Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Win32:DNSChanger-VJ help please


  • This topic is locked This topic is locked
17 replies to this topic

#1 throwshapes

throwshapes

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:09 PM

Posted 25 November 2011 - 06:31 PM

Hello, I am posting because my Avast! antivirus software keeps popping up with a message that it is blocking the Trojan Win32:DNSChanger-VJ (Trj). The process it shows as being affected is file://\\.\globalroot\systemroot\svchost. Recently, I have also noticed that the svchost.exe is taking up an unusual amount of my computer power. When I go to the Task Manager it is often using 95%-99% of my CPU usage and my Physical Memory. I can usually go into the tab to show processes for all users and manually end the process SVChost.exe (winrscmde), which drops the CPU usage back to normal, but it will go back to how it was after about 5 minutes. One last problem is I have also been periodically getting blue screen errors where windows will shut down and be forced to reboot. These problems all started around the same time so I assume they are related. I have read the preparation guide and posted the DDS file and the other attachment but I skipped the step involving gmer because I have 64bit windows. Thank you for any help, much appreciated!

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_27
Run by Mike at 18:11:25 on 2011-11-25
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4063.2131 [GMT -5:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\DRIVERS\xaudio64.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\Winamp\winampa.exe
C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe
C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Program Files\Apoint\Apvfb.exe
C:\Program Files (x86)\Razer\DeathAdder\razertra.exe
C:\Program Files (x86)\Razer\DeathAdder\razerofa.exe
C:\Program Files\Apoint\Apntex.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\wuauclt.exe
-netsvcs
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT
uStart Page = hxxp://search.searchcompletion.com/?si=16604&home=true
uInternet Settings,ProxyOverride = *.local
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Complete Bar: {64c54209-175c-454d-9291-ac46d4d952cf} - C:\Program Files (x86)\completebartb\completebarDx.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: ZoneAlarm Toolbar Registrar: {8a4a36c2-0535-4d2c-bd3d-496cb7eed6e3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Complitly: {d27fc31c-6e3d-4305-8d53-acdaefa5f862} - C:\Users\Mike\AppData\Roaming\CompitlyEngine\ComplitlyEngine.dll
BHO: MSN Toolbar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0357.1\npwinext.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: Updater For Complete Bar: {fe618700-e0ee-441e-8b1d-18ce226bb193} - C:\Program Files (x86)\completebartb\auxi\completebarAu.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: ZoneAlarm Toolbar: {ee2ac4e5-b0b0-4ec6-88a9-bca1a32ab107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll
TB: Complete Bar: {64c54209-175c-454d-9291-ac46d4d952cf} - C:\Program Files (x86)\completebartb\completebarDx.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
TB: MSN Toolbar: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0357.1\npwinext.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [Google Update] "C:\Users\Mike\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
mRun: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
mRun: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
mRun: [DeathAdder] C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe
mRun: [Anti-phishing Domain Advisor] "C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe"
mRun: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
mRun: [Adobe_ID0ENQBO] C:\PROGRA~2\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [MSN Toolbar] "C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0357.1\mswinext.exe"
mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVZOVgtTlNWVkwtTzRCWlEtUUlNQ0wtUVREQ0gtNElKTUg"&"inst=NzctNjkxMTMzMDcyLUZQOSs2LUJBUjlHKzEtVEI5KzItRkwrOS1YTzM2KzEtRjlNN0MrNS1GOU0xMEIrMi1GOU0yKzEtRkwxMCsxLVhPMTArMTEtRERUKzAtTFNEKzI"&"prod=90"&"ver=10.0.1392
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{86D542FC-F958-4D58-8B71-F12889A59DDA} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{86D542FC-F958-4D58-8B71-F12889A59DDA}\4494747495 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{86D542FC-F958-4D58-8B71-F12889A59DDA}\563757133373 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{86D542FC-F958-4D58-8B71-F12889A59DDA}\76F676F696E666C696768647 : DhcpNameServer = 172.19.134.2
TCP: Interfaces\{86D542FC-F958-4D58-8B71-F12889A59DDA}\D416274796E6 : DhcpNameServer = 216.144.187.37 204.186.0.201 207.44.96.129
TCP: Interfaces\{86D542FC-F958-4D58-8B71-F12889A59DDA}\F65727F586F6D656 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{C1121A84-3E64-4076-93C4-3FECC133764B} : DhcpNameServer = 216.144.187.37 204.186.0.201 207.44.96.129
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Notify: VESWinlogon - VESWinlogon.dll
BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO-X64: HP Print Enhancer - No File
BHO-X64: ContributeBHO Class: {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-X64: Complete Bar: {64c54209-175c-454d-9291-ac46d4d952cf} - C:\Program Files (x86)\completebartb\completebarDx.dll
BHO-X64: Complete Bar - No File
BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO-X64: Search Helper - No File
BHO-X64: ZoneAlarm Toolbar Registrar: {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll
BHO-X64: ZoneAlarm Toolbar Registrar - No File
BHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Skype Plug-In: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Complitly: {D27FC31C-6E3D-4305-8D53-ACDAEFA5F862} - C:\Users\Mike\AppData\Roaming\CompitlyEngine\ComplitlyEngine.dll
BHO-X64: Complitly - No File
BHO-X64: MSN Toolbar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0357.1\npwinext.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: Updater For Complete Bar: {fe618700-e0ee-441e-8b1d-18ce226bb193} - C:\Program Files (x86)\completebartb\auxi\completebarAu.dll
BHO-X64: Updater For Complete Bar - No File
BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
BHO-X64: HP Smart BHO Class - No File
TB-X64: ZoneAlarm Toolbar: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll
TB-X64: Complete Bar: {64c54209-175c-454d-9291-ac46d4d952cf} - C:\Program Files (x86)\completebartb\completebarDx.dll
TB-X64: Contribute Toolbar: {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
TB-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
TB-X64: MSN Toolbar: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0357.1\npwinext.dll
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
mRun-x64: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
mRun-x64: [DeathAdder] C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe
mRun-x64: [Anti-phishing Domain Advisor] "C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe"
mRun-x64: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
mRun-x64: [Adobe_ID0ENQBO] C:\PROGRA~2\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
mRun-x64: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun-x64: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun-x64: [(Default)]
mRun-x64: [MSN Toolbar] "C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0357.1\mswinext.exe"
mRun-x64: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRunOnce-x64: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVZOVgtTlNWVkwtTzRCWlEtUUlNQ0wtUVREQ0gtNElKTUg"&"inst=NzctNjkxMTMzMDcyLUZQOSs2LUJBUjlHKzEtVEI5KzItRkwrOS1YTzM2KzEtRjlNN0MrNS1GOU0xMEIrMi1GOU0yKzEtRkwxMCsxLVhPMTArMTEtRERUKzAtTFNEKzI"&"prod=90"&"ver=10.0.1392
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\2zi0jgal.default\
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\3.0.40818.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]
R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]
R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2011-9-26 44768]
R2 RtkAudioService;Realtek Audio Service;C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [2009-4-23 141344]
R2 uCamMonitor;CamMonitor;C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2009-5-9 104960]
R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys --> C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys [?]
R3 danewFltr;NewDeathAdder Mouse;C:\Windows\system32\drivers\danew.sys --> C:\Windows\system32\drivers\danew.sys [?]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]
R3 SFEP;Sony Firmware Extension Parser;C:\Windows\system32\DRIVERS\SFEP.sys --> C:\Windows\system32\DRIVERS\SFEP.sys [?]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2008-8-15 284016]
S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]
S3 CAXHWAZL;CAXHWAZL;C:\Windows\system32\DRIVERS\CAXHWAZL.sys --> C:\Windows\system32\DRIVERS\CAXHWAZL.sys [?]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files (x86)\steam\steamapps\common\dragon age origins\bin_ship\DAUpdaterSvc.Service.exe --> c:\program files (x86)\steam\steamapps\common\dragon age origins\bin_ship\DAUpdaterSvc.Service.exe [?]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-8-9 1038088]
S3 Razerlow;Razer Pro|Solutions;C:\Windows\system32\drivers\Razerlow.sys --> C:\Windows\system32\drivers\Razerlow.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2009-5-9 394536]
S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2009-5-9 110376]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys --> C:\Windows\system32\DRIVERS\wdcsam64.sys [?]
.
=============== Created Last 30 ================
.
2011-11-25 22:27:21 -------- d-----w- C:\Users\Mike\AppData\Roaming\SUPERAntiSpyware.com
2011-11-25 22:26:53 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2011-11-25 22:26:53 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2011-11-25 18:58:11 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{4C19C6F8-520C-456A-A177-A27D3D436F0A}\offreg.dll
2011-11-25 18:58:06 8570192 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{4C19C6F8-520C-456A-A177-A27D3D436F0A}\mpengine.dll
2011-11-24 19:09:50 -------- d-sh--w- C:\found.000
2011-11-24 01:35:28 -------- d-----w- C:\Program Files (x86)\Ventrilo
2011-11-23 20:11:57 -------- d-----w- C:\Program Files\iPod
2011-11-23 20:11:56 -------- d-----w- C:\Program Files\iTunes
2011-11-22 01:49:15 886784 ----a-w- C:\Program Files\Common Files\System\wab32.dll
2011-11-22 01:49:15 708608 ----a-w- C:\Program Files (x86)\Common Files\System\wab32.dll
2011-11-22 01:49:12 1897328 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2011-11-22 01:48:58 3141120 ----a-w- C:\Windows\System32\win32k.sys
2011-11-22 01:48:52 6144 ----a-w- C:\Program Files\Internet Explorer\iecompat.dll
2011-11-22 01:48:52 6144 ----a-w- C:\Program Files (x86)\Internet Explorer\iecompat.dll
2011-11-19 21:19:50 -------- d-----w- C:\Users\Mike\AppData\Roaming\PFStaticIP
2011-11-19 21:19:19 -------- d-----w- C:\Users\Mike\AppData\Local\APN
2011-11-19 21:19:18 -------- d-----w- C:\Program Files (x86)\PFStaticIP
2011-11-19 02:42:33 20480 ----a-w- C:\Windows\svchost.exe
2011-11-19 02:01:53 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%
2011-11-19 01:18:06 -------- d-----w- C:\Program Files\Webroot
2011-11-19 01:18:03 -------- d-----w- C:\ProgramData\WRData
.
==================== Find3M ====================
.
2011-10-11 17:55:18 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2011-10-01 03:21:20 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2011-10-01 02:59:14 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-09-06 20:45:29 41184 ----a-w- C:\Windows\avastSS.scr
2011-09-06 20:38:18 601944 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2011-09-06 20:36:30 65368 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2011-08-31 03:05:32 96104 ----a-w- C:\Windows\System32\dns-sd.exe
2011-08-31 03:05:32 85864 ----a-w- C:\Windows\System32\dnssd.dll
2011-08-31 03:05:04 83816 ----a-w- C:\Windows\SysWow64\dns-sd.exe
2011-08-31 03:05:04 73064 ----a-w- C:\Windows\SysWow64\dnssd.dll
.
============= FINISH: 18:17:07.24 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:09 PM

Posted 27 November 2011 - 11:18 PM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.
  • Do not run any other tool untill instructed to do so!


Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 throwshapes

throwshapes
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:09 PM

Posted 28 November 2011 - 03:14 PM

Hello Gringo, thank you for the reply.
I followed the instructions and ran combofix. I had to run it twice because on the first try, after my computer restarted, Avast started back up and interrupted the process. So I just uninstalled Avast altogether and reran combofix again. It seems to have deleted multiple files including svchost.exe. However, even after this, my computer is running super slow still and I see that svchost.exe (winrscmde) is still the process sucking up 99% of my computer's power and making it run slow. Here is the combofix log:


ComboFix 11-11-28.02 - Mike 11/28/2011 14:45:28.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4063.2638 [GMT -5:00]
Running from: c:\users\Mike\Desktop\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\svchost.exe
.
---- Previous Run -------
.
c:\users\Mike\AppData\Local\{382C63A3-5A18-452F-8CD6-31618EF160D8}\chrome.manifest
c:\users\Mike\AppData\Local\{382C63A3-5A18-452F-8CD6-31618EF160D8}\chrome\content\_cfg.js
c:\users\Mike\AppData\Local\{382C63A3-5A18-452F-8CD6-31618EF160D8}\chrome\content\overlay.xul
c:\users\Mike\AppData\Local\{382C63A3-5A18-452F-8CD6-31618EF160D8}\install.rdf
c:\windows\svchost.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-10-28 to 2011-11-28 )))))))))))))))))))))))))))))))
.
.
2011-11-28 19:55 . 2011-11-28 19:55 -------- d-----w- c:\users\Mcx1-MIKE-PC\AppData\Local\temp
2011-11-28 19:55 . 2011-11-28 19:55 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-11-27 00:53 . 2011-10-07 04:16 8570192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{DC08897E-E75A-4797-9D28-178FC62CCB45}\mpengine.dll
2011-11-25 22:27 . 2011-11-25 22:27 -------- d-----w- c:\users\Mike\AppData\Roaming\SUPERAntiSpyware.com
2011-11-25 22:26 . 2011-11-25 22:27 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-11-25 22:26 . 2011-11-25 22:26 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-11-24 19:09 . 2011-11-24 19:09 -------- d-----w- C:\found.000
2011-11-24 01:35 . 2011-11-24 01:35 -------- d-----w- c:\program files (x86)\Ventrilo
2011-11-23 20:11 . 2011-11-23 20:11 -------- d-----w- c:\program files\iPod
2011-11-23 20:11 . 2011-11-24 03:42 -------- d-----w- c:\program files\iTunes
2011-11-22 01:49 . 2011-10-01 05:28 886784 ----a-w- c:\program files\Common Files\System\wab32.dll
2011-11-22 01:49 . 2011-10-01 04:43 708608 ----a-w- c:\program files (x86)\Common Files\System\wab32.dll
2011-11-22 01:49 . 2011-09-29 16:24 1897328 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-22 01:48 . 2011-09-29 04:09 3141120 ----a-w- c:\windows\system32\win32k.sys
2011-11-22 01:48 . 2011-08-15 05:08 6144 ----a-w- c:\program files\Internet Explorer\iecompat.dll
2011-11-22 01:48 . 2011-08-15 04:25 6144 ----a-w- c:\program files (x86)\Internet Explorer\iecompat.dll
2011-11-19 21:19 . 2011-11-22 01:34 -------- d-----w- c:\users\Mike\AppData\Roaming\PFStaticIP
2011-11-19 21:19 . 2011-11-19 21:19 -------- d-----w- c:\users\Mike\AppData\Local\APN
2011-11-19 21:19 . 2011-11-22 01:35 -------- d-----w- c:\program files (x86)\PFStaticIP
2011-11-19 02:42 . 2009-07-14 01:14 20480 ----a-w- c:\windows\svchost.exe
2011-11-19 02:01 . 2011-11-19 02:01 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2011-11-19 01:18 . 2011-11-19 02:40 -------- d-----w- c:\program files\Webroot
2011-11-19 01:18 . 2011-11-19 02:05 -------- d-----w- c:\programdata\WRData
2011-11-14 21:14 . 2011-11-14 21:14 -------- d-----w- c:\users\Default\AppData\Roaming\Apple Computer
2011-11-14 21:14 . 2011-11-14 21:14 -------- d-----w- c:\users\Default\AppData\Local\Apple Computer
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-03 10:06 . 2011-10-11 17:55 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-10-01 03:21 . 2011-10-13 20:21 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-10-01 02:59 . 2011-10-13 20:21 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-09-06 20:45 . 2011-08-11 23:13 254400 ----a-w- c:\windows\system32\aswBoot.exe
2011-08-31 03:05 . 2011-08-31 03:05 96104 ----a-w- c:\windows\system32\dns-sd.exe
2011-08-31 03:05 . 2011-08-31 03:05 85864 ----a-w- c:\windows\system32\dnssd.dll
2011-08-31 03:05 . 2011-08-31 03:05 83816 ----a-w- c:\windows\SysWow64\dns-sd.exe
2011-08-31 03:05 . 2011-08-31 03:05 73064 ----a-w- c:\windows\SysWow64\dnssd.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{64c54209-175c-454d-9291-ac46d4d952cf}]
2011-03-23 17:33 86696 ----a-w- c:\program files (x86)\completebartb\completebarDx.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{fe618700-e0ee-441e-8b1d-18ce226bb193}]
2011-03-23 17:33 262312 ----a-w- c:\program files (x86)\completebartb\auxi\completebarAu.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{64c54209-175c-454d-9291-ac46d4d952cf}"= "c:\program files (x86)\completebartb\completebarDx.dll" [2011-03-23 86696]
.
[HKEY_CLASSES_ROOT\clsid\{64c54209-175c-454d-9291-ac46d4d952cf}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2011-08-08 1242448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2009-07-01 37888]
"ATICustomerCare"="c:\program files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" [2009-06-14 307200]
"DeathAdder"="c:\program files (x86)\Razer\DeathAdder\razerhid.exe" [2009-09-22 163840]
"Anti-phishing Domain Advisor"="c:\programdata\Anti-phishing Domain Advisor\visicom_antiphishing.exe" [2011-03-15 232104]
"AdobeCS4ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2009-11-18 54576]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-05 421888]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-11-13 421736]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVZOVgtTlNWVkwtTzRCWlEtUUlNQ0wtUVREQ0gtNElKTUg&inst=NzctNjkxMTMzMDcyLUZQOSs2LUJBUjlHKzEtVEI5KzItRkwrOS1YTzM2KzEtRjlNN0MrNS1GOU0xMEIrMi1GOU0yKzEtRkwxMCsxLVhPMTArMTEtRERUKzAtTFNEKzI&prod=90&ver=10.0.1392" [?]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-3-2 1076264]
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2009-01-19 19:49 98304 ----a-w- c:\windows\System32\VESWinlogon.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2008-08-15 284016]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
R3 CAXHWAZL;CAXHWAZL;c:\windows\system32\DRIVERS\CAXHWAZL.sys [x]
R3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files (x86)\steam\steamapps\common\dragon age origins\bin_ship\DAUpdaterSvc.Service.exe [x]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-08-09 1038088]
R3 Razerlow;Razer Pro|Solutions;c:\windows\system32\drivers\Razerlow.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2009-01-19 394536]
R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2009-01-17 110376]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 RtkAudioService;Realtek Audio Service;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe [2009-01-06 141344]
S2 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2008-09-18 104960]
S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [x]
S3 danewFltr;NewDeathAdder Mouse;c:\windows\system32\drivers\danew.sys [x]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - Avgtdia
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2409792287-1573994395-1048264885-1000Core.job
- c:\users\Mike\AppData\Local\Google\Update\GoogleUpdate.exe [2009-12-29 02:48]
.
2011-11-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2409792287-1573994395-1048264885-1000UA.job
- c:\users\Mike\AppData\Local\Google\Update\GoogleUpdate.exe [2009-12-29 02:48]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D27FC31C-6E3D-4305-8D53-ACDAEFA5F862}]
2011-03-28 19:40 167416 ----a-w- c:\users\Mike\AppData\Roaming\CompitlyEngine\64\ComplitlyEngine64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2009-04-13 187904]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-01-06 6956576]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-01-06 1833504]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.searchcompletion.com/?si=16604&home=true
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\2zi0jgal.default\
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-MSN Toolbar - c:\program files (x86)\MSN Toolbar\Platform\4.0.0357.1\mswinext.exe
AddRemove-Final Fantasy VII - c:\program files (x86)\Final Fantasy VII\Uninst.isu
AddRemove-Final Fantasy VII_is1 - c:\program files (x86)\Final Fantasy VII\unins000.exe
AddRemove-{08234a0d-cf39-4dca-99f0-0c5cb496da81} - c:\program files (x86)\MSN Toolbar Installer\InstallManager.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\\.\globalroot\systemroot\svchost.exe
c:\program files (x86)\Razer\DeathAdder\razertra.exe
c:\program files (x86)\Razer\DeathAdder\razerofa.exe
c:\\.\globalroot\systemroot\svchost.exe
c:\program files (x86)\Common Files\Steam\SteamService.exe
c:\progra~2\Java\jre6\bin\jp2launcher.exe
c:\program files (x86)\Java\jre6\bin\java.exe
.
**************************************************************************
.
Completion time: 2011-11-28 15:07:40 - machine was rebooted
ComboFix-quarantined-files.txt 2011-11-28 20:07
.
Pre-Run: 49,878,102,016 bytes free
Post-Run: 49,554,452,480 bytes free
.
- - End Of File - - BDE14A57A157BAFD273B8E7156EAC2A0

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:09 PM

Posted 28 November 2011 - 03:54 PM

Hello

I want you to run this tool for me next.

