 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
21:51:15.0490 2072 Psched - ok
21:51:15.0542 2072 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
21:51:15.0576 2072 ql2300 - ok
21:51:15.0593 2072 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
21:51:15.0598 2072 ql40xx - ok
21:51:15.0646 2072 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
21:51:15.0648 2072 QWAVEdrv - ok
21:51:15.0669 2072 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
21:51:15.0672 2072 RasAcd - ok
21:51:15.0705 2072 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
21:51:15.0708 2072 RasAgileVpn - ok
21:51:15.0777 2072 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
21:51:15.0780 2072 Rasl2tp - ok
21:51:15.0840 2072 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
21:51:15.0843 2072 RasPppoe - ok
21:51:15.0891 2072 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
21:51:15.0894 2072 RasSstp - ok
21:51:15.0944 2072 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
21:51:15.0949 2072 rdbss - ok
21:51:15.0986 2072 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
21:51:15.0990 2072 rdpbus - ok
21:51:16.0029 2072 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
21:51:16.0031 2072 RDPCDD - ok
21:51:16.0071 2072 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
21:51:16.0072 2072 RDPENCDD - ok
21:51:16.0092 2072 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
21:51:16.0093 2072 RDPREFMP - ok
21:51:16.0136 2072 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
21:51:16.0139 2072 RDPWD - ok
21:51:16.0185 2072 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
21:51:16.0188 2072 rdyboost - ok
21:51:16.0313 2072 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
21:51:16.0315 2072 rspndr - ok
21:51:16.0380 2072 RSUSBSTOR (0e3dcf76f11dc431b088a2dfd7265cda) C:\Windows\system32\Drivers\RtsUStor.sys
21:51:16.0384 2072 RSUSBSTOR - ok
21:51:16.0455 2072 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
21:51:16.0457 2072 SASDIFSV - ok
21:51:16.0497 2072 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
21:51:16.0499 2072 SASKUTIL - ok
21:51:16.0545 2072 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
21:51:16.0548 2072 sbp2port - ok
21:51:16.0587 2072 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
21:51:16.0589 2072 scfilter - ok
21:51:16.0628 2072 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
21:51:16.0630 2072 secdrv - ok
21:51:16.0712 2072 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
21:51:16.0714 2072 Serenum - ok
21:51:16.0730 2072 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
21:51:16.0734 2072 Serial - ok
21:51:16.0766 2072 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
21:51:16.0768 2072 sermouse - ok
21:51:16.0826 2072 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
21:51:16.0828 2072 sffdisk - ok
21:51:16.0857 2072 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
21:51:16.0859 2072 sffp_mmc - ok
21:51:16.0872 2072 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
21:51:16.0873 2072 sffp_sd - ok
21:51:16.0888 2072 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
21:51:16.0890 2072 sfloppy - ok
21:51:16.0922 2072 Sftfs - ok
21:51:16.0993 2072 Sftplay (411769ed1cb12d2b44217734347bdb7a) C:\Windows\system32\DRIVERS\Sftplaylh.sys
21:51:16.0998 2072 Sftplay - ok
21:51:17.0020 2072 Sftredir (a14d0df34bbb00ea94da16193d0c7957) C:\Windows\system32\DRIVERS\Sftredirlh.sys
21:51:17.0024 2072 Sftredir - ok
21:51:17.0057 2072 Sftvol (1b4c9701645086bab8cafffce30ed284) C:\Windows\system32\DRIVERS\Sftvollh.sys
21:51:17.0059 2072 Sftvol - ok
21:51:17.0098 2072 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
21:51:17.0100 2072 SiSRaid2 - ok
21:51:17.0113 2072 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
21:51:17.0116 2072 SiSRaid4 - ok
21:51:17.0156 2072 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
21:51:17.0159 2072 Smb - ok
21:51:17.0199 2072 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
21:51:17.0201 2072 spldr - ok
21:51:17.0272 2072 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
21:51:17.0278 2072 srv - ok
21:51:17.0300 2072 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
21:51:17.0305 2072 srv2 - ok
21:51:17.0326 2072 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
21:51:17.0329 2072 srvnet - ok
21:51:17.0406 2072 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
21:51:17.0408 2072 stexstor - ok
21:51:17.0457 2072 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
21:51:17.0458 2072 swenum - ok
21:51:17.0511 2072 SynTP (064a2530a4a7c7cec1be6a1945645be4) C:\Windows\system32\DRIVERS\SynTP.sys
21:51:17.0516 2072 SynTP - ok
21:51:17.0637 2072 Tcpip (f0e98c00a09fdf791525829a1d14240f) C:\Windows\system32\drivers\tcpip.sys
21:51:17.0684 2072 Tcpip - ok
21:51:17.0736 2072 TCPIP6 (f0e98c00a09fdf791525829a1d14240f) C:\Windows\system32\DRIVERS\tcpip.sys
21:51:17.0747 2072 TCPIP6 - ok
21:51:17.0816 2072 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
21:51:17.0818 2072 tcpipreg - ok
21:51:17.0875 2072 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
21:51:17.0878 2072 TDPIPE - ok
21:51:17.0920 2072 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
21:51:17.0923 2072 TDTCP - ok
21:51:17.0973 2072 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
21:51:17.0976 2072 tdx - ok
21:51:18.0002 2072 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
21:51:18.0004 2072 TermDD - ok
