Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hidden programs and multiple pop ups


  • This topic is locked This topic is locked
10 replies to this topic

#1 needrac

needrac

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:19 AM

Posted 17 October 2011 - 10:54 AM

When I log onto my computer all of my programs are hidden and I get multiple pop-ups of Windows - Delayed Write Failed and another pop-up of WIndows detected a hard disk problem either scan and fix or delay scan and sometimes it automatically restarts my computer. Please help

Thanks

BC AdBot (Login to Remove)

 


#2 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,911 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:06:19 AM

Posted 17 October 2011 - 11:53 PM

Hello,

Please follow the instructions in ==>This Guide<== starting at step 6. If you cannot complete a step, skip it and continue.

Once the proper logs are created, then post them in a reply to this topic by using the Add Reply button.

If you can produce at least some of the logs, then please create the post and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the reply and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.

Please note that I am not a member of the Malware Removal Team and will not be assisting you in removing the infection. I'm simply helping you to post the information they need in order to assist you.

If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

Orange Blossom :cherry:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#3 needrac

needrac
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:19 AM

Posted 18 October 2011 - 08:18 PM

My programs keeps hidden (I have used the unhide.exe in safe mode)
Multiple pop-ups of Windows-Delayed Write Failed
Another pop up of Windows detected a hard disk problems if I press the exit button my computer restarts
Google keeps redirecting me


I can't save the gmer log when I'm in safe mode because I can't see the save button

.
DDS (Ver_2011-08-26.01) - NTFSx86 NETWORK
Internet Explorer: 9.0.8112.16421
Run by Needra at 8:41:00 on 2011-10-18
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.2.1033.18.1919.705 [GMT -4:00]
.
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\REGSVR32.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
uInternet Settings,ProxyOverride = *.local
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {1e8a6170-7264-4d0f-beae-d42a53123c75} - c:\program files\common files\symantec shared\coshared\browser\1.5\NppBho.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
BHO: PBlockHelper Class: {4115122b-85ff-4dd3-9515-f075bede5eb5} - c:\program files\netscape accelerator\PBHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: NOW!Imaging: {9aa2f14f-e956-44b8-8694-a5b615cdf341} - c:\program files\netscape accelerator\components\NOWImaging.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\progra~1\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
TB: Show Norton Toolbar: {90222687-f593-4738-b738-fbee9c7b26df} - c:\program files\common files\symantec shared\coshared\browser\1.5\UIBHO.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
mRun: [SlipStream] "c:\program files\netscape accelerator\slipcore.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [ccApp] c:\program files\common files\symantec shared\ccApp.exe
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [VkNulndOvnOg.exe] c:\programdata\VkNulndOvnOg.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
mPolicies-system: DisableTaskMgr = 1 (0x1)
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
LSP: c:\progra~1\netsca~2\sliplsp.dll
Trusted Zone: paypal.com\www
DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} - hxxp://h20364.www2.hp.com/CSMWeb/Customer/cabs/HPISDataManager.CAB
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUplden-ca.cab
TCP: DhcpNameServer = 64.71.255.198
TCP: Interfaces\{E7290651-9D3D-43CA-81B8-906877A714B3} : DhcpNameServer = 64.71.255.198
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\needra\appdata\roaming\mozilla\firefox\profiles\gx4sbjp1.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\windows\system32\wat\npWatWeb.dll
.
============= SERVICES / DRIVERS ===============
.
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-7-18 123264]
S1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
S1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 BlackBox;BlackBox SR2;c:\windows\system32\drivers\BlackBox.sys [2011-10-17 35712]
S3 IDSvix86;Symantec Intrusion Prevention Driver;c:\programdata\symantec\definitions\symcdata\idsdefs\20070108.003\IDSvix86.sys [2007-4-24 212280]
S3 rcmirror;rcmirror;c:\windows\system32\drivers\rcmirror.sys [2008-10-8 3328]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2011-7-3 15872]
S3 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2007-4-24 1174664]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-7-3 52224]
S3 VST_DPV;VST_DPV;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]
S3 VSTHWBS2;VSTHWBS2;c:\windows\system32\drivers\VSTBS23.SYS [2009-7-13 266752]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-4-19 1343400]
.
=============== Created Last 30 ================
.
2011-10-17 14:24:29 35712 ----a-w- c:\windows\system32\drivers\BlackBox.sys
2011-10-17 13:47:03 497152 ----a-w- c:\programdata\VkNulndOvnOg.exe
2011-10-16 16:32:32 -------- d-----w- c:\program files\iPod
2011-10-16 16:29:11 -------- d-----w- c:\program files\Bonjour
2011-10-13 23:34:06 -------- d-----w- c:\users\needra\appdata\local\DDMSettings
2011-10-13 23:29:33 -------- d-----w- c:\program files\common files\DivX Shared
2011-10-13 23:29:01 -------- d-----w- c:\program files\DivX
2011-10-13 23:28:38 -------- d-----w- c:\programdata\DivX
2011-10-13 21:57:34 75776 ----a-w- c:\windows\system32\psisrndr.ax
2011-10-13 21:57:34 571904 ----a-w- c:\windows\system32\oleaut32.dll
2011-10-13 21:57:34 465408 ----a-w- c:\windows\system32\psisdecd.dll
2011-10-13 21:57:34 233472 ----a-w- c:\windows\system32\oleacc.dll
2011-10-13 21:57:32 2334720 ----a-w- c:\windows\system32\win32k.sys
.
==================== Find3M ====================
.
2011-09-29 09:58:58 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-01 02:35:59 1798144 ----a-w- c:\windows\system32\jscript9.dll
2011-09-01 02:28:15 1126912 ----a-w- c:\windows\system32\wininet.dll
2011-09-01 02:22:54 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-08-31 03:05:04 83816 ----a-w- c:\windows\system32\dns-sd.exe
2011-08-31 03:05:04 73064 ----a-w- c:\windows\system32\dnssd.dll
2011-07-22 20:51:50 94208 ----a-w- c:\windows\system32\dpl100.dll
.
============= FINISH: 8:48:54.24 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 03/12/2009 2:33:42 AM
System Uptime: 18/10/2011 8:36:30 AM (0 hours ago)
.
Motherboard: ASUSTek Computer INC. | | NARRA2
Processor: AMD Athlon™ 64 X2 Dual Core Processor 4400+ | Socket AM2 | 2310/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 289 GiB total, 248.173 GiB free.
D: is FIXED (NTFS) - 9 GiB total, 1.006 GiB free.
E: is CDROM ()
G: is Removable
H: is Removable
I: is Removable
J: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: Security Processor Loader Driver
Device ID: ROOT\LEGACY_SPLDR\0000
Manufacturer:
Name: Security Processor Loader Driver
PNP Device ID: ROOT\LEGACY_SPLDR\0000
Service: spldr
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: SYMTDI
Device ID: ROOT\LEGACY_SYMTDI\0000
Manufacturer:
Name: SYMTDI
PNP Device ID: ROOT\LEGACY_SYMTDI\0000
Service: SYMTDI
.
==== System Restore Points ===================
.
RP151: 30/07/2011 10:45:24 PM - Windows Update
RP152: 01/08/2011 8:33:05 PM - Windows Update
RP153: 11/08/2011 10:03:55 PM - Windows Update
RP154: 19/08/2011 6:52:26 AM - Scheduled Checkpoint
RP155: 23/08/2011 10:23:31 PM - Windows Update
RP156: 07/09/2011 11:55:43 AM - Windows Update
RP157: 15/09/2011 10:12:52 PM - Windows Update
RP158: 28/09/2011 11:27:32 PM - Windows Update
RP159: 13/10/2011 11:28:08 PM - Windows Update
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
Activation Assistant for the 2007 Microsoft Office suites
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 8
AppCore
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AV
Bonjour
ccCommon
Coupon Printer for Windows
DivX Setup
Driver Detective
Enhanced Multimedia Keyboard Solution
FUJIFILM FinePixViewer S Ver.2.1
GIMP 2.6.11
Google Toolbar for Internet Explorer
Hardware Diagnostic Tools
HP Customer Experience Enhancements
HP Customer Feedback
HP Easy Setup - Frontend
HP On-Screen Cap/Num/Scroll Lock Indicator
HP Photosmart Essential 2.0
HP Photosmart Essential2.5
HP Picasso Media Center Add-In
HP Total Care Advisor
HP Update
iTunes
Java Auto Updater
Java™ 6 Update 20
Junk Mail filter update
LightScribe 1.4.142.1
LiveUpdate 3.2 (Symantec Corporation)
Malwarebytes' Anti-Malware
Messenger Plus! Live
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Corporation
Microsoft LifeCam
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
MobileMe Control Panel
Mozilla Firefox 7.0.1 (x86 en-US)
MSN
MSRedist
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
muvee autoProducer 6.0
My HP Games
Norton AntiVirus
Norton Confidential Browser Component
Norton Confidential Web Protection Component
Norton Internet Security
Norton Internet Security (Symantec Corporation)
Norton Protection Center
PSSWCORE
Python 2.4.3
QuickTime
RealPlayer
Realtek High Definition Audio Driver
Rhapsody
Rhapsody Player Engine
Roxio Activation Module
Roxio Creator Audio
Roxio Creator Basic v9
Roxio Creator Copy
Roxio Creator Data
Roxio Creator EasyArchive
Roxio Creator Tools
Roxio Express Labeler 3
Roxio MyDVD Basic v9
Safari
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2553074)
Security Update for 2007 Microsoft Office System (KB2553089)
Security Update for 2007 Microsoft Office System (KB2553090)
Security Update for 2007 Microsoft Office System (KB2584063)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office Excel 2007 (KB2553073)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Skype Toolbars
Skype™ 5.0
Snapfish Media Detector
SPBBC 32bit
SUPERAntiSpyware
Symantec Real Time Storage Protection Component
SymNet
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VC80CRTRedist - 8.0.50727.6195
VoiceOver Kit
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Yahoo! Messenger
Yahoo! Software Update
Yahoo! Toolbar
.
==== Event Viewer Messages From Past Week ========
.
18/10/2011 8:46:06 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
18/10/2011 8:37:15 AM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
18/10/2011 8:37:14 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
18/10/2011 8:37:14 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
18/10/2011 8:37:13 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
18/10/2011 8:37:07 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
18/10/2011 8:36:47 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache eeCtrl SASDIFSV SASKUTIL spldr SRTSPX SYMTDI Wanarpv6
17/10/2011 10:30:48 AM, Error: Service Control Manager [7023] - The Windows Update service terminated with the following error: %%-2147467243
16/10/2011 12:30:32 PM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
14/10/2011 6:29:03 AM, Error: Service Control Manager [7022] - The Background Intelligent Transfer Service service hung on starting.
.
==== End Of File ===========================

