Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

PING.exe and corrupt files on C: drive after Blaster infection


  • This topic is locked This topic is locked
19 replies to this topic

#1 MikeMurda

MikeMurda

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:12:12 AM

Posted 19 November 2011 - 04:40 PM

All of the following started after I was infected with the Blaster worm. I removed Blaster using Mbam.

PING.exe is running and using up most of my CPU. I kill it manually through Process Explorer but it restarts itself and a few minutes later I have to kill it again. I'm also getting Google search result redirects in Chrome (but not in Firefox), and random tabs opening to malicious sites in Firefox occasionally.
Also, when I start up my computer, it wants to run Autochk to check the disk for integrity. But it says there are corrupted files on C: and that I should run System Restore. I have to manually skip Autochk in order to get my computer to fully boot up. If I try to run System Restore, I get a message saying there are corrupt files on C: and that I should run Chkdsk on the next start up. So both of these things are telling me to run the other, yet they're both saying they can't run because of corrupt files on C:.
Last night I noticed another issue as well. I use XAMPP to run a local test server to build websites that use Apache & MySQL. I'm not able to access any of my sites on localhost. This worked fine before the Blaster infection. Now if I enter any localhost address into a browser it just endlessly tries to connect to the site and nothing ever happens.

Before seeking help here I ran Mbam, Hitman Pro, Spybod S&D, Prevx, and Anti ZeroAccess.

My original post can be found here: http://www.bleepingcomputer.com/forums/topic428422.html/page__pid__2479518#entry2479518