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 throwshapes

throwshapes
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:09 PM

Posted 28 November 2011 - 05:45 PM

17:39:01.0721 6200 TDSS rootkit removing tool 2.6.21.0 Nov 24 2011 12:32:44
17:39:01.0979 6200 ============================================================
17:39:01.0980 6200 Current date / time: 2011/11/28 17:39:01.0979
17:39:01.0980 6200 SystemInfo:
17:39:01.0980 6200
17:39:01.0980 6200 OS Version: 6.1.7600 ServicePack: 0.0
17:39:01.0980 6200 Product type: Workstation
17:39:01.0980 6200 ComputerName: MIKE-PC
17:39:01.0980 6200 UserName: Mike
17:39:01.0980 6200 Windows directory: C:\Windows
17:39:01.0980 6200 System windows directory: C:\Windows
17:39:01.0980 6200 Running under WOW64
17:39:01.0980 6200 Processor architecture: Intel x64
17:39:01.0980 6200 Number of processors: 2
17:39:01.0980 6200 Page size: 0x1000
17:39:01.0980 6200 Boot type: Normal boot
17:39:01.0980 6200 ============================================================
17:39:02.0323 6200 Initialize success
17:39:13.0539 6316 ============================================================
17:39:13.0539 6316 Scan started
17:39:13.0539 6316 Mode: Manual;
17:39:13.0539 6316 ============================================================
17:39:14.0391 6316 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
17:39:14.0392 6316 1394ohci - ok
17:39:14.0441 6316 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
17:39:14.0444 6316 ACPI - ok
17:39:14.0477 6316 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
17:39:14.0477 6316 AcpiPmi - ok
17:39:14.0670 6316 adfs (2f0683fd2df1d92e891caca14b45a8c1) C:\Windows\system32\drivers\adfs.sys
17:39:14.0672 6316 adfs - ok
17:39:14.0896 6316 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
17:39:14.0899 6316 adp94xx - ok
17:39:14.0939 6316 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
17:39:14.0941 6316 adpahci - ok
17:39:14.0978 6316 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
17:39:14.0979 6316 adpu320 - ok
17:39:15.0155 6316 AFD (6ef20ddf3172e97d69f596fb90602f29) C:\Windows\system32\drivers\afd.sys
17:39:15.0158 6316 AFD - ok
17:39:15.0215 6316 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
17:39:15.0216 6316 agp440 - ok
17:39:15.0375 6316 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
17:39:15.0376 6316 aliide - ok
17:39:15.0457 6316 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
17:39:15.0457 6316 amdide - ok
17:39:15.0573 6316 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
17:39:15.0574 6316 AmdK8 - ok
17:39:15.0614 6316 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
17:39:15.0614 6316 AmdPPM - ok
17:39:15.0722 6316 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys
17:39:15.0723 6316 amdsata - ok
17:39:15.0804 6316 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
17:39:15.0806 6316 amdsbs - ok
17:39:15.0863 6316 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys
17:39:15.0864 6316 amdxata - ok
17:39:16.0015 6316 ApfiltrService (2e0d64d672f9e3edd51531fa91f33da5) C:\Windows\system32\DRIVERS\Apfiltr.sys
17:39:16.0016 6316 ApfiltrService - ok
17:39:16.0161 6316 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
17:39:16.0162 6316 AppID - ok
17:39:16.0214 6316 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
17:39:16.0215 6316 arc - ok
17:39:16.0238 6316 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
17:39:16.0239 6316 arcsas - ok
17:39:16.0310 6316 ArcSoftKsUFilter (1ce3822b05a5e229286a15ea39369870) C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys
17:39:16.0311 6316 ArcSoftKsUFilter - ok
17:39:16.0498 6316 aswFsBlk (5a68b880c16ad5a6aa20b49a47ffff24) C:\Windows\system32\drivers\aswFsBlk.sys
17:39:16.0498 6316 aswFsBlk - ok
17:39:16.0660 6316 aswMonFlt (230613be2d3da8053879be5ed2848f2d) C:\Windows\system32\drivers\aswMonFlt.sys
17:39:16.0660 6316 aswMonFlt - ok
17:39:16.0693 6316 aswRdr (0dc1996ae4178d7d14744ef6b3082313) C:\Windows\system32\drivers\aswRdr.sys
17:39:16.0694 6316 aswRdr - ok
17:39:16.0808 6316 aswSnx (b6ff911c23775cdfdd49612d92637af4) C:\Windows\system32\drivers\aswSnx.sys
17:39:16.0812 6316 aswSnx - ok
17:39:16.0904 6316 aswSP (5a590d8516376aed1829fc07d3bdaa4b) C:\Windows\system32\drivers\aswSP.sys
17:39:16.0906 6316 aswSP - ok
17:39:17.0017 6316 aswTdi (3239c0082fb0c1c4ee323730b85690a5) C:\Windows\system32\drivers\aswTdi.sys
17:39:17.0018 6316 aswTdi - ok
17:39:17.0091 6316 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
17:39:17.0091 6316 AsyncMac - ok
17:39:17.0194 6316 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
17:39:17.0195 6316 atapi - ok
17:39:17.0378 6316 atikmdag (52bd95caa9cae8977fe043e9ad6d2d0e) C:\Windows\system32\DRIVERS\atikmdag.sys
17:39:17.0484 6316 atikmdag - ok
17:39:17.0734 6316 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
17:39:17.0737 6316 b06bdrv - ok
17:39:17.0887 6316 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
17:39:17.0889 6316 b57nd60a - ok
17:39:17.0927 6316 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
17:39:17.0927 6316 Beep - ok
17:39:18.0018 6316 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
17:39:18.0020 6316 blbdrive - ok
17:39:18.0209 6316 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
17:39:18.0210 6316 bowser - ok
17:39:18.0264 6316 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
17:39:18.0264 6316 BrFiltLo - ok
17:39:18.0290 6316 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
17:39:18.0291 6316 BrFiltUp - ok
17:39:18.0322 6316 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
17:39:18.0324 6316 Brserid - ok
17:39:18.0349 6316 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
17:39:18.0350 6316 BrSerWdm - ok
17:39:18.0432 6316 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
17:39:18.0433 6316 BrUsbMdm - ok
17:39:18.0459 6316 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
17:39:18.0459 6316 BrUsbSer - ok
17:39:18.0557 6316 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
17:39:18.0558 6316 BTHMODEM - ok
17:39:18.0723 6316 btwaudio (1abd26de34d3a5e346e96d721c0d67f8) C:\Windows\system32\drivers\btwaudio.sys
17:39:18.0724 6316 btwaudio - ok
17:39:18.0750 6316 btwavdt (3081d3213a3d2df2f3e7bbd816c17225) C:\Windows\system32\drivers\btwavdt.sys
17:39:18.0752 6316 btwavdt - ok
17:39:18.0788 6316 btwl2cap (0037cb116097e8e0ea77f3b13c50ff1e) C:\Windows\system32\DRIVERS\btwl2cap.sys
17:39:18.0789 6316 btwl2cap - ok
17:39:18.0853 6316 btwrchid (6921ad2faf1cb24b2ffc78104721d506) C:\Windows\system32\DRIVERS\btwrchid.sys
17:39:18.0854 6316 btwrchid - ok
17:39:18.0907 6316 catchme - ok
17:39:19.0049 6316 CAXHWAZL (fdb53a8d3bc52dc29884587e768e3388) C:\Windows\system32\DRIVERS\CAXHWAZL.sys
17:39:19.0052 6316 CAXHWAZL - ok
17:39:19.0096 6316 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
17:39:19.0097 6316 cdfs - ok
17:39:19.0194 6316 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
17:39:19.0195 6316 cdrom - ok
17:39:19.0355 6316 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
17:39:19.0355 6316 circlass - ok
17:39:19.0424 6316 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
17:39:19.0427 6316 CLFS - ok
17:39:19.0652 6316 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
17:39:19.0652 6316 CmBatt - ok
17:39:19.0673 6316 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
17:39:19.0674 6316 cmdide - ok
17:39:19.0714 6316 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
17:39:19.0717 6316 CNG - ok
17:39:19.0811 6316 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
17:39:19.0811 6316 Compbatt - ok
17:39:19.0887 6316 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
17:39:19.0888 6316 CompositeBus - ok
17:39:19.0973 6316 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
17:39:19.0974 6316 crcdisk - ok
17:39:20.0090 6316 danewFltr (329bc03a1ccd45941df52dc021d27ac5) C:\Windows\system32\drivers\danew.sys
17:39:20.0091 6316 danewFltr - ok
17:39:20.0260 6316 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
17:39:20.0262 6316 DfsC - ok
17:39:20.0319 6316 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
17:39:20.0320 6316 discache - ok
17:39:20.0467 6316 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
17:39:20.0468 6316 Disk - ok
17:39:20.0646 6316 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
17:39:20.0646 6316 drmkaud - ok
17:39:20.0696 6316 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
17:39:20.0703 6316 DXGKrnl - ok
17:39:20.0870 6316 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
17:39:20.0932 6316 ebdrv - ok
17:39:21.0109 6316 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
17:39:21.0113 6316 elxstor - ok
17:39:21.0132 6316 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
17:39:21.0133 6316 ErrDev - ok
17:39:21.0182 6316 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
17:39:21.0183 6316 exfat - ok
17:39:21.0225 6316 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
17:39:21.0227 6316 fastfat - ok
17:39:21.0265 6316 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
17:39:21.0266 6316 fdc - ok
17:39:21.0307 6316 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
17:39:21.0308 6316 FileInfo - ok
17:39:21.0328 6316 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
17:39:21.0329 6316 Filetrace - ok
17:39:21.0560 6316 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
17:39:21.0561 6316 flpydisk - ok
17:39:21.0592 6316 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
17:39:21.0595 6316 FltMgr - ok
17:39:21.0624 6316 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
17:39:21.0625 6316 FsDepends - ok
17:39:21.0652 6316 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
17:39:21.0652 6316 Fs_Rec - ok
17:39:21.0694 6316 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
17:39:21.0696 6316 fvevol - ok
17:39:21.0753 6316 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
17:39:21.0754 6316 gagp30kx - ok
17:39:21.0798 6316 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
17:39:21.0799 6316 GEARAspiWDM - ok
17:39:21.0826 6316 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
17:39:21.0827 6316 hcw85cir - ok
17:39:21.0858 6316 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
17:39:21.0859 6316 HDAudBus - ok
17:39:21.0882 6316 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
17:39:21.0883 6316 HidBatt - ok
17:39:21.0908 6316 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
17:39:21.0909 6316 HidBth - ok
17:39:21.0935 6316 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
17:39:21.0936 6316 HidIr - ok
17:39:22.0026 6316 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
17:39:22.0027 6316 HidUsb - ok
17:39:22.0102 6316 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
17:39:22.0103 6316 HpSAMD - ok
17:39:22.0191 6316 HSF_DPV (e90d0e3d9715f3bec7db2d6321dddee8) C:\Windows\system32\DRIVERS\CAX_DPV.sys
17:39:22.0201 6316 HSF_DPV - ok
17:39:22.0278 6316 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
17:39:22.0295 6316 HTTP - ok
17:39:22.0318 6316 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
17:39:22.0319 6316 hwpolicy - ok
17:39:22.0338 6316 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
17:39:22.0339 6316 i8042prt - ok
17:39:22.0393 6316 iaStor (8d58627fef3f8767665d9f4dc91cbd97) C:\Windows\system32\DRIVERS\iaStor.sys
17:39:22.0396 6316 iaStor - ok
17:39:22.0512 6316 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys
17:39:22.0515 6316 iaStorV - ok
17:39:22.0579 6316 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
17:39:22.0579 6316 iirsp - ok
17:39:22.0731 6316 IntcAzAudAddService (18f7691b18d4a93559d2a998ab2142bd) C:\Windows\system32\drivers\RTKVHD64.sys
17:39:22.0741 6316 IntcAzAudAddService - ok
17:39:22.0829 6316 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
17:39:22.0830 6316 intelide - ok
17:39:22.0893 6316 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
17:39:22.0894 6316 intelppm - ok
17:39:23.0043 6316 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:39:23.0045 6316 IpFilterDriver - ok
17:39:23.0079 6316 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
17:39:23.0080 6316 IPMIDRV - ok
17:39:23.0179 6316 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
17:39:23.0181 6316 IPNAT - ok
17:39:23.0329 6316 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
17:39:23.0330 6316 IRENUM - ok
17:39:23.0354 6316 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
17:39:23.0355 6316 isapnp - ok
17:39:23.0389 6316 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
17:39:23.0391 6316 iScsiPrt - ok
17:39:23.0573 6316 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
17:39:23.0575 6316 kbdclass - ok
17:39:23.0691 6316 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
17:39:23.0692 6316 kbdhid - ok
17:39:23.0757 6316 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
17:39:23.0758 6316 KSecDD - ok
17:39:23.0804 6316 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
17:39:23.0806 6316 KSecPkg - ok
17:39:23.0897 6316 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
17:39:23.0898 6316 ksthunk - ok
17:39:23.0955 6316 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
17:39:23.0956 6316 lltdio - ok
17:39:24.0059 6316 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
17:39:24.0060 6316 LSI_FC - ok
17:39:24.0102 6316 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
17:39:24.0103 6316 LSI_SAS - ok
17:39:24.0199 6316 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
17:39:24.0200 6316 LSI_SAS2 - ok
17:39:24.0235 6316 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
17:39:24.0236 6316 LSI_SCSI - ok
17:39:24.0323 6316 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
17:39:24.0324 6316 luafv - ok
17:39:24.0381 6316 mdmxsdk (e4f44ec214b3e381e1fc844a02926666) C:\Windows\system32\DRIVERS\mdmxsdk.sys
17:39:24.0381 6316 mdmxsdk - ok
17:39:24.0474 6316 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
17:39:24.0475 6316 megasas - ok
17:39:24.0506 6316 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
17:39:24.0509 6316 MegaSR - ok
17:39:24.0532 6316 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
17:39:24.0532 6316 Modem - ok
17:39:24.0620 6316 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
17:39:24.0620 6316 monitor - ok
17:39:24.0718 6316 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
17:39:24.0720 6316 mouclass - ok
17:39:24.0790 6316 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
17:39:24.0791 6316 mouhid - ok
17:39:24.0825 6316 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
17:39:24.0827 6316 mountmgr - ok
17:39:24.0858 6316 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
17:39:24.0860 6316 mpio - ok
17:39:24.0889 6316 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
17:39:24.0890 6316 mpsdrv - ok
17:39:24.0917 6316 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
17:39:24.0918 6316 MRxDAV - ok
17:39:24.0972 6316 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
17:39:24.0973 6316 mrxsmb - ok
17:39:25.0078 6316 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:39:25.0081 6316 mrxsmb10 - ok
17:39:25.0101 6316 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:39:25.0109 6316 mrxsmb20 - ok
17:39:25.0159 6316 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
17:39:25.0160 6316 msahci - ok
17:39:25.0180 6316 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
17:39:25.0181 6316 msdsm - ok
17:39:25.0215 6316 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
17:39:25.0216 6316 Msfs - ok
17:39:25.0235 6316 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
17:39:25.0236 6316 mshidkmdf - ok
17:39:25.0260 6316 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
17:39:25.0260 6316 msisadrv - ok
17:39:25.0351 6316 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