#4 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,630 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:19 AM

Posted 22 October 2011 - 10:55 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/423880 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#5 needrac

needrac
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:19 AM

Posted 23 October 2011 - 07:43 PM

1.
I had multiple pop-ups of Windows-Delayed Write Failed another pop up of Windows detected a hard disk problems if I press the exit button my computer restarts. I download Norton 360 and did a scan. I also did a full scan using Malwarebytes' Anti-Malware. I don't see the pop-ups anymore but I keep on hearing the bleeps as if its still there every time i log onto my computer. Before my files/folders where hidden so I used the unhide.exe it worked but all my programs can't be located from my start menu. It seems my prgrams have be moved to a file called AppsData and I don't know how to get it back!

2.
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by Needra at 19:54:27 on 2011-10-23
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.2.1033.18.1919.741 [GMT -4:00]
.
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Program Files\Norton 360\Engine\5.1.0.29\ccSvcHst.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Norton 360\Engine\5.1.0.29\ccSvcHst.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Netscape Accelerator\slipcore.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
uInternet Settings,ProxyOverride = *.local
uInternet Settings,ProxyServer = http=127.0.0.1:50626
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton 360\engine\5.1.0.29\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton 360\engine\5.1.0.29\ips\IPSBHO.DLL
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton 360\engine\5.1.0.29\coIEPlg.dll
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
mRun: [SlipStream] "c:\program files\netscape accelerator\slipcore.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mPolicies-explorer: HideSCAHealth = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
LSP: c:\progra~1\netsca~2\sliplsp.dll
Trusted Zone: paypal.com\www
DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} - hxxp://h20364.www2.hp.com/CSMWeb/Customer/cabs/HPISDataManager.CAB
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUplden-ca.cab
TCP: DhcpNameServer = 64.71.255.198
TCP: Interfaces\{E7290651-9D3D-43CA-81B8-906877A714B3} : DhcpNameServer = 64.71.255.198
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\needra\appdata\roaming\mozilla\firefox\profiles\gx4sbjp1.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 50626
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\windows\system32\wat\npWatWeb.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0501000.01d\SymDS.sys [2011-10-20 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0501000.01d\SymEFA.sys [2011-10-20 744568]
R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.1.0.29\definitions\bashdefs\20111014.001\BHDrvx86.sys [2011-10-14 818808]
R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.1.0.29\definitions\ipsdefs\20111021.030\IDSvix86.sys [2011-10-21 368248]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0501000.01d\Ironx86.sys [2011-10-20 136312]
R1 SymNetS;Symantec Network Security WFP Driver;c:\windows\system32\drivers\n360\0501000.01d\symnets.sys [2011-10-20 299640]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-7-18 123264]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-10-26 366152]
R2 N360;Norton 360;c:\program files\norton 360\engine\5.1.0.29\ccSvcHst.exe [2011-10-20 130008]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-10-20 105592]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-10-21 22216]
R3 VST_DPV;VST_DPV;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]
R3 VSTHWBS2;VSTHWBS2;c:\windows\system32\drivers\VSTBS23.SYS [2009-7-13 266752]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 rcmirror;rcmirror;c:\windows\system32\drivers\rcmirror.sys [2008-10-8 3328]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2011-7-3 15872]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-7-3 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-4-19 1343400]
.
=============== Created Last 30 ================
.
2011-10-21 22:49:21 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-10-21 22:39:25 -------- d-----w- c:\users\needra\appdata\local\NPE
2011-10-20 23:33:36 -------- d-----w- c:\users\needra\appdata\local\CrashDumps
2011-10-20 23:03:24 27888 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2011-10-20 23:03:18 126584 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2011-10-20 23:03:18 -------- d-----w- c:\program files\Symantec
2011-10-20 23:03:01 744568 ----a-r- c:\windows\system32\drivers\n360\0501000.01d\SymEFA.sys
2011-10-20 23:03:01 516216 ----a-r- c:\windows\system32\drivers\n360\0501000.01d\srtsp.sys
2011-10-20 23:03:01 50168 ----a-r- c:\windows\system32\drivers\n360\0501000.01d\srtspx.sys
2011-10-20 23:03:01 340088 ----a-r- c:\windows\system32\drivers\n360\0501000.01d\SymDS.sys
2011-10-20 23:03:01 299640 ----a-w- c:\windows\system32\drivers\n360\0501000.01d\symnets.sys
2011-10-20 23:03:01 136312 ----a-r- c:\windows\system32\drivers\n360\0501000.01d\Ironx86.sys
2011-10-20 23:02:53 -------- d-----w- c:\windows\system32\drivers\n360\0501000.01D
2011-10-20 23:02:53 -------- d-----w- c:\windows\system32\drivers\N360
2011-10-20 23:02:52 -------- d-----w- c:\program files\Norton 360
2011-10-20 23:02:31 -------- d-----w- c:\program files\NortonInstaller
2011-10-20 22:55:52 -------- d-----w- c:\programdata\PCSettings
2011-10-20 22:54:45 -------- d-----w- c:\programdata\NortonInstaller
2011-10-20 22:51:29 -------- d-----w- c:\programdata\Norton
2011-10-20 22:28:09 -------- d-sh--w- C:\$RECYCLE.BIN
2011-10-20 22:27:54 -------- d-----w- c:\users\needra\appdata\local\temp
2011-10-20 21:29:35 -------- d-----w- C:\ComboFix
2011-10-19 16:20:46 -------- d-----w- c:\program files\ACAEE
2011-10-19 16:20:26 -------- d-----w- c:\users\needra\appdata\roaming\821AC
2011-10-19 16:20:04 -------- d-----w- c:\users\needra\appdata\roaming\Ylge
2011-10-19 16:20:01 -------- d-----w- c:\users\needra\appdata\roaming\Yczee
2011-10-16 16:32:32 -------- d-----w- c:\program files\iPod
2011-10-16 16:29:11 -------- d-----w- c:\program files\Bonjour
2011-10-13 23:34:06 -------- d-----w- c:\users\needra\appdata\local\DDMSettings
2011-10-13 23:29:33 -------- d-----w- c:\program files\common files\DivX Shared
2011-10-13 23:29:01 -------- d-----w- c:\program files\DivX
2011-10-13 23:28:38 -------- d-----w- c:\programdata\DivX
2011-10-13 21:57:34 75776 ----a-w- c:\windows\system32\psisrndr.ax
2011-10-13 21:57:34 571904 ----a-w- c:\windows\system32\oleaut32.dll
2011-10-13 21:57:34 465408 ----a-w- c:\windows\system32\psisdecd.dll
2011-10-13 21:57:34 233472 ----a-w- c:\windows\system32\oleacc.dll
2011-10-13 21:57:32 2334720 ----a-w- c:\windows\system32\win32k.sys
.
==================== Find3M ====================
.
2011-09-29 09:58:58 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-01 02:35:59 1798144 ----a-w- c:\windows\system32\jscript9.dll
2011-09-01 02:28:15 1126912 ----a-w- c:\windows\system32\wininet.dll
2011-09-01 02:22:54 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-08-31 03:05:04 83816 ----a-w- c:\windows\system32\dns-sd.exe
2011-08-31 03:05:04 73064 ----a-w- c:\windows\system32\dnssd.dll
.
============= FINISH: 19:54:54.31 ===============


GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-10-23 20:39:28
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\0000006a Hitachi_ rev.V54O
Running: 1pf23lzd.exe; Driver: C:\Users\Needra\AppData\Local\Temp\kwdiqpob.sys


---- System - GMER 1.0.15 ----

SSDT 863FE400 ZwAlertResumeThread
SSDT 863D7D58 ZwAlertThread
SSDT 863FFEA0 ZwAllocateVirtualMemory
SSDT 8636E538 ZwAlpcConnectPort
SSDT 863D9B90 ZwAssignProcessToJobObject
SSDT 863FD3B8 ZwCreateMutant
SSDT 863D98B0 ZwCreateSymbolicLinkObject
SSDT 863FE758 ZwCreateThread
SSDT 863D99A0 ZwCreateThreadEx
SSDT 863D9C70 ZwDebugActiveProcess
SSDT 863FE480 ZwDuplicateObject
SSDT 863FFCC0 ZwFreeVirtualMemory
SSDT 863FE260 ZwImpersonateAnonymousToken
SSDT 863FE340 ZwImpersonateThread
SSDT 863701C0 ZwLoadDriver
SSDT 863FFBC0 ZwMapViewOfSection
SSDT 863FD2D8 ZwOpenEvent
SSDT 863FE640 ZwOpenProcess
SSDT 863FFF90 ZwOpenProcessToken
SSDT 863FD118 ZwOpenSection
SSDT 863FE570 ZwOpenThread
SSDT 863D9AA0 ZwProtectVirtualMemory
SSDT 863CDB70 ZwResumeThread
SSDT 863FF910 ZwSetContextThread
SSDT 863FF9F0 ZwSetInformationProcess
SSDT 863D9D30 ZwSetSystemInformation
SSDT 863FD1F8 ZwSuspendProcess
SSDT 863CE600 ZwSuspendThread
SSDT 863FE838 ZwTerminateProcess
SSDT 863D77F8 ZwTerminateThread
SSDT 863FFAE0 ZwUnmapViewOfSection
SSDT 863FFDB0 ZwWriteVirtualMemory