21:51:18.0076 2072 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
21:51:18.0078 2072 tssecsrv - ok
21:51:18.0118 2072 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
21:51:18.0121 2072 TsUsbFlt - ok
21:51:18.0193 2072 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
21:51:18.0196 2072 tunnel - ok
21:51:18.0222 2072 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
21:51:18.0225 2072 uagp35 - ok
21:51:18.0277 2072 UBHelper (a17d5e1a6df4eab0a480f2c490de4c9d) C:\Windows\system32\drivers\UBHelper.sys
21:51:18.0279 2072 UBHelper - ok
21:51:18.0326 2072 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
21:51:18.0331 2072 udfs - ok
21:51:18.0406 2072 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
21:51:18.0408 2072 uliagpkx - ok
21:51:18.0447 2072 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
21:51:18.0449 2072 umbus - ok
21:51:18.0476 2072 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
21:51:18.0478 2072 UmPass - ok
21:51:18.0544 2072 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
21:51:18.0548 2072 usbaudio - ok
21:51:18.0571 2072 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
21:51:18.0573 2072 usbccgp - ok
21:51:18.0606 2072 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
21:51:18.0609 2072 usbcir - ok
21:51:18.0634 2072 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
21:51:18.0635 2072 usbehci - ok
21:51:18.0660 2072 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
21:51:18.0664 2072 usbhub - ok
21:51:18.0685 2072 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
21:51:18.0686 2072 usbohci - ok
21:51:18.0710 2072 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
21:51:18.0711 2072 usbprint - ok
21:51:18.0735 2072 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\drivers\USBSTOR.SYS
21:51:18.0737 2072 USBSTOR - ok
21:51:18.0785 2072 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
21:51:18.0786 2072 usbuhci - ok
21:51:18.0822 2072 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
21:51:18.0825 2072 usbvideo - ok
21:51:18.0888 2072 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
21:51:18.0890 2072 vdrvroot - ok
21:51:18.0938 2072 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
21:51:18.0940 2072 vga - ok
21:51:18.0958 2072 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
21:51:18.0959 2072 VgaSave - ok
21:51:18.0996 2072 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
21:51:19.0000 2072 vhdmp - ok
21:51:19.0027 2072 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
21:51:19.0029 2072 viaide - ok
21:51:19.0051 2072 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
21:51:19.0053 2072 volmgr - ok
21:51:19.0102 2072 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
21:51:19.0107 2072 volmgrx - ok
21:51:19.0135 2072 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
21:51:19.0139 2072 volsnap - ok
21:51:19.0166 2072 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
21:51:19.0169 2072 vsmraid - ok
21:51:19.0197 2072 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
21:51:19.0199 2072 vwifibus - ok
21:51:19.0240 2072 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
21:51:19.0242 2072 vwififlt - ok
21:51:19.0270 2072 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
21:51:19.0271 2072 WacomPen - ok
21:51:19.0293 2072 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
21:51:19.0295 2072 WANARP - ok
21:51:19.0303 2072 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
21:51:19.0305 2072 Wanarpv6 - ok
21:51:19.0361 2072 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
21:51:19.0362 2072 Wd - ok
21:51:19.0393 2072 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
21:51:19.0401 2072 Wdf01000 - ok
21:51:19.0471 2072 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
21:51:19.0473 2072 WfpLwf - ok
21:51:19.0492 2072 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
21:51:19.0493 2072 WIMMount - ok
21:51:19.0581 2072 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
21:51:19.0583 2072 WinUsb - ok
21:51:19.0671 2072 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
21:51:19.0673 2072 WmiAcpi - ok
21:51:19.0747 2072 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
21:51:19.0749 2072 ws2ifsl - ok
21:51:19.0818 2072 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
21:51:19.0821 2072 WudfPf - ok
21:51:19.0859 2072 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
21:51:19.0862 2072 WUDFRd - ok
21:51:19.0955 2072 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
21:51:19.0981 2072 \Device\Harddisk0\DR0 - ok
21:51:19.0987 2072 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR1
21:51:19.0993 2072 \Device\Harddisk1\DR1 - ok
21:51:19.0996 2072 Boot (0x1200) (6b2263238d802bfb9617b8247fa2f681) \Device\Harddisk0\DR0\Partition0
21:51:19.0998 2072 \Device\Harddisk0\DR0\Partition0 - ok
21:51:20.0024 2072 Boot (0x1200) (4a23a9a32b196b4404ff43754c59f3c9) \Device\Harddisk0\DR0\Partition1
21:51:20.0025 2072 \Device\Harddisk0\DR0\Partition1 - ok
21:51:20.0029 2072 Boot (0x1200) (2fc45fcf32dd18a3bf358b19825ecb1a) \Device\Harddisk1\DR1\Partition0
21:51:20.0031 2072 \Device\Harddisk1\DR1\Partition0 - ok
21:51:20.0031 2072 ============================================================
21:51:20.0031 2072 Scan finished
21:51:20.0031 2072 ============================================================
21:51:20.0047 4684 Detected object count: 0
21:51:20.0047 4684 Actual detected object count: 0

