Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Another Google Redirect - Background Audio Malware Infection


  • This topic is locked This topic is locked
25 replies to this topic

#1 axiomkc

axiomkc

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:08:30 AM

Posted 14 November 2011 - 05:49 PM

Has been receiving assistance here: http://www.bleepingcomputer.com/forums/topic427874.html ~ OB

Hello Team,

From reading some other open threads, I believe I am going to need your assistance removing an infection. I currently have a machine that is experiencing the Google Redirects in IE as well as background audio playing Ads with iexplore running in task mananger and eating up memory.

Originaly the machine was missing start menu and desktop icons.

- Ran malwarebytes and removed infections. Same symptoms
- Ran combofix. Desktop was back.
- Ran unhide.exe Mostly back to normal.
- Restored missing start menu shortcuts
- Problem with IE Redirect and background Audio Remains.

I can post logs when requested.

Thank you for your help.
- Brent

-- ADDING DDS LOG -- ATTACHING GMER LOG = ARK.TXT --
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by csimons at 22:37:42 on 2011-11-14
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.4095.2128 [GMT -6:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Hewlett-Packard\HP Easy Backup\HPBtnSrv.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe
C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
C:\Windows\system32\svchost.exe -k HPService
c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\nvvsvc.exe
c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files (x86)\TeamViewer\Version6\TeamViewer.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\HP\HP Color LaserJet CM2320 MFP Series\hppfaxprintersrv.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\taskmgr.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Hewlett-Packard\KBD\kbd.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\REGSVR32.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cndt
uSearch Bar = Preserve
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
mRun: [CLMLServer for HP TouchSmart] "c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe"
mRun: [DVDAgent] "c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe"
mRun: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
mRun: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [hpsysdrv] c:\hp\support\hpsysdrv.exe
mRun: [KBD] C:\Program Files (x86)\Hewlett-Packard\KBD\KbdStub.EXE
mRun: [TSMAgent] "c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe"
mRun: [UpdateP2GoShortCut] "c:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
mRun: [UpdatePDIRShortCut] "c:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"
mRun: [UpdatePSTShortCut] "c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
Trusted Zone: blilk.com\www.freedombank
Trusted Zone: edeposit.opensolutionsimagearchive.com
DPF: {49232000-16E4-426C-A231-62846947304B} - hxxps://wimpro.cce.hp.com/ChatEntry/downloads/sysinfo.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {C5667D43-B4EC-47FE-AE17-AF4223265B0B} - hxxps://www.freedombank.blilk.com/RemoteDeposit/Fiserv.BANKLINK.ScannerControl.Panini.VisionX.8.2.1.0.CAB
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100
TCP: DhcpNameServer = 192.168.4.10 192.168.1.10
TCP: Interfaces\{93B08834-744D-4091-8EE3-9FACB0548FB7}\14C4C4945444 : DhcpNameServer = 192.168.4.10 192.168.1.10
TCP: Interfaces\{B98A172F-B1D4-4A7B-8DDE-2D80647F48DA} : DhcpNameServer = 192.168.4.10 192.168.1.10
IFEO: ehshell.exe - "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe" -MceShellRedirect
BHO-X64: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
BHO-X64: 0x1 - No File
BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO-X64: HP Print Enhancer - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: SmartSelect - No File
BHO-X64: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
BHO-X64: HP Smart BHO Class - No File
TB-X64: Microsoft Live Search Toolbar: {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll
TB-X64: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [CLMLServer for HP TouchSmart] "c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe"
mRun-x64: [DVDAgent] "c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe"
mRun-x64: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
mRun-x64: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun-x64: [hpsysdrv] c:\hp\support\hpsysdrv.exe
mRun-x64: [KBD] C:\Program Files (x86)\Hewlett-Packard\KBD\KbdStub.EXE