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKey + 13D1 82E7B349 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82EB4D52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!KeRemoveQueueEx + 10DB 82EBBD90 8 Bytes [00, E4, 3F, 86, 58, 7D, 3D, ...]
.text ntkrnlpa.exe!KeRemoveQueueEx + 10F3 82EBBDA8 4 Bytes [A0, FE, 3F, 86]
.text ntkrnlpa.exe!KeRemoveQueueEx + 10FF 82EBBDB4 4 Bytes [38, E5, 36, 86]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1153 82EBBE08 4 Bytes [90, 9B, 3D, 86]
.text ntkrnlpa.exe!KeRemoveQueueEx + 11CF 82EBBE84 4 Bytes [B8, D3, 3F, 86]
.text ...
? C:\Users\Needra\AppData\Local\Temp\mbr.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3808] kernel32.dll!LockResource 761D02D9 5 Bytes JMP 28001F50 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3808] kernel32.dll!CreateEventA 761D1662 5 Bytes JMP 28001840 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3808] kernel32.dll!FindResourceExW 761D43B2 5 Bytes JMP 28001C60 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3808] kernel32.dll!FindResourceW 761D54CF 5 Bytes JMP 28001BE0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3808] kernel32.dll!SizeofResource 761D54ED 5 Bytes JMP 28001EE0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3808] kernel32.dll!LoadResource 761D9C72 5 Bytes JMP 28001E20 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3808] kernel32.dll!FindResourceExA 761DA3AD 7 Bytes JMP 28001D80 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3808] kernel32.dll!FindResourceA 761DA475 5 Bytes JMP 28001CF0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3808] ADVAPI32.dll!CryptDecrypt 76E83178 5 Bytes JMP 28001060 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3808] ADVAPI32.dll!CryptDeriveKey 76E83188 5 Bytes JMP 28001000 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3808] USER32.dll!SetWindowPlacement 762D7F78 5 Bytes JMP 28005E20 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3808] USER32.dll!SetWindowRgn 762D99EC 7 Bytes JMP 28005F60 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3808] USER32.dll!CreateWindowExW 762DEC7C 1 Byte [E9]
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3808] USER32.dll!CreateWindowExW 762DEC7C 5 Bytes JMP 28003C80 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3808] USER32.dll!LoadIconW 762DF142 5 Bytes JMP 280068E0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3808] USER32.dll!LoadImageW 762E12EB 5 Bytes JMP 280066F0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3808] USER32.dll!GetWindowLongW 762E61B8 7 Bytes JMP 28006A80 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3808] USER32.dll!PeekMessageW 762E634A 5 Bytes JMP 28004650 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3808] USER32.dll!TrackPopupMenuEx 76304832 5 Bytes JMP 28004F30 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3808] USER32.dll!CreateDialogParamW 76305630 5 Bytes JMP 280060A0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3808] USER32.dll!MessageBoxIndirectW 7632E963 5 Bytes JMP 28006290 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3808] WS2_32.dll!closesocket 77DE3918 5 Bytes JMP 2800BF30 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3808] WS2_32.dll!WSASend 77DE4406 5 Bytes JMP 2800BCF0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3808] WS2_32.dll!recv 77DE6B0E 5 Bytes JMP 2800B750 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3808] WS2_32.dll!send 77DE6F01 5 Bytes JMP 2800BB10 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3808] WS2_32.dll!WSARecv 77DE7089 5 Bytes JMP 2800B8F0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3808] SHELL32.dll!Shell_NotifyIconW 76F001C1 5 Bytes JMP 280033D0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3808] ole32.dll!CoRegisterClassObject 77B421E1 5 Bytes JMP 28002360 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3808] ole32.dll!CoInitializeEx 77B709AD 5 Bytes JMP 28002260 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3808] ole32.dll!CoCreateInstance 77B79D0B 5 Bytes JMP 28002600 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3808] WININET.dll!InternetCloseHandle 766AB7C4 5 Bytes JMP 2800A950 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3808] WININET.dll!InternetReadFile 766AEA3A 5 Bytes JMP 2800A7A0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3808] WININET.dll!HttpOpenRequestA 766D5539 5 Bytes JMP 2800A610 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3808] WININET.dll!HttpSendRequestA 76705768 5 Bytes JMP 2800A880 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Mozilla Firefox\firefox.exe[4112] ntdll.dll!NtMapViewOfSection 77CD5C28 5 Bytes JMP 0068003A
.text C:\Program Files\Mozilla Firefox\firefox.exe[4112] ntdll.dll!LdrLoadDll 77CF22B8 5 Bytes JMP 655BFAE0 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[4112] kernel32.dll!K32GetPerformanceInfo + 1CC 761C62DF 7 Bytes JMP 006801AD
.text C:\Program Files\Mozilla Firefox\firefox.exe[4112] kernel32.dll!TerminateProcess + B 761D2BC8 7 Bytes JMP 00680319
.text C:\Program Files\Mozilla Firefox\firefox.exe[4112] kernel32.dll!QueryPerformanceCounter + 13 761DC435 7 Bytes JMP 00680263
.text C:\Program Files\Mozilla Firefox\firefox.exe[4112] kernel32.dll!FreeLibrary + 8 761DEF6F 7 Bytes JMP 006803CF
.text C:\Program Files\Mozilla Firefox\firefox.exe[4112] kernel32.dll!CheckElevation + 2DB 761F959A 7 Bytes JMP 006800F7
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[4420] USER32.dll!SetWindowLongA 762D8BA3 5 Bytes JMP 6597E349 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[4420] USER32.dll!SetWindowLongW 762E4449 5 Bytes JMP 6597E2DB C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[4420] USER32.dll!GetWindowInfo 762E4B5E 5 Bytes JMP 657389A7 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[4420] USER32.dll!TrackPopupMenu 762F2228 5 Bytes JMP 65738F65 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)

---- Devices - GMER 1.0.15 ----

Device \Driver\ACPI_HAL \Device\00000055 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

3.

I don't have the original Windows CD/DVD available

#6 nasdaq

nasdaq

  • Malware Response Team
  • 38,950 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:19 AM

Posted 25 October 2011 - 01:30 PM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

I need more information before suggesting any remedial tools.

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) ( 511KB ) to your desktop. Double click the aswMBR.exe to run it

  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
  • Please post the contents of that log in your next reply.
There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.

===

Please Download
TDSSKiller.zip

>>> Double-click on TDSSKiller.exe to run the application.
  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue
    Posted Image
  • If a suspicious file is detected, the default action will be Skip, click on Continue
    Posted Image
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.

Please post the logs for my review.

#7 needrac

needrac
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:19 AM

Posted 25 October 2011 - 01:49 PM

aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-10-25 14:34:52
-----------------------------
14:34:52.165 OS Version: Windows 6.1.7601 Service Pack 1
14:34:52.165 Number of processors: 2 586 0x6B01
14:34:52.168 ComputerName: NEEDRA-PC UserName: Needra
14:35:09.588 Initialize success
14:35:32.984 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000006a
14:35:32.987 Disk 0 Vendor: Hitachi_ V54O Size: 305245MB BusType: 3
14:35:34.998 Disk 0 MBR read successfully
14:35:35.001 Disk 0 MBR scan
14:35:35.004 Disk 0 Windows 7 default MBR code
14:35:35.010 Disk 0 scanning sectors +625136400
14:35:35.077 Disk 0 scanning C:\Windows\system32\drivers
14:35:41.375 Service scanning
14:35:42.714 Modules scanning
14:35:57.723 Disk 0 trace - called modules:
14:35:57.736 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll storport.sys nvstor.sys
14:35:57.741 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85db97c8]
14:35:57.746 3 CLASSPNP.SYS[88f7c59e] -> nt!IofCallDriver -> [0x856c7258]
14:35:57.751 5 ACPI.sys[888113d4] -> nt!IofCallDriver -> \Device\0000006a[0x856c7640]
14:35:58.102 Scan finished successfully
14:38:56.602 Disk 0 MBR has been saved successfully to "C:\Users\Needra\Desktop\MBR.dat"
14:38:56.611 The log file has been saved successfully to "C:\Users\Needra\Desktop\aswMBR.txt"







