Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I think I have malware affecting Firefox - and now my machine in general


  • This topic is locked This topic is locked
22 replies to this topic

#1 khaoswolfkat

khaoswolfkat

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:02:12 AM

Posted 20 October 2011 - 05:18 AM

Original topic here: http://www.bleepingcomputer.com/forums/topic422118.html/page__pid__2447997#entry2447997

Hello there,

I'm pretty well convinced that I've got something akin to a hijacker or something..

Firefox has been routinely hanging up, not responding, the pg up/down buttons stop working properly, becoming back and forward browser buttons instead, and the FF open browser windows will places (ie: switch locations in the taskbar) seemingly randomly.
Restarting the computer usually solves the issues for a little while, but then it happens again; sometimes within minutes, sometimes after an hour or more.
Restarting the browser does nothing to help.

I've updated Firefox, as well as completely uninstalling and resinstalling it, cleared cache and cookies, and disabled all add ons. I have also run HJT (deleting suspicious items), Spybot S&D, Malwarebytes, IObit quick care tool, and done full scans with both Avast and Microsoft Security essentials. Of course, I made sure all programs were up to date before doing so.

Despite all of this, I am still having all the same troubles and nothing more nefarious than doubleclick has shown up in any scans!

I'm running Win7 Home Premium w/svc pk 1 (64 bit)

Please help,
~ Khaos


Since the initial post, my machine has also decided to suddenly attempt to restart for no apparent reason, each time failing to do so properly, bringing up the typical, "do you want to continue in safe mode, safe mode with networking, safe mode with cheese and crackers, or plain old, boring normal" screen.

Additional note: I did not zip up the Attach.txt file, as instructed in the DDS software, as it seemed fairly clear in the preparation instructions here that I was not meant to do so. If I have erred, I apologise!

--------------------------------------------------
BEGIN DDS LOG:
--------------------------------------------------

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_26
Run by K at 3:12:24 on 2011-10-20
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4061.1585 [GMT -7:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
C:\Program Files\ATKGFNEX\GFNEXSrv.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Elantech\ETDCtrl.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCTray.exe
C:\Program Files (x86)\CrashPlan\CrashPlanTray.exe
C:\Program Files (x86)\BrigSoft\AlarmMasterPlus\AlarmMasterPlus.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\ASUS\ATK Hotkey\Atouch64.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
C:\Program Files (x86)\IObit\Smart Defrag 2\SmartDefrag.exe
C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
C:\Program Files\P4G\BatteryLife.exe
C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCService.exe
C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
C:\Windows\SysWOW64\svchost.exe -k Akamai
C:\Program Files (x86)\CrashPlan\CrashPlanService.exe
C:\ProgramData\EPSON\EPW!3 SSRP\E_S30RP1.EXE
c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Windows\system32\SearchIndexer.exe
c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
C:\Program Files (x86)\Winamp\winampa.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\ASUS\ATK Hotkey\KBFiltr.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Notepad++\notepad++.exe
C:\Windows\splwow64.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://legendoflyrean.com/home.php?
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn3\yt.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn3\yt.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [Messenger (Yahoo!)] "C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe" -quiet
uRun: [Advanced SystemCare 4] C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCTray.exe
uRun: [EPSON Stylus CX5000 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_FATIBVA.EXE /FU "C:\Users\K\AppData\Local\Temp\E_S57A.tmp" /EF "HKCU"
mRun: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
mRun: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
mRun: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Corel File Shell Monitor] c:\Program Files (x86)\Corel\Corel PaintShop Photo Pro\X3\PSPClassic\CorelIOMonitor.exe
dRun: [EPSON Stylus CX5000 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_FATIBVA.EXE /FU "C:\Windows\TEMP\E_SC297.tmp" /EF "HKCU"
StartupFolder: C:\Users\K\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ALARMM~1.LNK - C:\Program Files (x86)\BrigSoft\AlarmMasterPlus\AlarmMasterPlus.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\CRASHP~1.LNK - C:\Program Files (x86)\CrashPlan\CrashPlanTray.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: DhcpNameServer = 192.168.11.1
TCP: Interfaces\{690B4204-6292-4BE8-BDC2-B9FAFC2404BF} : DhcpNameServer = 192.168.11.1
TCP: Interfaces\{690B4204-6292-4BE8-BDC2-B9FAFC2404BF}\051627164696375613 : DhcpNameServer = 192.168.15.1
TCP: Interfaces\{690B4204-6292-4BE8-BDC2-B9FAFC2404BF}\2514E47494E474F5E4564777F627B6 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{690B4204-6292-4BE8-BDC2-B9FAFC2404BF}\2534555424 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{690B4204-6292-4BE8-BDC2-B9FAFC2404BF}\64C697D22456D264275656 : DhcpNameServer = 68.87.69.150 68.87.85.102
TCP: Interfaces\{DD593804-BE21-4AB1-A8E6-BA92D19A244B} : DhcpNameServer = 192.168.11.1
Name-Space Handler: ftp\* - {419A0123-4312-1122-A0C0-434FDA6DA542} - C:\Program Files (x86)\CoreFTP\pftpns.dll
BHO-X64: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn3\yt.dll
BHO-X64: 0x1 - No File
BHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
TB-X64: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn3\yt.dll
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
mRun-x64: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
mRun-x64: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
mRun-x64: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
mRun-x64: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [Corel File Shell Monitor] c:\Program Files (x86)\Corel\Corel PaintShop Photo Pro\X3\PSPClassic\CorelIOMonitor.exe
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\K\AppData\Roaming\Mozilla\Firefox\Profiles\qjznb177.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)
FF - prefs.js: browser.startup.homepage - hxxp://wolfden-enterprises.com/
FF - plugin: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 SmartDefragDriver;SmartDefragDriver;C:\Windows\system32\Drivers\SmartDefragDriver.sys --> C:\Windows\system32\Drivers\SmartDefragDriver.sys [?]
R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]
R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]
R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdvancedSystemCareService;Advanced SystemCare Service;C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCService.exe [2011-5-3 328536]
R2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2009-7-13 20992]
R2 ASMMAP64;ASMMAP64;C:\Program Files\ATKGFNEX\ASMMAP64.sys [2011-3-26 14904]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]
R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2011-9-25 44768]
R2 CrashPlanService;CrashPlan Backup Service;C:\Program Files (x86)\CrashPlan\CrashPlanService.exe [2011-3-16 152576]
R2 IMFservice;IMF Service;C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [2011-6-6 821080]
R3 AmUStor;AM USB Stroage Driver;C:\Windows\system32\drivers\AmUStor.SYS --> C:\Windows\system32\drivers\AmUStor.SYS [?]
R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\system32\DRIVERS\ETD.sys --> C:\Windows\system32\DRIVERS\ETD.sys [?]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;C:\Windows\system32\drivers\IntcHdmi.sys --> C:\Windows\system32\drivers\IntcHdmi.sys [?]
R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);C:\Windows\system32\DRIVERS\L1C62x64.sys --> C:\Windows\system32\DRIVERS\L1C62x64.sys [?]
R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETw5s64.sys --> C:\Windows\system32\DRIVERS\NETw5s64.sys [?]
R3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]
S3 FileMonitor;FileMonitor;C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [2011-6-6 20336]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-3-26 136176]
S3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]
S3 NETw1v64;Intel® Wireless WiFi Link 1000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\NETw1v64.sys --> C:\Windows\system32\DRIVERS\NETw1v64.sys [?]
S3 RegFilter;RegFilter;C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\RegFilter.sys [2011-6-6 33184]
S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\system32\DRIVERS\SiSG664.sys --> C:\Windows\system32\DRIVERS\SiSG664.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 UrlFilter;UrlFilter;C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\UrlFilter.sys [2011-6-6 21328]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 Application Updater;Application Updater;C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe [2011-5-6 393112]
S4 FastBootAgent;FastBootAgent;"C:\Windows\system32\FBAgent.exe" --> C:\Windows\system32\FBAgent.exe [?]
S4 FreeAgentGoNext Service;Seagate Service;C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe [2011-3-27 189736]
S4 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-3-26 136176]
.
=============== Created Last 30 ================
.
2011-10-19 19:32:48 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{6760DCCF-5AC6-41EF-8107-5960382C5B29}\offreg.dll
2011-10-19 12:18:38 8570192 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{6760DCCF-5AC6-41EF-8107-5960382C5B29}\mpengine.dll
2011-10-13 12:26:52 75776 ----a-w- C:\Windows\SysWow64\psisrndr.ax
2011-10-13 12:26:52 613888 ----a-w- C:\Windows\System32\psisdecd.dll
2011-10-13 12:26:52 465408 ----a-w- C:\Windows\SysWow64\psisdecd.dll
2011-10-13 12:26:52 108032 ----a-w- C:\Windows\System32\psisrndr.ax
2011-10-13 12:26:05 331776 ----a-w- C:\Windows\System32\oleacc.dll
2011-10-13 12:26:05 233472 ----a-w- C:\Windows\SysWow64\oleacc.dll
2011-10-13 12:26:04 861696 ----a-w- C:\Windows\System32\oleaut32.dll
2011-10-13 12:26:04 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
2011-10-11 07:48:14 917840 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{7F409E1F-BE04-4AB4-87EF-5A7436628060}\gapaengine.dll
2011-10-07 22:28:43 -------- d-----w- C:\Program Files (x86)\VS Revo Group
.
==================== Find3M ====================
.
2011-10-15 09:05:40 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-10-08 03:00:14 3766 ----a-w- C:\ProgramData\KGyGaAvL.sys
2011-10-01 03:25:37 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2011-10-01 02:42:56 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-09-06 20:45:29 41184 ----a-w- C:\Windows\avastSS.scr
2011-09-06 20:38:18 601944 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2011-09-06 20:36:30 65368 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2011-09-06 03:03:17 3138048 ----a-w- C:\Windows\System32\win32k.sys
2011-09-01 00:00:50 25416 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-08-24 01:42:54 332144 ----a-w- C:\Program Files (x86)\Common Files\MediaOrganizer.dll
2011-08-24 01:35:38 33136 ----a-w- C:\Program Files (x86)\Common Files\FlickrProvider.dll
2011-08-24 01:35:14 402800 ----a-w- C:\Program Files (x86)\Common Files\facebook.dll
2011-08-24 01:35:14 130416 ----a-w- C:\Program Files (x86)\Common Files\PluginCommon.dll
2011-08-24 01:34:26 465264 ----a-w- C:\Program Files (x86)\Common Files\AppFramework.dll
2011-08-20 05:37:58 1188864 ----a-w- C:\Windows\System32\wininet.dll
2011-08-20 04:31:05 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-08-17 06:46:42 88 --sh--r- C:\ProgramData\90C6A18871.sys
.
============= FINISH: 3:16:11.50 ===============
Attached File  Attach.txt   12.21KB   1 downloads

BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,739 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:12 AM

Posted 25 October 2011 - 05:20 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/424283 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 khaoswolfkat

khaoswolfkat
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:02:12 AM

Posted 25 October 2011 - 11:39 AM

Hallo help bot! And what a friendly little programme you are!

Alright. My initial post is pretty clear about what the problem is, as well as my windows version )I'm running Win7 Home Premium w/svc pk 1 - 64 bit). I do have my install disc, which shipped with the machine.

DDS log follows
-------------------

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_26
Run by K at 7:13:31 on 2011-10-25
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4061.1209 [GMT -7:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
C:\Program Files\ATKGFNEX\GFNEXSrv.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Elantech\ETDCtrl.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCTray.exe
C:\Program Files (x86)\CrashPlan\CrashPlanTray.exe
C:\Program Files (x86)\BrigSoft\AlarmMasterPlus\AlarmMasterPlus.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\ASUS\ATK Hotkey\Atouch64.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
C:\Program Files (x86)\IObit\Smart Defrag 2\SmartDefrag.exe
C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
C:\Program Files\P4G\BatteryLife.exe
C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCService.exe
C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
C:\Windows\SysWOW64\svchost.exe -k Akamai
C:\Program Files (x86)\CrashPlan\CrashPlanService.exe
C:\ProgramData\EPSON\EPW!3 SSRP\E_S30RP1.EXE
c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Windows\system32\SearchIndexer.exe
c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
C:\Program Files (x86)\Winamp\winampa.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\ASUS\ATK Hotkey\KBFiltr.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe
C:\Program Files (x86)\Notepad++\notepad++.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\Windows\splwow64.exe
C:\Windows\system32\UI0Detect.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://legendoflyrean.com/home.php?
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn3\yt.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn3\yt.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [Messenger (Yahoo!)] "C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe" -quiet
uRun: [Advanced SystemCare 4] C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCTray.exe
uRun: [EPSON Stylus CX5000 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_FATIBVA.EXE /FU "C:\Users\K\AppData\Local\Temp\E_S57A.tmp" /EF "HKCU"
mRun: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
mRun: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
mRun: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Corel File Shell Monitor] c:\Program Files (x86)\Corel\Corel PaintShop Photo Pro\X3\PSPClassic\CorelIOMonitor.exe
dRun: [EPSON Stylus CX5000 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_FATIBVA.EXE /FU "C:\Windows\TEMP\E_SC297.tmp" /EF "HKCU"
StartupFolder: C:\Users\K\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ALARMM~1.LNK - C:\Program Files (x86)\BrigSoft\AlarmMasterPlus\AlarmMasterPlus.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\CRASHP~1.LNK - C:\Program Files (x86)\CrashPlan\CrashPlanTray.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: DhcpNameServer = 192.168.11.1
TCP: Interfaces\{690B4204-6292-4BE8-BDC2-B9FAFC2404BF} : DhcpNameServer = 192.168.11.1
TCP: Interfaces\{690B4204-6292-4BE8-BDC2-B9FAFC2404BF}\051627164696375613 : DhcpNameServer = 192.168.15.1
TCP: Interfaces\{690B4204-6292-4BE8-BDC2-B9FAFC2404BF}\2514E47494E474F5E4564777F627B6 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{690B4204-6292-4BE8-BDC2-B9FAFC2404BF}\2534555424 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{690B4204-6292-4BE8-BDC2-B9FAFC2404BF}\64C697D22456D264275656 : DhcpNameServer = 68.87.69.150 68.87.85.102
TCP: Interfaces\{DD593804-BE21-4AB1-A8E6-BA92D19A244B} : DhcpNameServer = 192.168.11.1
Name-Space Handler: ftp\* - {419A0123-4312-1122-A0C0-434FDA6DA542} - C:\Program Files (x86)\CoreFTP\pftpns.dll
BHO-X64: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn3\yt.dll
BHO-X64: 0x1 - No File
BHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
TB-X64: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn3\yt.dll
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
mRun-x64: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
mRun-x64: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
mRun-x64: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
mRun-x64: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [Corel File Shell Monitor] c:\Program Files (x86)\Corel\Corel PaintShop Photo Pro\X3\PSPClassic\CorelIOMonitor.exe
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\K\AppData\Roaming\Mozilla\Firefox\Profiles\qjznb177.default\
FF - prefs.js: browser.search.selectedEngine - Amazon.com
FF - prefs.js: browser.startup.homepage - hxxp://wolfden-enterprises.com/
FF - plugin: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 SmartDefragDriver;SmartDefragDriver;C:\Windows\system32\Drivers\SmartDefragDriver.sys --> C:\Windows\system32\Drivers\SmartDefragDriver.sys [?]
R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]
R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]
R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdvancedSystemCareService;Advanced SystemCare Service;C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCService.exe [2011-5-3 328536]
R2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2009-7-13 20992]
R2 ASMMAP64;ASMMAP64;C:\Program Files\ATKGFNEX\ASMMAP64.sys [2011-3-26 14904]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]
R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2011-9-25 44768]
R2 CrashPlanService;CrashPlan Backup Service;C:\Program Files (x86)\CrashPlan\CrashPlanService.exe [2011-3-16 152576]
R2 IMFservice;IMF Service;C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [2011-6-6 821080]
R3 AmUStor;AM USB Stroage Driver;C:\Windows\system32\drivers\AmUStor.SYS --> C:\Windows\system32\drivers\AmUStor.SYS [?]
R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\system32\DRIVERS\ETD.sys --> C:\Windows\system32\DRIVERS\ETD.sys [?]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;C:\Windows\system32\drivers\IntcHdmi.sys --> C:\Windows\system32\drivers\IntcHdmi.sys [?]
R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);C:\Windows\system32\DRIVERS\L1C62x64.sys --> C:\Windows\system32\DRIVERS\L1C62x64.sys [?]
R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]
R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETw5s64.sys --> C:\Windows\system32\DRIVERS\NETw5s64.sys [?]
R3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]
S3 FileMonitor;FileMonitor;C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [2011-6-6 20336]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-3-26 136176]
S3 NETw1v64;Intel® Wireless WiFi Link 1000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\NETw1v64.sys --> C:\Windows\system32\DRIVERS\NETw1v64.sys [?]
S3 RegFilter;RegFilter;C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\RegFilter.sys [2011-6-6 33184]
S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\system32\DRIVERS\SiSG664.sys --> C:\Windows\system32\DRIVERS\SiSG664.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 UrlFilter;UrlFilter;C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\UrlFilter.sys [2011-6-6 21328]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 Application Updater;Application Updater;C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe [2011-5-6 393112]
S4 FastBootAgent;FastBootAgent;"C:\Windows\system32\FBAgent.exe" --> C:\Windows\system32\FBAgent.exe [?]
S4 FreeAgentGoNext Service;Seagate Service;C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe [2011-3-27 189736]
S4 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-3-26 136176]
.
=============== Created Last 30 ================
.
2011-10-24 19:40:40 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F7A13A07-B291-467C-A95E-EA411CEB5F1C}\offreg.dll
2011-10-24 19:40:35 8570192 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F7A13A07-B291-467C-A95E-EA411CEB5F1C}\mpengine.dll
2011-10-23 06:28:35 -------- d-----w- C:\Users\K\AppData\Local\Amazon
2011-10-23 06:28:25 -------- d-----w- C:\Program Files (x86)\Amazon
2011-10-13 12:26:52 75776 ----a-w- C:\Windows\SysWow64\psisrndr.ax
2011-10-13 12:26:52 613888 ----a-w- C:\Windows\System32\psisdecd.dll
2011-10-13 12:26:52 465408 ----a-w- C:\Windows\SysWow64\psisdecd.dll
2011-10-13 12:26:52 108032 ----a-w- C:\Windows\System32\psisrndr.ax
2011-10-13 12:26:05 331776 ----a-w- C:\Windows\System32\oleacc.dll
2011-10-13 12:26:05 233472 ----a-w- C:\Windows\SysWow64\oleacc.dll
2011-10-13 12:26:04 861696 ----a-w- C:\Windows\System32\oleaut32.dll
2011-10-13 12:26:04 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
2011-10-11 07:48:14 917840 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{7F409E1F-BE04-4AB4-87EF-5A7436628060}\gapaengine.dll
2011-10-07 22:28:43 -------- d-----w- C:\Program Files (x86)\VS Revo Group
.
==================== Find3M ====================
.
2011-10-15 09:05:40 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-10-08 03:00:14 3766 ----a-w- C:\ProgramData\KGyGaAvL.sys
2011-10-01 03:25:37 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2011-10-01 02:42:56 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-09-06 20:45:29 41184 ----a-w- C:\Windows\avastSS.scr
2011-09-06 20:38:18 601944 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2011-09-06 20:36:30 65368 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2011-09-06 03:03:17 3138048 ----a-w- C:\Windows\System32\win32k.sys
2011-09-01 00:00:50 25416 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-08-24 01:42:54 332144 ----a-w- C:\Program Files (x86)\Common Files\MediaOrganizer.dll
2011-08-24 01:35:38 33136 ----a-w- C:\Program Files (x86)\Common Files\FlickrProvider.dll
2011-08-24 01:35:14 402800 ----a-w- C:\Program Files (x86)\Common Files\facebook.dll
2011-08-24 01:35:14 130416 ----a-w- C:\Program Files (x86)\Common Files\PluginCommon.dll
2011-08-24 01:34:26 465264 ----a-w- C:\Program Files (x86)\Common Files\AppFramework.dll
2011-08-20 05:37:58 1188864 ----a-w- C:\Windows\System32\wininet.dll
2011-08-20 04:31:05 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-08-17 06:46:42 88 --sh--r- C:\ProgramData\90C6A18871.sys
.
============= FINISH: 7:17:44.23 ===============