mRun-x64: [TSMAgent] "c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe"
mRun-x64: [UpdateP2GoShortCut] "c:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
mRun-x64: [UpdatePDIRShortCut] "c:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"
mRun-x64: [UpdatePSTShortCut] "c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
mRun-x64: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
mRun-x64: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
IFEO-X64: ehshell.exe - "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe" -MceShellRedirect
.
============= SERVICES / DRIVERS ===============
.
R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 {55662437-DA8C-40c0-AADA-2C816A897A49};{55662437-DA8C-40c0-AADA-2C816A897A49};C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [2008-9-26 27632]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
R2 HPBtnSrv;HP Easy Backup Button Service;C:\Program Files (x86)\Hewlett-Packard\HP Easy Backup\HPBtnSrv.exe [2009-4-1 192512]
R2 LMIGuardianSvc;LMIGuardianSvc;C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2010-11-10 375176]
R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files (x86)\LogMeIn\x64\rainfo.sys [2008-8-11 15928]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;\??\C:\Windows\system32\drivers\LMIRfsDriver.sys --> C:\Windows\system32\drivers\LMIRfsDriver.sys [?]
R2 TeamViewer6;TeamViewer 6;C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-9-24 2358656]
R3 HPFXFAX;HPFXFAX;C:\Windows\system32\drivers\hpfx64fax.sys --> C:\Windows\system32\drivers\hpfx64fax.sys [?]
R3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]
S3 PCD5SRVC{8AAF211B-043E02A9-05040000};PCD5SRVC{8AAF211B-043E02A9-05040000} - PCDR Kernel Mode Service Helper Driver;C:\Program Files\PC-Doctor for Windows\pcd5srvc_x64.pkms [2008-9-9 25888]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2011-11-14 22:10:27 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{E2B0934D-8A76-40E0-A928-1AAB5B21F4C2}\offreg.dll
2011-11-14 21:58:47 -------- d-----w- C:\Program Files\Microsoft IntelliPoint
2011-11-14 21:56:31 -------- d-----w- C:\Program Files\Microsoft IntelliType Pro
2011-11-14 21:09:19 -------- d-----w- C:\Users\CSimons\AppData\Local\Solid State Networks
2011-11-14 21:08:54 627600 ----a-w- C:\Windows\System32\deployJava1.dll
2011-11-14 20:20:41 -------- d-----w- C:\Program Files (x86)\ESET
2011-11-14 13:55:31 8570192 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-11-14 13:55:22 8570192 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{E2B0934D-8A76-40E0-A928-1AAB5B21F4C2}\mpengine.dll
2011-11-11 13:42:02 -------- d-sh--w- C:\$RECYCLE.BIN
2011-11-10 23:35:30 917840 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{D1A95DC1-1342-4AB7-9D6C-7CDE16FE7BBC}\gapaengine.dll
2011-11-10 23:32:21 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2011-11-10 23:32:17 -------- d-----w- C:\Program Files\Microsoft Security Client
2011-11-10 22:05:07 -------- d-----w- C:\Users\CSimons\Pavark
2011-11-10 20:48:56 -------- d-----w- C:\Users\CSimons\AppData\Roaming\Malwarebytes
2011-11-10 20:48:48 -------- d-----w- C:\ProgramData\Malwarebytes
2011-11-10 20:48:44 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-11-10 20:15:05 -------- d-----w- C:\Users\CSimons\AppData\Local\temp
2011-11-10 14:35:03 886784 ----a-w- C:\Program Files\Common Files\System\wab32.dll
2011-11-10 14:35:03 708608 ----a-w- C:\Program Files (x86)\Common Files\System\wab32.dll
2011-11-10 14:35:02 1923952 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2011-11-10 14:35:01 3144704 ----a-w- C:\Windows\System32\win32k.sys
2011-11-10 14:33:03 8570192 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{CA0E0538-2DCE-4287-913C-8619BB4067B2}\mpengine.dll
.
==================== Find3M ====================
.
2011-10-07 12:51:30 87456 ----a-w- C:\Windows\System32\LMIRfsClientNP.dll
2011-10-07 12:51:29 80768 ----a-w- C:\Windows\System32\LMIinit.dll
2011-10-07 12:51:29 34688 ----a-w- C:\Windows\System32\LMIport.dll
2011-10-03 11:06:03 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2011-08-27 05:37:49 861696 ----a-w- C:\Windows\System32\oleaut32.dll
2011-08-27 05:37:48 331776 ----a-w- C:\Windows\System32\oleacc.dll
2011-08-27 04:26:27 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
2011-08-27 04:26:27 233472 ----a-w- C:\Windows\SysWow64\oleacc.dll
2011-08-17 05:26:46 613888 ----a-w- C:\Windows\System32\psisdecd.dll
2011-08-17 05:25:08 108032 ----a-w- C:\Windows\System32\psisrndr.ax
.
============= FINISH: 22:45:45.60 ===============