14:43:51.0840 4824 TDSS rootkit removing tool 2.6.13.0 Oct 25 2011 13:56:21
14:43:52.0336 4824 ============================================================
14:43:52.0336 4824 Current date / time: 2011/10/25 14:43:52.0336
14:43:52.0336 4824 SystemInfo:
14:43:52.0336 4824
14:43:52.0336 4824 OS Version: 6.1.7601 ServicePack: 1.0
14:43:52.0337 4824 Product type: Workstation
14:43:52.0337 4824 ComputerName: NEEDRA-PC
14:43:52.0337 4824 UserName: Needra
14:43:52.0337 4824 Windows directory: C:\Windows
14:43:52.0337 4824 System windows directory: C:\Windows
14:43:52.0337 4824 Processor architecture: Intel x86
14:43:52.0337 4824 Number of processors: 2
14:43:52.0337 4824 Page size: 0x1000
14:43:52.0337 4824 Boot type: Normal boot
14:43:52.0337 4824 ============================================================
14:43:53.0653 4824 Initialize success
14:43:56.0258 4604 ============================================================
14:43:56.0259 4604 Scan started
14:43:56.0259 4604 Mode: Manual;
14:43:56.0259 4604 ============================================================
14:43:56.0941 4604 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
14:43:56.0944 4604 1394ohci - ok
14:43:56.0987 4604 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
14:43:56.0993 4604 ACPI - ok
14:43:57.0113 4604 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
14:43:57.0114 4604 AcpiPmi - ok
14:43:57.0180 4604 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
14:43:57.0186 4604 adp94xx - ok
14:43:57.0261 4604 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
14:43:57.0265 4604 adpahci - ok
14:43:57.0311 4604 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
14:43:57.0313 4604 adpu320 - ok
14:43:57.0398 4604 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
14:43:57.0402 4604 AFD - ok
14:43:57.0498 4604 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
14:43:57.0499 4604 agp440 - ok
14:43:57.0676 4604 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
14:43:57.0677 4604 aic78xx - ok
14:43:57.0778 4604 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
14:43:57.0779 4604 aliide - ok
14:43:57.0812 4604 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
14:43:57.0814 4604 amdagp - ok
14:43:57.0867 4604 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
14:43:57.0867 4604 amdide - ok
14:43:57.0967 4604 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
14:43:57.0968 4604 AmdK8 - ok
14:43:57.0995 4604 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
14:43:57.0996 4604 AmdPPM - ok
14:43:58.0042 4604 amdsata (e7f4d42d8076ec60e21715cd11743a0d) C:\Windows\system32\drivers\amdsata.sys
14:43:58.0044 4604 amdsata - ok
14:43:58.0084 4604 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
14:43:58.0086 4604 amdsbs - ok
14:43:58.0171 4604 amdxata (146459d2b08bfdcbfa856d9947043c81) C:\Windows\system32\drivers\amdxata.sys
14:43:58.0172 4604 amdxata - ok
14:43:58.0258 4604 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
14:43:58.0260 4604 AppID - ok
14:43:58.0420 4604 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
14:43:58.0422 4604 arc - ok
14:43:58.0455 4604 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
14:43:58.0457 4604 arcsas - ok
14:43:58.0506 4604 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
14:43:58.0507 4604 AsyncMac - ok
14:43:58.0617 4604 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
14:43:58.0618 4604 atapi - ok
14:43:58.0831 4604 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
14:43:58.0837 4604 b06bdrv - ok
14:43:58.0897 4604 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
14:43:58.0900 4604 b57nd60x - ok
14:43:59.0026 4604 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
14:43:59.0027 4604 Beep - ok
14:43:59.0302 4604 BHDrvx86 (fe57ab6683f48264d1cd36f5d5ee95a8) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20111014.001\BHDrvx86.sys
14:43:59.0335 4604 BHDrvx86 - ok
14:43:59.0457 4604 BlackBox - ok
14:43:59.0500 4604 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
14:43:59.0503 4604 blbdrive - ok
14:43:59.0644 4604 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
14:43:59.0646 4604 bowser - ok
14:43:59.0686 4604 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
14:43:59.0688 4604 BrFiltLo - ok
14:43:59.0712 4604 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
14:43:59.0713 4604 BrFiltUp - ok
14:43:59.0813 4604 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
14:43:59.0816 4604 Brserid - ok
14:43:59.0838 4604 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
14:43:59.0840 4604 BrSerWdm - ok
14:43:59.0873 4604 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
14:43:59.0874 4604 BrUsbMdm - ok
14:43:59.0899 4604 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
14:43:59.0900 4604 BrUsbSer - ok
14:43:59.0996 4604 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
14:43:59.0997 4604 BTHMODEM - ok
14:44:00.0133 4604 catchme - ok
14:44:00.0234 4604 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
14:44:00.0235 4604 cdfs - ok
14:44:00.0300 4604 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\drivers\cdrom.sys
14:44:00.0301 4604 cdrom - ok
14:44:00.0401 4604 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
14:44:00.0402 4604 circlass - ok
14:44:00.0470 4604 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
14:44:00.0474 4604 CLFS - ok
14:44:00.0568 4604 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
14:44:00.0569 4604 CmBatt - ok
14:44:00.0623 4604 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
14:44:00.0624 4604 cmdide - ok
14:44:00.0675 4604 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
14:44:00.0682 4604 CNG - ok
14:44:00.0752 4604 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
14:44:00.0753 4604 Compbatt - ok
14:44:00.0829 4604 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
14:44:00.0830 4604 CompositeBus - ok
14:44:00.0925 4604 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
14:44:00.0926 4604 crcdisk - ok
14:44:01.0024 4604 CSC (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys
14:44:01.0029 4604 CSC - ok
14:44:01.0144 4604 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
14:44:01.0146 4604 DfsC - ok
14:44:01.0245 4604 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
14:44:01.0246 4604 discache - ok
14:44:01.0335 4604 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
14:44:01.0337 4604 Disk - ok
14:44:01.0425 4604 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
14:44:01.0426 4604 drmkaud - ok
14:44:01.0504 4604 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
14:44:01.0513 4604 DXGKrnl - ok
14:44:01.0579 4604 E1G60 (22ef8965101685add128f03a2b03ce16) C:\Windows\system32\DRIVERS\E1G60I32.sys
14:44:01.0581 4604 E1G60 - ok
14:44:01.0727 4604 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
14:44:01.0762 4604 ebdrv - ok
14:44:01.0870 4604 eeCtrl (8f7dbc4be48f5388a6fe1f285e7948ef) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
14:44:01.0876 4604 eeCtrl - ok
14:44:02.0007 4604 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
14:44:02.0013 4604 elxstor - ok
14:44:02.0104 4604 EraserUtilRebootDrv (3ee14d400e0fdd0d214275a4a20b7022) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
14:44:02.0107 4604 EraserUtilRebootDrv - ok
14:44:02.0197 4604 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
14:44:02.0198 4604 ErrDev - ok
14:44:02.0271 4604 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
14:44:02.0273 4604 exfat - ok
14:44:02.0300 4604 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
14:44:02.0302 4604 fastfat - ok
14:44:02.0417 4604 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
14:44:02.0418 4604 fdc - ok
14:44:02.0468 4604 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
14:44:02.0469 4604 FileInfo - ok
14:44:02.0491 4604 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
14:44:02.0492 4604 Filetrace - ok
14:44:02.0614 4604 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
14:44:02.0614 4604 flpydisk - ok
14:44:02.0674 4604 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
14:44:02.0677 4604 FltMgr - ok
14:44:02.0775 4604 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
14:44:02.0776 4604 FsDepends - ok
14:44:02.0802 4604 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
14:44:02.0803 4604 Fs_Rec - ok
14:44:02.0860 4604 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
14:44:02.0863 4604 fvevol - ok
14:44:02.0968 4604 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
14:44:02.0969 4604 gagp30kx - ok
14:44:03.0034 4604 GEARAspiWDM (5ae3a887ece5bbb72cfab273c2fd1cfa) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
14:44:03.0034 4604 GEARAspiWDM - ok
14:44:03.0156 4604 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
14:44:03.0156 4604 hcw85cir - ok
14:44:03.0207 4604 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
14:44:03.0209 4604 HDAudBus - ok
14:44:03.0288 4604 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
14:44:03.0289 4604 HidBatt - ok
14:44:03.0323 4604 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
14:44:03.0324 4604 HidBth - ok
14:44:03.0371 4604 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
14:44:03.0372 4604 HidIr - ok
14:44:03.0430 4604 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\drivers\hidusb.sys
14:44:03.0431 4604 HidUsb - ok
14:44:03.0490 4604 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
14:44:03.0491 4604 HpSAMD - ok
14:44:03.0610 4604 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
14:44:03.0617 4604 HTTP - ok
14:44:03.0653 4604 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
14:44:03.0654 4604 hwpolicy - ok
14:44:03.0843 4604 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
14:44:03.0847 4604 i8042prt - ok
14:44:03.0904 4604 iaStorV (a3cae5d281db4cff7cff8233507ee5ad) C:\Windows\system32\drivers\iaStorV.sys
14:44:03.0909 4604 iaStorV - ok
14:44:04.0110 4604 IDSVix86 (9bc8840de4140e8e2a6fc3192e054a8c) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20111022.030\IDSvix86.sys
14:44:04.0116 4604 IDSVix86 - ok
14:44:04.0262 4604 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
14:44:04.0264 4604 iirsp - ok
14:44:04.0349 4604 IntcAzAudAddService (4a705bf2a6f7972f2f2ad8a0d8079f95) C:\Windows\system32\drivers\RTKVHDA.sys
14:44:04.0369 4604 IntcAzAudAddService - ok
14:44:04.0471 4604 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
14:44:04.0472 4604 intelide - ok
14:44:04.0505 4604 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
14:44:04.0506 4604 intelppm - ok
14:44:04.0552 4604 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:44:04.0553 4604 IpFilterDriver - ok
