Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google redirects virus and IE running in the background


  • This topic is locked This topic is locked
17 replies to this topic

#1 jfiddy

jfiddy

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:28 PM

Posted 16 November 2011 - 10:18 PM

When i search on google.com i usually get redirected to various sites such as get-answers-fast and hxxp://63.209.69.107 which I believe is Scour.
I also noticed that iexplore.exe is running in the background even after i shut down the browser I can hear ads running. When I check task manager, iexplore.exe keeps showing up even after I end the task. I need help in cleaning this out of my system. Thanks

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29
Run by Joe at 21:15:11 on 2011-11-15
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3046.1923 [GMT -6:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\ibmpmsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\WUDFHost.exe
C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k WbioSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\svchost.exe -k NetworkService
C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
C:\Windows\system32\AEADISRV.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\DRIVERS\xaudio.exe
c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\sppsvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
\\?\C:\Windows\system32\wbem\WMIADAP.EXE
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\REGSVR32.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.chron.com/
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [TPHOTKEY] c:\program files\lenovo\hotkey\TPOSDSVC.exe
mRun: [PSQLLauncher] "c:\program files\thinkvantage fingerprint software\launcher.exe" /startup
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon
mRun: [IJNetworkScanUtility] c:\program files\canon\canon ij network scan utility\CNMNSUT.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Logitech Download Assistant] c:\windows\system32\rundll32.exe c:\windows\system32\LogiLDA.dll,LogiFetch
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to &Evernote - c:\program files\evernote\evernote3.5\enbar.dll/2000
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~1\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office12\REFIEBAR.DLL
IE: {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - {BC0E0A5D-AB5A-4fa4-A5FA-280E1D58EEEE} - c:\program files\evernote\evernote3.5\enbar.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://gateway.slb.com/dana-cached/sc/JuniperSetupClient.cab
TCP: DhcpNameServer = 75.75.76.76 75.75.75.75
TCP: Interfaces\{AE38783B-3EEA-4245-B990-99429CAA1CBE} : DhcpNameServer = 75.75.76.76 75.75.75.75
TCP: Interfaces\{AE38783B-3EEA-4245-B990-99429CAA1CBE}\0484F6D65623035423 : DhcpNameServer = 68.87.85.102 68.87.69.150 0.0.0.0
TCP: Interfaces\{AE38783B-3EEA-4245-B990-99429CAA1CBE}\07562626C65637 : DhcpNameServer = 192.168.1.254 0.0.0.0 0.0.0.0
TCP: Interfaces\{AE38783B-3EEA-4245-B990-99429CAA1CBE}\4667F6 : DhcpNameServer = 68.87.85.102 68.87.69.150
TCP: Interfaces\{C553278A-7818-4229-9722-30275F4188FB} : DhcpNameServer = 68.87.85.102 68.87.69.150
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: igfxcui - igfxdev.dll
Notify: psfus - c:\program files\thinkvantage fingerprint software\psqlpwd.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
LSA: Notification Packages = scecli c:\program files\thinkvantage fingerprint software\psqlpwd.dll
Hosts: 74.208.10.249 gs.apple.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\joe\appdata\roaming\mozilla\firefox\profiles\50olfud0.default\
FF - prefs.js: browser.search.selectedEngine -
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
.
============= SERVICES / DRIVERS ===============
.
R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\drivers\smiif32.sys [2010-5-21 13480]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165648]
R1 MpKsl300cb892;MpKsl300cb892;c:\programdata\microsoft\microsoft antimalware\definition updates\{ff987ea0-6319-4b4f-8df8-aa062b69cf40}\MpKsl300cb892.sys [2011-11-15 28752]
R1 NEOFLTR_710_17943;Juniper Networks TDI Filter Driver (NEOFLTR_710_17943);c:\windows\system32\drivers\NEOFLTR_710_17943.SYS [2011-8-16 84336]
R2 smihlp;SMI Helper Driver (smihlp);c:\program files\thinkvantage fingerprint software\smihlp.sys [2009-3-13 12560]
R2 TPHKSVC;On Screen Display;c:\program files\lenovo\hotkey\TPHKSVC.exe [2010-5-21 63928]
R3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2010-10-24 65024]
R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2011-4-27 208944]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\lenovo\hotkey\micmute.exe [2010-5-21 44984]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2010-10-24 43392]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-13 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-13 661504]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-6-6 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-5-21 1343400]
.
=============== Created Last 30 ================
.
2011-11-16 03:08:30 28752 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{ff987ea0-6319-4b4f-8df8-aa062b69cf40}\MpKsl300cb892.sys
2011-11-16 03:08:28 56200 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{ff987ea0-6319-4b4f-8df8-aa062b69cf40}\offreg.dll
2011-11-16 02:21:39 6668624 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{ff987ea0-6319-4b4f-8df8-aa062b69cf40}\mpengine.dll
2011-11-14 18:10:08 -------- d-----w- c:\program files\Synaptics
2011-11-14 18:08:19 -------- d-----w- c:\program files\CONEXANT
2011-11-14 18:07:35 -------- d-----w- c:\program files\Analog Devices
2011-11-14 17:58:42 277504 ----a-w- c:\windows\system32\CNMLMA5.DLL
2011-11-14 16:32:16 -------- d-sh--w- C:\$RECYCLE.BIN
2011-11-14 16:32:01 -------- d-----w- c:\users\joe\appdata\local\temp
2011-11-13 05:46:20 -------- d-----w- c:\users\joe\appdata\roaming\FF554
2011-11-13 05:45:54 -------- d-----w- c:\users\joe\appdata\roaming\98FFF
2011-11-13 05:45:39 -------- d-----w- c:\users\joe\appdata\roaming\LZZqqhYCwkU
2011-11-13 05:45:39 -------- d-----w- c:\users\joe\appdata\roaming\g4aamHH6sWJ7ELg
2011-11-13 05:45:32 -------- d-----w- c:\users\joe\appdata\roaming\ArzzPNNyxA1uS2b
2011-11-13 05:45:31 -------- d-----w- c:\users\joe\appdata\roaming\NgRZ99hYXwj
2011-11-13 05:45:30 -------- d-----w- c:\users\joe\appdata\roaming\k0AA1iivD2o
2011-11-11 18:08:06 -------- d-----w- c:\users\joe\.shsh
2011-11-11 13:34:03 -------- d-----w- c:\program files\iPod
2011-11-11 13:34:02 -------- d-----w- c:\program files\iTunes
2011-11-11 13:31:31 -------- d-----w- c:\program files\Bonjour
2011-11-09 04:02:34 1290608 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-09 04:02:33 708608 ----a-w- c:\program files\common files\system\wab32.dll
2011-11-09 04:02:31 2341888 ----a-w- c:\windows\system32\win32k.sys
2011-11-08 05:06:56 -------- d-----w- c:\program files\MALWAREBYTES ANTI-MALWARE
2011-11-07 20:11:38 -------- d-----w- c:\users\joe\appdata\roaming\AVG2012
2011-11-07 20:10:25 -------- d-----w- c:\programdata\AVG2012
.
==================== Find3M ====================
.
2011-11-16 02:56:25 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-03 11:06:03 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-09-01 02:35:59 1798144 ----a-w- c:\windows\system32\jscript9.dll
2011-09-01 02:28:15 1126912 ----a-w- c:\windows\system32\wininet.dll
2011-09-01 02:22:54 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-08-31 05:05:04 83816 ----a-w- c:\windows\system32\dns-sd.exe
2011-08-31 05:05:04 73064 ----a-w- c:\windows\system32\dnssd.dll
2011-08-27 04:26:27 571904 ----a-w- c:\windows\system32\oleaut32.dll
2011-08-27 04:26:27 233472 ----a-w- c:\windows\system32\oleacc.dll
.
============= FINISH: 21:21:50.86 ===============

Attached Files

  • Attached File  DDS.txt   13.83KB   1 downloads

Edited by Orange Blossom, 17 November 2011 - 04:53 AM.
Deactivated link. ~ OB


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:28 PM

Posted 19 November 2011 - 02:32 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.
  • Do not run any other tool untill instructed to do so!


Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 jfiddy

jfiddy
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:28 PM

Posted 19 November 2011 - 01:28 PM

Gringo,

I scanned the pc and the symptoms are still there. Google search gets redirected and I also noticed iexplore.exe running in the background.
I did however notice something else, i believe the background URL has to do with www.Mevio.com as I sometimes see a long URL with it flashing on my desktop. That could be the advertisement noise im hearing in the background. Thanks for your help. -jT


ComboFix 11-11-19.03 - Joe 11/19/2011 9:32.4.2 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3046.1702 [GMT -6:00]
Running from: c:\users\Joe\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Joe\AppData\Roaming\98FFF
c:\users\Joe\AppData\Roaming\98FFF\5A1E8.exe
c:\users\Joe\AppData\Roaming\98FFF\F554.8FF
.
.
((((((((((((((((((((((((( Files Created from 2011-10-19 to 2011-11-19 )))))))))))))))))))))))))))))))
.
.
2011-11-19 16:02 . 2011-11-19 16:03 -------- d-----w- c:\users\Joe\AppData\Local\temp
2011-11-19 16:02 . 2011-11-19 16:02 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-11-19 09:05 . 2011-11-19 09:05 28752 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1A10C21F-F898-4E74-8FF3-C1A694941842}\MpKsl0d763d35.sys
2011-11-19 09:05 . 2011-11-19 09:05 56200 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1A10C21F-F898-4E74-8FF3-C1A694941842}\offreg.dll
2011-11-19 09:05 . 2011-10-07 03:48 6668624 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1A10C21F-F898-4E74-8FF3-C1A694941842}\mpengine.dll
2011-11-14 18:10 . 2011-11-14 18:10 -------- d-----w- c:\program files\Synaptics
2011-11-14 18:08 . 2011-11-14 18:08 -------- d-----w- c:\program files\CONEXANT
2011-11-14 18:07 . 2011-11-14 18:07 -------- d-----w- c:\program files\Analog Devices
2011-11-14 18:06 . 2011-11-14 18:06 -------- d-----w- c:\program files\Microsoft Silverlight
2011-11-14 17:58 . 2010-05-16 11:00 277504 ----a-w- c:\windows\system32\CNMLMA5.DLL
2011-11-14 17:38 . 2011-11-14 17:38 -------- d-----w- c:\program files\Common Files\Java
2011-11-13 05:46 . 2011-11-13 05:46 -------- d-----w- c:\users\Joe\AppData\Roaming\FF554
2011-11-13 05:45 . 2011-11-13 05:45 -------- d-----w- c:\users\Joe\AppData\Roaming\LZZqqhYCwkU
2011-11-13 05:45 . 2011-11-13 05:45 -------- d-----w- c:\users\Joe\AppData\Roaming\g4aamHH6sWJ7ELg
2011-11-13 05:45 . 2011-11-13 05:45 -------- d-----w- c:\users\Joe\AppData\Roaming\ArzzPNNyxA1uS2b
2011-11-13 05:45 . 2011-11-13 13:18 -------- d-----w- c:\users\Joe\AppData\Roaming\NgRZ99hYXwj
2011-11-13 05:45 . 2011-11-13 05:45 -------- d-----w- c:\users\Joe\AppData\Roaming\k0AA1iivD2o
2011-11-11 18:08 . 2011-11-11 18:08 -------- d-----w- c:\users\Joe\.shsh
2011-11-11 13:34 . 2011-11-11 13:34 -------- d-----w- c:\program files\iPod
2011-11-11 13:34 . 2011-11-11 13:34 -------- d-----w- c:\program files\iTunes
2011-11-11 13:31 . 2011-11-11 13:31 -------- d-----w- c:\program files\Bonjour
2011-11-11 13:11 . 2011-11-11 13:11 -------- d-----w- c:\program files\Apple Software Update
2011-11-09 04:02 . 2011-09-29 16:03 1290608 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-09 04:02 . 2011-10-01 04:37 708608 ----a-w- c:\program files\Common Files\System\wab32.dll
2011-11-09 04:02 . 2011-09-29 03:37 2341888 ----a-w- c:\windows\system32\win32k.sys
2011-11-08 05:06 . 2011-11-08 05:06 -------- d-----w- c:\program files\MALWAREBYTES ANTI-MALWARE
2011-11-07 20:11 . 2011-11-07 20:11 -------- d-----w- c:\users\Joe\AppData\Roaming\AVG2012
2011-11-07 20:10 . 2011-11-11 13:07 -------- d-----w- c:\programdata\AVG2012
2011-11-07 17:14 . 2011-11-07 17:14 -------- d-----w- c:\windows\Sun
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-16 02:56 . 2011-10-13 01:57 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-12 04:32 . 2011-10-12 04:32 703824 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2137E06A-2CE7-4D11-84D5-D9ED1D775160}\gapaengine.dll
2011-10-07 03:48 . 2011-06-17 04:20 6668624 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-10-03 11:06 . 2010-05-21 17:14 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-09-01 02:35 . 2011-10-14 13:46 1798144 ----a-w- c:\windows\system32\jscript9.dll
2011-09-01 02:28 . 2011-10-14 13:46 1126912 ----a-w- c:\windows\system32\wininet.dll
2011-09-01 02:22 . 2011-10-14 13:46 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-08-31 05:05 . 2011-08-31 05:05 83816 ----a-w- c:\windows\system32\dns-sd.exe
2011-08-31 05:05 . 2011-08-31 05:05 73064 ----a-w- c:\windows\system32\dnssd.dll
2011-08-27 04:26 . 2011-10-14 03:47 571904 ----a-w- c:\windows\system32\oleaut32.dll
2011-08-27 04:26 . 2011-10-14 03:47 233472 ----a-w- c:\windows\system32\oleacc.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-27 30040]
"TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2009-12-21 69568]
"PSQLLauncher"="c:\program files\ThinkVantage Fingerprint Software\launcher.exe" [2010-04-02 55048]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-11-02 2508104]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2009-09-04 767312]
"IJNetworkScanUtility"="c:\program files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe" [2009-09-28 140640]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2010-11-04 1246544]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-08-31 1047208]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-10-10 421736]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2009-05-18 1314816]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-08-06 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-08-06 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-08-06 150552]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-04-23 1725736]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2010-04-02 20:46 100104 ----a-w- c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R1 MpKsl10fe1f41;MpKsl10fe1f41;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{12AE1D9E-1504-4E5F-A14B-3BE616C70A66}\MpKsl10fe1f41.sys [x]
R1 MpKsl6ef3a0c0;MpKsl6ef3a0c0;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{742BE26D-59B6-433D-A2B2-C4944D7B6044}\MpKsl6ef3a0c0.sys [x]
R1 MpKsl84bfd378;MpKsl84bfd378;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8ABA20CD-9D6B-40FC-B82C-323F556CFF2C}\MpKsl84bfd378.sys [x]
R1 MpKslc1ee3f7e;MpKslc1ee3f7e;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6ECD4AB5-DE4B-4885-AD09-8FF1C73D7A91}\MpKslc1ee3f7e.sys [x]
R1 MpKslc9224a7b;MpKslc9224a7b;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{12AE1D9E-1504-4E5F-A14B-3BE616C70A66}\MpKslc9224a7b.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [2009-11-17 44984]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 65024]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 208944]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-21 1343400]
S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiif32.sys [2008-05-12 13480]
S1 MpKsl0d763d35;MpKsl0d763d35;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1A10C21F-F898-4E74-8FF3-C1A694941842}\MpKsl0d763d35.sys [2011-11-19 28752]
S1 NEOFLTR_710_17943;Juniper Networks TDI Filter Driver (NEOFLTR_710_17943);c:\windows\system32\Drivers\NEOFLTR_710_17943.SYS [2011-03-16 84336]
S2 smihlp;SMI Helper Driver (smihlp);c:\program files\ThinkVantage Fingerprint Software\smihlp.sys [2009-03-13 12560]
S2 TPHKSVC;On Screen Display;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [2010-01-18 63928]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 43392]
S3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
S3 uwldypow;uwldypow;c:\users\Joe\AppData\Local\Temp\uwldypow.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPKSL0D763D35
*NewlyCreated* - UWLDYPOW
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.chron.com/
uInternet Settings,ProxyOverride = *.local
IE: Add to &Evernote - c:\program files\Evernote\Evernote3.5\enbar.dll/2000
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 75.75.76.76 75.75.75.75
FF - ProfilePath - c:\users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\50olfud0.default\
FF - prefs.js: browser.search.selectedEngine -
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(524)
c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll
c:\program files\ThinkVantage Fingerprint Software\homefus2.dll
c:\program files\ThinkVantage Fingerprint Software\infql2.dll
.
Completion time: 2011-11-19 10:18:12
ComboFix-quarantined-files.txt 2011-11-19 16:18
.
Pre-Run: 100,434,087,936 bytes free
Post-Run: 100,454,887,424 bytes free
.
- - End Of File - - 7939142FE718703F9E145F7864F62C16