Attached Files

  • Attached File  ark.txt   828bytes   4 downloads

Edited by Orange Blossom, 15 November 2011 - 01:21 PM.


BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:04:30 PM

Posted 19 November 2011 - 04:10 PM

Hi,

could you please run tdsskiller next:
  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.
  • Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK.

    "%userprofile%\Desktop\TDSSKiller.exe" -l C:\TDSSKiller.txt

  • If it says "Hidden service detected" DO NOT type anything in. Just press Enter on your keyboard to not do anything to the file.
  • When it is done, a log file should be created on your C: drive called "TDSSKiller.txt" please copy and paste the contents of that file here.

Please also run this utility to restore the remaining start menu items: link

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 axiomkc

axiomkc
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:08:30 AM

Posted 20 November 2011 - 06:03 PM

Here is the log

16:58:35.0430 1164 TDSS rootkit removing tool 2.6.19.0 Nov 16 2011 12:18:50
16:58:36.0022 1164 ============================================================
16:58:36.0022 1164 Current date / time: 2011/11/20 16:58:36.0022
16:58:36.0022 1164 SystemInfo:
16:58:36.0022 1164
16:58:36.0022 1164 OS Version: 6.1.7601 ServicePack: 1.0
16:58:36.0022 1164 Product type: Workstation
16:58:36.0022 1164 ComputerName: KC-CSIMONS
16:58:36.0023 1164 UserName: csimons
16:58:36.0023 1164 Windows directory: C:\Windows
16:58:36.0023 1164 System windows directory: C:\Windows
16:58:36.0023 1164 Running under WOW64
16:58:36.0023 1164 Processor architecture: Intel x64
16:58:36.0023 1164 Number of processors: 4
16:58:36.0023 1164 Page size: 0x1000
16:58:36.0023 1164 Boot type: Normal boot
16:58:36.0023 1164 ============================================================
16:58:55.0542 1164 Initialize success
16:59:26.0544 4036 ============================================================
16:59:26.0544 4036 Scan started
16:59:26.0544 4036 Mode: Manual;
16:59:26.0544 4036 ============================================================
16:59:43.0965 4036 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
16:59:43.0973 4036 1394ohci - ok
16:59:44.0120 4036 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
16:59:44.0126 4036 ACPI - ok
16:59:44.0222 4036 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
16:59:44.0225 4036 AcpiPmi - ok
16:59:44.0444 4036 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
16:59:44.0826 4036 adp94xx - ok
16:59:44.0856 4036 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
16:59:44.0861 4036 adpahci - ok
16:59:44.0890 4036 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
16:59:44.0894 4036 adpu320 - ok
16:59:45.0015 4036 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
16:59:45.0023 4036 AFD - ok
16:59:45.0064 4036 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
16:59:45.0069 4036 agp440 - ok
16:59:45.0117 4036 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
16:59:45.0119 4036 aliide - ok
16:59:45.0137 4036 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
16:59:45.0139 4036 amdide - ok
16:59:45.0176 4036 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
16:59:45.0178 4036 AmdK8 - ok
16:59:45.0197 4036 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
16:59:45.0199 4036 AmdPPM - ok
16:59:45.0227 4036 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
16:59:45.0230 4036 amdsata - ok
16:59:45.0281 4036 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
16:59:45.0286 4036 amdsbs - ok
16:59:45.0301 4036 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
16:59:45.0301 4036 amdxata - ok
16:59:45.0344 4036 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
16:59:45.0347 4036 AppID - ok
16:59:45.0381 4036 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
16:59:45.0384 4036 arc - ok
16:59:45.0396 4036 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
16:59:45.0397 4036 arcsas - ok
16:59:45.0427 4036 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
16:59:45.0429 4036 AsyncMac - ok
16:59:45.0452 4036 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
16:59:45.0454 4036 atapi - ok
16:59:45.0581 4036 athr (7d89b0c443f6068e5b27aa3b972069ff) C:\Windows\system32\DRIVERS\athrx.sys
16:59:45.0615 4036 athr - ok
16:59:45.0705 4036 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
16:59:45.0714 4036 b06bdrv - ok
16:59:45.0805 4036 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
16:59:45.0809 4036 b57nd60a - ok
16:59:45.0952 4036 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
16:59:45.0956 4036 Beep - ok
16:59:46.0017 4036 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
16:59:46.0024 4036 blbdrive - ok
16:59:46.0079 4036 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
16:59:46.0081 4036 bowser - ok
16:59:46.0103 4036 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
16:59:46.0105 4036 BrFiltLo - ok
16:59:46.0126 4036 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
16:59:46.0130 4036 BrFiltUp - ok
16:59:46.0167 4036 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
16:59:46.0172 4036 Brserid - ok
16:59:46.0204 4036 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
16:59:46.0206 4036 BrSerWdm - ok
16:59:46.0226 4036 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
16:59:46.0229 4036 BrUsbMdm - ok
16:59:46.0244 4036 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
16:59:46.0245 4036 BrUsbSer - ok
16:59:46.0265 4036 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
16:59:46.0280 4036 BTHMODEM - ok
16:59:46.0322 4036 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
16:59:46.0325 4036 cdfs - ok
16:59:46.0362 4036 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
16:59:46.0365 4036 cdrom - ok
16:59:46.0404 4036 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
16:59:46.0409 4036 circlass - ok
16:59:46.0446 4036 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
16:59:46.0452 4036 CLFS - ok
16:59:46.0495 4036 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
16:59:46.0496 4036 CmBatt - ok
16:59:46.0533 4036 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
16:59:46.0535 4036 cmdide - ok