My DDS log is below:
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_24
Run by Mike at 13:32:01 on 2011-11-19
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.3582.1592 [GMT -6:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Tablet\Pen\Pen_TouchService.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\aestsrv.exe
C:\xampp\apache\bin\httpd.exe
C:\Windows\system32\svchost.exe -k apphost
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\nx0wy19i.default\extensions\startup.service@mozilla.com\svc.exe
C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\Windows\System32\svchost.exe -k ipripsvc
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\xampp\mysql\bin\mysqld.exe
C:\Windows\system32\PnkBstrA.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Windows\System32\tcpsvcs.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Windows\system32\STacSV.exe
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Tablet\Pen\Pen_Tablet.exe
C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Windows\system32\svchost.exe -k iissvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
C:\Program Files\Tablet\Pen\Pen_Tablet.exe
C:\xampp\apache\bin\httpd.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Windows\OEM02Mon.exe
C:\Program Files\Everything\Everything.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\SAMSUNG\Kies\KiesTrayAgent.exe
C:\Program Files\Extensis\Suitcase Fusion 2\FMCore.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\doubleTwist 2.0\DoubleTwist.DeviceHelper.exe
C:\Program Files\SAMSUNG\Kies\External\FirmwareUpdate\KiesPDLR.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Users\Mike\AppData\Local\Programs\Google\MusicManager\MusicManager.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Evernote\Evernote\EvernoteClipper.exe
C:\Program Files\Launchy\Launchy.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\RescueTime\RescueTime.exe
C:\Users\Mike\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Users\Mike\AppData\Local\Nemo Documents\NemoDocs.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Google\Update\1.3.21.79\GoogleCrashHandler.exe
C:\Program Files\Process Explorer\procexp.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Users\Mike\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\System32\ping.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\REGSVR32.exe
C:\Windows\system32\conhost.exe
.
============== Pseudo HJT Report ===============
.
uDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=5080701
uSearch Page = hxxp://searchbox.digsby.com/
uStart Page = hxxp://www.us.hsbc.com/1/2/1/
uWindow Title = Internet Explorer
mDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=5080701
mSearch Page = hxxp://searchbox.digsby.com/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://searchbox.digsby.com/search?q=%s
mSearchAssistant = hxxp://searchbox.digsby.com/ie
mURLSearchHooks: H - No File
BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - c:\program files\techsmith\snagit 9\SnagItBHO.dll
BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - c:\program files\adobe\adobe contribute cs5\plugins\ieplugin\contributeieplugin.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - AskBar BHO
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: PodcastBHO Class: {65134fdf-f8a5-4b3d-91d9-cdf273cfd578} - c:\program files\common files\doubletwist\IEPodcastPlugin.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Google Gears Helper: {e0fefe40-fbf9-42ae-ba58-794ca7e3fb53} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll
TB: Foxit Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} -
TB: Cloudberry Twitter plugin: {844ca498-7e43-4eb9-937f-083da08110be} - mscoree.dll
TB: SnagIt: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - c:\program files\techsmith\snagit 9\SnagItIEAddin.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - c:\program files\adobe\adobe contribute cs5\plugins\ieplugin\contributeieplugin.dll
TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
uRun: [FMCore.exe] "c:\program files\extensis\suitcase fusion 2\FMCore.exe" -standalone
uRun: [Google Update] "c:\users\mike\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [RocketDock] "c:\program files\rocketdock\RocketDock.exe"
uRun: [AdobeBridge]
uRun: [doubleTwist] "c:\program files\doubletwist 2.0\doubleTwist.DeviceHelper.exe"
uRun: [KiesPDLR] c:\program files\samsung\kies\external\firmwareupdate\KiesPDLR.exe
uRun: [MusicManager] "c:\users\mike\appdata\local\programs\google\musicmanager\MusicManager.exe"
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
mRun: [OEM02Mon.exe] c:\windows\OEM02Mon.exe
mRun: [Everything] "c:\program files\everything\Everything.exe" -startup
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [RivaTunerStartupDaemon] "c:\program files\rivatuner v2.24\RivaTunerWrapper.exe" /S
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin
mRun: [AdobeCS5.5ServiceManager] "c:\program files\common files\adobe\cs5.5servicemanager\CS5.5ServiceManager.exe" -launchedbylogin
mRun: [KiesHelper] c:\program files\samsung\kies\KiesHelper.exe /s
mRun: [KiesTrayAgent] c:\program files\samsung\kies\KiesTrayAgent.exe
StartupFolder: c:\users\mike\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\mike\appdata\roaming\dropbox\bin\Dropbox.exe
StartupFolder: c:\users\mike\appdata\roaming\micros~1\windows\startm~1\programs\startup\magicd~1.lnk - c:\program files\magicdisc\MagicDisc.exe
StartupFolder: c:\users\mike\appdata\roaming\micros~1\windows\startm~1\programs\startup\nemodo~1.lnk - c:\users\mike\appdata\local\nemo documents\NemoDocs.exe
StartupFolder: c:\users\mike\appdata\roaming\micros~1\windows\startm~1\programs\startup\rivatu~1.lnk - c:\program files\rivatuner v2.24\RivaTunerWrapper.exe
StartupFolder: c:\users\mike\appdata\roaming\micros~1\windows\startm~1\programs\startup\autoru~1\doomi.lnk - c:\program files\doomi\Doomi.exe
StartupFolder: c:\users\mike\appdata\roaming\micros~1\windows\startm~1\programs\startup\autoru~1\rtmnot~1.lnk - c:\program files\rtmnotifier\RtmNotifier.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\colorv~1.lnk - c:\program files\colorvision\utility\ColorVisionStartup.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\everno~1.lnk - c:\windows\installer\{f761359c-9ced-45ae-9a51-9d6605cd55c4}\Evernote.ico
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\launchy.lnk - c:\program files\launchy\Launchy.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickset.lnk - c:\program files\dell\quickset\quickset.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\rescue~1.lnk - c:\program files\rescuetime\RescueTime.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\autoru~1\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
uPolicies-explorer: HideSCABattery = 0 (0x0)
uPolicies-explorer: HideSCANetwork = 0 (0x0)
uPolicies-explorer: HideSCAVolume = 0 (0x0)
uPolicies-explorer: NoResolveTrack = 0 (0x0)
uPolicies-explorer: NoStartMenuMyGames = 1 (0x1)
uPolicies-explorer: NoStartMenuMyMusic = 1 (0x1)
uPolicies-explorer: NoUserFolderInStartMenu = 0 (0x0)
uPolicies-explorer: StartMenuLogOff = 1 (0x1)
uPolicies-explorer: TaskbarNoThumbnail = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Add to Evernote 4.0 - c:\program files\evernote\evernote\EvernoteIE.dll/204
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://c:\program files\evernote\evernote\EvernoteIE.dll/204
IE: {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - c:\program files\pokerstars.net\PokerStarsUpdate.exe
IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
LSP: mswsock.dll
Trusted Zone: kuaiche.com\software
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{7EFEA5AB-A576-420F-95A8-AB9C1BEA7BC8} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{7EFEA5AB-A576-420F-95A8-AB9C1BEA7BC8}\16474777966696 : NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{7EFEA5AB-A576-420F-95A8-AB9C1BEA7BC8}\16474777966696 : DhcpNameServer = 192.168.5.1
TCP: Interfaces\{7EFEA5AB-A576-420F-95A8-AB9C1BEA7BC8}\2375942554136303 : NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{7EFEA5AB-A576-420F-95A8-AB9C1BEA7BC8}\2375942554136303 : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{7EFEA5AB-A576-420F-95A8-AB9C1BEA7BC8}\255444 : NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{7EFEA5AB-A576-420F-95A8-AB9C1BEA7BC8}\255444 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{7EFEA5AB-A576-420F-95A8-AB9C1BEA7BC8}\35D656C6C696F64747 : DhcpNameServer = 68.87.72.134 68.87.77.134
TCP: Interfaces\{7EFEA5AB-A576-420F-95A8-AB9C1BEA7BC8}\36F6163686 : NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{7EFEA5AB-A576-420F-95A8-AB9C1BEA7BC8}\36F6163686 : DhcpNameServer = 209.103.224.2 209.103.224.3
TCP: Interfaces\{7EFEA5AB-A576-420F-95A8-AB9C1BEA7BC8}\45F657A6F6572737D27657563747 : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{7EFEA5AB-A576-420F-95A8-AB9C1BEA7BC8}\47F657A6F6572737370716D27657563747 : NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{7EFEA5AB-A576-420F-95A8-AB9C1BEA7BC8}\47F657A6F6572737370716D27657563747 : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{7EFEA5AB-A576-420F-95A8-AB9C1BEA7BC8}\7456F62776567237029436560234275616D6027455543545 : NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{7EFEA5AB-A576-420F-95A8-AB9C1BEA7BC8}\7456F62776567237029436560234275616D6027455543545 : DhcpNameServer = 68.87.72.130 68.87.77.130
TCP: Interfaces\{7EFEA5AB-A576-420F-95A8-AB9C1BEA7BC8}\7796E63747F6E63736166656 : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{7EFEA5AB-A576-420F-95A8-AB9C1BEA7BC8}\E4F627478637964656D27657563747 : NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{7EFEA5AB-A576-420F-95A8-AB9C1BEA7BC8}\E4F627478637964656D27657563747 : DhcpNameServer = 208.59.247.45 208.59.247.46
TCP: Interfaces\{8E5CBEF3-FB94-442C-A834-1E909606F943} : NameServer = 8.8.8.8,8.8.4.4
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: intu-help-qb1 - {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - c:\program files\intuit\quickbooks 2008\HelpAsyncPluggableProtocol.dll
Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - c:\program files\intuit\quickbooks 2009\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} -
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll
AppInit_DLLs: avgrsstx.dll
IFEO: taskmgr.exe - "c:\program files\process explorer\PROCEXP.EXE"
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\mike\appdata\roaming\mozilla\firefox\profiles\nx0wy19i.default\
FF - prefs.js: browser.startup.homepage - chrome://speeddial/content/speeddial.xul
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?btnG=Google+Search&q=
FF - prefs.js: network.proxy.type - 0
FF - component: c:\program files\google\google gears\firefox\lib\ff36\gears.dll
FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll
FF - component: c:\users\mike\appdata\roaming\mozilla\firefox\profiles\nx0wy19i.default\extensions\{6ac85730-7d0f-4de0-b3fa-21142dd85326}\platform\winnt\components\ColorZilla.dll
FF - component: c:\users\mike\appdata\roaming\mozilla\firefox\profiles\nx0wy19i.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\winnt_x86-msvc\components\ipc_fireftp.dll
FF - component: c:\users\mike\appdata\roaming\mozilla\firefox\profiles\nx0wy19i.default\extensions\{e0b8c461-f8fb-49b4-8373-fe32e9252800}\platform\winnt_x86-msvc\components\enbar.dll
FF - component: c:\users\mike\appdata\roaming\mozilla\firefox\profiles\nx0wy19i.default\extensions\refractor@developer.mozilla.org\components\prism.dll
FF - component: c:\users\mike\appdata\roaming\mozilla\firefox\profiles\nx0wy19i.default\extensions\support@lastpass.com\platform\winnt_x86-msvc\components\lpxpcom.dll
FF - plugin: c:\program files\common files\doubletwist\NPPodcast.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.2432.1652\npCIDetect14.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.27\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60310.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npigl.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npyaxmpb.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dv.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dvstreaming.dll
FF - plugin: c:\program files\onlive\firefoxplugin\npolgdet.dll
FF - plugin: c:\program files\opera\program\plugins\np_gp.dll
FF - plugin: c:\program files\opera\program\plugins\npdivx32.dll
FF - plugin: c:\program files\opera\program\plugins\npigl.dll
FF - plugin: c:\program files\tabletplugins\npwacom.dll
FF - plugin: c:\program files\veetle\player\npvlc.dll
FF - plugin: c:\program files\veetle\plugins\npVeetle.dll
FF - plugin: c:\program files\veetle\vlcbroadcast\npvbp.dll
FF - plugin: c:\program files\vlc\npvlc.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\programdata\id software\quakelive\npquakezero.dll
FF - plugin: c:\users\mike\appdata\local\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\users\mike\appdata\local\huludesktop\instances\0.9.8.1\nphdplg.dll
FF - plugin: c:\users\mike\appdata\roaming\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\mike\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\windows\system32\wat\npWatWeb.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
============= SERVICES / DRIVERS ===============
.
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-8-12 335240]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-8-12 27784]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-8-12 108552]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2009-6-18 165264]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [2010-12-2 142592]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\AEstSrv.exe [2011-3-28 73728]
R2 Apache2.2;Apache2.2;c:\xampp\apache\bin\httpd.exe [2010-2-24 29416]
R2 Firefox Service;Firefox Service;c:\users\mike\appdata\roaming\mozilla\firefox\profiles\nx0wy19i.default\extensions\startup.service@mozilla.com\svc.exe [2011-8-6 83456]
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\seagate\seagatemanager\sync\FreeAgentService.exe [2009-5-1 181544]
R2 iPodDrv;iPodDrv;c:\windows\system32\drivers\iPodDrv.sys [2011-3-9 6656]
R2 iprip;RIP Listener;c:\windows\system32\svchost.exe -k ipripsvc [2009-7-13 20992]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2011-11-17 1153368]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2011-1-7 378984]
R2 TabletServicePen;TabletServicePen;c:\program files\tablet\pen\Pen_Tablet.exe [2011-4-29 4869488]
R2 TeamViewer5;TeamViewer 5;c:\program files\teamviewer\version5\TeamViewer_Service.exe [2009-12-17 185640]
R2 TouchServicePen;Wacom Consumer Touch Service;c:\program files\tablet\pen\Pen_TouchService.exe [2011-4-29 416112]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-7-15 24652]
R3 DlinkUDSMBus;UDS Master Bus of Kernel USB Software Bus by TCP;c:\windows\system32\drivers\DlinkUDSMBus.sys [2008-8-18 73600]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 14336]
R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [2011-4-29 16240]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate1c8eb8257110c30;Google Update Service (gupdate1c8eb8257110c30);c:\program files\google\update\GoogleUpdate.exe [2008-7-21 133104]
S2 XAMPP;XAMPP Service;c:\xampp\service.exe [2007-12-20 60928]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\drivers\ssadadb.sys [2011-11-16 30312]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 bepldr;BCL easyPDF SDK 5 Loader;c:\program files\common files\bcl technologies\easypdf 5\bepldr.exe [2007-8-22 151552]
S3 cpuz134;cpuz134;c:\program files\cpuid\pc wizard 2010\pcwiz_x32.sys [2010-12-16 20328]
S3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [2011-5-8 20032]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2008-7-21 133104]
S3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.12.2;c:\windows\system32\drivers\libusb0.sys [2010-2-19 32256]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-11-17 41272]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2009-6-18 43392]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2010-10-24 54144]
S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2010-11-11 206360]
S3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\sisoftware\sisoftware sandra lite 2011b\RpcAgentSrv.exe [2010-12-20 93848]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [2011-11-16 121192]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [2011-11-16 12776]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [2011-11-16 136680]
S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-4-26 1343400]
.
=============== Created Last 30 ================
.
2011-11-19 19:23:17 53760 ----a-w- c:\windows\system32\u53vwSos6.com
2011-11-19 01:47:34 56200 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{48c5a5f1-65ff-4f41-b13c-bce8a8a7a7d3}\offreg.dll
2011-11-19 01:47:27 6668624 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{48c5a5f1-65ff-4f41-b13c-bce8a8a7a7d3}\mpengine.dll
2011-11-18 23:04:24 23624 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-11-18 23:03:58 -------- d-----w- c:\programdata\Hitman Pro
2011-11-18 03:37:26 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-11-18 00:14:04 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-11-17 05:20:28 -------- d-----w- c:\users\mike\appdata\local\Programs
2011-11-17 02:52:28 136680 ----a-w- c:\windows\system32\drivers\ssadmdm.sys
2011-11-17 02:52:28 10344 ----a-w- c:\windows\system32\drivers\ssadwhnt.sys
2011-11-17 02:52:28 10344 ----a-w- c:\windows\system32\drivers\ssadwh.sys
2011-11-17 02:52:27 30312 ----a-w- c:\windows\system32\drivers\ssadadb.sys
2011-11-17 02:52:27 12776 ----a-w- c:\windows\system32\drivers\ssadmdfl.sys
2011-11-17 02:52:27 121192 ----a-w- c:\windows\system32\drivers\ssadbus.sys
2011-11-17 02:52:27 10472 ----a-w- c:\windows\system32\drivers\ssadcmnt.sys
2011-11-17 02:52:27 10472 ----a-w- c:\windows\system32\drivers\ssadcm.sys
2011-11-17 02:51:57 12488 ----a-w- c:\windows\system32\drivers\sscdwhnt.sys
2011-11-17 02:51:56 14920 ----a-w- c:\windows\system32\drivers\sscdmdfl.sys
2011-11-17 02:51:56 132424 ----a-w- c:\windows\system32\drivers\sscdmdm.sys
2011-11-17 02:51:56 12616 ----a-w- c:\windows\system32\drivers\sscdcmnt.sys
2011-11-17 02:51:56 104648 ----a-w- c:\windows\system32\drivers\sscdbus.sys
2011-11-16 22:22:38 -------- d-----w- c:\users\mike\appdata\roaming\Malwarebytes
2011-11-16 22:22:24 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-16 22:22:24 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-11-12 22:42:31 -------- d-----w- c:\program files\focus booster
2011-11-10 22:48:01 -------- d-----w- c:\programdata\Phase One
2011-11-04 01:22:38 12616 ----a-w- c:\windows\system32\drivers\sscdcm.sys
2011-11-04 01:22:38 12488 ----a-w- c:\windows\system32\drivers\sscdwh.sys
2011-11-04 01:20:09 -------- d-----w- c:\users\mike\appdata\local\Samsung
2011-11-04 01:18:00 4659712 ----a-w- c:\windows\system32\Redemption.dll
2011-11-04 01:17:40 -------- d-----w- c:\program files\MarkAny
2011-11-04 01:17:02 -------- d-----w- c:\users\mike\appdata\roaming\Samsung
2011-11-02 03:56:02 -------- d--h--w- c:\program files\common files\EAInstaller
2011-11-01 00:41:51 -------- d-----w- c:\users\mike\appdata\roaming\Day 1 Studios
2011-11-01 00:41:36 -------- d-----w- c:\users\mike\appdata\local\SKIDROW
2011-10-31 01:32:51 -------- d-----w- c:\program files\Phase One
.
==================== Find3M ====================
.
2011-11-10 23:39:43 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2010-03-15 17:31:51 4032840 ----a-w- c:\program files\LookInMyPC.exe
2009-12-12 20:02:08 354304 ----a-w- c:\program files\Ultimate Windows Tweaker.exe
2009-03-26 02:36:36 897024 ----a-w- c:\program files\TweaksLogon.exe
2007-10-27 15:49:56 3306341 ----a-w- c:\program files\Simple CSS.exe
2003-06-16 21:23:22 131072 ----a-w- c:\program files\T2DXi.dll
2003-06-16 21:17:50 4317184 ----a-w- c:\program files\Triangle II.dll
2003-06-03 18:33:38 90112 ----a-w- c:\program files\Triangle II.exe
2002-12-17 09:00:00 82253 ----a-w- c:\program files\unins000.exe
2006-05-03 09:06:54 163328 --sha-r- c:\windows\system32\flvDX.dll
2007-02-21 10:47:16 31232 --sha-r- c:\windows\system32\msfDX.dll
2008-03-16 12:30:52 216064 --sha-r- c:\windows\system32\nbDX.dll
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.1.7600 Disk: WDC_WD32 rev.11.0 -> Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x888FEF10]<<
_asm { MOV EAX, [ESP+0x4]; MOV ECX, [EAX+0x28]; PUSH EBP; MOV EBP, [ECX+0x4]; PUSH ESI; MOV ESI, [ESP+0x10]; PUSH EDI; MOV EDI, [ESI+0x60]; MOV AL, [EDI]; CMP AL, 0x16; JNZ 0x36; PUSH ESI; }
1 ntkrnlpa!IofCallDriver[0x83075428] -> \Device\Harddisk0\DR0[0x8781B250]
3 CLASSPNP[0x8CFB459E] -> ntkrnlpa!IofCallDriver[0x83075428] -> [0x888CBEF8]
\Driver\00001713[0x8881B8E8] -> IRP_MJ_CREATE -> 0x888FEF10
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; MOV CX, 0x4; MOV BP, 0x7be; CMP BYTE [BP+0x0], 0x0; }
user != kernel MBR !!!
Warning: possible TDL4 rootkit infection !
TDL4 rootkit infection detected ! Use: "mbr.exe -f" to fix.
.
============= FINISH: 13:39:50.52 ===============

I also ran GMER and I've attached the log file here. While it was running a notice popped up saying that C:\$MFT was corrupted.