14:44:04.0666 4604 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
14:44:04.0667 4604 IPMIDRV - ok
14:44:04.0698 4604 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
14:44:04.0700 4604 IPNAT - ok
14:44:04.0850 4604 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
14:44:04.0851 4604 IRENUM - ok
14:44:04.0884 4604 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
14:44:04.0885 4604 isapnp - ok
14:44:04.0928 4604 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
14:44:04.0932 4604 iScsiPrt - ok
14:44:05.0027 4604 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys
14:44:05.0028 4604 kbdclass - ok
14:44:05.0067 4604 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys
14:44:05.0068 4604 kbdhid - ok
14:44:05.0123 4604 KSecDD (412cea1aa78cc02a447f5c9e62b32ff1) C:\Windows\system32\Drivers\ksecdd.sys
14:44:05.0124 4604 KSecDD - ok
14:44:05.0172 4604 KSecPkg (26c046977e85b95036453d7b88ba1820) C:\Windows\system32\Drivers\ksecpkg.sys
14:44:05.0174 4604 KSecPkg - ok
14:44:05.0307 4604 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
14:44:05.0308 4604 lltdio - ok
14:44:05.0372 4604 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
14:44:05.0374 4604 LSI_FC - ok
14:44:05.0431 4604 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
14:44:05.0433 4604 LSI_SAS - ok
14:44:05.0524 4604 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
14:44:05.0525 4604 LSI_SAS2 - ok
14:44:05.0557 4604 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
14:44:05.0559 4604 LSI_SCSI - ok
14:44:05.0611 4604 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
14:44:05.0612 4604 luafv - ok
14:44:05.0722 4604 MBAMProtector (69a6268d7f81e53d568ab4e7e991caf3) C:\Windows\system32\drivers\mbam.sys
14:44:05.0723 4604 MBAMProtector - ok
14:44:05.0772 4604 MBAMSwissArmy - ok
14:44:05.0810 4604 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
14:44:05.0811 4604 megasas - ok
14:44:05.0920 4604 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
14:44:05.0923 4604 MegaSR - ok
14:44:05.0968 4604 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
14:44:05.0969 4604 Modem - ok
14:44:06.0010 4604 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
14:44:06.0012 4604 monitor - ok
14:44:06.0121 4604 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\drivers\mouclass.sys
14:44:06.0122 4604 mouclass - ok
14:44:06.0171 4604 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
14:44:06.0172 4604 mouhid - ok
14:44:06.0272 4604 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
14:44:06.0273 4604 mountmgr - ok
14:44:06.0315 4604 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
14:44:06.0317 4604 mpio - ok
14:44:06.0359 4604 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
14:44:06.0360 4604 mpsdrv - ok
14:44:06.0477 4604 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
14:44:06.0478 4604 MRxDAV - ok
14:44:06.0515 4604 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
14:44:06.0517 4604 mrxsmb - ok
14:44:06.0560 4604 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:44:06.0563 4604 mrxsmb10 - ok
14:44:06.0650 4604 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:44:06.0652 4604 mrxsmb20 - ok
14:44:06.0687 4604 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
14:44:06.0688 4604 msahci - ok
14:44:06.0740 4604 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
14:44:06.0741 4604 msdsm - ok
14:44:06.0872 4604 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
14:44:06.0873 4604 Msfs - ok
14:44:06.0897 4604 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
14:44:06.0899 4604 mshidkmdf - ok
14:44:06.0932 4604 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
14:44:06.0933 4604 msisadrv - ok
14:44:07.0057 4604 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
14:44:07.0058 4604 MSKSSRV - ok
14:44:07.0099 4604 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
14:44:07.0101 4604 MSPCLOCK - ok
14:44:07.0132 4604 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
14:44:07.0133 4604 MSPQM - ok
14:44:07.0168 4604 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
14:44:07.0171 4604 MsRPC - ok
14:44:07.0274 4604 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
14:44:07.0275 4604 mssmbios - ok
14:44:07.0327 4604 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
14:44:07.0329 4604 MSTEE - ok
14:44:07.0365 4604 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
14:44:07.0367 4604 MTConfig - ok
14:44:07.0458 4604 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
14:44:07.0459 4604 Mup - ok
14:44:07.0521 4604 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
14:44:07.0526 4604 NativeWifiP - ok
14:44:07.0721 4604 NAVENG (862f55824ac81295837b0ab63f91071f) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20111024.009\NAVENG.SYS
14:44:07.0740 4604 NAVENG - ok
14:44:07.0967 4604 NAVEX15 (529d571b551cb9da44237389b936f1ae) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20111024.009\NAVEX15.SYS
14:44:07.0985 4604 NAVEX15 - ok
14:44:08.0104 4604 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
14:44:08.0113 4604 NDIS - ok
14:44:08.0154 4604 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
14:44:08.0155 4604 NdisCap - ok
14:44:08.0234 4604 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
14:44:08.0235 4604 NdisTapi - ok
14:44:08.0280 4604 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
14:44:08.0281 4604 Ndisuio - ok
14:44:08.0327 4604 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
14:44:08.0329 4604 NdisWan - ok
14:44:08.0443 4604 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
14:44:08.0444 4604 NDProxy - ok
14:44:08.0501 4604 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
14:44:08.0502 4604 NetBIOS - ok
14:44:08.0603 4604 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
14:44:08.0606 4604 NetBT - ok
14:44:08.0679 4604 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
14:44:08.0680 4604 nfrd960 - ok
14:44:08.0781 4604 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
14:44:08.0784 4604 Npfs - ok
14:44:08.0811 4604 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
14:44:08.0812 4604 nsiproxy - ok
14:44:08.0886 4604 Ntfs (33c3093d09017cfe2e219f2472bff6eb) C:\Windows\system32\drivers\Ntfs.sys
14:44:08.0899 4604 Ntfs - ok
14:44:09.0001 4604 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
14:44:09.0002 4604 Null - ok
14:44:09.0051 4604 NVENETFD (b5e37e31c053bc9950455a257526514b) C:\Windows\system32\DRIVERS\nvm62x32.sys
14:44:09.0060 4604 NVENETFD - ok
14:44:09.0288 4604 nvlddmkm (b0881dda5a8160422561ffab7f0008b1) C:\Windows\system32\DRIVERS\nvlddmkm.sys
14:44:09.0492 4604 nvlddmkm - ok
14:44:09.0595 4604 nvraid (af2eec9580c1d32fb7eaf105d9784061) C:\Windows\system32\drivers\nvraid.sys
14:44:09.0596 4604 nvraid - ok
14:44:09.0632 4604 nvstor (9283c58ebaa2618f93482eb5dabcec82) C:\Windows\system32\drivers\nvstor.sys
14:44:09.0634 4604 nvstor - ok
14:44:09.0666 4604 nvstor32 (019054d997f65358dca63ecae5103f97) C:\Windows\system32\DRIVERS\nvstor32.sys
14:44:09.0670 4604 nvstor32 - ok
14:44:09.0697 4604 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
14:44:09.0699 4604 nv_agp - ok
14:44:09.0804 4604 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
14:44:09.0805 4604 ohci1394 - ok
14:44:09.0858 4604 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
14:44:09.0859 4604 Parport - ok
14:44:09.0902 4604 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys
14:44:09.0903 4604 partmgr - ok
14:44:09.0987 4604 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
14:44:09.0988 4604 Parvdm - ok
14:44:10.0032 4604 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
14:44:10.0034 4604 pci - ok
14:44:10.0059 4604 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
14:44:10.0060 4604 pciide - ok
14:44:10.0103 4604 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
14:44:10.0105 4604 pcmcia - ok
14:44:10.0204 4604 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
14:44:10.0206 4604 pcw - ok
14:44:10.0244 4604 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
14:44:10.0251 4604 PEAUTH - ok
14:44:10.0346 4604 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
14:44:10.0347 4604 PptpMiniport - ok
14:44:10.0386 4604 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
14:44:10.0387 4604 Processor - ok
14:44:10.0494 4604 Ps2 (390c204ced3785609ab24e9c52054a84) C:\Windows\system32\DRIVERS\PS2.sys
14:44:10.0495 4604 Ps2 - ok
14:44:10.0540 4604 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
14:44:10.0542 4604 Psched - ok
14:44:10.0575 4604 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\Windows\system32\Drivers\PxHelp20.sys
14:44:10.0576 4604 PxHelp20 - ok
14:44:10.0694 4604 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
14:44:10.0709 4604 ql2300 - ok
14:44:10.0740 4604 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
14:44:10.0743 4604 ql40xx - ok
14:44:10.0794 4604 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
14:44:10.0795 4604 QWAVEdrv - ok
14:44:10.0890 4604 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
14:44:10.0891 4604 RasAcd - ok
14:44:10.0929 4604 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
14:44:10.0931 4604 RasAgileVpn - ok
14:44:10.0966 4604 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
14:44:10.0968 4604 Rasl2tp - ok
14:44:11.0074 4604 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
14:44:11.0075 4604 RasPppoe - ok
14:44:11.0137 4604 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
14:44:11.0138 4604 RasSstp - ok
14:44:11.0203 4604 rcmirror (aa3eaac5827c73ce50eff2883f986144) C:\Windows\system32\DRIVERS\rcmirror.sys
14:44:11.0203 4604 rcmirror - ok
14:44:11.0325 4604 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
14:44:11.0328 4604 rdbss - ok
14:44:11.0382 4604 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
14:44:11.0383 4604 rdpbus - ok
14:44:11.0428 4604 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
14:44:11.0429 4604 RDPCDD - ok
14:44:11.0541 4604 RDPDR (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys
14:44:11.0542 4604 RDPDR - ok
14:44:11.0590 4604 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
14:44:11.0591 4604 RDPENCDD - ok
14:44:11.0613 4604 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
14:44:11.0614 4604 RDPREFMP - ok
14:44:11.0658 4604 RdpVideoMiniport (68a0387f58e226deee23d9715955572a) C:\Windows\system32\drivers\rdpvideominiport.sys
14:44:11.0659 4604 RdpVideoMiniport - ok
14:44:11.0762 4604 RDPWD (288b06960d78428ff89e811632684e20) C:\Windows\system32\drivers\RDPWD.sys
14:44:11.0765 4604 RDPWD - ok
14:44:11.0822 4604 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
14:44:11.0829 4604 rdyboost - ok