16:59:46.0604 4036 cmuda3 (2835bf2a864cde9184c80cf4e6a485f9) C:\Windows\system32\drivers\cmudax3.sys
16:59:46.0657 4036 cmuda3 - ok
16:59:46.0853 4036 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
16:59:46.0877 4036 CNG - ok
16:59:46.0919 4036 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
16:59:46.0922 4036 Compbatt - ok
16:59:46.0945 4036 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
16:59:46.0948 4036 CompositeBus - ok
16:59:46.0979 4036 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
16:59:46.0981 4036 crcdisk - ok
16:59:47.0021 4036 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
16:59:47.0032 4036 CSC - ok
16:59:47.0090 4036 dc3d (7af9dac504fbd047cbc3e64ae52c92bf) C:\Windows\system32\DRIVERS\dc3d.sys
16:59:47.0091 4036 dc3d - ok
16:59:47.0138 4036 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
16:59:47.0141 4036 DfsC - ok
16:59:47.0176 4036 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
16:59:47.0177 4036 discache - ok
16:59:47.0227 4036 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
16:59:47.0230 4036 Disk - ok
16:59:47.0312 4036 Dot4 (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys
16:59:47.0316 4036 Dot4 - ok
16:59:47.0348 4036 Dot4Print (e9f5969233c5d89f3c35e3a66a52a361) C:\Windows\system32\drivers\Dot4Prt.sys
16:59:47.0353 4036 Dot4Print - ok
16:59:47.0392 4036 dot4usb (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys
16:59:47.0399 4036 dot4usb - ok
16:59:47.0577 4036 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
16:59:47.0579 4036 drmkaud - ok
16:59:47.0692 4036 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
16:59:47.0699 4036 DXGKrnl - ok
16:59:48.0111 4036 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
16:59:48.0177 4036 ebdrv - ok
16:59:48.0359 4036 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
16:59:48.0387 4036 elxstor - ok
16:59:48.0461 4036 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
16:59:48.0463 4036 ErrDev - ok
16:59:48.0529 4036 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
16:59:48.0533 4036 exfat - ok
16:59:48.0554 4036 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
16:59:48.0560 4036 fastfat - ok
16:59:48.0591 4036 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
16:59:48.0593 4036 fdc - ok
16:59:48.0622 4036 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
16:59:48.0625 4036 FileInfo - ok
16:59:48.0649 4036 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
16:59:48.0652 4036 Filetrace - ok
16:59:48.0721 4036 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
16:59:48.0729 4036 flpydisk - ok
16:59:48.0839 4036 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
16:59:48.0847 4036 FltMgr - ok
16:59:48.0868 4036 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
16:59:48.0870 4036 FsDepends - ok
16:59:48.0895 4036 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
16:59:48.0896 4036 Fs_Rec - ok
16:59:49.0188 4036 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
16:59:49.0194 4036 fvevol - ok
16:59:49.0234 4036 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
16:59:49.0237 4036 gagp30kx - ok
16:59:49.0273 4036 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
16:59:49.0276 4036 hcw85cir - ok
16:59:49.0315 4036 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
16:59:49.0317 4036 HDAudBus - ok
16:59:49.0334 4036 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
16:59:49.0336 4036 HidBatt - ok
16:59:49.0356 4036 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
16:59:49.0359 4036 HidBth - ok
16:59:49.0379 4036 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
16:59:49.0382 4036 HidIr - ok
16:59:49.0484 4036 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
16:59:49.0491 4036 HidUsb - ok
16:59:49.0545 4036 HPFXBULK (dbd2bb97a574fc565b1eb5c0a03f917a) C:\Windows\system32\drivers\hpfx64bulk.sys
16:59:49.0546 4036 HPFXBULK - ok
16:59:49.0578 4036 HPFXFAX (219c2a07fd07023d3905c332bf6f9ba8) C:\Windows\system32\drivers\hpfx64fax.sys
16:59:49.0578 4036 HPFXFAX - ok
16:59:49.0629 4036 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
16:59:49.0637 4036 HpSAMD - ok
16:59:50.0880 4036 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
16:59:51.0580 4036 HTTP - ok
16:59:51.0648 4036 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
16:59:51.0649 4036 hwpolicy - ok
16:59:51.0771 4036 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
16:59:51.0774 4036 i8042prt - ok
16:59:51.0802 4036 iaStor (1d004cb1da6323b1f55caef7f94b61d9) C:\Windows\system32\DRIVERS\iaStor.sys
16:59:51.0805 4036 iaStor - ok
16:59:51.0999 4036 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
16:59:52.0049 4036 iaStorV - ok
16:59:52.0110 4036 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
16:59:52.0118 4036 iirsp - ok
16:59:52.0384 4036 IntcAzAudAddService (bfbabcb231628a4551dbb10d0ea25d62) C:\Windows\system32\drivers\RTKVHD64.sys
16:59:52.0419 4036 IntcAzAudAddService - ok
16:59:52.0449 4036 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
16:59:52.0452 4036 intelide - ok
16:59:52.0503 4036 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
16:59:52.0504 4036 intelppm - ok
16:59:52.0782 4036 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:59:52.0786 4036 IpFilterDriver - ok
16:59:52.0888 4036 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
16:59:52.0896 4036 IPMIDRV - ok
16:59:52.0945 4036 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
16:59:52.0952 4036 IPNAT - ok
16:59:52.0990 4036 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
16:59:52.0994 4036 IRENUM - ok
16:59:53.0053 4036 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
16:59:53.0057 4036 isapnp - ok
16:59:53.0187 4036 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
16:59:53.0192 4036 iScsiPrt - ok
16:59:53.0297 4036 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
16:59:53.0298 4036 kbdclass - ok
16:59:53.0434 4036 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
16:59:53.0437 4036 kbdhid - ok
16:59:53.0537 4036 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
16:59:53.0541 4036 KSecDD - ok
16:59:53.0580 4036 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
16:59:53.0584 4036 KSecPkg - ok