Also all the checkboxes were grayed out except for "services", "registry", and "files". They were all unchecked except for these three.

Update: When PING.exe isn't taking up most of the CPU resources, now either IExplore (I never ever use Internet Explorer for web browsing) is or another process I've never seen called u53vwsos6.com is taking up most of the resources. This just started happening. PING.exe is still the culprit some or most of the time though.

Merged 3 posts. ~ OB

Attached Files


Edited by Orange Blossom, 20 November 2011 - 01:29 PM.


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:12 AM

Posted 23 November 2011 - 02:03 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • Please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

In order for me to see the status of the infection I will need a new set of logs to start with.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.

Download DDS:

  • Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

information and logs:

  • In your next post I need the following

  • .logs from DDS
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 MikeMurda

MikeMurda
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:12:12 AM

Posted 23 November 2011 - 01:35 PM

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_24
Run by Mike at 12:21:34 on 2011-11-23
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.3582.1626 [GMT -6:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Tablet\Pen\Pen_TouchService.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\aestsrv.exe
C:\Windows\system32\svchost.exe -k apphost
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\nx0wy19i.default\extensions\startup.service@mozilla.com\svc.exe
C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\Windows\System32\svchost.exe -k ipripsvc
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\xampp\mysql\bin\mysqld.exe
C:\Windows\system32\PnkBstrA.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Windows\System32\tcpsvcs.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Windows\system32\STacSV.exe
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Program Files\Tablet\Pen\Pen_Tablet.exe
C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Windows\system32\svchost.exe -k iissvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
C:\Program Files\Tablet\Pen\Pen_Tablet.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Windows\OEM02Mon.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\Everything\Everything.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files\SAMSUNG\Kies\KiesTrayAgent.exe
C:\Program Files\Extensis\Suitcase Fusion 2\FMCore.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\doubleTwist 2.0\DoubleTwist.DeviceHelper.exe
C:\Program Files\SAMSUNG\Kies\External\FirmwareUpdate\KiesPDLR.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Evernote\Evernote\EvernoteClipper.exe
C:\Program Files\Launchy\Launchy.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Users\Mike\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Program Files\Process Explorer\procexp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Google\Update\1.3.21.79\GoogleCrashHandler.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Users\Mike\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
c:\windows\system32\inetsrv\w3wp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\ping.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\conhost.exe
.
============== Pseudo HJT Report ===============
.
uDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=5080701
uSearch Page = hxxp://searchbox.digsby.com/
uStart Page = hxxp://www.us.hsbc.com/1/2/1/
uWindow Title = Internet Explorer
mDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=5080701
mSearch Page = hxxp://searchbox.digsby.com/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://searchbox.digsby.com/search?q=%s
mSearchAssistant = hxxp://searchbox.digsby.com/ie
mURLSearchHooks: H - No File
BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - c:\program files\techsmith\snagit 9\SnagItBHO.dll
BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - c:\program files\adobe\adobe contribute cs5\plugins\ieplugin\contributeieplugin.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - AskBar BHO
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: PodcastBHO Class: {65134fdf-f8a5-4b3d-91d9-cdf273cfd578} - c:\program files\common files\doubletwist\IEPodcastPlugin.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Google Gears Helper: {e0fefe40-fbf9-42ae-ba58-794ca7e3fb53} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll
TB: Foxit Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} -
TB: Cloudberry Twitter plugin: {844ca498-7e43-4eb9-937f-083da08110be} - mscoree.dll
TB: SnagIt: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - c:\program files\techsmith\snagit 9\SnagItIEAddin.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - c:\program files\adobe\adobe contribute cs5\plugins\ieplugin\contributeieplugin.dll
TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
uRun: [FMCore.exe] "c:\program files\extensis\suitcase fusion 2\FMCore.exe" -standalone
uRun: [Google Update] "c:\users\mike\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [RocketDock] "c:\program files\rocketdock\RocketDock.exe"
uRun: [AdobeBridge]
uRun: [doubleTwist] "c:\program files\doubletwist 2.0\doubleTwist.DeviceHelper.exe"
uRun: [KiesPDLR] c:\program files\samsung\kies\external\firmwareupdate\KiesPDLR.exe
uRun: [MusicManager] "c:\users\mike\appdata\local\programs\google\musicmanager\MusicManager.exe"
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
mRun: [OEM02Mon.exe] c:\windows\OEM02Mon.exe
mRun: [Everything] "c:\program files\everything\Everything.exe" -startup
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [RivaTunerStartupDaemon] "c:\program files\rivatuner v2.24\RivaTunerWrapper.exe" /S
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin
mRun: [AdobeCS5.5ServiceManager] "c:\program files\common files\adobe\cs5.5servicemanager\CS5.5ServiceManager.exe" -launchedbylogin
mRun: [KiesHelper] c:\program files\samsung\kies\KiesHelper.exe /s
mRun: [KiesTrayAgent] c:\program files\samsung\kies\KiesTrayAgent.exe
StartupFolder: c:\users\mike\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\mike\appdata\roaming\dropbox\bin\Dropbox.exe
StartupFolder: c:\users\mike\appdata\roaming\micros~1\windows\startm~1\programs\startup\magicd~1.lnk - c:\program files\magicdisc\MagicDisc.exe
StartupFolder: c:\users\mike\appdata\roaming\micros~1\windows\startm~1\programs\startup\nemodo~1.lnk - c:\users\mike\appdata\local\nemo documents\NemoDocs.exe
StartupFolder: c:\users\mike\appdata\roaming\micros~1\windows\startm~1\programs\startup\rivatu~1.lnk - c:\program files\rivatuner v2.24\RivaTunerWrapper.exe
StartupFolder: c:\users\mike\appdata\roaming\micros~1\windows\startm~1\programs\startup\autoru~1\doomi.lnk - c:\program files\doomi\Doomi.exe
StartupFolder: c:\users\mike\appdata\roaming\micros~1\windows\startm~1\programs\startup\autoru~1\rtmnot~1.lnk - c:\program files\rtmnotifier\RtmNotifier.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\colorv~1.lnk - c:\program files\colorvision\utility\ColorVisionStartup.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\everno~1.lnk - c:\windows\installer\{f761359c-9ced-45ae-9a51-9d6605cd55c4}\Evernote.ico
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\launchy.lnk - c:\program files\launchy\Launchy.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickset.lnk - c:\program files\dell\quickset\quickset.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\rescue~1.lnk - c:\program files\rescuetime\RescueTime.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\autoru~1\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
uPolicies-explorer: HideSCABattery = 0 (0x0)
uPolicies-explorer: HideSCANetwork = 0 (0x0)
uPolicies-explorer: HideSCAVolume = 0 (0x0)
uPolicies-explorer: NoResolveTrack = 0 (0x0)
uPolicies-explorer: NoStartMenuMyGames = 1 (0x1)
uPolicies-explorer: NoStartMenuMyMusic = 1 (0x1)
uPolicies-explorer: NoUserFolderInStartMenu = 0 (0x0)
uPolicies-explorer: StartMenuLogOff = 1 (0x1)
uPolicies-explorer: TaskbarNoThumbnail = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Add to Evernote 4.0 - c:\program files\evernote\evernote\EvernoteIE.dll/204
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://c:\program files\evernote\evernote\EvernoteIE.dll/204
IE: {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - c:\program files\pokerstars.net\PokerStarsUpdate.exe
IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
LSP: mswsock.dll
Trusted Zone: kuaiche.com\software
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{7EFEA5AB-A576-420F-95A8-AB9C1BEA7BC8} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{7EFEA5AB-A576-420F-95A8-AB9C1BEA7BC8}\16474777966696 : NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{7EFEA5AB-A576-420F-95A8-AB9C1BEA7BC8}\16474777966696 : DhcpNameServer = 192.168.5.1
TCP: Interfaces\{7EFEA5AB-A576-420F-95A8-AB9C1BEA7BC8}\2375942554136303 : NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{7EFEA5AB-A576-420F-95A8-AB9C1BEA7BC8}\2375942554136303 : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{7EFEA5AB-A576-420F-95A8-AB9C1BEA7BC8}\255444 : NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{7EFEA5AB-A576-420F-95A8-AB9C1BEA7BC8}\255444 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{7EFEA5AB-A576-420F-95A8-AB9C1BEA7BC8}\35D656C6C696F64747 : DhcpNameServer = 68.87.72.134 68.87.77.134
TCP: Interfaces\{7EFEA5AB-A576-420F-95A8-AB9C1BEA7BC8}\36F6163686 : NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{7EFEA5AB-A576-420F-95A8-AB9C1BEA7BC8}\36F6163686 : DhcpNameServer = 209.103.224.2 209.103.224.3
TCP: Interfaces\{7EFEA5AB-A576-420F-95A8-AB9C1BEA7BC8}\45F657A6F6572737D27657563747 : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{7EFEA5AB-A576-420F-95A8-AB9C1BEA7BC8}\47F657A6F6572737370716D27657563747 : NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{7EFEA5AB-A576-420F-95A8-AB9C1BEA7BC8}\47F657A6F6572737370716D27657563747 : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{7EFEA5AB-A576-420F-95A8-AB9C1BEA7BC8}\7456F62776567237029436560234275616D6027455543545 : NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{7EFEA5AB-A576-420F-95A8-AB9C1BEA7BC8}\7456F62776567237029436560234275616D6027455543545 : DhcpNameServer = 68.87.72.130 68.87.77.130
TCP: Interfaces\{7EFEA5AB-A576-420F-95A8-AB9C1BEA7BC8}\7796E63747F6E63736166656 : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{7EFEA5AB-A576-420F-95A8-AB9C1BEA7BC8}\E4F627478637964656D27657563747 : NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{7EFEA5AB-A576-420F-95A8-AB9C1BEA7BC8}\E4F627478637964656D27657563747 : DhcpNameServer = 208.59.247.45 208.59.247.46
TCP: Interfaces\{8E5CBEF3-FB94-442C-A834-1E909606F943} : NameServer = 8.8.8.8,8.8.4.4
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: intu-help-qb1 - {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - c:\program files\intuit\quickbooks 2008\HelpAsyncPluggableProtocol.dll
Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - c:\program files\intuit\quickbooks 2009\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} -