14:44:11.0967 4604 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
14:44:11.0968 4604 rspndr - ok
14:44:12.0004 4604 s3cap (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys
14:44:12.0005 4604 s3cap - ok
14:44:12.0083 4604 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
14:44:12.0084 4604 SASDIFSV - ok
14:44:12.0116 4604 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
14:44:12.0117 4604 SASKUTIL - ok
14:44:12.0217 4604 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
14:44:12.0219 4604 sbp2port - ok
14:44:12.0274 4604 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
14:44:12.0275 4604 scfilter - ok
14:44:12.0329 4604 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
14:44:12.0330 4604 secdrv - ok
14:44:12.0463 4604 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
14:44:12.0464 4604 Serenum - ok
14:44:12.0505 4604 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
14:44:12.0506 4604 Serial - ok
14:44:12.0540 4604 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
14:44:12.0540 4604 sermouse - ok
14:44:12.0596 4604 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
14:44:12.0596 4604 sffdisk - ok
14:44:12.0662 4604 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
14:44:12.0663 4604 sffp_mmc - ok
14:44:12.0686 4604 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
14:44:12.0687 4604 sffp_sd - ok
14:44:12.0754 4604 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
14:44:12.0755 4604 sfloppy - ok
14:44:12.0861 4604 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
14:44:12.0862 4604 sisagp - ok
14:44:13.0013 4604 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
14:44:13.0014 4604 SiSRaid2 - ok
14:44:13.0039 4604 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
14:44:13.0041 4604 SiSRaid4 - ok
14:44:13.0142 4604 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
14:44:13.0143 4604 Smb - ok
14:44:13.0210 4604 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
14:44:13.0211 4604 spldr - ok
14:44:13.0365 4604 SRTSP (83726cf02eced69138948083e06b6eac) C:\Windows\system32\drivers\N360\0501000.01D\SRTSP.SYS
14:44:13.0373 4604 SRTSP - ok
14:44:13.0451 4604 SRTSPX (4e7eab2e5615d39cf1f1df9c71e5e225) C:\Windows\system32\drivers\N360\0501000.01D\SRTSPX.SYS
14:44:13.0453 4604 SRTSPX - ok
14:44:13.0541 4604 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
14:44:13.0546 4604 srv - ok
14:44:13.0580 4604 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
14:44:13.0583 4604 srv2 - ok
14:44:13.0634 4604 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
14:44:13.0635 4604 srvnet - ok
14:44:13.0734 4604 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
14:44:13.0735 4604 stexstor - ok
14:44:13.0786 4604 storflt (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys
14:44:13.0787 4604 storflt - ok
14:44:13.0836 4604 storvsc (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys
14:44:13.0838 4604 storvsc - ok
14:44:13.0858 4604 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
14:44:13.0859 4604 swenum - ok
14:44:13.0987 4604 SymDS (9bbeb8c6258e72d62e7560e6667aad39) C:\Windows\system32\drivers\N360\0501000.01D\SYMDS.SYS
14:44:13.0992 4604 SymDS - ok
14:44:14.0072 4604 SymEFA (d5c02629c02a820a7e71bca3d44294a3) C:\Windows\system32\drivers\N360\0501000.01D\SYMEFA.SYS
14:44:14.0099 4604 SymEFA - ok
14:44:14.0201 4604 SymEvent (ab33c3b196197ca467cbdda717860dba) C:\Windows\system32\Drivers\SYMEVENT.SYS
14:44:14.0204 4604 SymEvent - ok
14:44:14.0256 4604 SymIRON (a73399804d5d4a8b20ba60fcf70c9f1f) C:\Windows\system32\drivers\N360\0501000.01D\Ironx86.SYS
14:44:14.0259 4604 SymIRON - ok
14:44:14.0312 4604 SymNetS (2c688094650d23b62b0a809decd0b12f) C:\Windows\system32\drivers\N360\0501000.01D\SYMNETS.SYS
14:44:14.0317 4604 SymNetS - ok
14:44:14.0419 4604 Synth3dVsc - ok
14:44:14.0505 4604 Tcpip (04e4a7d53a7ace02e8c55b17a498f631) C:\Windows\system32\drivers\tcpip.sys
14:44:14.0520 4604 Tcpip - ok
14:44:14.0554 4604 TCPIP6 (04e4a7d53a7ace02e8c55b17a498f631) C:\Windows\system32\DRIVERS\tcpip.sys
14:44:14.0563 4604 TCPIP6 - ok
14:44:14.0608 4604 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
14:44:14.0609 4604 tcpipreg - ok
14:44:14.0718 4604 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
14:44:14.0720 4604 TDPIPE - ok
14:44:14.0733 4604 TDTCP (2c10395baa4847f83042813c515cc289) C:\Windows\system32\drivers\tdtcp.sys
14:44:14.0734 4604 TDTCP - ok
14:44:14.0773 4604 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
14:44:14.0775 4604 tdx - ok
14:44:14.0804 4604 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
14:44:14.0806 4604 TermDD - ok
14:44:14.0958 4604 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
14:44:14.0959 4604 tssecsrv - ok
14:44:15.0008 4604 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
14:44:15.0009 4604 TsUsbFlt - ok
14:44:15.0018 4604 tsusbhub - ok
14:44:15.0148 4604 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
14:44:15.0150 4604 tunnel - ok
14:44:15.0201 4604 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
14:44:15.0202 4604 uagp35 - ok
14:44:15.0263 4604 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
14:44:15.0267 4604 udfs - ok
14:44:15.0358 4604 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
14:44:15.0359 4604 uliagpkx - ok
14:44:15.0427 4604 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys
14:44:15.0429 4604 umbus - ok
14:44:15.0491 4604 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
14:44:15.0492 4604 UmPass - ok
14:44:15.0585 4604 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
14:44:15.0586 4604 USBAAPL - ok
14:44:15.0647 4604 usbaudio (1d9f2bd026e8e2d45033a4df3f16b78c) C:\Windows\system32\drivers\usbaudio.sys
14:44:15.0649 4604 usbaudio - ok
14:44:15.0721 4604 usbccgp (7e72e7d7e0757d59481d530fd2b0bfae) C:\Windows\system32\drivers\usbccgp.sys
14:44:15.0723 4604 usbccgp - ok
14:44:15.0761 4604 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
14:44:15.0763 4604 usbcir - ok
14:44:15.0796 4604 usbehci (cfbce999c057d78979a181c9c60f208e) C:\Windows\system32\drivers\usbehci.sys
14:44:15.0797 4604 usbehci - ok
14:44:15.0825 4604 usbhub (9d22aad9ac6a07c691a1113e5f860868) C:\Windows\system32\drivers\usbhub.sys
14:44:15.0828 4604 usbhub - ok
14:44:15.0897 4604 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\drivers\usbohci.sys
14:44:15.0897 4604 usbohci - ok
14:44:15.0930 4604 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
14:44:15.0931 4604 usbprint - ok
14:44:15.0973 4604 USBSTOR (bf63ebfc6979fefb2bc03df7989a0c1a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:44:15.0974 4604 USBSTOR - ok
14:44:16.0005 4604 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\drivers\usbuhci.sys
14:44:16.0007 4604 usbuhci - ok
14:44:16.0095 4604 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
14:44:16.0096 4604 vdrvroot - ok
14:44:16.0151 4604 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
14:44:16.0153 4604 vga - ok
14:44:16.0197 4604 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
14:44:16.0198 4604 VgaSave - ok
14:44:16.0260 4604 VGPU - ok
14:44:16.0303 4604 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
14:44:16.0307 4604 vhdmp - ok
14:44:16.0352 4604 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
14:44:16.0354 4604 viaagp - ok
14:44:16.0422 4604 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
14:44:16.0424 4604 ViaC7 - ok
14:44:16.0479 4604 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
14:44:16.0480 4604 viaide - ok
14:44:16.0505 4604 vmbus (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys
14:44:16.0509 4604 vmbus - ok
14:44:16.0543 4604 VMBusHID (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys
14:44:16.0544 4604 VMBusHID - ok
14:44:16.0632 4604 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
14:44:16.0633 4604 volmgr - ok
14:44:16.0687 4604 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
14:44:16.0691 4604 volmgrx - ok
14:44:16.0769 4604 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
14:44:16.0774 4604 volsnap - ok
14:44:16.0834 4604 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
14:44:16.0836 4604 vsmraid - ok
14:44:16.0950 4604 VSTHWBS2 (682fcf7d2eb5158cd30408e976562408) C:\Windows\system32\DRIVERS\VSTBS23.SYS
14:44:16.0955 4604 VSTHWBS2 - ok
14:44:17.0006 4604 VST_DPV (ceb4e3b6890e1e42dca6694d9e59e1a0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS
14:44:17.0016 4604 VST_DPV - ok
14:44:17.0061 4604 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
14:44:17.0062 4604 vwifibus - ok
14:44:17.0211 4604 VX3000 (42870675b4d84acd81a9da69b83f14c5) C:\Windows\system32\DRIVERS\VX3000.sys
14:44:17.0233 4604 VX3000 - ok
14:44:17.0274 4604 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
14:44:17.0275 4604 WacomPen - ok
14:44:17.0380 4604 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
14:44:17.0381 4604 WANARP - ok
14:44:17.0393 4604 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
14:44:17.0394 4604 Wanarpv6 - ok
14:44:17.0457 4604 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
14:44:17.0458 4604 Wd - ok
14:44:17.0513 4604 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
14:44:17.0519 4604 Wdf01000 - ok
14:44:17.0675 4604 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
14:44:17.0676 4604 WfpLwf - ok
14:44:17.0702 4604 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
14:44:17.0703 4604 WIMMount - ok
14:44:17.0751 4604 winachsf (bc0c7ea89194c299f051c24119000e17) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
14:44:17.0760 4604 winachsf - ok
14:44:17.0910 4604 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys
14:44:17.0911 4604 WinUsb - ok
14:44:17.0946 4604 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
14:44:17.0946 4604 WmiAcpi - ok
14:44:18.0021 4604 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
14:44:18.0021 4604 ws2ifsl - ok
14:44:18.0180 4604 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
14:44:18.0181 4604 WudfPf - ok
14:44:18.0251 4604 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
14:44:18.0257 4604 \Device\Harddisk0\DR0 - ok
14:44:18.0266 4604 Boot (0x1200) (43fc0a560eb3a8da4d009de45d7b1801) \Device\Harddisk0\DR0\Partition0
14:44:18.0267 4604 \Device\Harddisk0\DR0\Partition0 - ok
14:44:18.0302 4604 Boot (0x1200) (adf9c7ec54075cc914fa147ee742adb4) \Device\Harddisk0\DR0\Partition1
14:44:18.0303 4604 \Device\Harddisk0\DR0\Partition1 - ok
14:44:18.0308 4604 ============================================================
14:44:18.0308 4604 Scan finished
14:44:18.0308 4604 ============================================================
14:44:18.0326 3604 Detected object count: 0
14:44:18.0326 3604 Actual detected object count: 0