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:28 PM

Posted 19 November 2011 - 01:57 PM

Greetings

Good That cleaned up some bad guys but I see some other stuff that we need to go after, so I want you to run this custom script for me.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

KillAll::

Folder::
c:\users\Joe\AppData\Roaming\FF554
c:\users\Joe\AppData\Roaming\LZZqqhYCwkU
c:\users\Joe\AppData\Roaming\g4aamHH6sWJ7ELg
c:\users\Joe\AppData\Roaming\ArzzPNNyxA1uS2b
c:\users\Joe\AppData\Roaming\NgRZ99hYXwj
c:\users\Joe\AppData\Roaming\k0AA1iivD2o


Driver::
uwldypow

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 jfiddy

jfiddy
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:28 PM

Posted 19 November 2011 - 07:02 PM

Gringo,

So far google redirects looks to be fixed. I really appreciate the help with that one.

As for the Mevio.com ads running in the background, I still see iexplore.exe in my task manager eating up lots of bandwidth even after i end the tasks, it shows up minutes later and I haven't launched IE in awhile. Thanks for all your help.

-jt

ComboFix 11-11-19.04 - Joe 11/19/2011 16:19:34.5.2 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3046.1917 [GMT -6:00]
Running from: c:\users\Joe\Desktop\ComboFix.exe
Command switches used :: c:\users\Joe\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Joe\AppData\Roaming\ArzzPNNyxA1uS2b
c:\users\Joe\AppData\Roaming\FF554
c:\users\Joe\AppData\Roaming\FF554\lvvm.exe
c:\users\Joe\AppData\Roaming\g4aamHH6sWJ7ELg
c:\users\Joe\AppData\Roaming\k0AA1iivD2o
c:\users\Joe\AppData\Roaming\LZZqqhYCwkU
c:\users\Joe\AppData\Roaming\LZZqqhYCwkU\AV Security 2012.ico
c:\users\Joe\AppData\Roaming\NgRZ99hYXwj
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_UWLDYPOW
-------\Service_COMSysApp
-------\Service_uwldypow
.
.
((((((((((((((((((((((((( Files Created from 2011-10-19 to 2011-11-19 )))))))))))))))))))))))))))))))
.
.
2011-11-19 22:50 . 2011-11-19 23:04 -------- d-----w- c:\users\Joe\AppData\Local\temp
2011-11-19 22:50 . 2011-11-19 22:50 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-11-19 09:05 . 2011-11-19 09:05 28752 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1A10C21F-F898-4E74-8FF3-C1A694941842}\MpKsl0d763d35.sys
2011-11-19 09:05 . 2011-11-19 22:53 56200 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1A10C21F-F898-4E74-8FF3-C1A694941842}\offreg.dll
2011-11-19 09:05 . 2011-10-07 03:48 6668624 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1A10C21F-F898-4E74-8FF3-C1A694941842}\mpengine.dll
2011-11-14 18:10 . 2011-11-14 18:10 -------- d-----w- c:\program files\Synaptics
2011-11-14 18:08 . 2011-11-14 18:08 -------- d-----w- c:\program files\CONEXANT
2011-11-14 18:07 . 2011-11-14 18:07 -------- d-----w- c:\program files\Analog Devices
2011-11-14 18:06 . 2011-11-14 18:06 -------- d-----w- c:\program files\Microsoft Silverlight
2011-11-14 17:58 . 2010-05-16 11:00 277504 ----a-w- c:\windows\system32\CNMLMA5.DLL
2011-11-14 17:38 . 2011-11-14 17:38 -------- d-----w- c:\program files\Common Files\Java
2011-11-11 18:08 . 2011-11-11 18:08 -------- d-----w- c:\users\Joe\.shsh
2011-11-11 13:34 . 2011-11-11 13:34 -------- d-----w- c:\program files\iPod
2011-11-11 13:34 . 2011-11-11 13:34 -------- d-----w- c:\program files\iTunes
2011-11-11 13:31 . 2011-11-11 13:31 -------- d-----w- c:\program files\Bonjour
2011-11-11 13:11 . 2011-11-11 13:11 -------- d-----w- c:\program files\Apple Software Update
2011-11-09 04:02 . 2011-09-29 16:03 1290608 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-09 04:02 . 2011-10-01 04:37 708608 ----a-w- c:\program files\Common Files\System\wab32.dll
2011-11-09 04:02 . 2011-09-29 03:37 2341888 ----a-w- c:\windows\system32\win32k.sys
2011-11-08 05:06 . 2011-11-08 05:06 -------- d-----w- c:\program files\MALWAREBYTES ANTI-MALWARE
2011-11-07 20:11 . 2011-11-07 20:11 -------- d-----w- c:\users\Joe\AppData\Roaming\AVG2012
2011-11-07 20:10 . 2011-11-11 13:07 -------- d-----w- c:\programdata\AVG2012
2011-11-07 17:14 . 2011-11-07 17:14 -------- d-----w- c:\windows\Sun
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-16 02:56 . 2011-10-13 01:57 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-12 04:32 . 2011-10-12 04:32 703824 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2137E06A-2CE7-4D11-84D5-D9ED1D775160}\gapaengine.dll
2011-10-07 03:48 . 2011-06-17 04:20 6668624 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-10-03 11:06 . 2010-05-21 17:14 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-09-01 02:35 . 2011-10-14 13:46 1798144 ----a-w- c:\windows\system32\jscript9.dll
2011-09-01 02:28 . 2011-10-14 13:46 1126912 ----a-w- c:\windows\system32\wininet.dll
2011-09-01 02:22 . 2011-10-14 13:46 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-08-31 05:05 . 2011-08-31 05:05 83816 ----a-w- c:\windows\system32\dns-sd.exe
2011-08-31 05:05 . 2011-08-31 05:05 73064 ----a-w- c:\windows\system32\dnssd.dll
2011-08-27 04:26 . 2011-10-14 03:47 571904 ----a-w- c:\windows\system32\oleaut32.dll
2011-08-27 04:26 . 2011-10-14 03:47 233472 ----a-w- c:\windows\system32\oleacc.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-11-19_16.04.22 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-14 04:55 . 2011-11-19 23:05 47712 c:\windows\System32\wdi\BootPerformanceDiagnostics_SystemData.bin
- 2010-05-21 15:31 . 2011-11-14 16:55 9928 c:\windows\System32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-841237986-147307934-1649426125-1000_UserData.bin
+ 2010-05-21 15:31 . 2011-11-19 23:05 9928 c:\windows\System32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-841237986-147307934-1649426125-1000_UserData.bin
- 2011-11-16 03:08 . 2011-11-16 03:08 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-11-16 03:08 . 2011-11-19 22:53 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-11-16 03:08 . 2011-11-16 03:08 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-11-16 03:08 . 2011-11-19 22:53 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-05-21 17:05 . 2011-11-19 21:25 328374 c:\windows\System32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2009-07-14 02:05 . 2011-11-19 22:57 629182 c:\windows\System32\perfh009.dat
- 2009-07-14 02:05 . 2011-11-16 03:14 629182 c:\windows\System32\perfh009.dat
+ 2009-07-14 02:05 . 2011-11-19 22:57 108366 c:\windows\System32\perfc009.dat
- 2009-07-14 02:05 . 2011-11-16 03:14 108366 c:\windows\System32\perfc009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-27 30040]
"TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2009-12-21 69568]
"PSQLLauncher"="c:\program files\ThinkVantage Fingerprint Software\launcher.exe" [2010-04-02 55048]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-11-02 2508104]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2009-09-04 767312]
"IJNetworkScanUtility"="c:\program files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe" [2009-09-28 140640]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2010-11-04 1246544]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-08-31 1047208]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-10-10 421736]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2009-05-18 1314816]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-08-06 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-08-06 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-08-06 150552]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-04-23 1725736]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2010-04-02 20:46 100104 ----a-w- c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R1 MpKsl10fe1f41;MpKsl10fe1f41;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{12AE1D9E-1504-4E5F-A14B-3BE616C70A66}\MpKsl10fe1f41.sys [x]
R1 MpKsl6ef3a0c0;MpKsl6ef3a0c0;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{742BE26D-59B6-433D-A2B2-C4944D7B6044}\MpKsl6ef3a0c0.sys [x]
R1 MpKsl84bfd378;MpKsl84bfd378;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8ABA20CD-9D6B-40FC-B82C-323F556CFF2C}\MpKsl84bfd378.sys [x]
R1 MpKslc1ee3f7e;MpKslc1ee3f7e;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6ECD4AB5-DE4B-4885-AD09-8FF1C73D7A91}\MpKslc1ee3f7e.sys [x]
R1 MpKslc9224a7b;MpKslc9224a7b;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{12AE1D9E-1504-4E5F-A14B-3BE616C70A66}\MpKslc9224a7b.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [2009-11-17 44984]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 43392]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 65024]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 208944]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-21 1343400]
S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiif32.sys [2008-05-12 13480]
S1 MpKsl0d763d35;MpKsl0d763d35;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1A10C21F-F898-4E74-8FF3-C1A694941842}\MpKsl0d763d35.sys [2011-11-19 28752]
S1 NEOFLTR_710_17943;Juniper Networks TDI Filter Driver (NEOFLTR_710_17943);c:\windows\system32\Drivers\NEOFLTR_710_17943.SYS [2011-03-16 84336]
S2 smihlp;SMI Helper Driver (smihlp);c:\program files\ThinkVantage Fingerprint Software\smihlp.sys [2009-03-13 12560]
S2 TPHKSVC;On Screen Display;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [2010-01-18 63928]
S3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
.
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.chron.com/
uInternet Settings,ProxyOverride = *.local
IE: Add to &Evernote - c:\program files\Evernote\Evernote3.5\enbar.dll/2000
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 75.75.76.76 75.75.75.75
FF - ProfilePath - c:\users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\50olfud0.default\
FF - prefs.js: browser.search.selectedEngine -
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(524)
c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll
c:\program files\ThinkVantage Fingerprint Software\homefus2.dll
c:\program files\ThinkVantage Fingerprint Software\infql2.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ibmpmsvc.exe
c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
c:\program files\ThinkVantage Fingerprint Software\upeksvr.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\AEADISRV.EXE
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Juniper Networks\Common Files\dsNcService.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\program files\Internet Explorer\iexplore.exe
.
**************************************************************************
.
Completion time: 2011-11-19 17:19:45 - machine was rebooted
ComboFix-quarantined-files.txt 2011-11-19 23:19
ComboFix2.txt 2011-11-19 16:18
.
Pre-Run: 99,588,960,256 bytes free
Post-Run: 99,655,577,600 bytes free
.
- - End Of File - - 043E69719279285944DF9F2868AD93D8