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll
AppInit_DLLs: avgrsstx.dll
IFEO: taskmgr.exe - "c:\program files\process explorer\PROCEXP.EXE"
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\mike\appdata\roaming\mozilla\firefox\profiles\nx0wy19i.default\
FF - prefs.js: browser.startup.homepage - chrome://speeddial/content/speeddial.xul
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?btnG=Google+Search&q=
FF - prefs.js: network.proxy.type - 0
FF - component: c:\program files\google\google gears\firefox\lib\ff36\gears.dll
FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll
FF - component: c:\users\mike\appdata\roaming\mozilla\firefox\profiles\nx0wy19i.default\extensions\{6ac85730-7d0f-4de0-b3fa-21142dd85326}\platform\winnt\components\ColorZilla.dll
FF - component: c:\users\mike\appdata\roaming\mozilla\firefox\profiles\nx0wy19i.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\winnt_x86-msvc\components\ipc_fireftp.dll
FF - component: c:\users\mike\appdata\roaming\mozilla\firefox\profiles\nx0wy19i.default\extensions\{e0b8c461-f8fb-49b4-8373-fe32e9252800}\platform\winnt_x86-msvc\components\enbar.dll
FF - component: c:\users\mike\appdata\roaming\mozilla\firefox\profiles\nx0wy19i.default\extensions\refractor@developer.mozilla.org\components\prism.dll
FF - component: c:\users\mike\appdata\roaming\mozilla\firefox\profiles\nx0wy19i.default\extensions\support@lastpass.com\platform\winnt_x86-msvc\components\lpxpcom.dll
FF - plugin: c:\program files\common files\doubletwist\NPPodcast.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.2432.1652\npCIDetect14.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.27\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60310.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npigl.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npyaxmpb.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dv.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dvstreaming.dll
FF - plugin: c:\program files\onlive\firefoxplugin\npolgdet.dll
FF - plugin: c:\program files\opera\program\plugins\np_gp.dll
FF - plugin: c:\program files\opera\program\plugins\npdivx32.dll
FF - plugin: c:\program files\opera\program\plugins\npigl.dll
FF - plugin: c:\program files\tabletplugins\npwacom.dll
FF - plugin: c:\program files\veetle\player\npvlc.dll
FF - plugin: c:\program files\veetle\plugins\npVeetle.dll
FF - plugin: c:\program files\veetle\vlcbroadcast\npvbp.dll
FF - plugin: c:\program files\vlc\npvlc.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\programdata\id software\quakelive\npquakezero.dll
FF - plugin: c:\users\mike\appdata\local\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\users\mike\appdata\local\huludesktop\instances\0.9.8.1\nphdplg.dll
FF - plugin: c:\users\mike\appdata\roaming\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\mike\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\windows\system32\wat\npWatWeb.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
============= SERVICES / DRIVERS ===============
.
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-8-12 335240]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-8-12 27784]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-8-12 108552]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2009-6-18 165264]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [2010-12-2 142592]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\AEstSrv.exe [2011-3-28 73728]
R2 Firefox Service;Firefox Service;c:\users\mike\appdata\roaming\mozilla\firefox\profiles\nx0wy19i.default\extensions\startup.service@mozilla.com\svc.exe [2011-8-6 83456]
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\seagate\seagatemanager\sync\FreeAgentService.exe [2009-5-1 181544]
R2 iPodDrv;iPodDrv;c:\windows\system32\drivers\iPodDrv.sys [2011-3-9 6656]
R2 iprip;RIP Listener;c:\windows\system32\svchost.exe -k ipripsvc [2009-7-13 20992]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2011-1-7 378984]
R2 TabletServicePen;TabletServicePen;c:\program files\tablet\pen\Pen_Tablet.exe [2011-4-29 4869488]
R2 TeamViewer5;TeamViewer 5;c:\program files\teamviewer\version5\TeamViewer_Service.exe [2009-12-17 185640]
R2 TouchServicePen;Wacom Consumer Touch Service;c:\program files\tablet\pen\Pen_TouchService.exe [2011-4-29 416112]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-7-15 24652]
R3 DlinkUDSMBus;UDS Master Bus of Kernel USB Software Bus by TCP;c:\windows\system32\drivers\DlinkUDSMBus.sys [2008-8-18 73600]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 14336]
R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [2011-4-29 16240]
S2 Apache2.2;Apache2.2;c:\xampp\apache\bin\httpd.exe [2010-2-24 29416]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate1c8eb8257110c30;Google Update Service (gupdate1c8eb8257110c30);c:\program files\google\update\GoogleUpdate.exe [2008-7-21 133104]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2011-11-17 1153368]
S2 XAMPP;XAMPP Service;c:\xampp\service.exe [2007-12-20 60928]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\drivers\ssadadb.sys [2011-11-16 30312]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 bepldr;BCL easyPDF SDK 5 Loader;c:\program files\common files\bcl technologies\easypdf 5\bepldr.exe [2007-8-22 151552]
S3 cpuz134;cpuz134;c:\program files\cpuid\pc wizard 2010\pcwiz_x32.sys [2010-12-16 20328]
S3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [2011-5-8 20032]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2008-7-21 133104]
S3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.12.2;c:\windows\system32\drivers\libusb0.sys [2010-2-19 32256]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-11-17 41272]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2009-6-18 43392]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2010-10-24 54144]
S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2010-11-11 206360]
S3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\sisoftware\sisoftware sandra lite 2011b\RpcAgentSrv.exe [2010-12-20 93848]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [2011-11-16 121192]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [2011-11-16 12776]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [2011-11-16 136680]
S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-4-26 1343400]
.
=============== Created Last 30 ================
.
2011-11-23 17:43:47 56200 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{4385fdf4-0243-4262-9694-dbf1e8b98c4e}\offreg.dll
2011-11-23 17:43:41 6668624 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{4385fdf4-0243-4262-9694-dbf1e8b98c4e}\mpengine.dll
2011-11-18 23:04:24 23624 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-11-18 23:03:58 -------- d-----w- c:\programdata\Hitman Pro
2011-11-18 03:37:26 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-11-18 00:14:04 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-11-17 05:20:28 -------- d-----w- c:\users\mike\appdata\local\Programs
2011-11-17 02:52:28 136680 ----a-w- c:\windows\system32\drivers\ssadmdm.sys
2011-11-17 02:52:28 10344 ----a-w- c:\windows\system32\drivers\ssadwhnt.sys
2011-11-17 02:52:28 10344 ----a-w- c:\windows\system32\drivers\ssadwh.sys
2011-11-17 02:52:27 30312 ----a-w- c:\windows\system32\drivers\ssadadb.sys
2011-11-17 02:52:27 12776 ----a-w- c:\windows\system32\drivers\ssadmdfl.sys
2011-11-17 02:52:27 121192 ----a-w- c:\windows\system32\drivers\ssadbus.sys
2011-11-17 02:52:27 10472 ----a-w- c:\windows\system32\drivers\ssadcmnt.sys
2011-11-17 02:52:27 10472 ----a-w- c:\windows\system32\drivers\ssadcm.sys
2011-11-17 02:51:57 12488 ----a-w- c:\windows\system32\drivers\sscdwhnt.sys
2011-11-17 02:51:56 14920 ----a-w- c:\windows\system32\drivers\sscdmdfl.sys
2011-11-17 02:51:56 132424 ----a-w- c:\windows\system32\drivers\sscdmdm.sys
2011-11-17 02:51:56 12616 ----a-w- c:\windows\system32\drivers\sscdcmnt.sys
2011-11-17 02:51:56 104648 ----a-w- c:\windows\system32\drivers\sscdbus.sys
2011-11-16 22:22:38 -------- d-----w- c:\users\mike\appdata\roaming\Malwarebytes
2011-11-16 22:22:24 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-11-12 22:42:31 -------- d-----w- c:\program files\focus booster
2011-11-10 22:48:01 -------- d-----w- c:\programdata\Phase One
2011-11-04 01:22:38 12616 ----a-w- c:\windows\system32\drivers\sscdcm.sys
2011-11-04 01:22:38 12488 ----a-w- c:\windows\system32\drivers\sscdwh.sys
2011-11-04 01:20:09 -------- d-----w- c:\users\mike\appdata\local\Samsung
2011-11-04 01:18:00 4659712 ----a-w- c:\windows\system32\Redemption.dll
2011-11-04 01:17:40 -------- d-----w- c:\program files\MarkAny
2011-11-04 01:17:02 -------- d-----w- c:\users\mike\appdata\roaming\Samsung
2011-11-02 03:56:02 -------- d--h--w- c:\program files\common files\EAInstaller
2011-11-01 00:41:51 -------- d-----w- c:\users\mike\appdata\roaming\Day 1 Studios
2011-11-01 00:41:36 -------- d-----w- c:\users\mike\appdata\local\SKIDROW
2011-10-31 01:32:51 -------- d-----w- c:\program files\Phase One
.
==================== Find3M ====================
.
2011-11-10 23:39:43 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2010-03-15 17:31:51 4032840 ----a-w- c:\program files\LookInMyPC.exe
2009-12-12 20:02:08 354304 ----a-w- c:\program files\Ultimate Windows Tweaker.exe
2009-03-26 02:36:36 897024 ----a-w- c:\program files\TweaksLogon.exe
2007-10-27 15:49:56 3306341 ----a-w- c:\program files\Simple CSS.exe
2003-06-16 21:23:22 131072 ----a-w- c:\program files\T2DXi.dll
2003-06-16 21:17:50 4317184 ----a-w- c:\program files\Triangle II.dll
2003-06-03 18:33:38 90112 ----a-w- c:\program files\Triangle II.exe
2002-12-17 09:00:00 82253 ----a-w- c:\program files\unins000.exe
2006-05-03 09:06:54 163328 --sha-r- c:\windows\system32\flvDX.dll
2007-02-21 10:47:16 31232 --sha-r- c:\windows\system32\msfDX.dll
2008-03-16 12:30:52 216064 --sha-r- c:\windows\system32\nbDX.dll
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.1.7600 Disk: WDC_WD32 rev.11.0 -> Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8887DF10]<<
_asm { MOV EAX, [ESP+0x4]; MOV ECX, [EAX+0x28]; PUSH EBP; MOV EBP, [ECX+0x4]; PUSH ESI; MOV ESI, [ESP+0x10]; PUSH EDI; MOV EDI, [ESI+0x60]; MOV AL, [EDI]; CMP AL, 0x16; JNZ 0x36; PUSH ESI; }
1 ntkrnlpa!IofCallDriver[0x8304E428] -> \Device\Harddisk0\DR0[0x8781B2E0]
3 CLASSPNP[0x8CF9059E] -> ntkrnlpa!IofCallDriver[0x8304E428] -> [0x88846A80]
\Driver\00001150[0x88846BB8] -> IRP_MJ_CREATE -> 0x8887DF10
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; MOV CX, 0x4; MOV BP, 0x7be; CMP BYTE [BP+0x0], 0x0; }
user != kernel MBR !!!
Warning: possible TDL4 rootkit infection !
TDL4 rootkit infection detected ! Use: "mbr.exe -f" to fix.
.
============= FINISH: 12:30:40.45 ===============

Attached Files



#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:12 AM

Posted 23 November 2011 - 09:10 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 MikeMurda

MikeMurda
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:12:12 AM

Posted 25 November 2011 - 01:09 AM

I ran combofix, but when it restarted my computer the 2nd time, my computer froze up. (An issue that has been happening occasionally since the infection)
It said it was creating the log file. Should I run it again and see if it completes the log file successfully?