Attached Files



#4 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,719 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:11:12 AM

Posted 27 October 2011 - 08:12 AM

Hello khaoswolfkat,

Apologies for the delay.

Please download TDSSKiller.zip and and extract it.
  • Run TDSSKiller.exe.
  • Click Start scan.
  • When it is finished the utility outputs a list of detected objects with description.
    The utility automatically selects an action (Cure or Delete) for malicious objects.
    The utility prompts the user to select an action to apply to suspicious objects (Skip, by default). Let the options as it is and click Continue
  • Let reboot if needed and tell me if the tool needed a reboot.
  • Click on Report and post the contents of the text file that will open.

    Note: By default, the utility outputs the log into system disk (it is usually the disk with installed operating system, C:\) root folder. The Log have a name like: TDSSKiller.Version_Date_Time_log.txt.


#5 khaoswolfkat

khaoswolfkat
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:02:12 AM

Posted 27 October 2011 - 08:28 AM

Hello khaoswolfkat,

Apologies for the delay.

Please download TDSSKiller.zip and and extract it.[list]
[*]Run TDSSKiller.exe.
[*] Click Start scan....


Hallo,
Thanks for the reply and I understand the delay. I was warned that there would be one.

Nothin'! And, when I DL'd it, I already had a copy, which reminded me that I had already run this, along with a couple other things in the "default" Bleeping Computer arsenal and had turned up exactly sweet bleepall.