17:39:25.0351 6316 MSKSSRV - ok
17:39:25.0400 6316 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
17:39:25.0401 6316 MSPCLOCK - ok
17:39:25.0429 6316 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
17:39:25.0430 6316 MSPQM - ok
17:39:25.0468 6316 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
17:39:25.0472 6316 MsRPC - ok
17:39:25.0504 6316 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
17:39:25.0505 6316 mssmbios - ok
17:39:25.0554 6316 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
17:39:25.0554 6316 MSTEE - ok
17:39:25.0582 6316 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
17:39:25.0583 6316 MTConfig - ok
17:39:25.0603 6316 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
17:39:25.0604 6316 Mup - ok
17:39:25.0724 6316 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
17:39:25.0727 6316 NativeWifiP - ok
17:39:25.0789 6316 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
17:39:25.0797 6316 NDIS - ok
17:39:25.0830 6316 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
17:39:25.0831 6316 NdisCap - ok
17:39:25.0859 6316 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
17:39:25.0860 6316 NdisTapi - ok
17:39:25.0874 6316 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
17:39:25.0875 6316 Ndisuio - ok
17:39:25.0898 6316 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
17:39:25.0899 6316 NdisWan - ok
17:39:25.0912 6316 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
17:39:25.0913 6316 NDProxy - ok
17:39:26.0032 6316 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
17:39:26.0033 6316 NetBIOS - ok
17:39:26.0076 6316 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
17:39:26.0078 6316 NetBT - ok
17:39:26.0414 6316 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys
17:39:26.0525 6316 netw5v64 - ok
17:39:26.0699 6316 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
17:39:26.0700 6316 nfrd960 - ok
17:39:26.0745 6316 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
17:39:26.0746 6316 Npfs - ok
17:39:26.0774 6316 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
17:39:26.0775 6316 nsiproxy - ok
17:39:26.0866 6316 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
17:39:26.0876 6316 Ntfs - ok
17:39:26.0908 6316 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
17:39:26.0909 6316 Null - ok
17:39:26.0980 6316 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys
17:39:26.0981 6316 nvraid - ok
17:39:27.0040 6316 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys
17:39:27.0041 6316 nvstor - ok
17:39:27.0091 6316 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
17:39:27.0093 6316 nv_agp - ok
17:39:27.0130 6316 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
17:39:27.0132 6316 ohci1394 - ok
17:39:27.0181 6316 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
17:39:27.0183 6316 Parport - ok
17:39:27.0284 6316 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
17:39:27.0285 6316 partmgr - ok
17:39:27.0327 6316 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
17:39:27.0328 6316 pci - ok
17:39:27.0351 6316 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
17:39:27.0352 6316 pciide - ok
17:39:27.0385 6316 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
17:39:27.0387 6316 pcmcia - ok
17:39:27.0406 6316 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
17:39:27.0407 6316 pcw - ok
17:39:27.0438 6316 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
17:39:27.0443 6316 PEAUTH - ok
17:39:27.0566 6316 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
17:39:27.0567 6316 PptpMiniport - ok
17:39:27.0595 6316 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
17:39:27.0597 6316 Processor - ok
17:39:27.0641 6316 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
17:39:27.0643 6316 Psched - ok
17:39:27.0685 6316 PxHlpa64 (fbf4db6d53585437e41a113300002a2b) C:\Windows\system32\Drivers\PxHlpa64.sys
17:39:27.0686 6316 PxHlpa64 - ok
17:39:27.0777 6316 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
17:39:27.0787 6316 ql2300 - ok
17:39:27.0825 6316 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
17:39:27.0828 6316 ql40xx - ok
17:39:27.0868 6316 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
17:39:27.0869 6316 QWAVEdrv - ok
17:39:27.0921 6316 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
17:39:27.0921 6316 RasAcd - ok
17:39:27.0967 6316 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
17:39:27.0968 6316 RasAgileVpn - ok
17:39:28.0014 6316 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
17:39:28.0016 6316 Rasl2tp - ok
17:39:28.0068 6316 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
17:39:28.0069 6316 RasPppoe - ok
17:39:28.0114 6316 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
17:39:28.0115 6316 RasSstp - ok
17:39:28.0153 6316 Razerlow (81ddbf4fe998ef1f4ba230f7e8d8c67e) C:\Windows\system32\drivers\Razerlow.sys
17:39:28.0154 6316 Razerlow - ok
17:39:28.0187 6316 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
17:39:28.0189 6316 rdbss - ok
17:39:28.0237 6316 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
17:39:28.0239 6316 rdpbus - ok
17:39:28.0262 6316 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
17:39:28.0263 6316 RDPCDD - ok
17:39:28.0304 6316 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
17:39:28.0305 6316 RDPENCDD - ok
17:39:28.0341 6316 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
17:39:28.0342 6316 RDPREFMP - ok
17:39:28.0394 6316 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
17:39:28.0395 6316 RDPWD - ok
17:39:28.0427 6316 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
17:39:28.0428 6316 rdyboost - ok
17:39:28.0493 6316 rimsptsk (7eae3999b94a8ce60bfbaa83462b89a1) C:\Windows\system32\DRIVERS\rimssn64.sys
17:39:28.0494 6316 rimsptsk - ok
17:39:28.0547 6316 risdptsk (fa6d7cd63ad08a01d9259f58e0c5c09e) C:\Windows\system32\DRIVERS\risdsn64.sys
17:39:28.0548 6316 risdptsk - ok
17:39:28.0617 6316 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
17:39:28.0618 6316 rspndr - ok
17:39:28.0659 6316 RTHDMIAzAudService (67c7695d3b18682addf8419eda4bbfb8) C:\Windows\system32\drivers\RtHDMIVX.sys
17:39:28.0661 6316 RTHDMIAzAudService - ok
17:39:28.0790 6316 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
17:39:28.0791 6316 SASDIFSV - ok
17:39:28.0828 6316 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
17:39:28.0830 6316 SASKUTIL - ok
17:39:28.0876 6316 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
17:39:28.0879 6316 sbp2port - ok
17:39:28.0924 6316 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
17:39:28.0925 6316 scfilter - ok
17:39:29.0005 6316 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
17:39:29.0006 6316 secdrv - ok
17:39:29.0048 6316 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
17:39:29.0049 6316 Serenum - ok
17:39:29.0088 6316 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
17:39:29.0090 6316 Serial - ok
17:39:29.0138 6316 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
17:39:29.0139 6316 sermouse - ok
17:39:29.0241 6316 SFEP (70f9c476b62de4f2823e918a6c181ade) C:\Windows\system32\DRIVERS\SFEP.sys
17:39:29.0241 6316 SFEP - ok
17:39:29.0266 6316 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
17:39:29.0267 6316 sffdisk - ok
17:39:29.0295 6316 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
17:39:29.0296 6316 sffp_mmc - ok
17:39:29.0343 6316 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
17:39:29.0344 6316 sffp_sd - ok
17:39:29.0385 6316 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
17:39:29.0386 6316 sfloppy - ok
17:39:29.0440 6316 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
17:39:29.0442 6316 SiSRaid2 - ok
17:39:29.0496 6316 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
17:39:29.0498 6316 SiSRaid4 - ok
17:39:29.0540 6316 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
17:39:29.0541 6316 Smb - ok
17:39:29.0566 6316 speedfan - ok
17:39:29.0607 6316 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
17:39:29.0608 6316 spldr - ok
17:39:29.0679 6316 sptd (602884696850c86434530790b110e8eb) C:\Windows\system32\Drivers\sptd.sys
17:39:29.0680 6316 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 602884696850c86434530790b110e8eb
17:39:29.0682 6316 sptd ( LockedFile.Multi.Generic ) - warning
17:39:29.0683 6316 sptd - detected LockedFile.Multi.Generic (1)
17:39:29.0753 6316 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
17:39:29.0757 6316 srv - ok
17:39:29.0813 6316 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
17:39:29.0816 6316 srv2 - ok
17:39:29.0896 6316 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
17:39:29.0897 6316 srvnet - ok
17:39:30.0003 6316 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
17:39:30.0004 6316 stexstor - ok
17:39:30.0074 6316 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
17:39:30.0075 6316 swenum - ok
17:39:30.0173 6316 Tcpip (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\drivers\tcpip.sys
17:39:30.0185 6316 Tcpip - ok
17:39:30.0262 6316 TCPIP6 (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\DRIVERS\tcpip.sys
17:39:30.0274 6316 TCPIP6 - ok
17:39:30.0298 6316 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
17:39:30.0298 6316 tcpipreg - ok
17:39:30.0336 6316 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
17:39:30.0337 6316 TDPIPE - ok
17:39:30.0359 6316 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
17:39:30.0359 6316 TDTCP - ok
17:39:30.0383 6316 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
17:39:30.0385 6316 tdx - ok
17:39:30.0405 6316 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
17:39:30.0407 6316 TermDD - ok
17:39:30.0439 6316 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
17:39:30.0440 6316 tssecsrv - ok
17:39:30.0488 6316 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
17:39:30.0490 6316 tunnel - ok
17:39:30.0515 6316 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
17:39:30.0517 6316 uagp35 - ok
17:39:30.0550 6316 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
17:39:30.0553 6316 udfs - ok
17:39:30.0593 6316 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
17:39:30.0595 6316 uliagpkx - ok
17:39:30.0619 6316 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
17:39:30.0620 6316 umbus - ok
17:39:30.0658 6316 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
17:39:30.0659 6316 UmPass - ok
17:39:30.0707 6316 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
17:39:30.0707 6316 USBAAPL64 - ok
17:39:30.0757 6316 usbccgp (7b6a127c93ee590e4d79a5f2a76fe46f) C:\Windows\system32\DRIVERS\usbccgp.sys
17:39:30.0758 6316 usbccgp - ok
17:39:30.0799 6316 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
17:39:30.0801 6316 usbcir - ok
17:39:30.0823 6316 usbehci (92969ba5ac44e229c55a332864f79677) C:\Windows\system32\DRIVERS\usbehci.sys
17:39:30.0824 6316 usbehci - ok
17:39:30.0874 6316 usbhub (e7df1cfd28ca86b35ef5add0735ceef3) C:\Windows\system32\DRIVERS\usbhub.sys
17:39:30.0876 6316 usbhub - ok
17:39:30.0914 6316 usbohci (f1bb1e55f1e7a65c5839ccc7b36d773e) C:\Windows\system32\drivers\usbohci.sys
17:39:30.0915 6316 usbohci - ok
17:39:30.0952 6316 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
17:39:30.0953 6316 usbprint - ok
17:39:30.0984 6316 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
17:39:30.0985 6316 usbscan - ok
17:39:31.0048 6316 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\drivers\USBSTOR.SYS
17:39:31.0049 6316 USBSTOR - ok
17:39:31.0093 6316 usbuhci (bc3070350a491d84b518d7cca9abd36f) C:\Windows\system32\DRIVERS\usbuhci.sys
17:39:31.0094 6316 usbuhci - ok
17:39:31.0131 6316 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\System32\Drivers\usbvideo.sys
17:39:31.0133 6316 usbvideo - ok
17:39:31.0214 6316 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
17:39:31.0215 6316 vdrvroot - ok
17:39:31.0242 6316 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
17:39:31.0243 6316 vga - ok
17:39:31.0266 6316 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
17:39:31.0267 6316 VgaSave - ok
17:39:31.0296 6316 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
17:39:31.0297 6316 vhdmp - ok
17:39:31.0324 6316 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
17:39:31.0325 6316 viaide - ok
17:39:31.0356 6316 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
17:39:31.0357 6316 volmgr - ok
17:39:31.0387 6316 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
17:39:31.0390 6316 volmgrx - ok
17:39:31.0418 6316 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
17:39:31.0421 6316 volsnap - ok
17:39:31.0450 6316 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
17:39:31.0451 6316 vsmraid - ok
17:39:31.0479 6316 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
17:39:31.0479 6316 vwifibus - ok
17:39:31.0521 6316 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
17:39:31.0523 6316 WacomPen - ok
17:39:31.0558 6316 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
17:39:31.0559 6316 WANARP - ok
17:39:31.0564 6316 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
17:39:31.0565 6316 Wanarpv6 - ok
17:39:31.0624 6316 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
17:39:31.0626 6316 Wd - ok
17:39:31.0676 6316 WDC_SAM (a3d04ebf5227886029b4532f20d026f7) C:\Windows\system32\DRIVERS\wdcsam64.sys
17:39:31.0677 6316 WDC_SAM - ok
17:39:31.0712 6316 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
17:39:31.0717 6316 Wdf01000 - ok
17:39:31.0775 6316 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
17:39:31.0776 6316 WfpLwf - ok
17:39:31.0815 6316 WimFltr (52ded146e4797e6ccf94799e8e22bb2a) C:\Windows\system32\DRIVERS\wimfltr.sys
17:39:31.0818 6316 WimFltr - ok
17:39:31.0843 6316 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
17:39:31.0844 6316 WIMMount - ok
17:39:31.0884 6316 winachsf (057b062cf9a11e04db45b8c3afc28b11) C:\Windows\system32\DRIVERS\CAX_CNXT.sys
17:39:31.0899 6316 winachsf - ok
17:39:31.0990 6316 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
17:39:31.0991 6316 WinUsb - ok
17:39:32.0055 6316 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
17:39:32.0057 6316 WmiAcpi - ok
17:39:32.0107 6316 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
17:39:32.0108 6316 ws2ifsl - ok
17:39:32.0169 6316 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
17:39:32.0171 6316 WudfPf - ok
17:39:32.0212 6316 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
17:39:32.0214 6316 WUDFRd - ok
17:39:32.0252 6316 XAudio (638c99d993afab0e1fab226e2bbe6d79) C:\Windows\system32\DRIVERS\xaudio64.sys
17:39:32.0253 6316 XAudio - ok
17:39:32.0328 6316 yukonw7 (b3eeacf62445e24fbb2cd4b0fb4db026) C:\Windows\system32\DRIVERS\yk62x64.sys
17:39:32.0330 6316 yukonw7 - ok
17:39:32.0359 6316 MBR (0x1B8) (950dcd2e3db597e6b62b2b7124557fec) \Device\Harddisk0\DR0
17:39:32.0359 6316 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
17:39:32.0359 6316 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
17:39:32.0370 6316 Boot (0x1200) (5296819f4b6fca0671ba819f9aa4643a) \Device\Harddisk0\DR0\Partition0
17:39:32.0371 6316 \Device\Harddisk0\DR0\Partition0 - ok
17:39:32.0372 6316 ============================================================
17:39:32.0372 6316 Scan finished
17:39:32.0372 6316 ============================================================
17:39:32.0386 5968 Detected object count: 2
17:39:32.0386 5968 Actual detected object count: 2
17:40:02.0402 5968 sptd ( LockedFile.Multi.Generic ) - skipped by user
17:40:02.0402 5968 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
17:40:02.0447 5968 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
17:40:02.0448 5968 \Device\Harddisk0\DR0 - ok
17:40:02.0449 5968 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure
17:40:28.0292 1380 Deinitialize success