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:28 PM

Posted 19 November 2011 - 11:22 PM

Hello

This is the tool I would like you to try and run next.

Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.



Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 jfiddy

jfiddy
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:28 PM

Posted 21 November 2011 - 11:41 PM

Hi Gringo,

I was unable to run the aswMBR.exe from my desktop. I tried running it in safe mode with networking as well but when i double clicked it did nothing.
Are there alternate ways to run this.

-jT

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:28 PM

Posted 22 November 2011 - 08:09 AM

Hello

I want you to run this tool for me next.

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 jfiddy

jfiddy
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:28 PM

Posted 22 November 2011 - 10:34 PM

Logs for TDSSKiller.exe

21:28:17.0297 1592 TDSS rootkit removing tool 2.6.20.0 Nov 22 2011 12:05:55
21:28:17.0708 1592 ============================================================
21:28:17.0708 1592 Current date / time: 2011/11/22 21:28:17.0708
21:28:17.0708 1592 SystemInfo:
21:28:17.0708 1592
21:28:17.0708 1592 OS Version: 6.1.7601 ServicePack: 1.0
21:28:17.0708 1592 Product type: Workstation
21:28:17.0708 1592 ComputerName: JOE-PC
21:28:17.0708 1592 UserName: Joe
21:28:17.0708 1592 Windows directory: C:\Windows
21:28:17.0708 1592 System windows directory: C:\Windows
21:28:17.0708 1592 Processor architecture: Intel x86
21:28:17.0708 1592 Number of processors: 2
21:28:17.0708 1592 Page size: 0x1000
21:28:17.0708 1592 Boot type: Normal boot
21:28:17.0708 1592 ============================================================
21:28:19.0010 1592 Initialize success
21:28:28.0895 2524 ============================================================
21:28:28.0895 2524 Scan started
21:28:28.0895 2524 Mode: Manual;
21:28:28.0895 2524 ============================================================
21:28:32.0002 2524 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
21:28:32.0002 2524 1394ohci - ok
21:28:32.0072 2524 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
21:28:32.0082 2524 ACPI - ok
21:28:32.0132 2524 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
21:28:32.0132 2524 AcpiPmi - ok
21:28:32.0202 2524 ADIHdAudAddService (6c61bceb60c2c187e6f96001fd69493e) C:\Windows\system32\drivers\ADIHdAud.sys
21:28:32.0212 2524 ADIHdAudAddService - ok
21:28:32.0302 2524 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
21:28:32.0302 2524 adp94xx - ok
21:28:32.0322 2524 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
21:28:32.0332 2524 adpahci - ok
21:28:32.0362 2524 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
21:28:32.0362 2524 adpu320 - ok
21:28:32.0442 2524 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
21:28:32.0452 2524 AFD - ok
21:28:32.0492 2524 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
21:28:32.0492 2524 agp440 - ok
21:28:32.0542 2524 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
21:28:32.0542 2524 aic78xx - ok
21:28:32.0602 2524 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
21:28:32.0602 2524 aliide - ok
21:28:32.0622 2524 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
21:28:32.0622 2524 amdagp - ok
21:28:32.0652 2524 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
21:28:32.0652 2524 amdide - ok
21:28:32.0712 2524 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
21:28:32.0712 2524 AmdK8 - ok
21:28:32.0742 2524 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
21:28:32.0742 2524 AmdPPM - ok
21:28:32.0802 2524 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
21:28:32.0802 2524 amdsata - ok
21:28:32.0852 2524 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
21:28:32.0852 2524 amdsbs - ok
21:28:32.0882 2524 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
21:28:32.0882 2524 amdxata - ok
21:28:32.0942 2524 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
21:28:32.0942 2524 AppID - ok
21:28:33.0042 2524 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
21:28:33.0042 2524 arc - ok
21:28:33.0062 2524 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
21:28:33.0062 2524 arcsas - ok
21:28:33.0112 2524 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
21:28:33.0112 2524 AsyncMac - ok
21:28:33.0142 2524 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
21:28:33.0142 2524 atapi - ok
21:28:33.0212 2524 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
21:28:33.0222 2524 b06bdrv - ok
21:28:33.0262 2524 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
21:28:33.0262 2524 b57nd60x - ok
21:28:33.0322 2524 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
21:28:33.0332 2524 Beep - ok
21:28:33.0412 2524 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
21:28:33.0412 2524 blbdrive - ok
21:28:33.0482 2524 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
21:28:33.0482 2524 bowser - ok
21:28:33.0512 2524 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
21:28:33.0512 2524 BrFiltLo - ok
21:28:33.0522 2524 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
21:28:33.0522 2524 BrFiltUp - ok
21:28:33.0573 2524 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
21:28:33.0573 2524 Brserid - ok
21:28:33.0603 2524 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
21:28:33.0603 2524 BrSerWdm - ok
21:28:33.0633 2524 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
21:28:33.0633 2524 BrUsbMdm - ok
21:28:33.0653 2524 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
21:28:33.0653 2524 BrUsbSer - ok
21:28:33.0683 2524 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
21:28:33.0683 2524 BTHMODEM - ok
21:28:33.0833 2524 catchme - ok
21:28:33.0893 2524 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
21:28:33.0893 2524 cdfs - ok
21:28:33.0953 2524 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\drivers\cdrom.sys
21:28:33.0953 2524 cdrom - ok
21:28:33.0993 2524 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
21:28:33.0993 2524 circlass - ok
21:28:34.0043 2524 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
21:28:34.0043 2524 CLFS - ok
21:28:34.0153 2524 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
21:28:34.0153 2524 CmBatt - ok
21:28:34.0193 2524 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
21:28:34.0193 2524 cmdide - ok
21:28:34.0233 2524 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
21:28:34.0243 2524 CNG - ok
21:28:34.0283 2524 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
21:28:34.0283 2524 Compbatt - ok
21:28:34.0353 2524 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
21:28:34.0353 2524 CompositeBus - ok
21:28:34.0423 2524 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
21:28:34.0423 2524 crcdisk - ok
21:28:34.0526 2524 CSC (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys
21:28:34.0536 2524 CSC - ok
21:28:34.0616 2524 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
21:28:34.0616 2524 DfsC - ok
21:28:34.0636 2524 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
21:28:34.0636 2524 discache - ok
21:28:34.0696 2524 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
21:28:34.0696 2524 Disk - ok
21:28:34.0766 2524 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
21:28:34.0766 2524 drmkaud - ok
21:28:34.0816 2524 dsNcAdpt (b2c3f71b86e25c3df78339ddb40a7562) C:\Windows\system32\DRIVERS\dsNcAdpt.sys
21:28:34.0816 2524 dsNcAdpt - ok
21:28:34.0886 2524 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
21:28:34.0896 2524 DXGKrnl - ok
21:28:34.0966 2524 e1express (cf0a6015f437161698c5b2a0a12cf052) C:\Windows\system32\DRIVERS\e1e6032.sys
21:28:34.0966 2524 e1express - ok
21:28:35.0126 2524 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
21:28:35.0226 2524 ebdrv - ok
21:28:35.0316 2524 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
21:28:35.0316 2524 elxstor - ok
21:28:35.0346 2524 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
21:28:35.0346 2524 ErrDev - ok
21:28:35.0396 2524 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
21:28:35.0406 2524 exfat - ok