I hope someone's got some more good ideas! :(

Thanks,
~ Khaos

Here is the report:
----------------------
06:21:20.0164 4068 TDSS rootkit removing tool 2.6.13.0 Oct 25 2011 13:56:21
06:21:20.0684 4068 ============================================================
06:21:20.0684 4068 Current date / time: 2011/10/27 06:21:20.0684
06:21:20.0684 4068 SystemInfo:
06:21:20.0684 4068
06:21:20.0684 4068 OS Version: 6.1.7601 ServicePack: 1.0
06:21:20.0684 4068 Product type: Workstation
06:21:20.0685 4068 ComputerName: MYASUSISBLEEDIN
06:21:20.0685 4068 UserName: K
06:21:20.0685 4068 Windows directory: C:\Windows
06:21:20.0685 4068 System windows directory: C:\Windows
06:21:20.0685 4068 Running under WOW64
06:21:20.0685 4068 Processor architecture: Intel x64
06:21:20.0685 4068 Number of processors: 2
06:21:20.0685 4068 Page size: 0x1000
06:21:20.0685 4068 Boot type: Normal boot
06:21:20.0685 4068 ============================================================
06:21:23.0722 4068 Initialize success
06:21:28.0151 3644 ============================================================
06:21:28.0151 3644 Scan started
06:21:28.0151 3644 Mode: Manual;
06:21:28.0151 3644 ============================================================
06:21:28.0754 3644 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
06:21:28.0758 3644 1394ohci - ok
06:21:28.0851 3644 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
06:21:28.0872 3644 ACPI - ok
06:21:29.0082 3644 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
06:21:29.0087 3644 AcpiPmi - ok
06:21:29.0237 3644 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
06:21:29.0246 3644 adp94xx - ok
06:21:29.0493 3644 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
06:21:29.0504 3644 adpahci - ok
06:21:29.0683 3644 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
06:21:29.0688 3644 adpu320 - ok
06:21:29.0980 3644 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
06:21:30.0018 3644 AFD - ok
06:21:30.0127 3644 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
06:21:30.0133 3644 agp440 - ok
06:21:30.0415 3644 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
06:21:30.0418 3644 aliide - ok
06:21:30.0527 3644 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
06:21:30.0533 3644 amdide - ok
06:21:30.0713 3644 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
06:21:30.0724 3644 AmdK8 - ok
06:21:30.0846 3644 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
06:21:30.0850 3644 AmdPPM - ok
06:21:30.0987 3644 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
06:21:30.0990 3644 amdsata - ok
06:21:31.0045 3644 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
06:21:31.0050 3644 amdsbs - ok
06:21:31.0078 3644 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
06:21:31.0083 3644 amdxata - ok
06:21:31.0149 3644 AmUStor (391887990cdaa83de5c56c3fde966da1) C:\Windows\system32\drivers\AmUStor.SYS
06:21:31.0150 3644 AmUStor - ok
06:21:31.0334 3644 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
06:21:31.0338 3644 AppID - ok
06:21:31.0561 3644 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
06:21:31.0564 3644 arc - ok
06:21:31.0598 3644 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
06:21:31.0601 3644 arcsas - ok
06:21:31.0735 3644 ASMMAP64 (2db34edd17d3a8da7105a19c95a3dd68) C:\Program Files\ATKGFNEX\ASMMAP64.sys
06:21:31.0737 3644 ASMMAP64 - ok
06:21:31.0869 3644 aswFsBlk (5a68b880c16ad5a6aa20b49a47ffff24) C:\Windows\system32\drivers\aswFsBlk.sys
06:21:31.0872 3644 aswFsBlk - ok
06:21:31.0961 3644 aswMonFlt (230613be2d3da8053879be5ed2848f2d) C:\Windows\system32\drivers\aswMonFlt.sys
06:21:31.0963 3644 aswMonFlt - ok
06:21:31.0999 3644 aswRdr (0dc1996ae4178d7d14744ef6b3082313) C:\Windows\system32\drivers\aswRdr.sys
06:21:32.0002 3644 aswRdr - ok
06:21:32.0042 3644 aswSnx (b6ff911c23775cdfdd49612d92637af4) C:\Windows\system32\drivers\aswSnx.sys
06:21:32.0054 3644 aswSnx - ok
06:21:32.0258 3644 aswSP (5a590d8516376aed1829fc07d3bdaa4b) C:\Windows\system32\drivers\aswSP.sys
06:21:32.0264 3644 aswSP - ok
06:21:32.0287 3644 aswTdi (3239c0082fb0c1c4ee323730b85690a5) C:\Windows\system32\drivers\aswTdi.sys
06:21:32.0292 3644 aswTdi - ok
06:21:32.0374 3644 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
06:21:32.0382 3644 AsyncMac - ok
06:21:32.0527 3644 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
06:21:32.0531 3644 atapi - ok
06:21:32.0659 3644 athr (e857eee6b92aaa473ebb3465add8f7e7) C:\Windows\system32\DRIVERS\athrx.sys
06:21:32.0725 3644 athr - ok
06:21:32.0938 3644 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
06:21:32.0958 3644 b06bdrv - ok
06:21:33.0100 3644 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
06:21:33.0106 3644 b57nd60a - ok
06:21:33.0203 3644 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
06:21:33.0207 3644 Beep - ok
06:21:33.0311 3644 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
06:21:33.0334 3644 blbdrive - ok
06:21:33.0400 3644 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
06:21:33.0406 3644 bowser - ok
06:21:33.0478 3644 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
06:21:33.0481 3644 BrFiltLo - ok
06:21:33.0500 3644 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
06:21:33.0502 3644 BrFiltUp - ok
06:21:33.0546 3644 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
06:21:33.0552 3644 Brserid - ok
06:21:33.0563 3644 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
06:21:33.0567 3644 BrSerWdm - ok
06:21:33.0614 3644 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
06:21:33.0617 3644 BrUsbMdm - ok
06:21:33.0687 3644 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
06:21:33.0690 3644 BrUsbSer - ok
06:21:33.0769 3644 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
06:21:33.0773 3644 BTHMODEM - ok
06:21:33.0955 3644 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
06:21:33.0959 3644 cdfs - ok
06:21:34.0056 3644 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
06:21:34.0061 3644 cdrom - ok
06:21:34.0144 3644 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
06:21:34.0147 3644 circlass - ok
06:21:34.0196 3644 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
06:21:34.0212 3644 CLFS - ok
06:21:34.0296 3644 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
06:21:34.0298 3644 CmBatt - ok
06:21:34.0428 3644 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
06:21:34.0431 3644 cmdide - ok
06:21:34.0574 3644 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
06:21:34.0596 3644 CNG - ok
06:21:34.0722 3644 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
06:21:34.0724 3644 Compbatt - ok
06:21:34.0864 3644 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
06:21:34.0869 3644 CompositeBus - ok
06:21:34.0980 3644 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
06:21:34.0982 3644 crcdisk - ok
06:21:35.0161 3644 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
06:21:35.0171 3644 DfsC - ok
06:21:35.0210 3644 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
06:21:35.0216 3644 discache - ok
06:21:35.0298 3644 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
06:21:35.0300 3644 Disk - ok
06:21:35.0355 3644 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
06:21:35.0357 3644 drmkaud - ok
06:21:35.0433 3644 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
06:21:35.0467 3644 DXGKrnl - ok
06:21:35.0644 3644 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
06:21:35.0739 3644 ebdrv - ok
06:21:35.0978 3644 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
06:21:35.0987 3644 elxstor - ok
06:21:36.0094 3644 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
06:21:36.0101 3644 ErrDev - ok
06:21:36.0141 3644 ETD (1299d1ea00b7a4bf69c5869dca31e0f6) C:\Windows\system32\DRIVERS\ETD.sys
06:21:36.0145 3644 ETD - ok
06:21:36.0204 3644 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
06:21:36.0210 3644 exfat - ok
06:21:36.0330 3644 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
06:21:36.0335 3644 fastfat - ok
06:21:36.0486 3644 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
06:21:36.0488 3644 fdc - ok
06:21:36.0555 3644 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
06:21:36.0558 3644 FileInfo - ok
06:21:36.0750 3644 FileMonitor (2b609f74fa2884c36471743322652a16) C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys
06:21:36.0753 3644 FileMonitor - ok
06:21:36.0892 3644 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
06:21:36.0895 3644 Filetrace - ok
06:21:36.0940 3644 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
06:21:36.0943 3644 flpydisk - ok
06:21:37.0007 3644 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
06:21:37.0013 3644 FltMgr - ok
06:21:37.0056 3644 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
06:21:37.0061 3644 FsDepends - ok
06:21:37.0083 3644 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
06:21:37.0089 3644 Fs_Rec - ok
06:21:37.0196 3644 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
06:21:37.0201 3644 fvevol - ok
06:21:37.0230 3644 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
06:21:37.0232 3644 gagp30kx - ok
06:21:37.0475 3644 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
06:21:37.0486 3644 hcw85cir - ok
06:21:37.0773 3644 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
06:21:37.0780 3644 HdAudAddService - ok
06:21:37.0889 3644 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
06:21:37.0895 3644 HDAudBus - ok
06:21:37.0965 3644 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
06:21:37.0967 3644 HidBatt - ok
06:21:37.0990 3644 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
06:21:37.0993 3644 HidBth - ok
06:21:38.0015 3644 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
06:21:38.0018 3644 HidIr - ok
06:21:38.0190 3644 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
06:21:38.0193 3644 HidUsb - ok
06:21:38.0312 3644 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
06:21:38.0315 3644 HpSAMD - ok
06:21:38.0458 3644 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
06:21:38.0479 3644 HTTP - ok
06:21:38.0624 3644 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
06:21:38.0633 3644 hwpolicy - ok