16:59:53.0636 4036 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
16:59:53.0642 4036 ksthunk - ok
16:59:53.0927 4036 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
16:59:54.0063 4036 lltdio - ok
16:59:54.0542 4036 LMIInfo (0317335b15ff3bda8e10197e3434cfc0) C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys
16:59:54.0542 4036 LMIInfo - ok
16:59:54.0630 4036 lmimirr (413ecdcfad9a82804d3674c8d7eec24e) C:\Windows\system32\DRIVERS\lmimirr.sys
16:59:54.0630 4036 lmimirr - ok
16:59:54.0750 4036 LMIRfsClientNP - ok
16:59:54.0781 4036 LMIRfsDriver (c57d3faa50e6f395759ffb7c709bd944) C:\Windows\system32\drivers\LMIRfsDriver.sys
16:59:54.0782 4036 LMIRfsDriver - ok
16:59:54.0876 4036 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
16:59:54.0884 4036 LSI_FC - ok
16:59:54.0897 4036 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
16:59:54.0900 4036 LSI_SAS - ok
16:59:54.0946 4036 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
16:59:54.0952 4036 LSI_SAS2 - ok
16:59:54.0970 4036 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
16:59:54.0972 4036 LSI_SCSI - ok
16:59:55.0029 4036 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
16:59:55.0034 4036 luafv - ok
16:59:55.0101 4036 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
16:59:55.0108 4036 megasas - ok
16:59:55.0142 4036 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
16:59:55.0155 4036 MegaSR - ok
16:59:55.0378 4036 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
16:59:55.0380 4036 Modem - ok
16:59:55.0424 4036 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
16:59:55.0424 4036 monitor - ok
16:59:55.0515 4036 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
16:59:55.0515 4036 mouclass - ok
16:59:55.0547 4036 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
16:59:55.0553 4036 mouhid - ok
16:59:55.0670 4036 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
16:59:55.0672 4036 mountmgr - ok
16:59:55.0938 4036 MpFilter (c177a7ebf5e8a0b596f618870516cab8) C:\Windows\system32\DRIVERS\MpFilter.sys
16:59:55.0939 4036 MpFilter - ok
16:59:56.0027 4036 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
16:59:56.0061 4036 mpio - ok
16:59:56.0136 4036 MpNWMon (8fbf6b31fe8af1833d93c5913d5b4d55) C:\Windows\system32\DRIVERS\MpNWMon.sys
16:59:56.0140 4036 MpNWMon - ok
16:59:56.0240 4036 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
16:59:56.0243 4036 mpsdrv - ok
16:59:56.0351 4036 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
16:59:56.0357 4036 MRxDAV - ok
16:59:56.0449 4036 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
16:59:56.0456 4036 mrxsmb - ok
16:59:56.0594 4036 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:59:56.0598 4036 mrxsmb10 - ok
16:59:56.0669 4036 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:59:56.0673 4036 mrxsmb20 - ok
16:59:56.0754 4036 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
16:59:56.0758 4036 msahci - ok
16:59:56.0805 4036 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
16:59:56.0808 4036 msdsm - ok
16:59:56.0854 4036 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
16:59:56.0857 4036 Msfs - ok
16:59:56.0925 4036 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
16:59:56.0931 4036 mshidkmdf - ok
16:59:57.0022 4036 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
16:59:57.0022 4036 msisadrv - ok
16:59:57.0096 4036 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
16:59:57.0100 4036 MSKSSRV - ok
16:59:57.0179 4036 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
16:59:57.0182 4036 MSPCLOCK - ok
16:59:57.0213 4036 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
16:59:57.0216 4036 MSPQM - ok
16:59:57.0277 4036 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
16:59:57.0334 4036 MsRPC - ok
16:59:57.0379 4036 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
16:59:57.0380 4036 mssmbios - ok
16:59:57.0399 4036 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
16:59:57.0401 4036 MSTEE - ok
16:59:57.0425 4036 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
16:59:57.0428 4036 MTConfig - ok
16:59:57.0465 4036 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
16:59:57.0466 4036 Mup - ok
16:59:57.0563 4036 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
16:59:57.0567 4036 NativeWifiP - ok
16:59:57.0730 4036 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
16:59:57.0805 4036 NDIS - ok
16:59:59.0879 4036 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
16:59:59.0931 4036 NdisCap - ok
17:00:00.0047 4036 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
17:00:00.0051 4036 NdisTapi - ok
17:00:00.0221 4036 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
17:00:00.0223 4036 Ndisuio - ok
17:00:00.0886 4036 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
17:00:00.0892 4036 NdisWan - ok
17:00:00.0937 4036 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
17:00:00.0943 4036 NDProxy - ok
17:00:01.0138 4036 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
17:00:01.0141 4036 NetBIOS - ok
17:00:01.0238 4036 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
17:00:01.0256 4036 NetBT - ok
17:00:01.0344 4036 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
17:00:01.0346 4036 nfrd960 - ok
17:00:01.0401 4036 NisDrv (5f7d72cbcdd025af1f38fdeee5646968) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
17:00:01.0403 4036 NisDrv - ok
17:00:01.0437 4036 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
17:00:01.0439 4036 Npfs - ok
17:00:01.0463 4036 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
17:00:01.0464 4036 nsiproxy - ok
17:00:01.0888 4036 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
17:00:01.0946 4036 Ntfs - ok
17:00:02.0130 4036 NuidFltr (d4012918d3a3847b44b888d56bc095d6) C:\Windows\system32\DRIVERS\NuidFltr.sys
17:00:02.0134 4036 NuidFltr - ok
17:00:02.0224 4036 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
17:00:02.0234 4036 Null - ok
17:00:02.0952 4036 nvlddmkm (51bd7ef17f0b525994ad5b3748c8288b) C:\Windows\system32\DRIVERS\nvlddmkm.sys
17:00:03.0015 4036 nvlddmkm - ok
17:00:03.0094 4036 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
17:00:03.0098 4036 nvraid - ok
17:00:03.0135 4036 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