#8 nasdaq

nasdaq

  • Malware Response Team
  • 38,950 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:19 AM

Posted 26 October 2011 - 06:36 AM

You can now run these tools.

Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop

IMPORTANT....

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Do not install any other programs until this if fixed.


How to : Disable Anti-virus and Firewall...
http://www.bleepingcomputer.com/forums/topic114351.html

Double click on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt
Note:
Do not mouse click ComboFix's window while it's running. That may cause it to stall


Note: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html


===

Third party programs if not up to date can be the cause infiltration of an infection.

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

Please post the logs and let me know what problem persists.

#9 needrac

needrac
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:19 AM

Posted 26 October 2011 - 09:24 PM

ComboFix 11-10-26.08 - Needra 26/10/2011 22:00:37.5.2 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.2.1033.18.1919.1216 [GMT -4:00]
Running from: c:\users\Needra\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Internet Explorer\3488
.
.
((((((((((((((((((((((((( Files Created from 2011-09-27 to 2011-10-27 )))))))))))))))))))))))))))))))
.
.
2011-10-27 02:07 . 2011-10-27 02:07 -------- d-----w- c:\users\Public\AppData\Local\temp
2011-10-27 02:07 . 2011-10-27 02:07 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-10-21 22:49 . 2011-08-31 21:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-10-21 22:39 . 2011-10-21 22:45 -------- d-----w- c:\users\Needra\AppData\Local\NPE
2011-10-20 23:33 . 2011-10-21 12:14 -------- d-----w- c:\users\Needra\AppData\Local\CrashDumps
2011-10-20 23:03 . 2011-07-06 16:44 27888 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2011-10-20 23:03 . 2011-10-20 23:03 126584 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2011-10-20 23:03 . 2011-10-20 23:03 -------- d-----w- c:\program files\Symantec
2011-10-20 23:02 . 2011-10-20 23:02 -------- d-----w- c:\windows\system32\drivers\N360
2011-10-20 23:02 . 2011-10-20 23:02 -------- d-----w- c:\program files\Norton 360
2011-10-20 23:02 . 2011-10-20 23:02 -------- d-----w- c:\program files\NortonInstaller
2011-10-20 22:55 . 2011-10-20 22:55 -------- d-----w- c:\programdata\PCSettings
2011-10-20 22:51 . 2011-10-21 22:39 -------- d-----w- c:\programdata\Norton
2011-10-20 22:27 . 2011-10-27 02:07 -------- d-----w- c:\users\Needra\AppData\Local\temp
2011-10-19 16:20 . 2011-10-21 01:44 -------- d-----w- c:\program files\ACAEE
2011-10-19 16:20 . 2011-10-21 02:06 -------- d-----w- c:\users\Needra\AppData\Roaming\821AC
2011-10-19 16:20 . 2011-10-19 21:32 -------- d-----w- c:\users\Needra\AppData\Roaming\Ylge
2011-10-19 16:20 . 2011-10-19 16:20 -------- d-----w- c:\users\Needra\AppData\Roaming\Yczee
2011-10-16 16:32 . 2011-10-16 16:32 -------- d-----w- c:\program files\iPod
2011-10-16 16:29 . 2011-10-16 16:29 -------- d-----w- c:\program files\Bonjour
2011-10-13 23:34 . 2011-10-13 23:34 -------- d-----w- c:\users\Needra\AppData\Local\DDMSettings
2011-10-13 23:30 . 2011-10-13 23:30 -------- d-----w- c:\users\Needra\AppData\Roaming\DivX
2011-10-13 23:29 . 2011-10-13 23:30 -------- d-----w- c:\program files\Common Files\DivX Shared
2011-10-13 23:29 . 2011-10-13 23:31 -------- d-----w- c:\program files\DivX
2011-10-13 23:28 . 2011-10-13 23:31 -------- d-----w- c:\programdata\DivX
2011-10-13 21:57 . 2011-08-27 04:26 571904 ----a-w- c:\windows\system32\oleaut32.dll
2011-10-13 21:57 . 2011-08-27 04:26 233472 ----a-w- c:\windows\system32\oleacc.dll
2011-10-13 21:57 . 2011-08-17 04:24 465408 ----a-w- c:\windows\system32\psisdecd.dll
2011-10-13 21:57 . 2011-08-17 04:19 75776 ----a-w- c:\windows\system32\psisrndr.ax
2011-10-13 21:57 . 2011-09-06 02:28 2334720 ----a-w- c:\windows\system32\win32k.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-29 09:58 . 2011-05-15 12:30 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-08-31 03:05 . 2011-08-31 03:05 83816 ----a-w- c:\windows\system32\dns-sd.exe
2011-08-31 03:05 . 2011-08-31 03:05 73064 ----a-w- c:\windows\system32\dnssd.dll
2011-08-02 00:38 . 2011-08-02 00:38 86528 ----a-w- c:\windows\system32\iesysprep.dll
2011-08-02 00:38 . 2011-08-02 00:38 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-08-02 00:38 . 2011-08-02 00:38 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-08-02 00:38 . 2011-08-02 00:38 63488 ----a-w- c:\windows\system32\tdc.ocx
2011-08-02 00:38 . 2011-08-02 00:38 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-08-02 00:38 . 2011-08-02 00:38 367104 ----a-w- c:\windows\system32\html.iec
2011-08-02 00:38 . 2011-08-02 00:38 161792 ----a-w- c:\windows\system32\msls31.dll
2011-08-02 00:38 . 2011-08-02 00:38 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-08-02 00:38 . 2011-08-02 00:38 74752 ----a-w- c:\windows\system32\iesetup.dll
2011-08-02 00:38 . 2011-08-02 00:38 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-08-02 00:38 . 2011-08-02 00:38 35840 ----a-w- c:\windows\system32\imgutil.dll
2011-08-02 00:38 . 2011-08-02 00:38 23552 ----a-w- c:\windows\system32\licmgr10.dll
2011-08-02 00:38 . 2011-08-02 00:38 152064 ----a-w- c:\windows\system32\wextract.exe
2011-08-02 00:38 . 2011-08-02 00:38 150528 ----a-w- c:\windows\system32\iexpress.exe
2011-08-02 00:38 . 2011-08-02 00:38 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2011-08-02 00:38 . 2011-08-02 00:38 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2011-08-02 00:38 . 2011-08-02 00:38 11776 ----a-w- c:\windows\system32\mshta.exe
2011-08-02 00:38 . 2011-08-02 00:38 101888 ----a-w- c:\windows\system32\admparse.dll
2011-10-01 10:51 . 2011-09-04 23:22 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-10-20_22.11.52 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-12-03 16:53 . 2011-10-27 01:15 45588 c:\windows\System32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 04:55 . 2011-10-27 01:15 51562 c:\windows\System32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-12-03 07:37 . 2011-10-25 13:47 13682 c:\windows\System32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3643368048-2453906334-2554358742-1000_UserData.bin
+ 2011-10-20 23:03 . 2010-08-21 03:59 26600 c:\windows\System32\DRVSTORE\GEARAspiWD_F922651AD36DADE59756BB9CB900A74834B0879B\x86\GEARAspiWDM.sys
+ 2011-10-20 23:03 . 2011-03-31 03:00 50168 c:\windows\System32\drivers\N360\0501000.01D\srtspx.sys
+ 2009-12-03 06:04 . 2011-10-20 23:37 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-12-03 06:04 . 2011-10-20 20:34 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-12-03 06:04 . 2011-10-20 20:34 49152 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-12-03 06:04 . 2011-10-20 23:37 49152 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:41 . 2011-10-20 20:34 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:41 . 2011-10-20 23:37 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-10-06 05:42 . 2011-10-06 05:42 92008 c:\windows\Installer\$PatchCache$\Managed\8E0DB6293A422D14FAB943F0A173DE21\3.1.8\com.apple.DotMacSync.client_main.dll
+ 2011-10-06 05:42 . 2011-10-06 05:42 55144 c:\windows\Installer\$PatchCache$\Managed\8E0DB6293A422D14FAB943F0A173DE21\3.1.8\com.apple.DotMacSync.client.exe
- 2011-10-20 21:26 . 2011-10-20 21:26 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-10-27 01:13 . 2011-10-27 01:13 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-10-20 21:26 . 2011-10-20 21:26 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-10-27 01:13 . 2011-10-27 01:13 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 02:05 . 2011-10-27 01:19 619206 c:\windows\System32\perfh009.dat
- 2009-07-14 02:05 . 2011-10-20 20:23 619206 c:\windows\System32\perfh009.dat
+ 2009-07-14 02:05 . 2011-10-27 01:19 107388 c:\windows\System32\perfc009.dat
- 2009-07-14 02:05 . 2011-10-20 20:23 107388 c:\windows\System32\perfc009.dat
+ 2010-01-12 20:52 . 2010-08-21 03:59 106928 c:\windows\System32\GEARAspi.dll
+ 2011-10-20 23:03 . 2011-07-08 21:44 299640 c:\windows\System32\drivers\N360\0501000.01D\symnets.sys
+ 2011-10-20 23:03 . 2011-03-15 02:31 744568 c:\windows\System32\drivers\N360\0501000.01D\SymEFA.sys
+ 2011-10-20 23:03 . 2011-01-27 06:47 340088 c:\windows\System32\drivers\N360\0501000.01D\SymDS.sys
+ 2011-10-20 23:03 . 2011-03-31 03:00 516216 c:\windows\System32\drivers\N360\0501000.01D\srtsp.sys
+ 2011-10-20 23:03 . 2011-01-27 05:07 136312 c:\windows\System32\drivers\N360\0501000.01D\Ironx86.sys
- 2009-07-14 04:47 . 2011-10-20 21:24 352120 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 04:47 . 2011-10-26 04:28 352120 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-10-06 05:42 . 2011-10-06 05:42 571240 c:\windows\Installer\$PatchCache$\Managed\8E0DB6293A422D14FAB943F0A173DE21\3.1.8\DotMacSyncManager.dll
+ 2011-08-02 00:50 . 2011-10-26 04:28 7178864 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3643368048-2453906334-2554358742-1000-12288.dat
+ 2011-10-23 21:55 . 2011-10-23 21:55 8232960 c:\windows\Installer\e64b1.msi
+ 2011-10-23 21:55 . 2011-10-23 21:55 4558336 c:\windows\Installer\e647b.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-17 3872080]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SlipStream"="c:\program files\Netscape Accelerator\slipcore.exe" [2006-04-06 237568]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-10-09 421736]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-10-06 59240]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Exif Launcher S.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Exif Launcher S.lnk
backup=c:\windows\pss\Exif Launcher S.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Snapfish Media Detector.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Snapfish Media Detector.lnk
backup=c:\windows\pss\Snapfish Media Detector.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2011-10-06 05:52 59240 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2009-07-14 01:14 8704 ----a-w- c:\windows\System32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2005-02-17 06:11 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv]
2006-09-28 13:42 65536 ----a-w- c:\hp\support\hpsysdrv.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-10-09 22:06 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]
2006-12-08 16:16 65536 ----a-w- c:\hp\KBD\KbdStub.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LifeCam]
2009-07-24 20:05 118640 ----a-w- c:\program files\Microsoft LifeCam\LifeExp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2009-11-10 20:39 5244216 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-04-17 03:12 3872080 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OsdMaestro]
2007-02-15 10:59 118784 ----a-w- c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-07-05 22:36 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2007-03-01 15:38 4390912 ----a-w- c:\windows\RtHDVCpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2010-11-20 12:17 1174016 ----a-w- c:\program files\Windows Sidebar\sidebar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SnapfishMediaDetector]
2007-03-02 21:55 1441792 ----a-w- c:\program files\Snapfish Media Detector\SnapfishMediaDetector.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-02-18 16:43 248040 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2011-07-29 01:09 4599680 ----a-w- c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VX3000]
2009-06-26 22:21 757248 ----a-w- c:\windows\vVX3000.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
R3 BlackBox;BlackBox SR2; [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [x]
R3 rcmirror;rcmirror;c:\windows\system32\DRIVERS\rcmirror.sys [2008-10-08 3328]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-04-20 1343400]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0501000.01D\SYMDS.SYS [2011-01-27 340088]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0501000.01D\SYMEFA.SYS [2011-03-15 744568]
S1 BHDrvx86;BHDrvx86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20111014.001\BHDrvx86.sys [2011-10-15 818808]
S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20111026.030\IDSvix86.sys [2011-10-20 368248]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2011-07-22 12880]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 67664]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0501000.01D\Ironx86.SYS [2011-01-27 136312]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\system32\drivers\N360\0501000.01D\SYMNETS.SYS [2011-07-08 299640]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-07-19 123264]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
S2 N360;Norton 360;c:\program files\Norton 360\Engine\5.1.0.29\ccSvcHst.exe [2011-04-17 130008]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-10-19 105592]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-08-31 22216]
S3 VST_DPV;VST_DPV;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
S3 VSTHWBS2;VSTHWBS2;c:\windows\system32\DRIVERS\VSTBS23.SYS [2009-07-13 266752]
.
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uInternet Settings,ProxyOverride = *.local
uInternet Settings,ProxyServer = http=127.0.0.1:50626
LSP: c:\progra~1\NETSCA~2\sliplsp.dll
Trusted Zone: paypal.com\www
TCP: DhcpNameServer = 64.71.255.198
FF - ProfilePath - c:\users\Needra\AppData\Roaming\Mozilla\Firefox\Profiles\gx4sbjp1.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 50626
FF - prefs.js: network.proxy.type - 0
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-ccApp - c:\program files\Common Files\Symantec Shared\ccApp.exe
MSConfigStartUp-IS CfgWiz - c:\program files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\cltUIStb.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\N360]
"ImagePath"="\"c:\program files\Norton 360\Engine\5.1.0.29\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\5.1.0.29\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(5692)
c:\program files\Norton 360\Engine\5.1.0.29\buShell.dll
c:\windows\System32\netshell.dll
.
Completion time: 2011-10-26 22:10:39
ComboFix-quarantined-files.txt 2011-10-27 02:10
ComboFix2.txt 2011-10-20 22:27
ComboFix3.txt 2011-09-12 23:14
.
Pre-Run: 278,873,059,328 bytes free
Post-Run: 279,040,258,048 bytes free
.
- - End Of File - - C9B4360A73EF800B47DFC83351FFDAC8