06:21:38.0808 3644 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
06:21:38.0819 3644 i8042prt - ok
06:21:38.0942 3644 iaStor (bbb3b6df1abb0fe35802ede85cc1c011) C:\Windows\system32\DRIVERS\iaStor.sys
06:21:38.0945 3644 iaStor - ok
06:21:39.0058 3644 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
06:21:39.0066 3644 iaStorV - ok
06:21:39.0473 3644 igfx (c6238c6abd6ac99f5d152da4e9439a3d) C:\Windows\system32\DRIVERS\igdkmd64.sys
06:21:39.0687 3644 igfx - ok
06:21:39.0824 3644 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
06:21:39.0828 3644 iirsp - ok
06:21:40.0024 3644 IntcAzAudAddService (3111a658416dc464ba1e48e3b2169952) C:\Windows\system32\drivers\RTKVHD64.sys
06:21:40.0103 3644 IntcAzAudAddService - ok
06:21:40.0225 3644 IntcHdmiAddService (d485d3bd3e2179aa86853a182f70699f) C:\Windows\system32\drivers\IntcHdmi.sys
06:21:40.0230 3644 IntcHdmiAddService - ok
06:21:40.0304 3644 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
06:21:40.0307 3644 intelide - ok
06:21:40.0414 3644 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
06:21:40.0417 3644 intelppm - ok
06:21:40.0530 3644 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
06:21:40.0538 3644 IpFilterDriver - ok
06:21:40.0699 3644 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
06:21:40.0704 3644 IPMIDRV - ok
06:21:40.0759 3644 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
06:21:40.0762 3644 IPNAT - ok
06:21:40.0865 3644 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
06:21:40.0868 3644 IRENUM - ok
06:21:40.0953 3644 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
06:21:40.0956 3644 isapnp - ok
06:21:40.0985 3644 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
06:21:40.0991 3644 iScsiPrt - ok
06:21:41.0029 3644 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
06:21:41.0031 3644 kbdclass - ok
06:21:41.0120 3644 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
06:21:41.0123 3644 kbdhid - ok
06:21:41.0195 3644 kbfiltr (e63ef8c3271d014f14e2469ce75fecb4) C:\Windows\system32\DRIVERS\kbfiltr.sys
06:21:41.0197 3644 kbfiltr - ok
06:21:41.0280 3644 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
06:21:41.0284 3644 KSecDD - ok
06:21:41.0372 3644 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
06:21:41.0378 3644 KSecPkg - ok
06:21:41.0504 3644 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
06:21:41.0507 3644 ksthunk - ok
06:21:41.0631 3644 L1C (2377ec4cc3e356655b996f39b43486b6) C:\Windows\system32\DRIVERS\L1C62x64.sys
06:21:41.0635 3644 L1C - ok
06:21:41.0774 3644 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
06:21:41.0779 3644 lltdio - ok
06:21:41.0916 3644 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
06:21:41.0920 3644 LSI_FC - ok
06:21:42.0012 3644 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
06:21:42.0016 3644 LSI_SAS - ok
06:21:42.0047 3644 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
06:21:42.0052 3644 LSI_SAS2 - ok
06:21:42.0079 3644 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
06:21:42.0082 3644 LSI_SCSI - ok
06:21:42.0125 3644 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
06:21:42.0129 3644 luafv - ok
06:21:42.0154 3644 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
06:21:42.0157 3644 megasas - ok
06:21:42.0199 3644 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
06:21:42.0210 3644 MegaSR - ok
06:21:42.0235 3644 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
06:21:42.0244 3644 Modem - ok
06:21:42.0280 3644 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
06:21:42.0281 3644 monitor - ok
06:21:42.0371 3644 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
06:21:42.0376 3644 mouclass - ok
06:21:42.0425 3644 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
06:21:42.0432 3644 mouhid - ok
06:21:42.0536 3644 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
06:21:42.0539 3644 mountmgr - ok
06:21:42.0625 3644 MpFilter (c177a7ebf5e8a0b596f618870516cab8) C:\Windows\system32\DRIVERS\MpFilter.sys
06:21:42.0629 3644 MpFilter - ok
06:21:42.0741 3644 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
06:21:42.0746 3644 mpio - ok
06:21:42.0872 3644 MpNWMon (8fbf6b31fe8af1833d93c5913d5b4d55) C:\Windows\system32\DRIVERS\MpNWMon.sys
06:21:42.0876 3644 MpNWMon - ok
06:21:42.0966 3644 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
06:21:42.0974 3644 mpsdrv - ok
06:21:43.0111 3644 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
06:21:43.0115 3644 MRxDAV - ok
06:21:43.0150 3644 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
06:21:43.0155 3644 mrxsmb - ok
06:21:43.0197 3644 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
06:21:43.0203 3644 mrxsmb10 - ok
06:21:43.0267 3644 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
06:21:43.0270 3644 mrxsmb20 - ok
06:21:43.0350 3644 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
06:21:43.0352 3644 msahci - ok
06:21:43.0478 3644 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
06:21:43.0500 3644 msdsm - ok
06:21:43.0583 3644 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
06:21:43.0586 3644 Msfs - ok
06:21:43.0605 3644 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
06:21:43.0608 3644 mshidkmdf - ok
06:21:43.0664 3644 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
06:21:43.0666 3644 msisadrv - ok
06:21:43.0748 3644 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
06:21:43.0750 3644 MSKSSRV - ok
06:21:43.0854 3644 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
06:21:43.0857 3644 MSPCLOCK - ok
06:21:43.0883 3644 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
06:21:43.0886 3644 MSPQM - ok
06:21:43.0980 3644 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
06:21:44.0013 3644 MsRPC - ok
06:21:44.0254 3644 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
06:21:44.0264 3644 mssmbios - ok
06:21:44.0361 3644 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
06:21:44.0363 3644 MSTEE - ok
06:21:44.0385 3644 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
06:21:44.0387 3644 MTConfig - ok
06:21:44.0448 3644 MTsensor (032d35c996f21d19a205a7c8f0b76f3c) C:\Windows\system32\DRIVERS\ATK64AMD.sys
06:21:44.0454 3644 MTsensor - ok
06:21:44.0628 3644 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
06:21:44.0637 3644 Mup - ok
06:21:44.0809 3644 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
06:21:44.0815 3644 NativeWifiP - ok
06:21:45.0104 3644 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
06:21:45.0157 3644 NDIS - ok
06:21:45.0336 3644 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
06:21:45.0339 3644 NdisCap - ok
06:21:45.0552 3644 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
06:21:45.0561 3644 NdisTapi - ok
06:21:45.0802 3644 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
06:21:45.0810 3644 Ndisuio - ok
06:21:45.0966 3644 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
06:21:45.0970 3644 NdisWan - ok
06:21:46.0190 3644 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
06:21:46.0194 3644 NDProxy - ok
06:21:46.0250 3644 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
06:21:46.0253 3644 NetBIOS - ok
06:21:46.0324 3644 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
06:21:46.0329 3644 NetBT - ok
06:21:46.0977 3644 NETw1v64 (e72f4522801ffb8f0456924fb0017bff) C:\Windows\system32\DRIVERS\NETw1v64.sys
06:21:47.0124 3644 NETw1v64 - ok
06:21:47.0480 3644 NETw5s64 (4d85a450edef10c38882182753a49aae) C:\Windows\system32\DRIVERS\NETw5s64.sys
06:21:47.0665 3644 NETw5s64 - ok
06:21:47.0805 3644 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
06:21:47.0811 3644 nfrd960 - ok
06:21:47.0891 3644 NisDrv (5f7d72cbcdd025af1f38fdeee5646968) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
06:21:47.0901 3644 NisDrv - ok
06:21:48.0000 3644 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
06:21:48.0003 3644 Npfs - ok
06:21:48.0133 3644 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
06:21:48.0138 3644 nsiproxy - ok
06:21:48.0407 3644 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
06:21:48.0470 3644 Ntfs - ok
06:21:48.0671 3644 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
06:21:48.0673 3644 Null - ok
06:21:48.0771 3644 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
06:21:48.0774 3644 nvraid - ok
06:21:48.0819 3644 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
06:21:48.0831 3644 nvstor - ok
06:21:49.0044 3644 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
06:21:49.0047 3644 nv_agp - ok
06:21:49.0267 3644 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
06:21:49.0271 3644 ohci1394 - ok
06:21:49.0384 3644 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
06:21:49.0396 3644 Parport - ok
06:21:49.0471 3644 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
06:21:49.0475 3644 partmgr - ok
06:21:49.0559 3644 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
06:21:49.0563 3644 pci - ok
06:21:49.0640 3644 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
06:21:49.0644 3644 pciide - ok
06:21:49.0696 3644 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
06:21:49.0700 3644 pcmcia - ok
06:21:49.0727 3644 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
06:21:49.0730 3644 pcw - ok
06:21:49.0756 3644 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
06:21:49.0766 3644 PEAUTH - ok
06:21:49.0915 3644 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
06:21:49.0918 3644 PptpMiniport - ok
06:21:49.0977 3644 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
06:21:49.0980 3644 Processor - ok
06:21:50.0078 3644 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
06:21:50.0083 3644 Psched - ok
06:21:50.0219 3644 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
06:21:50.0266 3644 ql2300 - ok
06:21:50.0421 3644 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
06:21:50.0424 3644 ql40xx - ok
06:21:50.0469 3644 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
06:21:50.0472 3644 QWAVEdrv - ok
06:21:50.0506 3644 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
06:21:50.0512 3644 RasAcd - ok
06:21:50.0712 3644 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