17:00:03.0139 4036 nvstor - ok
17:00:03.0195 4036 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
17:00:03.0199 4036 nv_agp - ok
17:00:03.0223 4036 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
17:00:03.0229 4036 ohci1394 - ok
17:00:03.0310 4036 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
17:00:03.0317 4036 Parport - ok
17:00:03.0454 4036 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
17:00:03.0458 4036 partmgr - ok
17:00:03.0768 4036 PCD5SRVC{8AAF211B-043E02A9-05040000} (7204f835a4355d1ab2853e57c9ff177c) C:\Program Files\PC-Doctor for Windows\pcd5srvc_x64.pkms
17:00:04.0164 4036 PCD5SRVC{8AAF211B-043E02A9-05040000} - ok
17:00:04.0232 4036 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
17:00:04.0238 4036 pci - ok
17:00:04.0299 4036 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
17:00:04.0301 4036 pciide - ok
17:00:04.0329 4036 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
17:00:04.0333 4036 pcmcia - ok
17:00:04.0356 4036 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
17:00:04.0356 4036 pcw - ok
17:00:04.0385 4036 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
17:00:04.0395 4036 PEAUTH - ok
17:00:04.0845 4036 Point64 (4f0878fd62d5f7444c5f1c4c66d9d293) C:\Windows\system32\DRIVERS\point64.sys
17:00:04.0846 4036 Point64 - ok
17:00:05.0006 4036 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
17:00:05.0010 4036 PptpMiniport - ok
17:00:05.0037 4036 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
17:00:05.0044 4036 Processor - ok
17:00:05.0109 4036 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
17:00:05.0111 4036 Psched - ok
17:00:05.0224 4036 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
17:00:05.0264 4036 ql2300 - ok
17:00:05.0305 4036 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
17:00:05.0308 4036 ql40xx - ok
17:00:05.0328 4036 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
17:00:05.0330 4036 QWAVEdrv - ok
17:00:05.0351 4036 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
17:00:05.0353 4036 RasAcd - ok
17:00:05.0392 4036 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
17:00:05.0394 4036 RasAgileVpn - ok
17:00:05.0415 4036 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
17:00:05.0418 4036 Rasl2tp - ok
17:00:05.0440 4036 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
17:00:05.0443 4036 RasPppoe - ok
17:00:05.0469 4036 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
17:00:05.0472 4036 RasSstp - ok
17:00:05.0500 4036 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
17:00:05.0505 4036 rdbss - ok
17:00:05.0526 4036 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
17:00:05.0528 4036 rdpbus - ok
17:00:05.0548 4036 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
17:00:05.0548 4036 RDPCDD - ok
17:00:05.0585 4036 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
17:00:05.0588 4036 RDPDR - ok
17:00:05.0605 4036 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
17:00:05.0605 4036 RDPENCDD - ok
17:00:05.0638 4036 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
17:00:05.0639 4036 RDPREFMP - ok
17:00:05.0667 4036 RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys
17:00:05.0669 4036 RdpVideoMiniport - ok
17:00:05.0704 4036 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
17:00:05.0710 4036 RDPWD - ok
17:00:05.0733 4036 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
17:00:05.0757 4036 rdyboost - ok
17:00:05.0974 4036 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
17:00:05.0978 4036 rspndr - ok
17:00:06.0066 4036 RTL8167 (abcb5a38a0d85bdf69b7877e1ad1eed5) C:\Windows\system32\DRIVERS\Rt64win7.sys
17:00:06.0070 4036 RTL8167 - ok
17:00:06.0113 4036 RTL8169 (8b91737da75add21cb1554b38089196a) C:\Windows\system32\DRIVERS\Rtlh64.sys
17:00:06.0117 4036 RTL8169 - ok
17:00:06.0144 4036 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
17:00:06.0147 4036 s3cap - ok
17:00:06.0187 4036 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
17:00:06.0190 4036 sbp2port - ok
17:00:06.0220 4036 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
17:00:06.0228 4036 scfilter - ok
17:00:06.0268 4036 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
17:00:06.0269 4036 secdrv - ok
17:00:06.0307 4036 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
17:00:06.0309 4036 Serenum - ok
17:00:06.0330 4036 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
17:00:06.0333 4036 Serial - ok
17:00:06.0361 4036 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
17:00:06.0363 4036 sermouse - ok
17:00:06.0394 4036 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
17:00:06.0405 4036 sffdisk - ok
17:00:06.0422 4036 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
17:00:06.0424 4036 sffp_mmc - ok
17:00:06.0436 4036 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
17:00:06.0438 4036 sffp_sd - ok
17:00:06.0478 4036 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
17:00:06.0480 4036 sfloppy - ok
17:00:06.0524 4036 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
17:00:06.0526 4036 SiSRaid2 - ok
17:00:06.0542 4036 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
17:00:06.0546 4036 SiSRaid4 - ok
17:00:06.0570 4036 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
17:00:06.0572 4036 Smb - ok
17:00:06.0614 4036 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
17:00:06.0615 4036 spldr - ok
17:00:06.0681 4036 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
17:00:06.0689 4036 srv - ok
17:00:06.0714 4036 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
17:00:06.0720 4036 srv2 - ok
17:00:06.0743 4036 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
17:00:06.0752 4036 srvnet - ok
17:00:06.0790 4036 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
17:00:06.0793 4036 stexstor - ok
17:00:06.0829 4036 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
17:00:06.0830 4036 storflt - ok
17:00:06.0866 4036 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
17:00:06.0871 4036 storvsc - ok
17:00:06.0903 4036 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
17:00:06.0904 4036 swenum - ok
17:00:06.0945 4036 Synth3dVsc - ok
17:00:07.0065 4036 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
17:00:07.0099 4036 Tcpip - ok