Attached Files

  • Attached File  MBR.zip   565bytes   0 downloads


#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,569 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:19 PM

Posted 10 October 2011 - 07:08 AM

Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop

IMPORTANT....

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Do not install any other programs until this if fixed.


How to : Disable Anti-virus and Firewall...
http://www.bleepingcomputer.com/forums/topic114351.html

Double click on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt
Note:
Do not mouse click ComboFix's window while it's running. That may cause it to stall


Note: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

===

Third party programs if not up to date can be the cause infiltration of an infection.

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

Please post the logs and let me know what problem persists.

#5 BerenFortis

BerenFortis
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:19 AM

Posted 11 October 2011 - 02:05 AM

This is probably nothing, but just to be safe I should note that AVG pops up saying ComboFix is a malware virus whenever I finish downloading it. This is only when I download it, not when I try to run it. Should I just ignore this warning?

#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,569 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:19 PM

Posted 11 October 2011 - 07:45 AM

I'm confident that the file is clean.

Do me a favor. Delete your Copy and download a fresh one from the other link.

If still being prompted by AVG run it anyway. Let me know.

#7 BerenFortis

BerenFortis
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:19 AM

Posted 11 October 2011 - 09:29 AM

Well, I managed to run the scan and everything went smoothly. The laptop rebooted and presented me with a log containing tons of infected files, but when I tried to get on Firefox, it said "C:\Program Files (x86)\Mozilla Firefox\firefox.exe Illegal operation attempted on a registry key that has been marked for deletion." I click OK, and then it asked me if I want to remove the object, which I said "No" to. It does this for almost everything, including Internet Explorer, Google Chrome, Word Pad and Note Pad. The Note Pad log came up just fine, but I can't get any other Note Pad files to open. I'm trying to figure out how to get the log to you, but almost everything is dubbed an "illegal operation." So that's where I am right now.