06:21:50.0717 3644 RasAgileVpn - ok
06:21:50.0845 3644 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
06:21:50.0849 3644 Rasl2tp - ok
06:21:50.0951 3644 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
06:21:50.0955 3644 RasPppoe - ok
06:21:51.0033 3644 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
06:21:51.0037 3644 RasSstp - ok
06:21:51.0120 3644 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
06:21:51.0127 3644 rdbss - ok
06:21:51.0350 3644 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
06:21:51.0353 3644 rdpbus - ok
06:21:51.0479 3644 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
06:21:51.0482 3644 RDPCDD - ok
06:21:51.0666 3644 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
06:21:51.0668 3644 RDPENCDD - ok
06:21:51.0824 3644 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
06:21:51.0826 3644 RDPREFMP - ok
06:21:51.0922 3644 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
06:21:51.0943 3644 RDPWD - ok
06:21:52.0068 3644 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
06:21:52.0073 3644 rdyboost - ok
06:21:52.0303 3644 RegFilter (8ccf1201a14d5ad7568e192b835abb7e) C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys
06:21:52.0306 3644 RegFilter - ok
06:21:52.0460 3644 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
06:21:52.0464 3644 rspndr - ok
06:21:52.0544 3644 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
06:21:52.0548 3644 sbp2port - ok
06:21:52.0679 3644 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
06:21:52.0682 3644 scfilter - ok
06:21:52.0766 3644 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
06:21:52.0769 3644 secdrv - ok
06:21:52.0847 3644 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
06:21:52.0849 3644 Serenum - ok
06:21:52.0968 3644 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
06:21:52.0973 3644 Serial - ok
06:21:53.0245 3644 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
06:21:53.0247 3644 sermouse - ok
06:21:53.0386 3644 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
06:21:53.0389 3644 sffdisk - ok
06:21:53.0511 3644 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
06:21:53.0514 3644 sffp_mmc - ok
06:21:53.0604 3644 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
06:21:53.0606 3644 sffp_sd - ok
06:21:53.0667 3644 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
06:21:53.0675 3644 sfloppy - ok
06:21:53.0738 3644 SiSGbeLH (1bc348cf6baa90ec8e533ef6e6a69933) C:\Windows\system32\DRIVERS\SiSG664.sys
06:21:53.0743 3644 SiSGbeLH - ok
06:21:53.0828 3644 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
06:21:53.0833 3644 SiSRaid2 - ok
06:21:53.0947 3644 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
06:21:53.0950 3644 SiSRaid4 - ok
06:21:54.0059 3644 SmartDefragDriver (94ce7845af6a2065b829e0126cd56236) C:\Windows\system32\Drivers\SmartDefragDriver.sys
06:21:54.0063 3644 SmartDefragDriver - ok
06:21:54.0191 3644 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
06:21:54.0198 3644 Smb - ok
06:21:54.0448 3644 SNP2UVC (1d8474722cdffbb8fca5fa12c50a05a2) C:\Windows\system32\DRIVERS\snp2uvc.sys
06:21:54.0546 3644 SNP2UVC - ok
06:21:54.0758 3644 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
06:21:54.0761 3644 spldr - ok
06:21:54.0910 3644 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
06:21:54.0918 3644 srv - ok
06:21:54.0982 3644 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
06:21:55.0025 3644 srv2 - ok
06:21:55.0205 3644 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
06:21:55.0209 3644 srvnet - ok
06:21:55.0465 3644 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
06:21:55.0476 3644 stexstor - ok
06:21:55.0683 3644 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
06:21:55.0690 3644 swenum - ok
06:21:56.0014 3644 Tcpip (f0e98c00a09fdf791525829a1d14240f) C:\Windows\system32\drivers\tcpip.sys
06:21:56.0073 3644 Tcpip - ok
06:21:56.0365 3644 TCPIP6 (f0e98c00a09fdf791525829a1d14240f) C:\Windows\system32\DRIVERS\tcpip.sys
06:21:56.0377 3644 TCPIP6 - ok
06:21:56.0607 3644 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
06:21:56.0610 3644 tcpipreg - ok
06:21:56.0729 3644 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
06:21:56.0738 3644 TDPIPE - ok
06:21:56.0774 3644 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
06:21:56.0777 3644 TDTCP - ok
06:21:56.0850 3644 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
06:21:56.0854 3644 tdx - ok
06:21:56.0925 3644 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
06:21:56.0928 3644 TermDD - ok
06:21:57.0121 3644 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
06:21:57.0126 3644 tssecsrv - ok
06:21:57.0284 3644 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
06:21:57.0289 3644 TsUsbFlt - ok
06:21:57.0446 3644 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
06:21:57.0454 3644 tunnel - ok
06:21:57.0522 3644 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
06:21:57.0525 3644 uagp35 - ok
06:21:57.0606 3644 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
06:21:57.0612 3644 udfs - ok
06:21:57.0746 3644 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
06:21:57.0751 3644 uliagpkx - ok
06:21:57.0841 3644 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
06:21:57.0844 3644 umbus - ok
06:21:57.0886 3644 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
06:21:57.0890 3644 UmPass - ok
06:21:58.0096 3644 UrlFilter (1aa6ca6b150f85f07804cba5f814d9b2) C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys
06:21:58.0106 3644 UrlFilter - ok
06:21:58.0253 3644 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
06:21:58.0257 3644 usbaudio - ok
06:21:58.0365 3644 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
06:21:58.0375 3644 usbccgp - ok
06:21:58.0550 3644 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
06:21:58.0557 3644 usbcir - ok
06:21:58.0690 3644 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
06:21:58.0695 3644 usbehci - ok
06:21:58.0884 3644 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
06:21:58.0897 3644 usbhub - ok
06:21:58.0970 3644 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
06:21:58.0973 3644 usbohci - ok
06:21:59.0010 3644 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
06:21:59.0012 3644 usbprint - ok
06:21:59.0099 3644 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
06:21:59.0102 3644 usbscan - ok
06:21:59.0175 3644 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\drivers\USBSTOR.SYS
06:21:59.0177 3644 USBSTOR - ok
06:21:59.0254 3644 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys
06:21:59.0258 3644 usbuhci - ok
06:21:59.0393 3644 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
06:21:59.0397 3644 usbvideo - ok
06:21:59.0558 3644 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
06:21:59.0560 3644 vdrvroot - ok
06:21:59.0652 3644 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
06:21:59.0655 3644 vga - ok
06:21:59.0702 3644 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
06:21:59.0706 3644 VgaSave - ok
06:21:59.0856 3644 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
06:21:59.0861 3644 vhdmp - ok
06:21:59.0926 3644 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
06:21:59.0930 3644 viaide - ok
06:21:59.0958 3644 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
06:21:59.0961 3644 volmgr - ok
06:22:00.0059 3644 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
06:22:00.0066 3644 volmgrx - ok
06:22:00.0190 3644 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
06:22:00.0202 3644 volsnap - ok
06:22:00.0310 3644 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
06:22:00.0314 3644 vsmraid - ok
06:22:00.0364 3644 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
06:22:00.0367 3644 vwifibus - ok
06:22:00.0401 3644 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
06:22:00.0404 3644 vwififlt - ok
06:22:00.0568 3644 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
06:22:00.0574 3644 WacomPen - ok
06:22:00.0721 3644 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
06:22:00.0724 3644 WANARP - ok
06:22:00.0756 3644 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
06:22:00.0757 3644 Wanarpv6 - ok
06:22:00.0907 3644 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
06:22:00.0917 3644 Wd - ok
06:22:01.0039 3644 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
06:22:01.0062 3644 Wdf01000 - ok
06:22:01.0280 3644 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
06:22:01.0283 3644 WfpLwf - ok
06:22:01.0344 3644 WimFltr (52ded146e4797e6ccf94799e8e22bb2a) C:\Windows\system32\DRIVERS\wimfltr.sys
06:22:01.0349 3644 WimFltr - ok
06:22:01.0384 3644 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
06:22:01.0389 3644 WIMMount - ok
06:22:01.0625 3644 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
06:22:01.0631 3644 WinUsb - ok
06:22:01.0761 3644 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
06:22:01.0765 3644 WmiAcpi - ok
06:22:01.0955 3644 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
06:22:01.0958 3644 ws2ifsl - ok
06:22:02.0058 3644 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
06:22:02.0064 3644 WudfPf - ok
06:22:02.0124 3644 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
06:22:02.0129 3644 WUDFRd - ok
06:22:02.0202 3644 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
06:22:02.0216 3644 \Device\Harddisk0\DR0 - ok
06:22:02.0220 3644 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR1
06:22:02.0227 3644 \Device\Harddisk1\DR1 - ok
06:22:02.0237 3644 Boot (0x1200) (689eeae44b90fa28ffc38eef63d42992) \Device\Harddisk0\DR0\Partition0
06:22:02.0239 3644 \Device\Harddisk0\DR0\Partition0 - ok
06:22:02.0243 3644 Boot (0x1200) (3b00aa0f804fed4a154febdb4435bbfd) \Device\Harddisk1\DR1\Partition0
06:22:02.0245 3644 \Device\Harddisk1\DR1\Partition0 - ok
06:22:02.0246 3644 ============================================================
06:22:02.0246 3644 Scan finished
06:22:02.0246 3644 ============================================================
06:22:02.0256 3676 Detected object count: 0
06:22:02.0256 3676 Actual detected object count: 0