I'm still having the problem on start up, where the computer says that there are corrupt files and autochk needs to be run. But it then fails to run and restarts. It gives me the option to bypass autochk which is what I do in order to allow my computer to boot up. I tried running chkdsk. That runs till about 7 percent then tells me there are errors and closes.

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:12 AM

Posted 25 November 2011 - 06:06 PM

Hello

did it ever make a report if not I want you to run combofix in safe mode but it is very important that when combofix reboots the computer for you to direct it back into safe mode so it can finish the scan.

Boot into Safe Mode

Reboot your computer in Safe Mode.
  • If the computer is running, shut down Windows, and then turn off the power.
  • Wait 30 seconds, and then turn the computer on.
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe Mode option is selected.
  • Press Enter. The computer then begins to start in Safe mode.
  • Login on your usual account.

after combofix has finished its scan please post the report back here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:12 AM

Posted 28 November 2011 - 01:39 AM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 MikeMurda

MikeMurda
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:12:12 AM

Posted 28 November 2011 - 01:24 PM

Hi, I was out of town. I'll follow your instructions and post an update tonight. Thanks.

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:12 AM

Posted 28 November 2011 - 01:28 PM

:thumbup2:
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 MikeMurda

MikeMurda
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:12:12 AM

Posted 29 November 2011 - 01:18 PM

I ran Combofix in safe mode. It ran without any problems except it never created a log file. It got to the screen where it said that it was preparing a log file and I let it run for about 5-6 hours but it never created the file. What should I do now?

Also, last night before running Combofix I was finally able to get Chkdsk to run. So I no longer have the startup issue with that.

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:12 AM

Posted 29 November 2011 - 01:29 PM

Hello

I want you to run this tool for me next.

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 MikeMurda

MikeMurda
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:12:12 AM

Posted 02 December 2011 - 01:30 PM

I tried running TdssKiller, but when I try to open the program nothing happens. I tried a couple times with no luck.

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:12 AM

Posted 02 December 2011 - 04:33 PM

Hello

I would like you to run this tool for me - fixTDSS

download it to your desktop and start the program

Follow the prompts and Ok any security prompts

when it is complete it will say the infection was cleared or no infection was found - let me know what it says

after it is complete I want you to restart the computer and try to rerun TDSSKiller for me and send me the report

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 MikeMurda

MikeMurda
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:12:12 AM

Posted 02 December 2011 - 06:04 PM

Thanks, that seemed to make it work. FixTDSS said there was an MBR infection and I clicked repair. Then restarted and ran killTDSS. It said no threats were found. Here is the report:


17:01:41.0824 6532 TDSS rootkit removing tool 2.6.21.0 Nov 24 2011 12:32:44
17:01:42.0011 6532 ============================================================
17:01:42.0011 6532 Current date / time: 2011/12/02 17:01:42.0011
17:01:42.0011 6532 SystemInfo:
17:01:42.0011 6532
17:01:42.0011 6532 OS Version: 6.1.7600 ServicePack: 0.0
17:01:42.0011 6532 Product type: Workstation
17:01:42.0011 6532 ComputerName: MIKE-LAPTOP
17:01:42.0011 6532 UserName: Mike
17:01:42.0011 6532 Windows directory: C:\Windows
17:01:42.0011 6532 System windows directory: C:\Windows
17:01:42.0011 6532 Processor architecture: Intel x86
17:01:42.0011 6532 Number of processors: 2
17:01:42.0011 6532 Page size: 0x1000
17:01:42.0011 6532 Boot type: Normal boot
17:01:42.0011 6532 ============================================================
17:01:42.0963 6532 Initialize success
17:01:44.0071 6744 ============================================================
17:01:44.0071 6744 Scan started
17:01:44.0071 6744 Mode: Manual;
17:01:44.0071 6744 ============================================================
17:01:45.0131 6744 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys
17:01:45.0147 6744 1394ohci - ok
17:01:45.0303 6744 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
17:01:45.0303 6744 ACPI - ok
17:01:45.0475 6744 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
17:01:45.0475 6744 AcpiPmi - ok
17:01:45.0646 6744 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
17:01:45.0646 6744 adp94xx - ok
17:01:45.0833 6744 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
17:01:45.0833 6744 adpahci - ok
17:01:46.0005 6744 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
17:01:46.0005 6744 adpu320 - ok
17:01:46.0161 6744 AFD (0db7a48388d54d154ebec120461a0fcd) C:\Windows\system32\drivers\afd.sys
17:01:46.0177 6744 AFD - ok
17:01:46.0317 6744 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
17:01:46.0317 6744 agp440 - ok
17:01:46.0473 6744 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
17:01:46.0473 6744 aic78xx - ok
17:01:46.0660 6744 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
17:01:46.0660 6744 aliide - ok
17:01:46.0910 6744 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
17:01:46.0910 6744 amdagp - ok
17:01:47.0050 6744 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
17:01:47.0050 6744 amdide - ok
17:01:47.0175 6744 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
17:01:47.0191 6744 AmdK8 - ok
17:01:47.0253 6744 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
17:01:47.0253 6744 AmdPPM - ok
17:01:47.0362 6744 amdsata (19ce906b4cdc11fc4fef5745f33a63b6) C:\Windows\system32\DRIVERS\amdsata.sys
17:01:47.0362 6744 amdsata - ok
17:01:47.0518 6744 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
17:01:47.0518 6744 amdsbs - ok
17:01:47.0643 6744 amdxata (869e67d66be326a5a9159fba8746fa70) C:\Windows\system32\DRIVERS\amdxata.sys
17:01:47.0643 6744 amdxata - ok
17:01:47.0752 6744 androidusb - ok
17:01:47.0939 6744 ApfiltrService (350f19eb5fe4ec37a2414df56cde1aa8) C:\Windows\system32\DRIVERS\Apfiltr.sys
17:01:47.0939 6744 ApfiltrService - ok
17:01:48.0111 6744 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
17:01:48.0111 6744 AppID - ok
17:01:48.0298 6744 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
17:01:48.0298 6744 arc - ok
17:01:48.0439 6744 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
17:01:48.0439 6744 arcsas - ok
17:01:48.0610 6744 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
17:01:48.0610 6744 AsyncMac - ok
17:01:48.0953 6744 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
17:01:48.0953 6744 atapi - ok
17:01:49.0109 6744 AvgLdx86 (bc12f2404bb6f2b6b2ff3c4c246cb752) C:\Windows\System32\Drivers\avgldx86.sys
17:01:49.0109 6744 AvgLdx86 - ok
17:01:49.0234 6744 AvgMfx86 (5903d729d4f0c5bca74123c96a1b29e0) C:\Windows\System32\Drivers\avgmfx86.sys
17:01:49.0234 6744 AvgMfx86 - ok
17:01:49.0390 6744 AvgTdiX (92d8e1e8502e649b60e70074eb29c380) C:\Windows\System32\Drivers\avgtdix.sys
17:01:49.0390 6744 AvgTdiX - ok
17:01:49.0577 6744 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
17:01:49.0577 6744 b06bdrv - ok
17:01:49.0780 6744 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
17:01:49.0780 6744 b57nd60x - ok
17:01:50.0014 6744 BCM43XX (f9ce9b5e049efc66b8e6c73c18ee8438) C:\Windows\system32\DRIVERS\bcmwl6.sys
17:01:50.0030 6744 BCM43XX - ok
17:01:50.0217 6744 bcm4sbxp (82dd21bfa8bbe0a3a3833a1bd8e86158) C:\Windows\system32\DRIVERS\bcm4sbxp.sys
17:01:50.0217 6744 bcm4sbxp - ok
17:01:50.0295 6744 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
17:01:50.0295 6744 Beep - ok
17:01:50.0342 6744 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
17:01:50.0342 6744 blbdrive - ok
17:01:50.0373 6744 bowser (fcafaef6798d7b51ff029f99a9898961) C:\Windows\system32\DRIVERS\bowser.sys
17:01:50.0373 6744 bowser - ok
17:01:50.0404 6744 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
17:01:50.0404 6744 BrFiltLo - ok
17:01:50.0435 6744 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
17:01:50.0435 6744 BrFiltUp - ok
17:01:50.0482 6744 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
17:01:50.0482 6744 Brserid - ok
17:01:50.0498 6744 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
17:01:50.0498 6744 BrSerWdm - ok
17:01:50.0529 6744 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
17:01:50.0529 6744 BrUsbMdm - ok
17:01:50.0560 6744 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
17:01:50.0560 6744 BrUsbSer - ok
17:01:50.0591 6744 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
17:01:50.0591 6744 BTHMODEM - ok
17:01:50.0794 6744 catchme - ok
17:01:50.0950 6744 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
17:01:50.0950 6744 cdfs - ok
17:01:50.0997 6744 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
17:01:50.0997 6744 cdrom - ok
17:01:51.0044 6744 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
17:01:51.0044 6744 circlass - ok
17:01:51.0106 6744 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
17:01:51.0106 6744 CLFS - ok
17:01:51.0184 6744 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
17:01:51.0184 6744 CmBatt - ok
17:01:51.0200 6744 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
17:01:51.0200 6744 cmdide - ok
17:01:51.0247 6744 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
17:01:51.0247 6744 CNG - ok
17:01:51.0293 6744 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
17:01:51.0293 6744 Compbatt - ok
17:01:51.0340 6744 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
17:01:51.0340 6744 CompositeBus - ok
17:01:51.0449 6744 cpuz134 (75fa19142531cbf490770c2988a7db64) C:\Program Files\CPUID\PC Wizard 2010\pcwiz_x32.sys
17:01:51.0449 6744 cpuz134 - ok
17:01:51.0527 6744 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
17:01:51.0527 6744 crcdisk - ok
17:01:51.0605 6744 CSC (27c9490bdd0ae48911ab8cf1932591ed) C:\Windows\system32\drivers\csc.sys
17:01:51.0605 6744 CSC - ok
17:01:51.0683 6744 DfsC (83d1ecea8faae75604c0fa49ac7ad996) C:\Windows\system32\Drivers\dfsc.sys
17:01:51.0683 6744 DfsC - ok
17:01:51.0746 6744 dgderdrv (f4c7c13d736515ed5263d0019a9713b7) C:\Windows\system32\drivers\dgderdrv.sys
17:01:51.0746 6744 dgderdrv - ok
17:01:51.0824 6744 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
17:01:51.0824 6744 discache - ok
17:01:51.0855 6744 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
17:01:51.0855 6744 Disk - ok
17:01:51.0902 6744 DlinkUDSMBus (01021a757269a1631cd6a16e144e3988) C:\Windows\system32\Drivers\DlinkUDSMBus.sys
17:01:51.0902 6744 DlinkUDSMBus - ok
17:01:51.0980 6744 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
17:01:51.0980 6744 drmkaud - ok
17:01:52.0042 6744 DXGKrnl (c94b6c3cc628179cb9b9061c19888b99) C:\Windows\System32\drivers\dxgkrnl.sys
17:01:52.0042 6744 DXGKrnl - ok
17:01:52.0198 6744 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
17:01:52.0214 6744 ebdrv - ok
17:01:52.0292 6744 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
17:01:52.0292 6744 elxstor - ok
17:01:52.0339 6744 ENTECH (16ebd8bf1d5090923694cc972c7ce1b4) C:\Windows\system32\DRIVERS\ENTECH.sys
17:01:52.0339 6744 ENTECH - ok
17:01:52.0370 6744 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
17:01:52.0370 6744 ErrDev - ok
17:01:52.0448 6744 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
17:01:52.0448 6744 exfat - ok
17:01:52.0479 6744 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
17:01:52.0479 6744 fastfat - ok
17:01:52.0557 6744 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
17:01:52.0557 6744 fdc - ok
17:01:52.0604 6744 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
17:01:52.0604 6744 FileInfo - ok
17:01:52.0635 6744 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
17:01:52.0635 6744 Filetrace - ok
17:01:52.0697 6744 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
17:01:52.0697 6744 flpydisk - ok
17:01:52.0729 6744 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
17:01:52.0729 6744 FltMgr - ok
17:01:52.0775 6744 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
17:01:52.0775 6744 FsDepends - ok
17:01:52.0822 6744 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
17:01:52.0822 6744 Fs_Rec - ok
17:01:52.0853 6744 fvevol (5592f5dba26282d24d2b080eb438a4d7) C:\Windows\system32\DRIVERS\fvevol.sys
17:01:52.0853 6744 fvevol - ok
17:01:52.0885 6744 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
17:01:52.0885 6744 gagp30kx - ok
17:01:52.0931 6744 GEARAspiWDM (4ac51459805264affd5f6fdfb9d9235f) C:\Windows\system32\Drivers\GEARAspiWDM.sys
17:01:52.0947 6744 GEARAspiWDM - ok
17:01:52.0978 6744 giveio (77ebf3e9386daa51551af429052d88d0) C:\Windows\system32\giveio.sys
17:01:52.0978 6744 giveio - ok
17:01:53.0041 6744 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
17:01:53.0041 6744 hcw85cir - ok
17:01:53.0087 6744 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
17:01:53.0087 6744 HDAudBus - ok
17:01:53.0134 6744 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
17:01:53.0134 6744 HidBatt - ok
17:01:53.0165 6744 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
17:01:53.0165 6744 HidBth - ok
17:01:53.0228 6744 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
17:01:53.0228 6744 HidIr - ok
17:01:53.0259 6744 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
17:01:53.0259 6744 HidUsb - ok
17:01:53.0321 6744 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
17:01:53.0321 6744 HpSAMD - ok
17:01:53.0415 6744 HSF_DPV (e9e589c9ab799f52e18f057635a2b362) C:\Windows\system32\DRIVERS\HSX_DPV.sys
17:01:53.0431 6744 HSF_DPV - ok
17:01:53.0493 6744 HSXHWAZL (7845d2385f4dc7dfb3ccaf0c2fa4948e) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
17:01:53.0493 6744 HSXHWAZL - ok
17:01:53.0540 6744 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
17:01:53.0540 6744 HTTP - ok
17:01:53.0587 6744 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
17:01:53.0587 6744 hwpolicy - ok
17:01:53.0633 6744 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
17:01:53.0633 6744 i8042prt - ok
17:01:53.0743 6744 iaStor (fd7f9d74c2b35dbda400804a3f5ed5d8) C:\Windows\system32\DRIVERS\iaStor.sys
17:01:53.0758 6744 iaStor - ok
17:01:53.0805 6744 iaStorV (71f1a494fedf4b33c02c4a6a28d6d9e9) C:\Windows\system32\DRIVERS\iaStorV.sys
17:01:53.0821 6744 iaStorV - ok
17:01:53.0883 6744 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
17:01:53.0883 6744 iirsp - ok
17:01:53.0961 6744 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
17:01:53.0961 6744 intelide - ok
17:01:54.0008 6744 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
17:01:54.0008 6744 intelppm - ok
17:01:54.0070 6744 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:01:54.0070 6744 IpFilterDriver - ok
17:01:54.0117 6744 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
17:01:54.0117 6744 IPMIDRV - ok
17:01:54.0148 6744 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
17:01:54.0148 6744 IPNAT - ok
17:01:54.0242 6744 iPodDrv (cf79ff3d10864f73660a34e006b6b8f8) C:\Windows\system32\drivers\iPodDrv.sys