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:09 PM

Posted 28 November 2011 - 05:53 PM

Hello


Restart the computer and rerun TDSSKiller also I need to know how the computer is doing now




gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 throwshapes

throwshapes
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:09 PM

Posted 28 November 2011 - 07:38 PM

The computer seems to be working a lot better now. When I view the running processes the the svchost that was taking up 99% is no longer there, and its working a lot faster. Here's the 2nd log:

19:35:26.0678 4844 TDSS rootkit removing tool 2.6.21.0 Nov 24 2011 12:32:44
19:35:27.0052 4844 ============================================================
19:35:27.0052 4844 Current date / time: 2011/11/28 19:35:27.0052
19:35:27.0052 4844 SystemInfo:
19:35:27.0052 4844
19:35:27.0052 4844 OS Version: 6.1.7600 ServicePack: 0.0
19:35:27.0052 4844 Product type: Workstation
19:35:27.0052 4844 ComputerName: MIKE-PC
19:35:27.0052 4844 UserName: Mike
19:35:27.0052 4844 Windows directory: C:\Windows
19:35:27.0052 4844 System windows directory: C:\Windows
19:35:27.0052 4844 Running under WOW64
19:35:27.0052 4844 Processor architecture: Intel x64
19:35:27.0052 4844 Number of processors: 2
19:35:27.0052 4844 Page size: 0x1000
19:35:27.0052 4844 Boot type: Normal boot
19:35:27.0052 4844 ============================================================
19:35:27.0567 4844 Initialize success
19:35:29.0642 2428 ============================================================
19:35:29.0642 2428 Scan started
19:35:29.0642 2428 Mode: Manual;
19:35:29.0642 2428 ============================================================
19:35:31.0638 2428 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
19:35:31.0638 2428 1394ohci - ok
19:35:31.0810 2428 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
19:35:31.0810 2428 ACPI - ok
19:35:31.0982 2428 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
19:35:31.0982 2428 AcpiPmi - ok
19:35:32.0153 2428 adfs (2f0683fd2df1d92e891caca14b45a8c1) C:\Windows\system32\drivers\adfs.sys
19:35:32.0153 2428 adfs - ok
19:35:32.0387 2428 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
19:35:32.0387 2428 adp94xx - ok
19:35:32.0652 2428 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
19:35:32.0902 2428 adpahci - ok
19:35:33.0198 2428 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
19:35:33.0198 2428 adpu320 - ok
19:35:33.0464 2428 AFD (6ef20ddf3172e97d69f596fb90602f29) C:\Windows\system32\drivers\afd.sys
19:35:33.0479 2428 AFD - ok
19:35:33.0776 2428 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
19:35:33.0776 2428 agp440 - ok
19:35:34.0025 2428 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
19:35:34.0025 2428 aliide - ok
19:35:34.0181 2428 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
19:35:34.0181 2428 amdide - ok
19:35:34.0322 2428 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
19:35:34.0337 2428 AmdK8 - ok
19:35:34.0462 2428 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
19:35:34.0478 2428 AmdPPM - ok
19:35:34.0602 2428 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys
19:35:34.0602 2428 amdsata - ok
19:35:34.0743 2428 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
19:35:34.0758 2428 amdsbs - ok
19:35:34.0914 2428 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys
19:35:34.0914 2428 amdxata - ok
19:35:35.0055 2428 ApfiltrService (2e0d64d672f9e3edd51531fa91f33da5) C:\Windows\system32\DRIVERS\Apfiltr.sys
19:35:35.0055 2428 ApfiltrService - ok
19:35:35.0242 2428 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
19:35:35.0242 2428 AppID - ok
19:35:35.0398 2428 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
19:35:35.0398 2428 arc - ok
19:35:35.0554 2428 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
19:35:35.0554 2428 arcsas - ok
19:35:35.0694 2428 ArcSoftKsUFilter (1ce3822b05a5e229286a15ea39369870) C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys
19:35:35.0694 2428 ArcSoftKsUFilter - ok
19:35:35.0882 2428 aswFsBlk (ce6d8bcc4787704ea4feeb92b0d0caf8) C:\Windows\system32\drivers\aswFsBlk.sys
19:35:35.0882 2428 aswFsBlk - ok
19:35:36.0038 2428 aswMonFlt (0debeb2e3fbd0bf5343125cce617f105) C:\Windows\system32\drivers\aswMonFlt.sys
19:35:36.0038 2428 aswMonFlt - ok
19:35:36.0178 2428 aswRdr (952edc2e81f85d1781958d4128bf59f8) C:\Windows\system32\drivers\aswRdr.sys
19:35:36.0178 2428 aswRdr - ok
19:35:36.0334 2428 aswSnx (dd383e2ac941c545a85ab72503da6c12) C:\Windows\system32\drivers\aswSnx.sys
19:35:36.0334 2428 aswSnx - ok
19:35:36.0490 2428 aswSP (ef5403fb8b2dcb791ec365fdf6040a4a) C:\Windows\system32\drivers\aswSP.sys
19:35:36.0490 2428 aswSP - ok
19:35:36.0646 2428 aswTdi (34165da5c6b30c0f9d61246bf8a28040) C:\Windows\system32\drivers\aswTdi.sys
19:35:36.0646 2428 aswTdi - ok
19:35:36.0802 2428 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
19:35:36.0802 2428 AsyncMac - ok
19:35:36.0958 2428 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
19:35:36.0958 2428 atapi - ok
19:35:37.0208 2428 atikmdag (52bd95caa9cae8977fe043e9ad6d2d0e) C:\Windows\system32\DRIVERS\atikmdag.sys
19:35:37.0348 2428 atikmdag - ok
19:35:37.0598 2428 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
19:35:37.0613 2428 b06bdrv - ok
19:35:37.0769 2428 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
19:35:37.0769 2428 b57nd60a - ok
19:35:37.0910 2428 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
19:35:37.0910 2428 Beep - ok
19:35:38.0081 2428 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
19:35:38.0081 2428 blbdrive - ok
19:35:38.0268 2428 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
19:35:38.0284 2428 bowser - ok
19:35:38.0424 2428 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
19:35:38.0440 2428 BrFiltLo - ok
19:35:38.0549 2428 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
19:35:38.0549 2428 BrFiltUp - ok
19:35:38.0627 2428 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
19:35:38.0643 2428 Brserid - ok
19:35:38.0783 2428 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
19:35:38.0783 2428 BrSerWdm - ok
19:35:38.0924 2428 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
19:35:38.0924 2428 BrUsbMdm - ok
19:35:39.0064 2428 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
19:35:39.0080 2428 BrUsbSer - ok
19:35:39.0236 2428 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
19:35:39.0236 2428 BTHMODEM - ok
19:35:39.0407 2428 btwaudio (1abd26de34d3a5e346e96d721c0d67f8) C:\Windows\system32\drivers\btwaudio.sys
19:35:39.0407 2428 btwaudio - ok
19:35:39.0532 2428 btwavdt (3081d3213a3d2df2f3e7bbd816c17225) C:\Windows\system32\drivers\btwavdt.sys
19:35:39.0532 2428 btwavdt - ok
19:35:39.0672 2428 btwl2cap (0037cb116097e8e0ea77f3b13c50ff1e) C:\Windows\system32\DRIVERS\btwl2cap.sys
19:35:39.0688 2428 btwl2cap - ok
19:35:39.0828 2428 btwrchid (6921ad2faf1cb24b2ffc78104721d506) C:\Windows\system32\DRIVERS\btwrchid.sys
19:35:39.0828 2428 btwrchid - ok
19:35:39.0891 2428 catchme - ok
19:35:40.0016 2428 CAXHWAZL (fdb53a8d3bc52dc29884587e768e3388) C:\Windows\system32\DRIVERS\CAXHWAZL.sys
19:35:40.0016 2428 CAXHWAZL - ok
19:35:40.0156 2428 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
19:35:40.0172 2428 cdfs - ok
19:35:40.0328 2428 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
19:35:40.0328 2428 cdrom - ok
19:35:40.0484 2428 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
19:35:40.0484 2428 circlass - ok
19:35:40.0640 2428 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
19:35:40.0640 2428 CLFS - ok
19:35:40.0842 2428 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
19:35:40.0842 2428 CmBatt - ok
19:35:40.0952 2428 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
19:35:40.0952 2428 cmdide - ok
19:35:41.0123 2428 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
19:35:41.0139 2428 CNG - ok
19:35:41.0295 2428 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
19:35:41.0295 2428 Compbatt - ok
19:35:41.0451 2428 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
19:35:41.0451 2428 CompositeBus - ok
19:35:41.0591 2428 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
19:35:41.0591 2428 crcdisk - ok
19:35:41.0763 2428 danewFltr (329bc03a1ccd45941df52dc021d27ac5) C:\Windows\system32\drivers\danew.sys
19:35:41.0763 2428 danewFltr - ok
19:35:41.0934 2428 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
19:35:41.0934 2428 DfsC - ok
19:35:42.0200 2428 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
19:35:42.0200 2428 discache - ok
19:35:42.0356 2428 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
19:35:42.0356 2428 Disk - ok
19:35:42.0543 2428 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
19:35:42.0543 2428 drmkaud - ok
19:35:42.0668 2428 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
19:35:42.0683 2428 DXGKrnl - ok
19:35:42.0886 2428 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
19:35:42.0980 2428 ebdrv - ok
19:35:43.0198 2428 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
19:35:43.0214 2428 elxstor - ok
19:35:43.0354 2428 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
19:35:43.0354 2428 ErrDev - ok
19:35:43.0510 2428 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
19:35:43.0526 2428 exfat - ok
19:35:43.0650 2428 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
19:35:43.0650 2428 fastfat - ok
19:35:43.0806 2428 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
19:35:43.0806 2428 fdc - ok
19:35:43.0916 2428 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
19:35:43.0916 2428 FileInfo - ok
19:35:43.0994 2428 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
19:35:43.0994 2428 Filetrace - ok
19:35:44.0212 2428 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
19:35:44.0212 2428 flpydisk - ok
19:35:44.0321 2428 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
19:35:44.0337 2428 FltMgr - ok
19:35:44.0399 2428 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
19:35:44.0399 2428 FsDepends - ok
19:35:44.0524 2428 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
19:35:44.0524 2428 Fs_Rec - ok
19:35:44.0664 2428 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
19:35:44.0664 2428 fvevol - ok
19:35:44.0820 2428 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
19:35:44.0820 2428 gagp30kx - ok
19:35:44.0961 2428 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
19:35:44.0961 2428 GEARAspiWDM - ok
19:35:45.0132 2428 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
19:35:45.0132 2428 hcw85cir - ok