17:00:07.0155 4036 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
17:00:07.0167 4036 TCPIP6 - ok
17:00:07.0240 4036 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
17:00:07.0250 4036 tcpipreg - ok
17:00:07.0296 4036 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
17:00:07.0298 4036 TDPIPE - ok
17:00:07.0315 4036 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
17:00:07.0317 4036 TDTCP - ok
17:00:07.0351 4036 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
17:00:07.0357 4036 tdx - ok
17:00:07.0496 4036 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
17:00:07.0497 4036 TermDD - ok
17:00:07.0566 4036 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
17:00:07.0567 4036 tssecsrv - ok
17:00:07.0614 4036 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
17:00:07.0618 4036 TsUsbFlt - ok
17:00:07.0631 4036 tsusbhub - ok
17:00:07.0698 4036 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
17:00:07.0701 4036 tunnel - ok
17:00:07.0826 4036 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
17:00:07.0831 4036 uagp35 - ok
17:00:07.0926 4036 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
17:00:07.0931 4036 udfs - ok
17:00:07.0974 4036 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
17:00:07.0978 4036 uliagpkx - ok
17:00:08.0026 4036 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
17:00:08.0028 4036 umbus - ok
17:00:08.0046 4036 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
17:00:08.0048 4036 UmPass - ok
17:00:08.0083 4036 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
17:00:08.0086 4036 usbccgp - ok
17:00:08.0117 4036 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
17:00:08.0120 4036 usbcir - ok
17:00:08.0150 4036 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
17:00:08.0151 4036 usbehci - ok
17:00:08.0173 4036 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
17:00:08.0179 4036 usbhub - ok
17:00:08.0201 4036 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
17:00:08.0203 4036 usbohci - ok
17:00:08.0296 4036 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
17:00:08.0302 4036 usbprint - ok
17:00:08.0343 4036 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
17:00:08.0346 4036 usbscan - ok
17:00:08.0361 4036 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\drivers\USBSTOR.SYS
17:00:08.0362 4036 USBSTOR - ok
17:00:08.0381 4036 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys
17:00:08.0394 4036 usbuhci - ok
17:00:08.0443 4036 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
17:00:08.0444 4036 vdrvroot - ok
17:00:08.0624 4036 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
17:00:08.0626 4036 vga - ok
17:00:08.0674 4036 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
17:00:08.0676 4036 VgaSave - ok
17:00:08.0686 4036 VGPU - ok
17:00:08.0728 4036 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
17:00:08.0733 4036 vhdmp - ok
17:00:08.0767 4036 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
17:00:08.0768 4036 viaide - ok
17:00:08.0788 4036 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
17:00:08.0792 4036 vmbus - ok
17:00:08.0803 4036 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
17:00:08.0804 4036 VMBusHID - ok
17:00:08.0840 4036 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
17:00:08.0842 4036 volmgr - ok
17:00:08.0882 4036 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
17:00:08.0887 4036 volmgrx - ok
17:00:08.0914 4036 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
17:00:08.0918 4036 volsnap - ok
17:00:08.0950 4036 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
17:00:08.0953 4036 vsmraid - ok
17:00:08.0976 4036 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
17:00:08.0977 4036 vwifibus - ok
17:00:09.0009 4036 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
17:00:09.0011 4036 vwififlt - ok
17:00:09.0050 4036 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
17:00:09.0051 4036 vwifimp - ok
17:00:09.0097 4036 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
17:00:09.0100 4036 WacomPen - ok
17:00:09.0129 4036 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
17:00:09.0131 4036 WANARP - ok
17:00:09.0136 4036 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
17:00:09.0137 4036 Wanarpv6 - ok
17:00:09.0192 4036 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
17:00:09.0194 4036 Wd - ok
17:00:09.0804 4036 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
17:00:10.0133 4036 Wdf01000 - ok
17:00:10.0282 4036 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
17:00:10.0332 4036 WfpLwf - ok
17:00:10.0369 4036 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
17:00:10.0373 4036 WIMMount - ok
17:00:10.0484 4036 WinDriver6 (4de7d61cf51f4c8261d119cfbdb70243) C:\Windows\system32\DRIVERS\Windrvr6.sys
17:00:10.0525 4036 WinDriver6 - ok
17:00:10.0649 4036 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
17:00:10.0651 4036 WmiAcpi - ok
17:00:10.0692 4036 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
17:00:10.0697 4036 ws2ifsl - ok
17:00:10.0873 4036 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
17:00:10.0878 4036 WudfPf - ok
17:00:11.0037 4036 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
17:00:11.0040 4036 WUDFRd - ok
17:00:11.0201 4036 {55662437-DA8C-40c0-AADA-2C816A897A49} (15cc7077d2dc28776cd430ecabbffd66) c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl
17:00:11.0202 4036 {55662437-DA8C-40c0-AADA-2C816A897A49} - ok
17:00:11.0236 4036 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
17:00:11.0243 4036 \Device\Harddisk0\DR0 - ok
17:00:11.0295 4036 Boot (0x1200) (a8d8438622f6b3e1e129d85cbfc41744) \Device\Harddisk0\DR0\Partition0
17:00:11.0306 4036 \Device\Harddisk0\DR0\Partition0 - ok
17:00:11.0400 4036 Boot (0x1200) (d9e67fec285ec3a8b1c71334878df602) \Device\Harddisk0\DR0\Partition1
17:00:11.0403 4036 \Device\Harddisk0\DR0\Partition1 - ok
17:00:11.0404 4036 ============================================================
17:00:11.0404 4036 Scan finished
17:00:11.0404 4036 ============================================================
17:00:11.0416 2316 Detected object count: 0
17:00:11.0416 2316 Actual detected object count: 0
17:00:20.0237 3496 Deinitialize success