17:01:54.0242 6744 iPodDrv - ok
17:01:54.0289 6744 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
17:01:54.0289 6744 IRENUM - ok
17:01:54.0335 6744 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
17:01:54.0351 6744 isapnp - ok
17:01:54.0382 6744 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
17:01:54.0382 6744 iScsiPrt - ok
17:01:54.0445 6744 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
17:01:54.0445 6744 kbdclass - ok
17:01:54.0491 6744 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
17:01:54.0491 6744 kbdhid - ok
17:01:54.0569 6744 KSecDD (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys
17:01:54.0569 6744 KSecDD - ok
17:01:54.0632 6744 KSecPkg (26c046977e85b95036453d7b88ba1820) C:\Windows\system32\Drivers\ksecpkg.sys
17:01:54.0632 6744 KSecPkg - ok
17:01:54.0694 6744 libusb0 (7e51c8cfafbb674184097a4147f4699c) C:\Windows\system32\drivers\libusb0.sys
17:01:54.0694 6744 libusb0 - ok
17:01:54.0788 6744 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
17:01:54.0788 6744 lltdio - ok
17:01:54.0835 6744 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
17:01:54.0835 6744 LSI_FC - ok
17:01:54.0866 6744 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
17:01:54.0866 6744 LSI_SAS - ok
17:01:54.0881 6744 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
17:01:54.0881 6744 LSI_SAS2 - ok
17:01:54.0913 6744 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
17:01:54.0913 6744 LSI_SCSI - ok
17:01:54.0944 6744 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
17:01:54.0944 6744 luafv - ok
17:01:55.0006 6744 LVPr2Mon (c57c48fb9ae3efb9848af594e3123a63) C:\Windows\system32\DRIVERS\LVPr2Mon.sys
17:01:55.0006 6744 LVPr2Mon - ok
17:01:55.0084 6744 MBAMSwissArmy (0905dc0814d738cff53577a59ccd81e0) C:\Windows\system32\drivers\mbamswissarmy.sys
17:01:55.0084 6744 MBAMSwissArmy - ok
17:01:55.0115 6744 mcdbus (8fd868e32459ece2a1bb0169f513d31e) C:\Windows\system32\DRIVERS\mcdbus.sys
17:01:55.0131 6744 mcdbus - ok
17:01:55.0193 6744 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
17:01:55.0193 6744 mdmxsdk - ok
17:01:55.0240 6744 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
17:01:55.0240 6744 megasas - ok
17:01:55.0287 6744 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
17:01:55.0287 6744 MegaSR - ok
17:01:55.0318 6744 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
17:01:55.0318 6744 Modem - ok
17:01:55.0365 6744 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
17:01:55.0365 6744 monitor - ok
17:01:55.0396 6744 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
17:01:55.0396 6744 mouclass - ok
17:01:55.0443 6744 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
17:01:55.0443 6744 mouhid - ok
17:01:55.0474 6744 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
17:01:55.0474 6744 mountmgr - ok
17:01:55.0521 6744 mozyFilter (9c7c74b04a2378b7e56a15bd9f8ee3c1) C:\Windows\system32\DRIVERS\mozy.sys
17:01:55.0521 6744 mozyFilter - ok
17:01:55.0552 6744 MpFilter (7e34bfa1a7b60bba1da03d677f16cd63) C:\Windows\system32\DRIVERS\MpFilter.sys
17:01:55.0552 6744 MpFilter - ok
17:01:55.0583 6744 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
17:01:55.0583 6744 mpio - ok
17:01:55.0693 6744 MpKsl883c9d1a - ok
17:01:55.0771 6744 MpKslb90287ca - ok
17:01:55.0802 6744 MpNWMon (f32e2d6a1640a469a9ed4f1929a4a861) C:\Windows\system32\DRIVERS\MpNWMon.sys
17:01:55.0802 6744 MpNWMon - ok
17:01:55.0833 6744 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
17:01:55.0833 6744 mpsdrv - ok
17:01:55.0864 6744 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
17:01:55.0864 6744 MRxDAV - ok
17:01:55.0911 6744 mrxsmb (ca7570e42522e24324a12161db14ec02) C:\Windows\system32\DRIVERS\mrxsmb.sys
17:01:55.0911 6744 mrxsmb - ok
17:01:55.0942 6744 mrxsmb10 (c108952d3660375dcb716b222912e868) C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:01:55.0942 6744 mrxsmb10 - ok
17:01:55.0973 6744 mrxsmb20 (25c38264a3c72594dd21d355d70d7a5d) C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:01:55.0973 6744 mrxsmb20 - ok
17:01:56.0020 6744 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys
17:01:56.0036 6744 msahci - ok
17:01:56.0067 6744 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
17:01:56.0067 6744 msdsm - ok
17:01:56.0098 6744 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
17:01:56.0098 6744 Msfs - ok
17:01:56.0145 6744 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
17:01:56.0145 6744 mshidkmdf - ok
17:01:56.0176 6744 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
17:01:56.0176 6744 msisadrv - ok
17:01:56.0239 6744 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
17:01:56.0239 6744 MSKSSRV - ok
17:01:56.0285 6744 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
17:01:56.0285 6744 MSPCLOCK - ok
17:01:56.0363 6744 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
17:01:56.0363 6744 MSPQM - ok
17:01:56.0395 6744 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
17:01:56.0395 6744 MsRPC - ok
17:01:56.0426 6744 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
17:01:56.0426 6744 mssmbios - ok
17:01:56.0441 6744 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
17:01:56.0441 6744 MSTEE - ok
17:01:56.0473 6744 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
17:01:56.0473 6744 MTConfig - ok
17:01:56.0504 6744 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
17:01:56.0504 6744 Mup - ok
17:01:56.0566 6744 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
17:01:56.0566 6744 NativeWifiP - ok
17:01:56.0613 6744 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
17:01:56.0613 6744 NDIS - ok
17:01:56.0644 6744 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
17:01:56.0644 6744 NdisCap - ok
17:01:56.0676 6744 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
17:01:56.0676 6744 NdisTapi - ok
17:01:56.0707 6744 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
17:01:56.0707 6744 Ndisuio - ok
17:01:56.0754 6744 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
17:01:56.0754 6744 NdisWan - ok
17:01:56.0800 6744 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
17:01:56.0800 6744 NDProxy - ok
17:01:56.0816 6744 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
17:01:56.0816 6744 NetBIOS - ok
17:01:56.0847 6744 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
17:01:56.0847 6744 NetBT - ok
17:01:56.0925 6744 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
17:01:56.0925 6744 nfrd960 - ok
17:01:56.0956 6744 nhcDriverDevice (37260a293b6a89373ae76791e6cc5a12) C:\Windows\system32\drivers\nhcDriver.sys
17:01:56.0956 6744 nhcDriverDevice - ok
17:01:57.0003 6744 NisDrv (17e2c08c5ecfbe94a7c67b1c275ee9d9) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
17:01:57.0003 6744 NisDrv - ok
17:01:57.0066 6744 NPF (b48dc6abcd3aeff8618350ccbdc6b09a) C:\Windows\system32\drivers\npf.sys
17:01:57.0066 6744 NPF - ok
17:01:57.0097 6744 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
17:01:57.0097 6744 Npfs - ok
17:01:57.0128 6744 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
17:01:57.0128 6744 nsiproxy - ok
17:01:57.0190 6744 Ntfs (187002ce05693c306f43c873f821381f) C:\Windows\system32\drivers\Ntfs.sys
17:01:57.0190 6744 Ntfs - ok
17:01:57.0268 6744 NuidFltr (36955617f1c852ca50090af287cba6d8) C:\Windows\system32\DRIVERS\NuidFltr.sys
17:01:57.0268 6744 NuidFltr - ok
17:01:57.0284 6744 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
17:01:57.0284 6744 Null - ok
17:01:57.0565 6744 nvlddmkm (99c0a0df332a5b28e8a3d08cc8d879f3) C:\Windows\system32\DRIVERS\nvlddmkm.sys
17:01:57.0627 6744 nvlddmkm - ok
17:01:57.0690 6744 nvraid (f1b0bed906f97e16f6d0c3629d2f21c6) C:\Windows\system32\DRIVERS\nvraid.sys
17:01:57.0690 6744 nvraid - ok
17:01:57.0768 6744 nvstor (4520b63899e867f354ee012d34e11536) C:\Windows\system32\DRIVERS\nvstor.sys
17:01:57.0768 6744 nvstor - ok
17:01:57.0799 6744 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
17:01:57.0799 6744 nv_agp - ok
17:01:57.0846 6744 OEM02Dev (19cac780b858822055f46c58a111723c) C:\Windows\system32\DRIVERS\OEM02Dev.sys
17:01:57.0846 6744 OEM02Dev - ok
17:01:57.0877 6744 OEM02Vfx (86326062a90494bdd79ce383511d7d69) C:\Windows\system32\DRIVERS\OEM02Vfx.sys
17:01:57.0877 6744 OEM02Vfx - ok
17:01:57.0908 6744 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
17:01:57.0908 6744 ohci1394 - ok
17:01:57.0939 6744 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
17:01:57.0939 6744 Parport - ok
17:01:57.0970 6744 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys
17:01:57.0970 6744 partmgr - ok
17:01:58.0002 6744 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
17:01:58.0002 6744 Parvdm - ok
17:01:58.0033 6744 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
17:01:58.0033 6744 pci - ok
17:01:58.0064 6744 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
17:01:58.0064 6744 pciide - ok
17:01:58.0095 6744 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
17:01:58.0095 6744 pcmcia - ok
17:01:58.0158 6744 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
17:01:58.0158 6744 pcw - ok
17:01:58.0204 6744 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
17:01:58.0204 6744 PEAUTH - ok
17:01:58.0360 6744 Point32 (cd0465d8e443d9674bb9dbc1b9bb939d) C:\Windows\system32\DRIVERS\point32k.sys
17:01:58.0360 6744 Point32 - ok
17:01:58.0392 6744 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
17:01:58.0407 6744 PptpMiniport - ok
17:01:58.0423 6744 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
17:01:58.0423 6744 Processor - ok
17:01:58.0470 6744 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
17:01:58.0470 6744 Psched - ok
17:01:58.0516 6744 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\Windows\system32\Drivers\PxHelp20.sys
17:01:58.0516 6744 PxHelp20 - ok
17:01:58.0594 6744 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
17:01:58.0610 6744 ql2300 - ok
17:01:58.0626 6744 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
17:01:58.0626 6744 ql40xx - ok
17:01:58.0657 6744 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
17:01:58.0657 6744 QWAVEdrv - ok
17:01:58.0704 6744 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
17:01:58.0704 6744 RasAcd - ok
17:01:58.0797 6744 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
17:01:58.0797 6744 RasAgileVpn - ok
17:01:58.0813 6744 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
17:01:58.0813 6744 Rasl2tp - ok
17:01:58.0860 6744 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
17:01:58.0860 6744 RasPppoe - ok
17:01:58.0891 6744 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
17:01:58.0906 6744 RasSstp - ok
17:01:58.0938 6744 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
17:01:58.0938 6744 rdbss - ok
17:01:58.0953 6744 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
17:01:58.0953 6744 rdpbus - ok
17:01:58.0984 6744 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
17:01:58.0984 6744 RDPCDD - ok
17:01:59.0047 6744 RDPDR (c5ff95883ffef704d50c40d21cfb3ab5) C:\Windows\system32\drivers\rdpdr.sys
17:01:59.0047 6744 RDPDR - ok
17:01:59.0078 6744 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
17:01:59.0078 6744 RDPENCDD - ok
17:01:59.0109 6744 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
17:01:59.0109 6744 RDPREFMP - ok
17:01:59.0156 6744 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys
17:01:59.0156 6744 RDPWD - ok
17:01:59.0187 6744 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
17:01:59.0187 6744 rdyboost - ok
17:01:59.0265 6744 rimmptsk (ea885e7a56f1be1f14c372337c42fe48) C:\Windows\system32\DRIVERS\rimmptsk.sys
17:01:59.0265 6744 rimmptsk - ok
17:01:59.0328 6744 rimsptsk (d7e09bc852684a7b1fc0f74fe090d45a) C:\Windows\system32\DRIVERS\rimsptsk.sys
17:01:59.0328 6744 rimsptsk - ok
17:01:59.0359 6744 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\Windows\system32\DRIVERS\RimSerial.sys
17:01:59.0359 6744 RimVSerPort - ok
17:01:59.0406 6744 rismxdp (b0a7494a9ba7909efac64e05d3f160db) C:\Windows\system32\DRIVERS\rixdptsk.sys
17:01:59.0406 6744 rismxdp - ok