EDIT: It's a tough undertaking, but I'll post what I can transcribe of the log by hand. Please excuse any spelling errors and inconsistencies. There's a lot to transfer. o__o

ComboFix 11-10-11.01 - Callow 10/11/2011 7:05.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3767.1973 [GMT -7:00]
Running from: C:\users\Callow\Downloads\Switchblade.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
FW: COMODO Firewall *Enabled* {4D6F75E0-14AF-2E9E-AACD-24CDCF08AA2A}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: COMDO Defense+ *Disabled/Updated* {CE351521-78FA-2048-BB22-B68A4A5CA7EC}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\users\Public\Documents\NTILiveUpdateV9.dll
C:\users\Public\Documents\NTIMMV9Acer.dll
C:\windows\assembly\tmp\U
C:\windows\assembly\tmp\U\00000001.@
C:\windows\assembly\tmp\U\00000002.@
C:\windows\assembly\tmp\U\000000c0.@
C:\windows\assembly\tmp\U\000000cb.@
C:\windows\assembly\tmp\U\000000cf.@
C:\windows\assembly\tmp\U\80000000.@
C:\windows\assembly\tmp\U\80000032.@
C:\windows\assembly\tmp\U\80000064.@
C:\windows\assembly\tmp\U\800000c0.@
C:\windows\assembly\tmp\U\800000cb.@
C:\windows\assembly\tmp\U\800000cf.@
C:\windows\system32\consrv.dll
C:\windows\System64
.
.
((((((((((((((((((((((((((((((((((((((( Files Created from 2011-09-11 to 2011-10-11 ))))))))))))))))))))))))))))))))))))))))
.
.
2011-10-11 14:12 . 2011-10-11 14:12 -------- d-----w- C:\users\Default\AppData\Local\temp
2011-10-06 05:47 . 2011-10-06 05:47 -------- d-----w- C:\windows\SysWow64\drivers\AVG
2011-10-03 06:20 . 2011-10-03 06:20 -------- d-----w- C:\users\Callow\AppData\Roaming\SUPERAntiSpyware.com
2011-10-03 06:19 . 2011-10-03 06.20 -------- d-----w- C:\program files\SUPERAntiSpyware
2011-10-03 06:19 . 2011-10-03 06:19 -------- d-----w- C:\programdata\SUPERAntiSpyware.com
2011-10-02 01:37 . 2011-10-02 02:03 -------- d-----w- C:\programdata\SecTaskMan
2011-10-02 01:37 . 2011-10-02 01:37 -------- d-----w- C:\program files (x86)\Security Task Manager
2011-10-02 01:16 . 2011-10-02 01:16 -------- d-----w- C:\VritualRoot
2011-10-02 01:01 . 2011-10-02 01:06 -------- d-----w- C:\programdata\Comodo
2011-10-02 01:01 . 2011-10-02 01:03 -------- d-----w- C:\program files\COMODO
2011-10-02 01:01 . 2011-10-02 01:01 1700352 ----a-w- C:\windows\SysWow64\gdiplus.dll
2011-10-02 01:01 . 2011-10-02 01:01 1060864 ----a-w- C:\windows\SysWow64\mfc71.dll
2011-10-02 01:00 . 2011-10-02 01:01 -------- d-----w- C:\programdata\Comodo Downloader
2011-10-02 00:03 . 2011-10-02 00:03 -------- d-----w- C:\2D7BF861284F1844B504A6DEBB35
2011-10-01 23:51 . 2011-10-01 23:51 -------- d-----w- C:\windows\system32\SPReview
2011-10-01 23:50 . 2011-10-01 23:50 -------- d-----w- C:\windows\system32\EventProviders
2011-09-24 21:59 . 2011-09-24 21:59 -------- d-----w- C:\users\Callow\AppData\Roaming\AVG2012
2011-09-24 21:59 . 2011-10-02 10:18 -------- d-----w- C:\programdata\AVG2012
2011-09-23 10:29 . 2011-09-23 10:29 -------- d-----w- C:\program files (x86)\MSECache
2011-09-22 07:12 . 2011-09-22 07:12 -------- d-----w- C:\program files (x86)\File Type Assistant
2011-09-21 01:24 . 2011-09-21 01:24 -------- d-----w- C:\found.000
2011-09-20 11:22 . 2011-09-20 11:22 -------- d-----w- C:\programdata\Microsoft Help
2011-09-20 11:22 . 2011-09-20 11:22 -------- d-----w- C:\users\Callow\AppData\Local\Microsoft Help
2011-09-20 11:15 . 2011-09-20 11:34 -------- d-----w- C:\users\Callow\AppData\Roaming\SoftGrid Client
2011-09-20 11:15 . 2011-09-20 11:15 -------- d-----w- C:\users\Callow\AppData\Local\SoftGrid Client
2011-09-20 11:14 . 2011-09-20 22:01 -------- d-----w- C:\program files (x86)\Microsoft Application Virtualization Client
2011-09-20 11:13 . 2011-09-20 11:15 -------- d-----w- C:\users\Callow\AppData\Roaming\TP
2011-09-13 13:30 . 2011-09-13 13:30 37456 ----a-w- C:\windows\system32\drivers\avgrkx64.sys
.
.
.