Results of screen317's Security Check version 0.99.24
Windows 7 Service Pack 1 x86 (UAC is disabled!)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
Norton 360
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware
Java™ 6 Update 20
Out of date Java installed!
Adobe Flash Player ( 10.3.183.10) Flash Player Out of Date!
Mozilla Firefox (x86 en-US..)
````````````````````````````````
Process Check:
objlist.exe by Laurent

Norton ccSvcHst.exe
Malwarebytes' Anti-Malware mbamservice.exe
Malwarebytes' Anti-Malware mbamgui.exe
``````````End of Log````````````


I am still hearing bleeping sounds that it makes when I had the multiple pop-ups every time I sign onto my computer it last for 10 seconds or so. All my programs folders in the Start menu are empty

#10 nasdaq

nasdaq

  • Malware Response Team
  • 38,950 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:19 AM

Posted 27 October 2011 - 09:22 AM

I am still hearing bleeping sounds that it makes when I had the multiple pop-ups every time I sign onto my computer it last for 10 seconds or so.

You have a number of programs that should start when you boot your system.
The are in your Startup folder. Are these programs started?
The operating system may be looking for them and they are not found. (not sure)
===

All my programs folders in the Start menu are empty

To make your files visible again, please download the following program to your desktop:

Unhide.exe

Once the program has been downloaded, double-click on the Unhide.exe icon on your desktop and allow the program to run. This program will remove the +H, or hidden, attribute from all the files on your hard drives. If there are any files that were purposely hidden by you, you will need to hide them again after this tool is run.

This may take sometime, please let if finish.
=====

However, the newer variants of the FakeHDD rogue programs are now deleting the following folders and storing them into a numbered folder under %Temp%\smtmp\:

%Temp%\smtmp\1\ => %AllUsersProfile%\Start Menu
%Temp%\smtmp\2\ => %UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch
%Temp%\smtmp\3\ => %AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar
%Temp%\smtmp\4\ => %AllUsersProfile%\Desktop

It goes without saying that running a %temp% cleaner ahead of restoration would result in loss of these folders

If the program list is still empty try this.

Right click on each of the folders and selected Open, to open the start menu folder in Explorer. Then browse to C:\Program Files\<program name> (or whatever location the program is installed in), locate the main program's .exe file (it will usually have a name very similar to the program name and the same icon), copy and paste it into the start menu folder you have open. Then close the folders and look in your start menu again, the shortcut should be there and functioning!

So for example, the start menu folder SpeedCrunch show up as (Empty). Right clicked on the folder and selected Open, then opened C:\Program Files\SpeedCrunch and located the .exe file named "speedcrunch". Copy and paste that file into the start menu folder".
===

Open notepad and copy/paste the text in the quote box below into it:

Firefox::
FF - ProfilePath - c:\users\Needra\AppData\Roaming\Mozilla\Firefox\Profiles\gx4sbjp1.default\
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 50626
FF - prefs.js: network.proxy.type - 0


Save this as CFScript on your desktop.

Posted Image

Referring to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log.

Please let me know what problem persists.

#11 nasdaq

nasdaq

  • Malware Response Team
  • 38,950 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:19 AM

Posted 02 November 2011 - 09:57 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users