#6 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,719 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:11:12 AM

Posted 27 October 2011 - 08:46 AM

Hi Khaos,

Please no need to quote my post. I know what what I have asked.

There is no "other one" with good ideas. This is not an open forum and I'm the only one assisting you with the issue, so please be patient. We don't know this is a malware issue and since you have not mentioned or posted a TDSSKiller log I needed to see the log even if it was clean as it tell us more than most people think. It was not a shooting in the dark in the hope the issue is resolved.

Now please update me about the current condition of your computer again shortly. I have read all the threads and want to make sure the issue we are going to resolve is the same.

Also please inform me the steps you have already taken, and the result of those steps to avoid redoing.

#7 khaoswolfkat

khaoswolfkat
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:02:12 AM

Posted 27 October 2011 - 11:58 AM

Hello again,

I think you may have misunderstood me. I was not seeking or soliciting ideas from anyone else, or being impatient. I was simply stating that I hoped "someone", meaning you, me, or anyone else on staff who you may consult, and was attempting (apparently unsuccessfully) to be slightly humorous.

I did post the TDSSKiller log.. It is right there at the end of my last post.

Are you saying you need another one now, even though it's only been a couple hours since the last one? Please let me know if that is correct and I shall do so.

As for the other things I've done, I'll try to provide a complete list for you here.

Ran the following malware/virus scans (Both safe mode and normal mode, all full scans when there was an option, and not run at the same time as one another):

Spybot S&D
Malwarebytes
Iobit Quick Care
HJT
MS Security essentials
Avast

Completely and utterly uninstalled Firefox with Revo, deleting every single file associated with FF, then reinstalled it after running all scans again.

Ran Defogger, then DDS,

Did not run GMER, as I my OS is 64 bit.

Then, of course, ran the TDSSKiller program.

I think that's it.

Thank you,
~ Khaos

#8 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,719 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:11:12 AM

Posted 27 October 2011 - 12:53 PM

Hi,

Thanks for the feedback about the steps taken. :thumbup2:

I meant to say you had not mentioned or posted TDSSKiller log and that was the reason I needed to ask one.

We don't consult each other before we start a topic and rule out our own own idea. I was not running out of ideas and don't feel to consult others yet. When the time comes I'll inform you what is the next course of action after this topic.

So as I understand your current issue is only the Firefox problem. the following problem is resoleved:

Since the initial post, my machine has also decided to suddenly attempt to restart for no apparent reason, each time failing to do so properly, bringing up the typical, "do you want to continue in safe mode, safe mode with networking, safe mode with cheese and crackers, or plain old, boring normal" screen.



#9 khaoswolfkat

khaoswolfkat
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:02:12 AM

Posted 28 October 2011 - 12:42 AM

Hello again,

I understand.
The computer has not arbitrarily restarted again just recently, so I think it is safe to say that it is just the weird FF problems for now.
The page up/down failing to work, windows switching places, and not responding for no good reason. The most annoying thing and the one I am most interested in fixing is the page up/down problem, as I use those a LOT in my day to day work on the computer.

I will wait patiently for your next instructions.

Thank you again,
~ Khaos

#10 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,719 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:11:12 AM

Posted 28 October 2011 - 01:21 AM

Hello and thanks for the feedback Khaos.:)

  • I do not recommend that you have more than one anti virus product installed and running on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:
    1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
    2) System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.
    Therefore please go to add/remove in the control panel and remove either Microsoft Security Essentials or Avast.
  • I would like to rule out any rootkit activity. Download the GMER Rootkit Scanner exe file from here and save it to your desktop.
    • Temporarily disable any real-time active protection so your security program drivers will not conflict with gmer's driver.
    • Click on this link to see a list of programs that should be disabled.
    • Disconnect from the Internet and close all running programs.
    • Double click GMER.exe. If asked to allow gmer.sys driver to load, please consent .
    • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
    • In the right panel, you will see several boxes (Services, Registry and Files) that have been checked.
    • Click the Scan button & wait for it to begin. (Please be patient as it can take some time to complete).
    • When the scan is finished, you will see the scan button appears again. Click Save to save the scan results to your Desktop.
    • Save the file as gmer.log and attach it to your next reply.
  • Work with Firefox a little bit and try to produce hangups. This might produce an error in the subsequent log and give us a clue to the module with the issue.
  • Please download MiniToolBox and save it to your desktop and run it.

    Checkmark following checkboxes:
    • List Winsock Entries
    • List last 10 Event Viewer log
    • List Minidump Files.
    Click Go and post the result (Result.txt) that pops up. A copy of result.txt will be saved in the same directory the tool is run.


#11 khaoswolfkat

khaoswolfkat
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:02:12 AM

Posted 29 October 2011 - 02:08 AM

Hello again Farbar,

OK, I've run both the GMER and the Mini Tool Box programmes.

GMER found nothing at all and the log was blank. I had to write something in it to get it to upload.

Could it be that it didn't find any changes because I'm running a 64 bit OS? I read in the instructions here that it wouldn't work with a 64 bit OS, but ran it anyway when you said to, cause I figure you know what you are doing and had a reason for it.

MTB listed an error with Foxit toolbar module, and I have disabled it to see if it fixes my issues. The page up/down buttons are working now, since I just rebooted a few moments ago, but they have often worked for a while before quitting again, so we'll see.
I have no clue what the rest of the errors mean, but I bet you do! ;)

Here is the MTB result:
---------------------
MiniToolBox by Farbar
Ran by K (administrator) on 28-10-2011 at 23:42:13
Windows 7 Home Premium Service Pack 1 (X64)

***************************************************************************
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (10/28/2011 08:53:58 AM) (Source: MsiInstaller) (User: K)K
Description: Product: Foxit PDF Creator Toolbar -- Error 1905.Module C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll failed to unregister. HRESULT -2147220472. Contact your support personnel.

Error: (10/28/2011 08:53:25 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary avast! Network Shield Support.

System Error:
The system cannot find the file specified.
.

Error: (10/28/2011 08:53:25 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary aswSP.

System Error:
The system cannot find the file specified.
.

Error: (10/28/2011 08:53:25 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary aswSnx.