21:28:35.0436 2524 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
21:28:35.0446 2524 fastfat - ok
21:28:35.0486 2524 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
21:28:35.0486 2524 fdc - ok
21:28:35.0546 2524 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
21:28:35.0546 2524 FileInfo - ok
21:28:35.0596 2524 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
21:28:35.0596 2524 Filetrace - ok
21:28:35.0626 2524 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
21:28:35.0626 2524 flpydisk - ok
21:28:35.0646 2524 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
21:28:35.0646 2524 FltMgr - ok
21:28:35.0706 2524 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
21:28:35.0706 2524 FsDepends - ok
21:28:35.0726 2524 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
21:28:35.0726 2524 Fs_Rec - ok
21:28:35.0776 2524 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
21:28:35.0776 2524 fvevol - ok
21:28:35.0816 2524 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
21:28:35.0816 2524 gagp30kx - ok
21:28:35.0846 2524 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
21:28:35.0846 2524 GEARAspiWDM - ok
21:28:35.0886 2524 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
21:28:35.0886 2524 hcw85cir - ok
21:28:35.0966 2524 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
21:28:35.0966 2524 HdAudAddService - ok
21:28:35.0986 2524 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
21:28:35.0986 2524 HDAudBus - ok
21:28:36.0016 2524 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
21:28:36.0016 2524 HidBatt - ok
21:28:36.0056 2524 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
21:28:36.0056 2524 HidBth - ok
21:28:36.0116 2524 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
21:28:36.0116 2524 HidIr - ok
21:28:36.0206 2524 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\drivers\hidusb.sys
21:28:36.0206 2524 HidUsb - ok
21:28:36.0258 2524 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
21:28:36.0258 2524 HpSAMD - ok
21:28:36.0358 2524 HSF_DPV (7bc42c65b5c6281777c1a7605b253ba8) C:\Windows\system32\DRIVERS\HSX_DPV.sys
21:28:36.0388 2524 HSF_DPV - ok
21:28:36.0438 2524 HSXHWAZL (9ebf2d102ccbb6bcdfbf1b7922f8ba2e) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
21:28:36.0438 2524 HSXHWAZL - ok
21:28:36.0498 2524 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
21:28:36.0498 2524 HTTP - ok
21:28:36.0538 2524 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
21:28:36.0538 2524 hwpolicy - ok
21:28:36.0608 2524 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
21:28:36.0608 2524 i8042prt - ok
21:28:36.0688 2524 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
21:28:36.0688 2524 iaStorV - ok
21:28:36.0728 2524 IBMPMDRV (bf648877413f6160e480814a24942b65) C:\Windows\system32\DRIVERS\ibmpmdrv.sys
21:28:36.0728 2524 IBMPMDRV - ok
21:28:36.0948 2524 igfx (1f50623259df354776df04c56504a2d7) C:\Windows\system32\DRIVERS\igdkmd32.sys
21:28:37.0078 2524 igfx - ok
21:28:37.0138 2524 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
21:28:37.0138 2524 iirsp - ok
21:28:37.0178 2524 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
21:28:37.0178 2524 intelide - ok
21:28:37.0218 2524 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
21:28:37.0218 2524 intelppm - ok
21:28:37.0248 2524 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:28:37.0248 2524 IpFilterDriver - ok
21:28:37.0318 2524 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
21:28:37.0318 2524 IPMIDRV - ok
21:28:37.0348 2524 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
21:28:37.0348 2524 IPNAT - ok
21:28:37.0408 2524 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
21:28:37.0408 2524 IRENUM - ok
21:28:37.0458 2524 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
21:28:37.0458 2524 isapnp - ok
21:28:37.0610 2524 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
21:28:37.0610 2524 iScsiPrt - ok
21:28:37.0680 2524 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys
21:28:37.0690 2524 kbdclass - ok
21:28:37.0720 2524 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys
21:28:37.0720 2524 kbdhid - ok
21:28:37.0770 2524 KSecDD (412cea1aa78cc02a447f5c9e62b32ff1) C:\Windows\system32\Drivers\ksecdd.sys
21:28:37.0770 2524 KSecDD - ok
21:28:37.0810 2524 KSecPkg (26c046977e85b95036453d7b88ba1820) C:\Windows\system32\Drivers\ksecpkg.sys
21:28:37.0810 2524 KSecPkg - ok
21:28:37.0892 2524 lenovo.smi (3c3f7f424e324c6971632c5de5ff458f) C:\Windows\system32\DRIVERS\smiif32.sys
21:28:37.0892 2524 lenovo.smi - ok
21:28:37.0946 2524 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
21:28:37.0947 2524 lltdio - ok
21:28:37.0994 2524 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
21:28:38.0004 2524 LSI_FC - ok
21:28:38.0034 2524 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
21:28:38.0034 2524 LSI_SAS - ok
21:28:38.0061 2524 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
21:28:38.0062 2524 LSI_SAS2 - ok
21:28:38.0076 2524 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
21:28:38.0076 2524 LSI_SCSI - ok
21:28:38.0136 2524 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
21:28:38.0136 2524 luafv - ok
21:28:38.0206 2524 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
21:28:38.0206 2524 mdmxsdk - ok
21:28:38.0226 2524 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
21:28:38.0226 2524 megasas - ok
21:28:38.0276 2524 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
21:28:38.0276 2524 MegaSR - ok
21:28:38.0307 2524 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
21:28:38.0307 2524 Modem - ok
21:28:38.0328 2524 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
21:28:38.0328 2524 monitor - ok
21:28:38.0378 2524 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\drivers\mouclass.sys
21:28:38.0378 2524 mouclass - ok
21:28:38.0432 2524 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
21:28:38.0433 2524 mouhid - ok
21:28:38.0470 2524 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
21:28:38.0471 2524 mountmgr - ok
21:28:38.0541 2524 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\Windows\system32\DRIVERS\MpFilter.sys
21:28:38.0543 2524 MpFilter - ok
21:28:38.0572 2524 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
21:28:38.0582 2524 mpio - ok
21:28:38.0682 2524 MpKsl10fe1f41 - ok
21:28:38.0702 2524 MpKsl6ef3a0c0 - ok
21:28:38.0723 2524 MpKsl84bfd378 - ok
21:28:38.0819 2524 MpKsla1e32675 (5f53edfead46fa7adb78eee9ecce8fdf) c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{7CB082FA-23BB-4425-8A65-E2A3D0D00253}\MpKsla1e32675.sys
21:28:38.0820 2524 MpKsla1e32675 - ok
21:28:38.0841 2524 MpKslc1ee3f7e - ok
21:28:38.0846 2524 MpKslc9224a7b - ok
21:28:38.0956 2524 MpNWMon (2c3489660d4a8d514c123c3f0d67df46) C:\Windows\system32\DRIVERS\MpNWMon.sys
21:28:38.0956 2524 MpNWMon - ok
21:28:39.0013 2524 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
21:28:39.0014 2524 mpsdrv - ok
21:28:39.0058 2524 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
21:28:39.0058 2524 MRxDAV - ok
21:28:39.0098 2524 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
21:28:39.0098 2524 mrxsmb - ok
21:28:39.0138 2524 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:28:39.0138 2524 mrxsmb10 - ok
21:28:39.0178 2524 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:28:39.0178 2524 mrxsmb20 - ok
21:28:39.0217 2524 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
21:28:39.0218 2524 msahci - ok
21:28:39.0250 2524 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
21:28:39.0250 2524 msdsm - ok
21:28:39.0300 2524 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
21:28:39.0300 2524 Msfs - ok
21:28:39.0330 2524 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
21:28:39.0330 2524 mshidkmdf - ok
21:28:39.0360 2524 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
21:28:39.0360 2524 msisadrv - ok
21:28:39.0410 2524 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
21:28:39.0410 2524 MSKSSRV - ok
21:28:39.0482 2524 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
21:28:39.0482 2524 MSPCLOCK - ok
21:28:39.0522 2524 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
21:28:39.0522 2524 MSPQM - ok