#4 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:04:30 PM

Posted 20 November 2011 - 08:02 PM

Hi,

do you have any linux experience and/or a linux live-cd at hand?

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#5 axiomkc

axiomkc
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:08:30 AM

Posted 20 November 2011 - 09:38 PM

I don't have a linux live cd at hand, but could make one if needed. I do have a bartpe boot cd.

#6 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:04:30 PM

Posted 21 November 2011 - 06:16 PM

Hi,

I am not familiar with BartPE. If you are however, that should be no problem. I would like to create an MBR dump of your hard drive from the CD. If you know how to do this with BartPE, that is perfect.

Else please follow these instructions:Try this please. You will need a USB drive.

Download http://unetbootin.sourceforge.net/unetbootin-xpud-windows-latest.exe & http://noahdfear.net/downloads/bootable/xPUD/xpud-0.9.2.iso to the desktop of your clean computer
  • Insert your USB drive
  • Press Start > My Computer > right click your USB drive > choose Format > Quick format
  • Double click the unetbootin-xpud-windows-387.exe that you just downloaded
  • Press Run then OK
  • It will install a little bootable OS on your USB
  • After it has completed do not choose to reboot the clean computer simply close the installer
  • Download xPUDtestdisk.exe and save it to the USB device
  • Double click xPUDtestdisk.exe to extract the contents to your USB device
  • Remove the USB and insert it in the sick computer
  • Boot the Sick computer
  • Press F12 and choose to boot from the USB
  • Follow the prompts
  • A Welcome to xPUD screen will appear
  • Press File
  • Expand mnt
  • sda1,2...usually corresponds to your HDD
  • sdb1 is likely your USB
  • Press Tool at the top
  • Choose Open Terminal
  • Type in: dd if=/dev/sda of=MBRbackup.zip bs=512 count=1 and hit Enter.

MBRbackup.zip should be created on your flash drive, please attach it to your next reply.

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#7 axiomkc

axiomkc
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:08:30 AM

Posted 22 November 2011 - 02:31 PM

The following sequence is not creating a bootable USB. I get the following error:
BOOTMGR is missing

•Double click the unetbootin-xpud-windows-387.exe that you just downloaded
•Press Run then OK
•It will install a little bootable OS on your USB

Do I need to do anything with the .iso that was downloaded?

Edited by axiomkc, 22 November 2011 - 02:31 PM.


#8 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:04:30 PM

Posted 22 November 2011 - 03:31 PM

Hi,

uhm .. yes. :hysterical: Not sure what happened there.

When you launch the ubooting file, you can select which source to use for creating the flash drive. Instead of selecting the first option, which will download the iso from the internet, select the second optoin of navigating to the file on your hard drive. Chose the iso and create the flash drive, let me know if that works.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#9 axiomkc

axiomkc
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:08:30 AM

Posted 22 November 2011 - 10:24 PM

I am attaching a couple different files.

This part of your instructions seemed to be missing a step or two.

•Press File
•Expand mnt
•sda1,2...usually corresponds to your HDD
•sdb1 is likely your USB
• Press Tool at the top
• Choose Open Terminal
•Type in: dd if=/dev/sda of=MBRbackup.zip bs=512 count=1 and hit Enter.

Wasn't sure which folder I was suppposed to select. Also wasn't sure if the command line should say just "sda" or "sda1" for my hdd.
Hopefully this gets you what you need.

Attached Files



#10 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:04:30 PM

Posted 23 November 2011 - 03:49 AM

Hi,

ok, this is shows that you have been infected with a new strain of TDL4 that creates its own partition. Before I change anything, can you tell me if your Windows is on sda1 or sda2?

Please also run the following command from within xpud: parted -l. Let me know what it displayed.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#11 axiomkc

axiomkc
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:08:30 AM

Posted 23 November 2011 - 10:14 AM

Windows is on sda1. Recovery is sda2.

#12 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:04:30 PM

Posted 23 November 2011 - 04:24 PM

Hi,

any issues with the parted -l command? What did it display?

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#13 axiomkc

axiomkc
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:08:30 AM

Posted 28 November 2011 - 10:03 AM

Incorrect post - disregard

Edited by axiomkc, 28 November 2011 - 10:07 AM.


#14 axiomkc

axiomkc
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:08:30 AM

Posted 28 November 2011 - 10:03 AM

Incorrect post - disregard

Attached Files


Edited by axiomkc, 28 November 2011 - 10:08 AM.


#15 axiomkc

axiomkc
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:08:30 AM

Posted 28 November 2011 - 10:03 AM

I took a screen shot of the parted command and attached it.

Partition Table: msdos

Number Start End Size Type File system Flags
1 32.3kB 736GB 736GB primary ntfs
2 736GB 750GB 14.2GB primary ntfs
3 750GB 750GB 1950KB primary ntfs boot, hidden

Edited by axiomkc, 28 November 2011 - 10:05 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users