19:35:45.0242 2428 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
19:35:45.0242 2428 HDAudBus - ok
19:35:45.0304 2428 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
19:35:45.0304 2428 HidBatt - ok
19:35:45.0413 2428 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
19:35:45.0413 2428 HidBth - ok
19:35:45.0491 2428 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
19:35:45.0491 2428 HidIr - ok
19:35:45.0663 2428 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
19:35:45.0663 2428 HidUsb - ok
19:35:45.0834 2428 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
19:35:45.0834 2428 HpSAMD - ok
19:35:46.0022 2428 HSF_DPV (e90d0e3d9715f3bec7db2d6321dddee8) C:\Windows\system32\DRIVERS\CAX_DPV.sys
19:35:46.0178 2428 HSF_DPV - ok
19:35:46.0349 2428 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
19:35:46.0365 2428 HTTP - ok
19:35:46.0380 2428 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
19:35:46.0396 2428 hwpolicy - ok
19:35:46.0412 2428 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
19:35:46.0427 2428 i8042prt - ok
19:35:46.0474 2428 iaStor (8d58627fef3f8767665d9f4dc91cbd97) C:\Windows\system32\DRIVERS\iaStor.sys
19:35:46.0474 2428 iaStor - ok
19:35:46.0630 2428 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys
19:35:46.0630 2428 iaStorV - ok
19:35:46.0692 2428 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
19:35:46.0692 2428 iirsp - ok
19:35:46.0786 2428 IntcAzAudAddService (18f7691b18d4a93559d2a998ab2142bd) C:\Windows\system32\drivers\RTKVHD64.sys
19:35:46.0802 2428 IntcAzAudAddService - ok
19:35:46.0880 2428 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
19:35:46.0895 2428 intelide - ok
19:35:46.0973 2428 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
19:35:46.0973 2428 intelppm - ok
19:35:47.0067 2428 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:35:47.0067 2428 IpFilterDriver - ok
19:35:47.0098 2428 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
19:35:47.0114 2428 IPMIDRV - ok
19:35:47.0238 2428 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
19:35:47.0238 2428 IPNAT - ok
19:35:47.0394 2428 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
19:35:47.0394 2428 IRENUM - ok
19:35:47.0441 2428 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
19:35:47.0441 2428 isapnp - ok
19:35:47.0472 2428 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
19:35:47.0472 2428 iScsiPrt - ok
19:35:47.0660 2428 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
19:35:47.0660 2428 kbdclass - ok
19:35:47.0691 2428 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
19:35:47.0691 2428 kbdhid - ok
19:35:47.0738 2428 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
19:35:47.0738 2428 KSecDD - ok
19:35:47.0784 2428 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
19:35:47.0784 2428 KSecPkg - ok
19:35:47.0925 2428 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
19:35:47.0925 2428 ksthunk - ok
19:35:47.0987 2428 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
19:35:47.0987 2428 lltdio - ok
19:35:48.0112 2428 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
19:35:48.0112 2428 LSI_FC - ok
19:35:48.0143 2428 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
19:35:48.0143 2428 LSI_SAS - ok
19:35:48.0159 2428 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
19:35:48.0159 2428 LSI_SAS2 - ok
19:35:48.0190 2428 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
19:35:48.0190 2428 LSI_SCSI - ok
19:35:48.0315 2428 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
19:35:48.0315 2428 luafv - ok
19:35:48.0393 2428 mdmxsdk (e4f44ec214b3e381e1fc844a02926666) C:\Windows\system32\DRIVERS\mdmxsdk.sys
19:35:48.0393 2428 mdmxsdk - ok
19:35:48.0440 2428 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
19:35:48.0440 2428 megasas - ok
19:35:48.0471 2428 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
19:35:48.0486 2428 MegaSR - ok
19:35:48.0533 2428 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
19:35:48.0533 2428 Modem - ok
19:35:48.0564 2428 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
19:35:48.0564 2428 monitor - ok
19:35:48.0596 2428 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
19:35:48.0596 2428 mouclass - ok
19:35:48.0627 2428 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
19:35:48.0627 2428 mouhid - ok
19:35:48.0658 2428 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
19:35:48.0658 2428 mountmgr - ok
19:35:48.0705 2428 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
19:35:48.0705 2428 mpio - ok
19:35:48.0736 2428 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
19:35:48.0736 2428 mpsdrv - ok
19:35:48.0783 2428 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
19:35:48.0783 2428 MRxDAV - ok
19:35:48.0830 2428 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
19:35:48.0830 2428 mrxsmb - ok
19:35:48.0892 2428 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:35:48.0892 2428 mrxsmb10 - ok
19:35:48.0908 2428 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:35:48.0923 2428 mrxsmb20 - ok
19:35:48.0954 2428 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
19:35:48.0970 2428 msahci - ok
19:35:49.0001 2428 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
19:35:49.0001 2428 msdsm - ok
19:35:49.0032 2428 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
19:35:49.0048 2428 Msfs - ok
19:35:49.0064 2428 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
19:35:49.0079 2428 mshidkmdf - ok
19:35:49.0110 2428 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
19:35:49.0126 2428 msisadrv - ok
19:35:49.0157 2428 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
19:35:49.0173 2428 MSKSSRV - ok
19:35:49.0188 2428 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
19:35:49.0188 2428 MSPCLOCK - ok
19:35:49.0235 2428 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
19:35:49.0235 2428 MSPQM - ok
19:35:49.0266 2428 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
19:35:49.0266 2428 MsRPC - ok
19:35:49.0298 2428 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
19:35:49.0298 2428 mssmbios - ok
19:35:49.0344 2428 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
19:35:49.0344 2428 MSTEE - ok
19:35:49.0376 2428 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
19:35:49.0376 2428 MTConfig - ok
19:35:49.0391 2428 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
19:35:49.0391 2428 Mup - ok
19:35:49.0454 2428 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
19:35:49.0454 2428 NativeWifiP - ok
19:35:49.0500 2428 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
19:35:49.0532 2428 NDIS - ok
19:35:49.0672 2428 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
19:35:49.0672 2428 NdisCap - ok
19:35:49.0719 2428 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
19:35:49.0719 2428 NdisTapi - ok
19:35:49.0766 2428 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
19:35:49.0766 2428 Ndisuio - ok
19:35:49.0812 2428 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
19:35:49.0812 2428 NdisWan - ok
19:35:49.0859 2428 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
19:35:49.0859 2428 NDProxy - ok
19:35:50.0000 2428 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
19:35:50.0000 2428 NetBIOS - ok
19:35:50.0062 2428 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
19:35:50.0078 2428 NetBT - ok
19:35:50.0358 2428 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys
19:35:50.0514 2428 netw5v64 - ok
19:35:50.0686 2428 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
19:35:50.0686 2428 nfrd960 - ok
19:35:50.0733 2428 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
19:35:50.0733 2428 Npfs - ok
19:35:50.0780 2428 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
19:35:50.0780 2428 nsiproxy - ok
19:35:50.0873 2428 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
19:35:50.0920 2428 Ntfs - ok
19:35:50.0951 2428 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
19:35:50.0951 2428 Null - ok
19:35:51.0029 2428 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys
19:35:51.0029 2428 nvraid - ok
19:35:51.0092 2428 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys
19:35:51.0092 2428 nvstor - ok
19:35:51.0154 2428 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
19:35:51.0154 2428 nv_agp - ok
19:35:51.0201 2428 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
19:35:51.0201 2428 ohci1394 - ok
19:35:51.0263 2428 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
19:35:51.0263 2428 Parport - ok
19:35:51.0294 2428 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
19:35:51.0294 2428 partmgr - ok
19:35:51.0326 2428 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
19:35:51.0326 2428 pci - ok
19:35:51.0372 2428 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
19:35:51.0372 2428 pciide - ok
19:35:51.0404 2428 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
19:35:51.0404 2428 pcmcia - ok
19:35:51.0450 2428 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
19:35:51.0450 2428 pcw - ok
19:35:51.0497 2428 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
19:35:51.0513 2428 PEAUTH - ok
19:35:51.0653 2428 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
19:35:51.0653 2428 PptpMiniport - ok
19:35:51.0700 2428 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
19:35:51.0700 2428 Processor - ok
19:35:51.0762 2428 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
19:35:51.0762 2428 Psched - ok
19:35:51.0794 2428 PxHlpa64 (fbf4db6d53585437e41a113300002a2b) C:\Windows\system32\Drivers\PxHlpa64.sys
19:35:51.0809 2428 PxHlpa64 - ok
19:35:51.0887 2428 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
19:35:51.0934 2428 ql2300 - ok
19:35:51.0981 2428 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
19:35:51.0981 2428 ql40xx - ok
19:35:52.0012 2428 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
19:35:52.0012 2428 QWAVEdrv - ok
19:35:52.0074 2428 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
19:35:52.0074 2428 RasAcd - ok
19:35:52.0121 2428 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
19:35:52.0121 2428 RasAgileVpn - ok
19:35:52.0152 2428 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
19:35:52.0152 2428 Rasl2tp - ok
19:35:52.0184 2428 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
19:35:52.0184 2428 RasPppoe - ok
19:35:52.0215 2428 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
19:35:52.0215 2428 RasSstp - ok
19:35:52.0262 2428 Razerlow (81ddbf4fe998ef1f4ba230f7e8d8c67e) C:\Windows\system32\drivers\Razerlow.sys