21:28:39.0552 2524 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
21:28:39.0562 2524 MsRPC - ok
21:28:39.0602 2524 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
21:28:39.0603 2524 mssmbios - ok
21:28:39.0624 2524 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
21:28:39.0624 2524 MSTEE - ok
21:28:39.0636 2524 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
21:28:39.0637 2524 MTConfig - ok
21:28:39.0675 2524 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
21:28:39.0676 2524 Mup - ok
21:28:39.0734 2524 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
21:28:39.0734 2524 NativeWifiP - ok
21:28:39.0804 2524 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
21:28:39.0809 2524 NDIS - ok
21:28:39.0858 2524 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
21:28:39.0859 2524 NdisCap - ok
21:28:39.0906 2524 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
21:28:39.0906 2524 NdisTapi - ok
21:28:39.0978 2524 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
21:28:39.0978 2524 Ndisuio - ok
21:28:40.0018 2524 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
21:28:40.0028 2524 NdisWan - ok
21:28:40.0069 2524 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
21:28:40.0070 2524 NDProxy - ok
21:28:40.0170 2524 NEOFLTR_710_17943 (ef577d3df853da234dfc34335e5d7c1f) C:\Windows\system32\Drivers\NEOFLTR_710_17943.SYS
21:28:40.0170 2524 NEOFLTR_710_17943 - ok
21:28:40.0220 2524 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
21:28:40.0220 2524 NetBIOS - ok
21:28:40.0304 2524 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
21:28:40.0305 2524 NetBT - ok
21:28:40.0504 2524 netw5v32 (58218ec6b61b1169cf54aab0d00f5fe2) C:\Windows\system32\DRIVERS\netw5v32.sys
21:28:40.0624 2524 netw5v32 - ok
21:28:40.0699 2524 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
21:28:40.0700 2524 nfrd960 - ok
21:28:40.0743 2524 NisDrv (7b01c6172cfd0b10116175e09200d4b4) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
21:28:40.0744 2524 NisDrv - ok
21:28:40.0806 2524 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
21:28:40.0806 2524 Npfs - ok
21:28:40.0836 2524 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
21:28:40.0836 2524 nsiproxy - ok
21:28:40.0908 2524 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
21:28:40.0918 2524 Ntfs - ok
21:28:40.0938 2524 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
21:28:40.0938 2524 Null - ok
21:28:41.0008 2524 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
21:28:41.0010 2524 nvraid - ok
21:28:41.0060 2524 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
21:28:41.0060 2524 nvstor - ok
21:28:41.0080 2524 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
21:28:41.0080 2524 nv_agp - ok
21:28:41.0304 2524 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
21:28:41.0304 2524 ohci1394 - ok
21:28:41.0464 2524 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
21:28:41.0464 2524 Parport - ok
21:28:41.0614 2524 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys
21:28:41.0614 2524 partmgr - ok
21:28:41.0686 2524 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
21:28:41.0686 2524 Parvdm - ok
21:28:41.0856 2524 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
21:28:41.0857 2524 pci - ok
21:28:42.0219 2524 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
21:28:42.0220 2524 pciide - ok
21:28:42.0461 2524 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
21:28:42.0463 2524 pcmcia - ok
21:28:42.0705 2524 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
21:28:42.0706 2524 pcw - ok
21:28:42.0798 2524 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
21:28:42.0802 2524 PEAUTH - ok
21:28:42.0898 2524 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
21:28:42.0898 2524 PptpMiniport - ok
21:28:42.0938 2524 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
21:28:42.0938 2524 Processor - ok
21:28:43.0205 2524 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
21:28:43.0206 2524 Psched - ok
21:28:43.0343 2524 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
21:28:43.0370 2524 ql2300 - ok
21:28:43.0786 2524 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
21:28:43.0786 2524 ql40xx - ok
21:28:44.0704 2524 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
21:28:44.0704 2524 QWAVEdrv - ok
21:28:44.0806 2524 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
21:28:44.0816 2524 RasAcd - ok
21:28:44.0876 2524 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
21:28:44.0876 2524 RasAgileVpn - ok
21:28:44.0915 2524 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
21:28:44.0916 2524 Rasl2tp - ok
21:28:44.0941 2524 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
21:28:44.0942 2524 RasPppoe - ok
21:28:44.0978 2524 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
21:28:44.0978 2524 RasSstp - ok
21:28:45.0068 2524 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
21:28:45.0070 2524 rdbss - ok
21:28:45.0312 2524 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
21:28:45.0312 2524 rdpbus - ok
21:28:45.0496 2524 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
21:28:45.0496 2524 RDPCDD - ok
21:28:45.0596 2524 RDPDR (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys
21:28:45.0596 2524 RDPDR - ok
21:28:45.0677 2524 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
21:28:45.0677 2524 RDPENCDD - ok
21:28:45.0687 2524 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
21:28:45.0697 2524 RDPREFMP - ok
21:28:45.0737 2524 RDPWD (288b06960d78428ff89e811632684e20) C:\Windows\system32\drivers\RDPWD.sys
21:28:45.0737 2524 RDPWD - ok
21:28:45.0821 2524 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
21:28:45.0823 2524 rdyboost - ok
21:28:45.0899 2524 rismxdp (6c1f93c0760c9f79a1869d07233df39d) C:\Windows\system32\DRIVERS\rixdptsk.sys
21:28:45.0899 2524 rismxdp - ok
21:28:45.0981 2524 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
21:28:45.0991 2524 rspndr - ok
21:28:46.0031 2524 s3cap (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys
21:28:46.0031 2524 s3cap - ok
21:28:46.0071 2524 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
21:28:46.0071 2524 sbp2port - ok
21:28:46.0131 2524 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
21:28:46.0131 2524 scfilter - ok
21:28:46.0201 2524 sdbus (0328be1c7f1cba23848179f8762e391c) C:\Windows\system32\drivers\sdbus.sys
21:28:46.0211 2524 sdbus - ok
21:28:46.0271 2524 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
21:28:46.0273 2524 secdrv - ok
21:28:46.0333 2524 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
21:28:46.0334 2524 Serenum - ok
21:28:46.0385 2524 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
21:28:46.0385 2524 Serial - ok
21:28:46.0447 2524 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
21:28:46.0448 2524 sermouse - ok
21:28:46.0513 2524 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
21:28:46.0513 2524 sffdisk - ok
21:28:46.0527 2524 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
21:28:46.0527 2524 sffp_mmc - ok
21:28:46.0547 2524 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
21:28:46.0547 2524 sffp_sd - ok
21:28:46.0576 2524 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
21:28:46.0578 2524 sfloppy - ok
21:28:46.0669 2524 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
21:28:46.0669 2524 sisagp - ok
21:28:46.0719 2524 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
21:28:46.0719 2524 SiSRaid2 - ok
21:28:46.0739 2524 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
21:28:46.0739 2524 SiSRaid4 - ok
21:28:46.0789 2524 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
21:28:46.0789 2524 Smb - ok
21:28:46.0879 2524 smihlp (0b9c01236d25bdcb37aa79dc59dfb7d3) C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys
21:28:46.0879 2524 smihlp - ok
21:28:46.0929 2524 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
21:28:46.0930 2524 spldr - ok
21:28:46.0981 2524 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
21:28:46.0981 2524 srv - ok
21:28:47.0066 2524 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
21:28:47.0068 2524 srv2 - ok