17:01:59.0515 6744 RivaTuner32 (c0c8909be3ecc9df8089112bf9be954e) C:\Program Files\RivaTuner v2.24\RivaTuner32.sys
17:01:59.0515 6744 RivaTuner32 - ok
17:01:59.0593 6744 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
17:01:59.0593 6744 rspndr - ok
17:01:59.0655 6744 s3cap (5423d8437051e89dd34749f242c98648) C:\Windows\system32\DRIVERS\vms3cap.sys
17:01:59.0655 6744 s3cap - ok
17:01:59.0749 6744 SANDRA (230fd3749904ca045ea5ec0aa14006e9) C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2011b\WNt500x86\Sandra.sys
17:01:59.0749 6744 SANDRA - ok
17:01:59.0780 6744 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
17:01:59.0780 6744 sbp2port - ok
17:01:59.0858 6744 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
17:01:59.0858 6744 scfilter - ok
17:01:59.0920 6744 sdbus (7b48cff3a475fe849dea65ec4d35c425) C:\Windows\system32\DRIVERS\sdbus.sys
17:01:59.0920 6744 sdbus - ok
17:01:59.0998 6744 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
17:01:59.0998 6744 secdrv - ok
17:02:00.0045 6744 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
17:02:00.0045 6744 Serenum - ok
17:02:00.0076 6744 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
17:02:00.0076 6744 Serial - ok
17:02:00.0108 6744 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
17:02:00.0108 6744 sermouse - ok
17:02:00.0186 6744 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
17:02:00.0186 6744 sffdisk - ok
17:02:00.0217 6744 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
17:02:00.0217 6744 sffp_mmc - ok
17:02:00.0232 6744 sffp_sd (4f1e5b0fe7c8050668dbfade8999aefb) C:\Windows\system32\DRIVERS\sffp_sd.sys
17:02:00.0232 6744 sffp_sd - ok
17:02:00.0279 6744 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
17:02:00.0279 6744 sfloppy - ok
17:02:00.0310 6744 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
17:02:00.0310 6744 sisagp - ok
17:02:00.0326 6744 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
17:02:00.0326 6744 SiSRaid2 - ok
17:02:00.0357 6744 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
17:02:00.0357 6744 SiSRaid4 - ok
17:02:00.0404 6744 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
17:02:00.0404 6744 Smb - ok
17:02:00.0466 6744 speedfan (5d6401db90ec81b71f8e2c5c8f0fef23) C:\Windows\system32\speedfan.sys
17:02:00.0482 6744 speedfan - ok
17:02:00.0498 6744 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
17:02:00.0498 6744 spldr - ok
17:02:00.0576 6744 sptd (d390675b8ce45e5fb359338e5e649329) C:\Windows\system32\Drivers\sptd.sys
17:02:00.0576 6744 sptd - ok
17:02:00.0622 6744 sp_rsdrv2 (8831252bcf05fcfb5abd116a22e552d8) C:\Windows\system32\drivers\sp_rsdrv2.sys
17:02:00.0622 6744 sp_rsdrv2 - ok
17:02:00.0654 6744 srv (c4a027b8c0bd3fc0699f41fa5e9e0c87) C:\Windows\system32\DRIVERS\srv.sys
17:02:00.0669 6744 srv - ok
17:02:00.0685 6744 srv2 (414bb592cad8a79649d01f9d94318fb3) C:\Windows\system32\DRIVERS\srv2.sys
17:02:00.0700 6744 srv2 - ok
17:02:00.0747 6744 srvnet (ff207d67700aa18242aaf985d3e7d8f4) C:\Windows\system32\DRIVERS\srvnet.sys
17:02:00.0747 6744 srvnet - ok
17:02:00.0810 6744 ssadbus (406776fe3c2b66796bac1a7afb9ac8a1) C:\Windows\system32\DRIVERS\ssadbus.sys
17:02:00.0810 6744 ssadbus - ok
17:02:00.0825 6744 ssadmdfl - ok
17:02:00.0841 6744 ssadmdm - ok
17:02:00.0888 6744 sscdbus (ffe42941e0326c322f40b0b79a46493c) C:\Windows\system32\DRIVERS\sscdbus.sys
17:02:00.0888 6744 sscdbus - ok
17:02:00.0934 6744 sscdmdfl (a68e7d87adfbb8c50d88cd58230c6819) C:\Windows\system32\DRIVERS\sscdmdfl.sys
17:02:00.0934 6744 sscdmdfl - ok
17:02:00.0981 6744 sscdmdm (b534b24151281856ec2f69ed3d6d60dd) C:\Windows\system32\DRIVERS\sscdmdm.sys
17:02:00.0981 6744 sscdmdm - ok
17:02:01.0075 6744 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
17:02:01.0075 6744 stexstor - ok
17:02:01.0137 6744 STHDA (6a2a5e809c2c0178326d92b19ee4aad3) C:\Windows\system32\drivers\stwrt.sys
17:02:01.0137 6744 STHDA - ok
17:02:01.0200 6744 storflt (957e346ca948668f2496a6ccf6ff82cc) C:\Windows\system32\DRIVERS\vmstorfl.sys
17:02:01.0200 6744 storflt - ok
17:02:01.0231 6744 storvsc (d5751969dc3e4b88bf482ac8ec9fe019) C:\Windows\system32\DRIVERS\storvsc.sys
17:02:01.0231 6744 storvsc - ok
17:02:01.0246 6744 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
17:02:01.0246 6744 swenum - ok
17:02:01.0356 6744 Tcpip (0158d5e9982e9d6a90dfc802f618e130) C:\Windows\system32\drivers\tcpip.sys
17:02:01.0356 6744 Tcpip - ok
17:02:01.0402 6744 TCPIP6 (0158d5e9982e9d6a90dfc802f618e130) C:\Windows\system32\DRIVERS\tcpip.sys
17:02:01.0418 6744 TCPIP6 - ok
17:02:01.0434 6744 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
17:02:01.0449 6744 tcpipreg - ok
17:02:01.0480 6744 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
17:02:01.0480 6744 TDPIPE - ok
17:02:01.0496 6744 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys
17:02:01.0496 6744 TDTCP - ok
17:02:01.0527 6744 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
17:02:01.0527 6744 TermDD - ok
17:02:01.0574 6744 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
17:02:01.0574 6744 tssecsrv - ok
17:02:01.0621 6744 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
17:02:01.0621 6744 tunnel - ok
17:02:01.0652 6744 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
17:02:01.0652 6744 uagp35 - ok
17:02:01.0683 6744 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys
17:02:01.0683 6744 udfs - ok
17:02:01.0761 6744 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
17:02:01.0777 6744 uliagpkx - ok
17:02:01.0808 6744 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
17:02:01.0808 6744 umbus - ok
17:02:01.0824 6744 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
17:02:01.0839 6744 UmPass - ok
17:02:01.0886 6744 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\Windows\system32\Drivers\usbaapl.sys
17:02:01.0886 6744 USBAAPL - ok
17:02:01.0917 6744 usbccgp (8455c4ed038efd09e99327f9d2d48ffa) C:\Windows\system32\DRIVERS\usbccgp.sys
17:02:01.0917 6744 usbccgp - ok
17:02:01.0948 6744 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
17:02:01.0948 6744 usbcir - ok
17:02:01.0980 6744 usbehci (1c333bfd60f2fed2c7ad5daf533cb742) C:\Windows\system32\DRIVERS\usbehci.sys
17:02:01.0980 6744 usbehci - ok
17:02:02.0011 6744 usbhub (ee6ef93ccfa94fae8c6ab298273d8ae2) C:\Windows\system32\DRIVERS\usbhub.sys
17:02:02.0011 6744 usbhub - ok
17:02:02.0042 6744 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys
17:02:02.0042 6744 usbohci - ok
17:02:02.0058 6744 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
17:02:02.0058 6744 usbprint - ok
17:02:02.0104 6744 USBSTOR (1c4287739a93594e57e2a9e6a3ed7353) C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:02:02.0104 6744 USBSTOR - ok
17:02:02.0136 6744 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys
17:02:02.0136 6744 usbuhci - ok
17:02:02.0182 6744 VBoxDrv (fe78800ec2fda7ba67a68b94f89c0d9d) C:\Windows\system32\DRIVERS\VBoxDrv.sys
17:02:02.0182 6744 VBoxDrv - ok
17:02:02.0229 6744 VBoxUSBMon (48e673e41908b5cf642f5c3281d37a56) C:\Windows\system32\DRIVERS\VBoxUSBMon.sys
17:02:02.0229 6744 VBoxUSBMon - ok
17:02:02.0260 6744 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
17:02:02.0260 6744 vdrvroot - ok
17:02:02.0307 6744 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
17:02:02.0307 6744 vga - ok
17:02:02.0338 6744 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
17:02:02.0338 6744 VgaSave - ok
17:02:02.0401 6744 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
17:02:02.0401 6744 vhdmp - ok
17:02:02.0448 6744 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
17:02:02.0448 6744 viaagp - ok
17:02:02.0479 6744 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
17:02:02.0479 6744 ViaC7 - ok
17:02:02.0510 6744 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
17:02:02.0510 6744 viaide - ok
17:02:02.0572 6744 vmbus (379b349f65f453d2a6e75ea6b7448e49) C:\Windows\system32\DRIVERS\vmbus.sys
17:02:02.0572 6744 vmbus - ok
17:02:02.0604 6744 VMBusHID (ec2bbab4b84d0738c6c83d2234dc36fe) C:\Windows\system32\DRIVERS\VMBusHID.sys
17:02:02.0604 6744 VMBusHID - ok
17:02:02.0650 6744 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
17:02:02.0650 6744 volmgr - ok
17:02:02.0682 6744 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
17:02:02.0682 6744 volmgrx - ok
17:02:02.0744 6744 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
17:02:02.0744 6744 volsnap - ok
17:02:02.0791 6744 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
17:02:02.0791 6744 vsmraid - ok
17:02:02.0822 6744 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
17:02:02.0822 6744 vwifibus - ok
17:02:02.0869 6744 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
17:02:02.0869 6744 vwififlt - ok
17:02:02.0900 6744 vwifimp (a3f04cbea6c2a10e6cb01f8b47611882) C:\Windows\system32\DRIVERS\vwifimp.sys
17:02:02.0900 6744 vwifimp - ok
17:02:02.0931 6744 wacmoumonitor (f24ee97511fb901189e11cbbd51605ba) C:\Windows\system32\DRIVERS\wacmoumonitor.sys
17:02:02.0931 6744 wacmoumonitor - ok
17:02:02.0978 6744 wacommousefilter (427a8bc96f16c40df81c2d2f4edd32dd) C:\Windows\system32\DRIVERS\wacommousefilter.sys
17:02:02.0978 6744 wacommousefilter - ok
17:02:03.0009 6744 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
17:02:03.0009 6744 WacomPen - ok
17:02:03.0040 6744 wacomvhid (846b58ea44bf8c92e4b59f4e2252c4c0) C:\Windows\system32\DRIVERS\wacomvhid.sys
17:02:03.0040 6744 wacomvhid - ok
17:02:03.0072 6744 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
17:02:03.0072 6744 WANARP - ok
17:02:03.0087 6744 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
17:02:03.0087 6744 Wanarpv6 - ok
17:02:03.0134 6744 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
17:02:03.0134 6744 Wd - ok
17:02:03.0165 6744 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
17:02:03.0181 6744 Wdf01000 - ok
17:02:03.0228 6744 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
17:02:03.0228 6744 WfpLwf - ok
17:02:03.0259 6744 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
17:02:03.0259 6744 WIMMount - ok
17:02:03.0337 6744 winachsf (4daca8f07537d4d7e3534bb99294aa26) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
17:02:03.0352 6744 winachsf - ok
17:02:03.0415 6744 WinUsb (30fc6e5448d0cbaaa95280eeef7fedae) C:\Windows\system32\DRIVERS\WinUsb.sys
17:02:03.0415 6744 WinUsb - ok
17:02:03.0462 6744 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
17:02:03.0462 6744 WmiAcpi - ok
17:02:03.0524 6744 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
17:02:03.0524 6744 ws2ifsl - ok
17:02:03.0602 6744 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
17:02:03.0602 6744 WudfPf - ok
17:02:03.0633 6744 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
17:02:03.0633 6744 WUDFRd - ok
17:02:03.0711 6744 XAudio (5a7ff9a18ff6d7e0527fe3abf9204ef8) C:\Windows\system32\DRIVERS\xaudio.sys
17:02:03.0711 6744 XAudio - ok
17:02:03.0774 6744 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
17:02:03.0789 6744 \Device\Harddisk0\DR0 - ok
17:02:03.0789 6744 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1
17:02:03.0805 6744 \Device\Harddisk1\DR1 - ok
17:02:03.0820 6744 Boot (0x1200) (f0a13ec6d0ce869e326edaf68d690c3d) \Device\Harddisk0\DR0\Partition0
17:02:03.0820 6744 \Device\Harddisk0\DR0\Partition0 - ok
17:02:03.0820 6744 Boot (0x1200) (c1a235fff2ccf6de4962cb1f6be43ff2) \Device\Harddisk0\DR0\Partition1
17:02:03.0820 6744 \Device\Harddisk0\DR0\Partition1 - ok
17:02:03.0820 6744 Boot (0x1200) (9dea1d261e1499acd34220f1f4f78a50) \Device\Harddisk1\DR1\Partition0
17:02:03.0820 6744 \Device\Harddisk1\DR1\Partition0 - ok
17:02:03.0836 6744 ============================================================
17:02:03.0836 6744 Scan finished
17:02:03.0836 6744 ============================================================
17:02:03.0836 1252 Detected object count: 0
17:02:03.0836 1252 Actual detected object count: 0

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:12 AM

Posted 02 December 2011 - 08:22 PM

hello

Now try and run combofix for me


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users