Edited by BerenFortis, 11 October 2011 - 10:59 AM.


#8 nasdaq

nasdaq

  • Malware Response Team
  • 39,569 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:19 PM

Posted 11 October 2011 - 06:20 PM

The ComboFix log was truncated.

If you posted the complete ComboFix.txt file I suggest you run the ComboFix tool again and post the complete log for my review.

#9 BerenFortis

BerenFortis
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:19 AM

Posted 13 October 2011 - 07:30 AM

Well, the log is shortened because I wasn't possibly able to transfer it all by hand. I could post some more, but it was incredibly long, so I'd have to pick and choose what to type out. As for rerunning ComboFix, I can give it another shot, but I can hardly access anything, so I may not be able to get it to work.

#10 nasdaq

nasdaq

  • Malware Response Team
  • 39,569 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:19 PM

Posted 13 October 2011 - 01:20 PM

I understand you must have one bad infection.

Try this one if all fails.

  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.


#11 BerenFortis

BerenFortis
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:19 AM

Posted 15 October 2011 - 03:25 AM

Well, I have some good news. I'm on my laptop right now, and I've been on for about 5 minutes without any warnings or redirects. I simply rebooted the computer and the registry key problem was no longer an issue. I intended to post the ComboFix log here in full, but when I pull it up it would seem to be empty. However... I did take some photos of the log with my DSLR, and while unconventional they are rather clear. If nothing else I could always post those.

EDIT: I decided to switch out AVG with Avast, and it's catching a pretty hefty handful of viruses. There are a good few Java:Agents and I think one was... Qoobox or something? I can't remember, I'll have to check the history after it's done scanning. I don't know if these are leftovers or if they're still being put on the computer. Hopefully the former. o__o

Edited by BerenFortis, 15 October 2011 - 07:43 AM.


#12 nasdaq

nasdaq

  • Malware Response Team
  • 39,569 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:19 PM

Posted 15 October 2011 - 09:21 AM

EDIT: I decided to switch out AVG with Avast, and it's catching a pretty hefty handful of viruses. There are a good few Java:Agents and I think one was... Qoobox or something?


QooBox is the quarantined folder from ComboFix.
All the files that were deleted by ComboFix were in the folder.

Feel free to run ComboFix and post the log for a final review.

If you decide otherwise remove the tool.

Time for some housekeeping

The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following bold text into the Run box and click OK:

ComboFix /Uninstall
===

Delete the other tools we used.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users