21:28:47.0153 2524 SrvHsfHDA (e00fdfaff025e94f9821153750c35a6d) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
21:28:47.0153 2524 SrvHsfHDA - ok
21:28:47.0193 2524 SrvHsfV92 (ceb4e3b6890e1e42dca6694d9e59e1a0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS
21:28:47.0203 2524 SrvHsfV92 - ok
21:28:47.0253 2524 SrvHsfWinac (bc0c7ea89194c299f051c24119000e17) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
21:28:47.0253 2524 SrvHsfWinac - ok
21:28:47.0305 2524 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
21:28:47.0306 2524 srvnet - ok
21:28:47.0355 2524 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
21:28:47.0355 2524 stexstor - ok
21:28:47.0415 2524 storflt (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys
21:28:47.0415 2524 storflt - ok
21:28:47.0455 2524 storvsc (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys
21:28:47.0465 2524 storvsc - ok
21:28:47.0485 2524 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
21:28:47.0485 2524 swenum - ok
21:28:47.0605 2524 SynTP (d7dc30b8b41e7a913c3fccc0631e72ec) C:\Windows\system32\DRIVERS\SynTP.sys
21:28:47.0605 2524 SynTP - ok
21:28:47.0747 2524 Tcpip (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\drivers\tcpip.sys
21:28:47.0757 2524 Tcpip - ok
21:28:47.0829 2524 TCPIP6 (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\DRIVERS\tcpip.sys
21:28:47.0839 2524 TCPIP6 - ok
21:28:47.0889 2524 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
21:28:47.0889 2524 tcpipreg - ok
21:28:47.0929 2524 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
21:28:47.0929 2524 TDPIPE - ok
21:28:47.0949 2524 TDTCP (2c10395baa4847f83042813c515cc289) C:\Windows\system32\drivers\tdtcp.sys
21:28:47.0959 2524 TDTCP - ok
21:28:47.0999 2524 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
21:28:47.0999 2524 tdx - ok
21:28:48.0049 2524 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
21:28:48.0049 2524 TermDD - ok
21:28:48.0171 2524 TPM (5ad05191dc8b444a7ba4d79b76c42a30) C:\Windows\system32\drivers\tpm.sys
21:28:48.0171 2524 TPM - ok
21:28:48.0241 2524 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
21:28:48.0241 2524 tssecsrv - ok
21:28:48.0301 2524 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
21:28:48.0311 2524 TsUsbFlt - ok
21:28:48.0371 2524 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
21:28:48.0371 2524 tunnel - ok
21:28:48.0411 2524 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
21:28:48.0411 2524 uagp35 - ok
21:28:48.0451 2524 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
21:28:48.0451 2524 udfs - ok
21:28:48.0531 2524 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
21:28:48.0531 2524 uliagpkx - ok
21:28:48.0571 2524 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys
21:28:48.0571 2524 umbus - ok
21:28:48.0621 2524 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
21:28:48.0621 2524 UmPass - ok
21:28:48.0672 2524 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
21:28:48.0672 2524 USBAAPL - ok
21:28:48.0712 2524 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\drivers\usbccgp.sys
21:28:48.0712 2524 usbccgp - ok
21:28:48.0742 2524 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
21:28:48.0742 2524 usbcir - ok
21:28:48.0793 2524 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys
21:28:48.0794 2524 usbehci - ok
21:28:48.0884 2524 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
21:28:48.0884 2524 usbhub - ok
21:28:48.0914 2524 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\drivers\usbohci.sys
21:28:48.0914 2524 usbohci - ok
21:28:48.0974 2524 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
21:28:48.0984 2524 usbprint - ok
21:28:49.0256 2524 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
21:28:49.0256 2524 usbscan - ok
21:28:49.0516 2524 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\drivers\USBSTOR.SYS
21:28:49.0516 2524 USBSTOR - ok
21:28:51.0007 2524 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\DRIVERS\usbuhci.sys
21:28:51.0007 2524 usbuhci - ok
21:28:51.0507 2524 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
21:28:51.0507 2524 vdrvroot - ok
21:28:52.0007 2524 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
21:28:52.0007 2524 vga - ok
21:28:52.0477 2524 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
21:28:52.0477 2524 VgaSave - ok
21:28:52.0879 2524 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
21:28:52.0879 2524 vhdmp - ok
21:28:52.0999 2524 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
21:28:52.0999 2524 viaagp - ok
21:28:53.0501 2524 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
21:28:53.0501 2524 ViaC7 - ok
21:28:53.0971 2524 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
21:28:53.0981 2524 viaide - ok
21:28:54.0491 2524 vmbus (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys
21:28:54.0491 2524 vmbus - ok
21:28:54.0974 2524 VMBusHID (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys
21:28:54.0974 2524 VMBusHID - ok
21:28:55.0254 2524 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
21:28:55.0254 2524 volmgr - ok
21:28:55.0364 2524 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
21:28:55.0364 2524 volmgrx - ok
21:28:55.0454 2524 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
21:28:55.0464 2524 volsnap - ok
21:28:55.0594 2524 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
21:28:55.0594 2524 vsmraid - ok
21:28:55.0706 2524 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
21:28:55.0706 2524 vwifibus - ok
21:28:55.0796 2524 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
21:28:55.0806 2524 WacomPen - ok
21:28:55.0898 2524 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
21:28:55.0898 2524 WANARP - ok
21:28:55.0908 2524 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
21:28:55.0908 2524 Wanarpv6 - ok
21:28:56.0040 2524 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
21:28:56.0050 2524 Wd - ok
21:28:56.0150 2524 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
21:28:56.0160 2524 Wdf01000 - ok
21:28:57.0566 2524 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
21:28:57.0566 2524 WfpLwf - ok
21:28:57.0596 2524 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
21:28:57.0596 2524 WIMMount - ok
21:28:57.0648 2524 winachsf (5a77ac34a0ffb70ce8b35b524fede9ba) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
21:28:57.0658 2524 winachsf - ok
21:28:57.0748 2524 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUSB.sys
21:28:57.0748 2524 WinUsb - ok
21:28:57.0810 2524 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
21:28:57.0810 2524 WmiAcpi - ok
21:28:57.0890 2524 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
21:28:57.0891 2524 ws2ifsl - ok
21:28:57.0962 2524 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
21:28:57.0962 2524 WudfPf - ok
21:28:57.0992 2524 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
21:28:57.0992 2524 WUDFRd - ok
21:28:58.0042 2524 XAudio (88af537264f2b818da15479ceeaf5d7c) C:\Windows\system32\DRIVERS\xaudio.sys
21:28:58.0042 2524 XAudio - ok
21:28:58.0112 2524 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
21:28:58.0132 2524 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - infected
21:28:58.0132 2524 \Device\Harddisk0\DR0 - detected Rootkit.Boot.SST.b (0)
21:28:58.0172 2524 Boot (0x1200) (d001f2924970ae8748d55a3124a6ce7e) \Device\Harddisk0\DR0\Partition0
21:28:58.0172 2524 \Device\Harddisk0\DR0\Partition0 - ok
21:28:58.0182 2524 Boot (0x1200) (f81eaf318c1e28ec3e7f0f2e65e8cdea) \Device\Harddisk0\DR0\Partition1
21:28:58.0182 2524 \Device\Harddisk0\DR0\Partition1 - ok
21:28:58.0182 2524 ============================================================
21:28:58.0182 2524 Scan finished
21:28:58.0182 2524 ============================================================
21:28:58.0202 4080 Detected object count: 1
21:28:58.0202 4080 Actual detected object count: 1
21:29:17.0603 4080 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - will be cured on reboot
21:29:17.0613 4080 \Device\Harddisk0\DR0 - ok
21:29:17.0613 4080 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - User select action: Cure
21:29:26.0739 3956 Deinitialize success