19:35:52.0262 2428 Razerlow - ok
19:35:52.0293 2428 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
19:35:52.0293 2428 rdbss - ok
19:35:52.0324 2428 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
19:35:52.0324 2428 rdpbus - ok
19:35:52.0340 2428 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
19:35:52.0340 2428 RDPCDD - ok
19:35:52.0386 2428 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
19:35:52.0386 2428 RDPENCDD - ok
19:35:52.0433 2428 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
19:35:52.0433 2428 RDPREFMP - ok
19:35:52.0464 2428 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
19:35:52.0464 2428 RDPWD - ok
19:35:52.0496 2428 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
19:35:52.0496 2428 rdyboost - ok
19:35:52.0558 2428 rimsptsk (7eae3999b94a8ce60bfbaa83462b89a1) C:\Windows\system32\DRIVERS\rimssn64.sys
19:35:52.0558 2428 rimsptsk - ok
19:35:52.0620 2428 risdptsk (fa6d7cd63ad08a01d9259f58e0c5c09e) C:\Windows\system32\DRIVERS\risdsn64.sys
19:35:52.0620 2428 risdptsk - ok
19:35:52.0683 2428 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
19:35:52.0683 2428 rspndr - ok
19:35:52.0730 2428 RTHDMIAzAudService (67c7695d3b18682addf8419eda4bbfb8) C:\Windows\system32\drivers\RtHDMIVX.sys
19:35:52.0730 2428 RTHDMIAzAudService - ok
19:35:52.0854 2428 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
19:35:52.0854 2428 SASDIFSV - ok
19:35:52.0886 2428 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
19:35:52.0886 2428 SASKUTIL - ok
19:35:52.0979 2428 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
19:35:52.0979 2428 sbp2port - ok
19:35:53.0026 2428 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
19:35:53.0026 2428 scfilter - ok
19:35:53.0104 2428 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
19:35:53.0104 2428 secdrv - ok
19:35:53.0166 2428 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
19:35:53.0166 2428 Serenum - ok
19:35:53.0198 2428 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
19:35:53.0198 2428 Serial - ok
19:35:53.0276 2428 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
19:35:53.0276 2428 sermouse - ok
19:35:53.0400 2428 SFEP (70f9c476b62de4f2823e918a6c181ade) C:\Windows\system32\DRIVERS\SFEP.sys
19:35:53.0400 2428 SFEP - ok
19:35:53.0432 2428 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
19:35:53.0432 2428 sffdisk - ok
19:35:53.0478 2428 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
19:35:53.0478 2428 sffp_mmc - ok
19:35:53.0541 2428 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
19:35:53.0541 2428 sffp_sd - ok
19:35:53.0603 2428 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
19:35:53.0603 2428 sfloppy - ok
19:35:53.0666 2428 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
19:35:53.0666 2428 SiSRaid2 - ok
19:35:53.0728 2428 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
19:35:53.0728 2428 SiSRaid4 - ok
19:35:53.0775 2428 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
19:35:53.0775 2428 Smb - ok
19:35:53.0806 2428 speedfan - ok
19:35:53.0868 2428 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
19:35:53.0868 2428 spldr - ok
19:35:53.0931 2428 sptd (602884696850c86434530790b110e8eb) C:\Windows\system32\Drivers\sptd.sys
19:35:53.0931 2428 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 602884696850c86434530790b110e8eb
19:35:53.0931 2428 sptd ( LockedFile.Multi.Generic ) - warning
19:35:53.0931 2428 sptd - detected LockedFile.Multi.Generic (1)
19:35:53.0993 2428 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
19:35:53.0993 2428 srv - ok
19:35:54.0024 2428 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
19:35:54.0040 2428 srv2 - ok
19:35:54.0102 2428 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
19:35:54.0102 2428 srvnet - ok
19:35:54.0134 2428 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
19:35:54.0149 2428 stexstor - ok
19:35:54.0165 2428 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
19:35:54.0165 2428 swenum - ok
19:35:54.0258 2428 Tcpip (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\drivers\tcpip.sys
19:35:54.0321 2428 Tcpip - ok
19:35:54.0368 2428 TCPIP6 (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\DRIVERS\tcpip.sys
19:35:54.0368 2428 TCPIP6 - ok
19:35:54.0399 2428 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
19:35:54.0399 2428 tcpipreg - ok
19:35:54.0430 2428 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
19:35:54.0430 2428 TDPIPE - ok
19:35:54.0446 2428 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
19:35:54.0446 2428 TDTCP - ok
19:35:54.0477 2428 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
19:35:54.0477 2428 tdx - ok
19:35:54.0492 2428 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
19:35:54.0492 2428 TermDD - ok
19:35:54.0555 2428 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
19:35:54.0555 2428 tssecsrv - ok
19:35:54.0602 2428 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
19:35:54.0602 2428 tunnel - ok
19:35:54.0633 2428 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
19:35:54.0633 2428 uagp35 - ok
19:35:54.0664 2428 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
19:35:54.0664 2428 udfs - ok
19:35:54.0711 2428 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
19:35:54.0726 2428 uliagpkx - ok
19:35:54.0742 2428 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
19:35:54.0742 2428 umbus - ok
19:35:54.0789 2428 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
19:35:54.0789 2428 UmPass - ok
19:35:54.0836 2428 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
19:35:54.0836 2428 USBAAPL64 - ok
19:35:54.0867 2428 usbccgp (7b6a127c93ee590e4d79a5f2a76fe46f) C:\Windows\system32\DRIVERS\usbccgp.sys
19:35:54.0867 2428 usbccgp - ok
19:35:54.0914 2428 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
19:35:54.0914 2428 usbcir - ok
19:35:54.0929 2428 usbehci (92969ba5ac44e229c55a332864f79677) C:\Windows\system32\DRIVERS\usbehci.sys
19:35:54.0945 2428 usbehci - ok
19:35:54.0992 2428 usbhub (e7df1cfd28ca86b35ef5add0735ceef3) C:\Windows\system32\DRIVERS\usbhub.sys
19:35:54.0992 2428 usbhub - ok
19:35:55.0038 2428 usbohci (f1bb1e55f1e7a65c5839ccc7b36d773e) C:\Windows\system32\drivers\usbohci.sys
19:35:55.0038 2428 usbohci - ok
19:35:55.0085 2428 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
19:35:55.0085 2428 usbprint - ok
19:35:55.0116 2428 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
19:35:55.0116 2428 usbscan - ok
19:35:55.0179 2428 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\drivers\USBSTOR.SYS
19:35:55.0179 2428 USBSTOR - ok
19:35:55.0194 2428 usbuhci (bc3070350a491d84b518d7cca9abd36f) C:\Windows\system32\DRIVERS\usbuhci.sys
19:35:55.0194 2428 usbuhci - ok
19:35:55.0257 2428 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\System32\Drivers\usbvideo.sys
19:35:55.0257 2428 usbvideo - ok
19:35:55.0335 2428 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
19:35:55.0335 2428 vdrvroot - ok
19:35:55.0366 2428 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
19:35:55.0366 2428 vga - ok
19:35:55.0397 2428 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
19:35:55.0397 2428 VgaSave - ok
19:35:55.0428 2428 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
19:35:55.0428 2428 vhdmp - ok
19:35:55.0444 2428 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
19:35:55.0444 2428 viaide - ok
19:35:55.0475 2428 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
19:35:55.0491 2428 volmgr - ok
19:35:55.0506 2428 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
19:35:55.0522 2428 volmgrx - ok
19:35:55.0538 2428 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
19:35:55.0553 2428 volsnap - ok
19:35:55.0584 2428 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
19:35:55.0584 2428 vsmraid - ok
19:35:55.0616 2428 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
19:35:55.0616 2428 vwifibus - ok
19:35:55.0662 2428 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
19:35:55.0662 2428 WacomPen - ok
19:35:55.0709 2428 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
19:35:55.0709 2428 WANARP - ok
19:35:55.0725 2428 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
19:35:55.0725 2428 Wanarpv6 - ok
19:35:55.0787 2428 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
19:35:55.0787 2428 Wd - ok
19:35:55.0865 2428 WDC_SAM (a3d04ebf5227886029b4532f20d026f7) C:\Windows\system32\DRIVERS\wdcsam64.sys
19:35:55.0865 2428 WDC_SAM - ok
19:35:55.0896 2428 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
19:35:55.0912 2428 Wdf01000 - ok
19:35:55.0959 2428 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
19:35:55.0959 2428 WfpLwf - ok
19:35:55.0990 2428 WimFltr (52ded146e4797e6ccf94799e8e22bb2a) C:\Windows\system32\DRIVERS\wimfltr.sys
19:35:56.0006 2428 WimFltr - ok
19:35:56.0021 2428 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
19:35:56.0021 2428 WIMMount - ok
19:35:56.0084 2428 winachsf (057b062cf9a11e04db45b8c3afc28b11) C:\Windows\system32\DRIVERS\CAX_CNXT.sys
19:35:56.0099 2428 winachsf - ok
19:35:56.0177 2428 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
19:35:56.0177 2428 WinUsb - ok
19:35:56.0255 2428 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
19:35:56.0255 2428 WmiAcpi - ok
19:35:56.0302 2428 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
19:35:56.0302 2428 ws2ifsl - ok
19:35:56.0333 2428 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
19:35:56.0349 2428 WudfPf - ok
19:35:56.0380 2428 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
19:35:56.0380 2428 WUDFRd - ok
19:35:56.0427 2428 XAudio (638c99d993afab0e1fab226e2bbe6d79) C:\Windows\system32\DRIVERS\xaudio64.sys
19:35:56.0427 2428 XAudio - ok
19:35:56.0489 2428 yukonw7 (b3eeacf62445e24fbb2cd4b0fb4db026) C:\Windows\system32\DRIVERS\yk62x64.sys
19:35:56.0489 2428 yukonw7 - ok
19:35:56.0536 2428 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
19:35:56.0536 2428 \Device\Harddisk0\DR0 - ok
19:35:56.0552 2428 Boot (0x1200) (5296819f4b6fca0671ba819f9aa4643a) \Device\Harddisk0\DR0\Partition0
19:35:56.0552 2428 \Device\Harddisk0\DR0\Partition0 - ok
19:35:56.0552 2428 ============================================================
19:35:56.0552 2428 Scan finished
19:35:56.0552 2428 ============================================================
19:35:56.0567 3084 Detected object count: 1
19:35:56.0567 3084 Actual detected object count: 1
19:36:10.0015 3084 sptd ( LockedFile.Multi.Generic ) - skipped by user
19:36:10.0015 3084 sptd ( LockedFile.Multi.Generic ) - User select action: Skip