System Error:
The system cannot find the file specified.
.

Error: (10/28/2011 08:53:25 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary aswRdr.

System Error:
The system cannot find the file specified.
.

Error: (10/28/2011 08:53:25 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary aswMonFlt.

System Error:
The system cannot find the file specified.
.

Error: (10/28/2011 08:53:25 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary aswFsBlk.

System Error:
The system cannot find the file specified.
.

Error: (10/28/2011 00:31:24 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.

Error: (10/28/2011 00:31:23 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "imaging1".Error in manifest or policy file "imaging2" on line imaging3.
The element imaging appears as a child of element urn:schemas-microsoft-com:asm.v1^assembly which is not supported by this version of Windows.

Error: (10/27/2011 10:26:29 AM) (Source: IMFservice) (User: )
Description: The handle is invalid


System errors:
=============
Error: (10/28/2011 09:30:20 AM) (Source: Service Control Manager) (User: )
Description: The Advanced SystemCare Service service terminated unexpectedly. It has done this 1 time(s).

Error: (10/28/2011 09:00:57 AM) (Source: Microsoft Antimalware) (User: )
Description: %%860 Real-Time Protection feature has encountered an error and failed.

Feature: %%835

Error Code: 0x80004005

Error description: Unspecified error

Reason: %%842

Error: (10/28/2011 08:59:35 AM) (Source: volmgr) (User: )
Description: Crash dump initialization failed!

Error: (10/28/2011 08:59:26 AM) (Source: volmgr) (User: )
Description: Crash dump initialization failed!

Error: (10/27/2011 10:04:23 PM) (Source: Microsoft Antimalware) (User: )
Description: %%860 Real-Time Protection feature has encountered an error and failed.

Feature: %%835

Error Code: 0x80004005

Error description: Unspecified error

Reason: %%842

Error: (10/27/2011 10:03:18 PM) (Source: volmgr) (User: )
Description: Crash dump initialization failed!

Error: (10/27/2011 10:03:07 PM) (Source: volmgr) (User: )
Description: Crash dump initialization failed!

Error: (10/27/2011 10:26:19 AM) (Source: DCOM) (User: )
Description: {078AEF33-C48A-49F7-AFF3-A0EE810BFE7C}

Error: (10/27/2011 10:26:03 AM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.

Error: (10/27/2011 09:15:34 AM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.


Microsoft Office Sessions:
=========================
Error: (10/28/2011 08:53:58 AM) (Source: MsiInstaller)(User: K)K
Description: Product: Foxit PDF Creator Toolbar -- Error 1905.Module C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll failed to unregister. HRESULT -2147220472. Contact your support personnel.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (10/28/2011 08:53:25 AM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: Details:
AddLegacyDriverFiles: Unable to back up image of binary avast! Network Shield Support.

System Error:
The system cannot find the file specified.

Error: (10/28/2011 08:53:25 AM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: Details:
AddLegacyDriverFiles: Unable to back up image of binary aswSP.

System Error:
The system cannot find the file specified.

Error: (10/28/2011 08:53:25 AM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: Details:
AddLegacyDriverFiles: Unable to back up image of binary aswSnx.

System Error:
The system cannot find the file specified.

Error: (10/28/2011 08:53:25 AM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: Details:
AddLegacyDriverFiles: Unable to back up image of binary aswRdr.

System Error:
The system cannot find the file specified.

Error: (10/28/2011 08:53:25 AM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: Details:
AddLegacyDriverFiles: Unable to back up image of binary aswMonFlt.

System Error:
The system cannot find the file specified.

Error: (10/28/2011 08:53:25 AM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: Details:
AddLegacyDriverFiles: Unable to back up image of binary aswFsBlk.

System Error:
The system cannot find the file specified.

Error: (10/28/2011 00:31:24 AM) (Source: SideBySide)(User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3

Error: (10/28/2011 00:31:23 AM) (Source: SideBySide)(User: )
Description: imagingurn:schemas-microsoft-com:asm.v1^assemblyc:\program files\microsoft security client\MSESysprep.dllc:\program files\microsoft security client\MSESysprep.dll10

Error: (10/27/2011 10:26:29 AM) (Source: IMFservice)(User: )
Description: The handle is invalid

========================= Minidump Files ==================================

No minidump file found

**** End of log ****

Attached Files

  • Attached File  gmer.log   82bytes   0 downloads


#12 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,719 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:11:12 AM

Posted 29 October 2011 - 02:52 AM

Hi Khaos,

Well done and thanks for the feedback.

GMER is able to run on x64 system with those 3 options I mentioned. In this case the system is clean that is why it can't produce a log.

So we have checked for eventual infection and found nothing. Now we can concentrate on other possibilities. some of the steps below might not be related to the issue but is needed for proper functioning of the system.

  • The Foxit error was related to Ask Toolbar. Please go to Control Panel => Programs and Features and uninstall Ask Toolbar. We will check Firefox later on to see if anything is left there to remove.
  • One of the errors is related to Advanced SystemCare 4. I recommend to uninstall it.
  • The following programs are also questionable and a related service is not running properly. I strongly recommend to uninstall them:

    IObit Malware Fighter
    IObit Toolbar v4.4

  • There are a lot of errors related to Avast. It is needed to be uninstalled, remove all remaining files/folder and install it again.
  • Run command Prompt as Administrator. To do that:
    Go to Start and type cmd.exe in the Search box.
    It gives you cmd.exe in the upper part. Right-click cmd.exe and select "Run As Administrator".
    Copy the following command, right-click in the open Command prompt window and select Paste:

    sfc /scannow

    Press Enter. Wait until the scan is done.
  • Reboot the computer.
  • There is an error on the disk. Run command Prompt as Administrator. To do that:
    Go to Start and type cmd.exe in the Search box.
    It gives you cmd.exe in the upper part. Right-click cmd.exe and select "Run As Administrator".
    Copy the following command, right-click in the open Command prompt window and select Paste:

    chkdsk /f

    Press Enter.

    Type "Y" and press Enter.

    Reboot the computer and let it run the scan.
  • Please check and if needed set Windows to create mini crash dumps:
    • Go to Start => Right-click Computer and select Properties.
    • On the left pane select "Advanced system settings".
    • Under "startup and Recovery" press "Settings...".
    • Under "system failure":
      • "Write an event to the system log" should be selected.
      • "Automatically restart" should be unselected.
      • Under "Write debugging information" it should be set to "Small memory dump(256 KB)"
    • click "OK".
  • Work with the computer a while. Then run MTB once more. We only need the log of "last 10 Event Viewer log".
  • Also tell me how is the system functioning and how is Firefox behaving.

Edited by farbar, 29 October 2011 - 03:18 AM.


#13 khaoswolfkat

khaoswolfkat
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:02:12 AM

Posted 29 October 2011 - 04:23 AM

I already uninstalled Avast and the Ask toolbar. I used Revo and had it delete all related files and such too, so I'm really not certain why it is showing those, unless perhaps there are still registry entries that were not deleted.

I've not had any issues with the Iobit products before, and I am pretty sure it was here that it was recommended to me, but it could be that it is corrutped somehow, so I'll go ahead and uninstall it for now. I can always reinstall a clean copy and see if it causes any issues.

I'll do the scan and chkdsk shortly. I am in the middle of some work right this moment and can't close it yet.

Thanks and I'll let you know the rest as soon as I do it all.

#14 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,719 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:11:12 AM

Posted 29 October 2011 - 06:29 AM

IObit Malware Fighter is bundled with Advanced System Care 4 and is listed as a rouge software. You really don't need it and Malwarebytes does a better job. But of course it is up to you: http://www.systemlookup.com/search.php?type=name&client=malwaresearch-ff&search=Advanced%20SystemCare

When you are done with those scans no need to run MTB now. We remove those leftovers first then run MTB. Just let me know when you are done with those steps including step 8.

#15 khaoswolfkat

khaoswolfkat
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:02:12 AM

Posted 29 October 2011 - 11:05 PM

OK..I have done all steps through 8 and so far the computer seems to be behaving properly.

Lets hope it continues to do so.

Thanks,
~ Khaos




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users