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:28 PM

Posted 22 November 2011 - 11:44 PM

How are things doing now


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 jfiddy

jfiddy
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:28 PM

Posted 22 November 2011 - 11:57 PM

At this moment it seems to be fixed, no iexplore.exe is showing up and the redirects are gone. I will continue to surf for a few days and see if any of those symptoms show up again. Should i run any additional cleanups?

-jT

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:28 PM

Posted 23 November 2011 - 12:05 AM

Hello

I would ike to see a report that combofix makes.

extra combofix report

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\Add-Remove Programs.txt
  • click ok

copy and paste the report into this topic for me to review

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 jfiddy

jfiddy
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:28 PM

Posted 23 November 2011 - 12:07 AM

Update for Microsoft Office 2007 (KB2508958)
Acrobat.com
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 9.4.6
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Bonjour
Canon IJ Network Scan Utility
Canon IJ Network Tool
Canon MX340 series MP Drivers
Canon MX340 series User Registration
Canon Utilities My Printer
Canon Utilities Solution Menu
CCleaner
Evernote
Intel® Graphics Media Accelerator Driver
Intel® TV Wizard
iTunes
Java Auto Updater
Java™ 6 Update 29
Juniper Networks Network Connect 6.3.0
Juniper Networks Network Connect 6.5.0
Juniper Networks Network Connect 7.1.0
Juniper Networks Secure Application Manager
Juniper Networks Setup Client Activex Control
Juniper Networks, Inc. Setup Client
Lenovo System Interface Driver
Malwarebytes' Anti-Malware version 1.51.2.1300
McAfee Security Scan Plus
Microsoft .NET Framework 4 Client Profile
Microsoft Antimalware
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Mozilla Firefox (3.6.24)
OGA Notifier 2.0.0048.0
On Screen Display
QuickTime
Safari
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
ThinkPad FullScreen Magnifier
ThinkPad Hotkey Features Integration Setup
ThinkPad Modem
ThinkPad Power Management Driver
ThinkPad UltraNav Driver
ThinkVantage Fingerprint Software
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (KB2596560)
WinRAR archiver
Yahoo! Detect

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:28 PM

Posted 23 November 2011 - 12:12 AM

These logs are looking alot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

1. click on start
2. then go to settings
3. after that you need control panel
4. look for the icon add/remove programs
click on the following programs

Adobe Reader 9.4.6

and click on remove

Update Adobe Reader

Recently there have been vunerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

If you don't like Adobe Reader (53 MB), you can download Foxit PDF Reader(7 MB) from here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.

Note: When installing FoxitReader, be carefull not to install anything to do with AskBar.
[/list]

Your Java is out of date.

It can be updated by the Java control panel
  • click on Start-> Control Panel (Classic View)-> Java (looks like a coffee cup) -> Update Tab -> Update Now.
  • An update should begin;
  • follow the prompts

TFC(Temp File Cleaner):

  • Please download TFC to your desktop,
  • Save any unsaved work. TFC will close all open application windows.
  • Double-click TFC.exe to run the program.
  • If prompted, click "Yes" to reboot.
Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. Only if needed will you be prompted to reboot.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 jfiddy

jfiddy
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:28 PM

Posted 27 November 2011 - 11:16 AM

Below are my hijackthis and MBAM files.

- I removed and updated adobe reader
- updated java
- Ran TFC
- Ran MBAM

So far the pc seems to be running properly. Thanks, I really appreciate the help. LMK if there are any additional steps I need to do

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:11:16 AM, on 11/27/2011
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Windows\System32\rundll32.exe
C:\Windows\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\taskmgr.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.chron.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\ThinkVantage Fingerprint Software\launcher.exe" /startup
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [IJNetworkScanUtility] C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Logitech Download Assistant] C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - Global Startup: McAfee Security Scan Plus.lnk = ?
O8 - Extra context menu item: Add to &Evernote - res://C:\Program Files\Evernote\Evernote3.5\enbar.dll/2000
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files\Evernote\Evernote3.5\enbar.dll
O9 - Extra 'Tools' menuitem: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files\Evernote\Evernote3.5\enbar.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} (JuniperSetupClientControl Class) - https://gateway.slb.com/dana-cached/sc/JuniperSetupClient.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Andrea Electronics Corporation - C:\Windows\system32\AEADISRV.EXE
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Juniper Network Connect Service (dsNcService) - Juniper Networks - C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\Windows\system32\ibmpmsvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lenovo Microphone Mute (LENOVO.MICMUTE) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
O23 - Service: On Screen Display (TPHKSVC) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 6100 bytes


-----------------------------

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8252

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

11/27/2011 10:07:37 AM
mbam-log-2011-11-27 (10-07-37).txt

Scan type: Quick scan
Objects scanned: 159923
Time elapsed: 3 minute(s), 35 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users