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:09 PM

Posted 28 November 2011 - 07:43 PM

Greetings

Good That cleaned up some bad guys but I see some other stuff that we need to go after, so I want you to run this custom script for me.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 throwshapes

throwshapes
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:09 PM

Posted 28 November 2011 - 08:34 PM

No problems encountered. Haven't noticed any major difference since before running combofix. Here is the log:

ComboFix 11-11-28.02 - Mike 11/28/2011 19:52:42.3.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4063.2722 [GMT -5:00]
Running from: c:\users\Mike\Desktop\ComboFix.exe
Command switches used :: c:\users\Mike\Desktop\cfscript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\svchost.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-10-28 to 2011-11-29 )))))))))))))))))))))))))))))))
.
.
2011-11-29 01:10 . 2011-11-29 01:10 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{DC08897E-E75A-4797-9D28-178FC62CCB45}\offreg.dll
2011-11-29 01:04 . 2011-11-29 01:04 -------- d-----w- c:\users\Mcx1-MIKE-PC\AppData\Local\temp
2011-11-29 01:04 . 2011-11-29 01:04 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-11-28 20:17 . 2011-11-28 17:51 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-11-28 20:17 . 2011-11-28 17:53 304472 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-11-28 20:17 . 2011-11-28 17:52 42328 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-11-28 20:17 . 2011-11-28 17:52 58712 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-11-28 20:16 . 2011-11-28 17:54 591192 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-11-28 20:16 . 2011-11-28 17:52 66904 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-11-28 20:16 . 2011-11-28 18:01 41184 ----a-w- c:\windows\avastSS.scr
2011-11-28 20:16 . 2011-11-28 18:01 199816 ----a-w- c:\windows\SysWow64\aswBoot.exe
2011-11-27 00:53 . 2011-10-07 04:16 8570192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{DC08897E-E75A-4797-9D28-178FC62CCB45}\mpengine.dll
2011-11-25 22:27 . 2011-11-25 22:27 -------- d-----w- c:\users\Mike\AppData\Roaming\SUPERAntiSpyware.com
2011-11-25 22:26 . 2011-11-25 22:27 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-11-25 22:26 . 2011-11-25 22:26 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-11-24 19:09 . 2011-11-24 19:09 -------- d-----w- C:\found.000
2011-11-24 01:35 . 2011-11-24 01:35 -------- d-----w- c:\program files (x86)\Ventrilo
2011-11-23 20:11 . 2011-11-23 20:11 -------- d-----w- c:\program files\iPod
2011-11-23 20:11 . 2011-11-24 03:42 -------- d-----w- c:\program files\iTunes
2011-11-22 01:49 . 2011-10-01 05:28 886784 ----a-w- c:\program files\Common Files\System\wab32.dll
2011-11-22 01:49 . 2011-10-01 04:43 708608 ----a-w- c:\program files (x86)\Common Files\System\wab32.dll
2011-11-22 01:49 . 2011-09-29 16:24 1897328 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-22 01:48 . 2011-09-29 04:09 3141120 ----a-w- c:\windows\system32\win32k.sys
2011-11-22 01:48 . 2011-08-15 05:08 6144 ----a-w- c:\program files\Internet Explorer\iecompat.dll
2011-11-22 01:48 . 2011-08-15 04:25 6144 ----a-w- c:\program files (x86)\Internet Explorer\iecompat.dll
2011-11-19 21:19 . 2011-11-28 20:39 -------- d-----w- c:\users\Mike\AppData\Roaming\PFStaticIP
2011-11-19 21:19 . 2011-11-19 21:19 -------- d-----w- c:\users\Mike\AppData\Local\APN
2011-11-19 21:19 . 2011-11-28 20:33 -------- d-----w- c:\program files (x86)\PFStaticIP
2011-11-19 02:01 . 2011-11-19 02:01 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2011-11-19 01:18 . 2011-11-19 02:40 -------- d-----w- c:\program files\Webroot
2011-11-19 01:18 . 2011-11-19 02:05 -------- d-----w- c:\programdata\WRData
2011-11-14 21:14 . 2011-11-14 21:14 -------- d-----w- c:\users\Default\AppData\Roaming\Apple Computer
2011-11-14 21:14 . 2011-11-14 21:14 -------- d-----w- c:\users\Default\AppData\Local\Apple Computer
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-28 18:01 . 2011-08-11 23:13 256960 ----a-w- c:\windows\system32\aswBoot.exe
2011-10-03 10:06 . 2011-10-11 17:55 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-10-01 03:21 . 2011-10-13 20:21 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-10-01 02:59 . 2011-10-13 20:21 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-08-31 03:05 . 2011-08-31 03:05 96104 ----a-w- c:\windows\system32\dns-sd.exe
2011-08-31 03:05 . 2011-08-31 03:05 85864 ----a-w- c:\windows\system32\dnssd.dll
2011-08-31 03:05 . 2011-08-31 03:05 83816 ----a-w- c:\windows\SysWow64\dns-sd.exe
2011-08-31 03:05 . 2011-08-31 03:05 73064 ----a-w- c:\windows\SysWow64\dnssd.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-11-28_19.56.59 )))))))))))))))))))))))))))))))))))))))))
.
- 2011-11-19 02:02 . 2011-11-28 19:38 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
+ 2011-11-19 02:02 . 2011-11-28 19:56 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
+ 2010-01-08 17:45 . 2011-11-29 01:07 51862 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-11-29 01:07 41416 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-12-30 16:40 . 2011-11-29 01:07 23194 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2409792287-1573994395-1048264885-1000_UserData.bin
- 2009-12-28 20:45 . 2011-11-28 19:35 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-12-28 20:45 . 2011-11-29 00:43 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-12-28 20:45 . 2011-11-28 19:35 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-12-28 20:45 . 2011-11-29 00:43 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-11-28 19:35 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2011-11-29 00:43 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-12-28 23:00 . 2011-11-28 19:07 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-12-28 23:00 . 2011-11-29 01:00 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-12-28 23:00 . 2011-11-29 01:00 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-12-28 23:00 . 2011-11-28 19:07 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-11-28 19:56 . 2011-11-28 19:56 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-11-29 01:05 . 2011-11-29 01:05 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-11-28 19:56 . 2011-11-28 19:56 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-11-29 01:05 . 2011-11-29 01:05 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 04:54 . 2011-11-29 01:05 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2011-11-28 19:56 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 02:36 . 2011-11-29 00:48 664672 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2011-11-28 19:41 664672 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2011-11-29 00:48 123370 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2011-11-28 19:41 123370 c:\windows\system32\perfc009.dat
- 2009-07-14 05:12 . 2011-11-28 19:35 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-07-14 05:12 . 2011-11-29 00:43 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-07-14 05:01 . 2011-11-28 19:55 404644 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2011-11-29 01:04 404644 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 04:54 . 2011-11-29 01:05 4866048 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-11-28 19:56 4866048 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-11-29 01:05 1703936 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-05-28 21:37 . 2011-11-29 01:04 4222364 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2409792287-1573994395-1048264885-1000-8192.dat
- 2010-05-28 21:37 . 2011-11-28 19:55 4222364 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2409792287-1573994395-1048264885-1000-8192.dat
- 2009-07-14 02:34 . 2011-11-28 19:46 10485760 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2009-07-14 02:34 . 2011-11-29 00:54 10485760 c:\windows\system32\SMI\Store\Machine\schema.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{64c54209-175c-454d-9291-ac46d4d952cf}]
2011-03-23 17:33 86696 ----a-w- c:\program files (x86)\completebartb\completebarDx.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{fe618700-e0ee-441e-8b1d-18ce226bb193}]
2011-03-23 17:33 262312 ----a-w- c:\program files (x86)\completebartb\auxi\completebarAu.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{64c54209-175c-454d-9291-ac46d4d952cf}"= "c:\program files (x86)\completebartb\completebarDx.dll" [2011-03-23 86696]
.
[HKEY_CLASSES_ROOT\clsid\{64c54209-175c-454d-9291-ac46d4d952cf}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2011-08-08 1242448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2009-07-01 37888]
"ATICustomerCare"="c:\program files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" [2009-06-14 307200]
"DeathAdder"="c:\program files (x86)\Razer\DeathAdder\razerhid.exe" [2009-09-22 163840]
"Anti-phishing Domain Advisor"="c:\programdata\Anti-phishing Domain Advisor\visicom_antiphishing.exe" [2011-03-15 232104]
"AdobeCS4ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2009-11-18 54576]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-05 421888]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-11-13 421736]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-11-28 3744552]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVZOVgtTlNWVkwtTzRCWlEtUUlNQ0wtUVREQ0gtNElKTUg&inst=NzctNjkxMTMzMDcyLUZQOSs2LUJBUjlHKzEtVEI5KzItRkwrOS1YTzM2KzEtRjlNN0MrNS1GOU0xMEIrMi1GOU0yKzEtRkwxMCsxLVhPMTArMTEtRERUKzAtTFNEKzI&prod=90&ver=10.0.1392" [?]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-3-2 1076264]
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2009-01-19 19:49 98304 ----a-w- c:\windows\System32\VESWinlogon.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2008-08-15 284016]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
R3 CAXHWAZL;CAXHWAZL;c:\windows\system32\DRIVERS\CAXHWAZL.sys [x]
R3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files (x86)\steam\steamapps\common\dragon age origins\bin_ship\DAUpdaterSvc.Service.exe [x]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-08-09 1038088]
R3 Razerlow;Razer Pro|Solutions;c:\windows\system32\drivers\Razerlow.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2009-01-19 394536]
R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2009-01-17 110376]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 RtkAudioService;Realtek Audio Service;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe [2009-01-06 141344]
S2 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2008-09-18 104960]
S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [x]
S3 danewFltr;NewDeathAdder Mouse;c:\windows\system32\drivers\danew.sys [x]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - Avgtdia
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2409792287-1573994395-1048264885-1000Core.job
- c:\users\Mike\AppData\Local\Google\Update\GoogleUpdate.exe [2009-12-29 02:48]
.
2011-11-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2409792287-1573994395-1048264885-1000UA.job
- c:\users\Mike\AppData\Local\Google\Update\GoogleUpdate.exe [2009-12-29 02:48]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D27FC31C-6E3D-4305-8D53-ACDAEFA5F862}]
2011-03-28 19:40 167416 ----a-w- c:\users\Mike\AppData\Roaming\CompitlyEngine\64\ComplitlyEngine64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-11-28 18:01 134384 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2009-04-13 187904]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-01-06 6956576]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-01-06 1833504]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.searchcompletion.com/?si=16604&home=true
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
TCP: Interfaces\{C1121A84-3E64-4076-93C4-3FECC133764B}: NameServer = 192.168.1.1
FF - ProfilePath - c:\users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\2zi0jgal.default\
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\Common Files\Steam\SteamService.exe
.
**************************************************************************
.
Completion time: 2011-11-28 20:24:03 - machine was rebooted
ComboFix-quarantined-files.txt 2011-11-29 01:23
ComboFix2.txt 2011-11-28 20:07
.
Pre-Run: 47,803,543,552 bytes free
Post-Run: 47,751,294,976 bytes free
.
- - End Of File - - 3453AE00916C339D2F1DFFDE5C26E0DB

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:09 PM

Posted 28 November 2011 - 08:51 PM

Hello

:P2P Warning!:

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
Once upon a time, P2P file sharing was fairly safe. That is no longer true. P2P programs form a direct conduit on to your computer, their security measures are easily circumvented and malware writers are increasingly exploiting them to spread their wares on to your computer. Further to that, if your P2P program is not configured correctly, your computer may be sharing more files than you realise. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.

FBI Cyber Education Letter
File sharing infects 500,000 computers
USAToday
infoworld


These logs are looking alot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

1. click on start
2. then go to settings
3. after that you need control panel
4. look for the icon add/remove programs
click on the following programs

Adobe Reader 9.4.6

and click on remove

Update Adobe Reader

Recently there have been vunerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

If you don't like Adobe Reader (53 MB), you can download Foxit PDF Reader(7 MB) from here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.

Note: When installing FoxitReader, be carefull not to install anything to do with AskBar.
[/list]

Your Java is out of date.

It can be updated by the Java control panel
  • click on Start-> Control Panel (Classic View)-> Java (looks like a coffee cup) -> Update Tab -> Update Now.
  • An update should begin;
  • follow the prompts

TFC(Temp File Cleaner):

  • Please download TFC to your desktop,
  • Save any unsaved work. TFC will close all open application windows.
  • Double-click TFC.exe to run the program.
  • If prompted, click "Yes" to reboot.
Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. Only if needed will you be prompted to reboot.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 throwshapes

throwshapes
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:09 PM

Posted 28 November 2011 - 09:24 PM

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:22:59 PM, on 11/28/2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16869)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\Winamp\winampa.exe
C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe
C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe
C:\Program Files (x86)\Razer\DeathAdder\razertra.exe
C:\Program Files (x86)\Razer\DeathAdder\razerofa.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files (x86)\Winamp\winamp.exe
C:\Program Files (x86)\Last.fm\LastFM.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.searchcompletion.com/?si=16604&home=true
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Complete Bar - {64c54209-175c-454d-9291-ac46d4d952cf} - C:\Program Files (x86)\completebartb\completebarDx.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: ZoneAlarm Toolbar Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (file missing)
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: MSN Toolbar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0357.1\npwinext.dll (file missing)
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Updater For Complete Bar - {fe618700-e0ee-441e-8b1d-18ce226bb193} - C:\Program Files (x86)\completebartb\auxi\completebarAu.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: ZoneAlarm Toolbar - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (file missing)
O3 - Toolbar: Complete Bar - {64c54209-175c-454d-9291-ac46d4d952cf} - C:\Program Files (x86)\completebartb\completebarDx.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
O3 - Toolbar: MSN Toolbar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0357.1\npwinext.dll (file missing)
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
O4 - HKLM\..\Run: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
O4 - HKLM\..\Run: [DeathAdder] C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe
O4 - HKLM\..\Run: [Anti-phishing Domain Advisor] "C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe"
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Adobe_ID0ENQBO] C:\PROGRA~2\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\RunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVZOVgtTlNWVkwtTzRCWlEtUUlNQ0wtUVREQ0gtNElKTUg"&"inst=NzctNjkxMTMzMDcyLUZQOSs2LUJBUjlHKzEtVEI5KzItRkwrOS1YTzM2KzEtRjlNN0MrNS1GOU0xMEIrMi1GOU0yKzEtRkwxMCsxLVhPMTArMTEtRERUKzAtTFNEKzI"&"prod=90"&"ver=10.0.1392
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{C1121A84-3E64-4076-93C4-3FECC133764B}: NameServer = 192.168.1.1
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Adobe Version Cue CS4 - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: Dragon Age: Origins - Content Updater (DAUpdaterSvc) - Unknown owner - c:\program files (x86)\steam\steamapps\common\dragon age origins\bin_ship\DAUpdaterSvc.Service.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FLEXnet Licensing Service 64 - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: Realtek Audio Service (RtkAudioService) - Realtek Semiconductor - C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: CamMonitor (uCamMonitor) - ArcSoft, Inc. - C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: VAIO Content Metadata Intelligent Analyzing Manager (VcmIAlzMgr) - Sony Corporation - C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
O23 - Service: VAIO Content Metadata XML Interface (VcmXmlIfHelper) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: XAudioService - Unknown owner - C:\Windows\system32\DRIVERS\xaudio64.exe (file missing)

--
End of file - 14092 bytes



--------------------------
--------------------------

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8263

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

11/28/2011 9:15:21 PM
mbam-log-2011-11-28 (21-15-21).txt

Scan type: Quick scan
Objects scanned: 188654
Time elapsed: 4 minute(s), 40 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:09 PM

Posted 28 November 2011 - 09:39 PM

Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
      O4 - HKLM\..\Run: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
      O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
      O4 - HKLM\..\Run: [Adobe_ID0ENQBO] C:\PROGRA~2\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
      O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
      O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
      O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
      O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
      O4 - HKLM\..\RunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVZOVgtTlNWVkwtTzRCWlEtUUlNQ0wtUVREQ0gtNElKTUg"&"inst=NzctNjkxMTMzMDcyLUZQOSs2LUJBUjlHKzEtVEI5KzItRkwrOS1YTzM2KzEtRjlNN0MrNS1GOU0xMEIrMi1GOU0yKzEtRkwxMCsxLVhPMTArMTEtRERUKzAtTFNEKzI"&"prod=90"&"ver=10.0.1392
      O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
      O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brackets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the ActiveX control to install
    • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • Click on copy to clipboard and paste the results here in this topic
  • you may also find here C:\Program Files\Eset\Eset Online Scanner\log.txt
Copy and paste that log as a reply to this topic

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 throwshapes

throwshapes
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:09 PM

Posted 29 November 2011 - 03:54 PM

I didn't see a copy to clipboard button or find the txt, but the scan came back with no threats found. I also made some of the changes with hijackthis that you suggested except for steam and winamp because I use those all day.

#14 throwshapes

throwshapes
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:09 PM

Posted 29 November 2011 - 05:03 PM

Nevermind, I found the log:

ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.7600.16385 (win7_rtm.090713-1255)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-11-29 08:44:31
# local_time=2011-11-29 03:44:31 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=6.1.7600 NT
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=1024 16777215 100 0 0 0 0 0
# compatibility_mode=5893 16776573 100 94 0 74136898 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=244058
# found=0
# cleaned=0
# scan_time=6023

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:09 PM

Posted 29 November 2011 - 07:22 PM

Very well done!! This is my general post for when your logs show no more signs of malware - Please let me know if you still are having problems with your computer and what these problems are.


The following procedure will implement some cleanup procedures. It will also reset your System Restore by flushing out previous restore points and create a new restore point. It will also remove all the backups our tools may have made.

Any programs and logs that are left over you can just be deleted from the desktop. TFC is a free temp file cleaner that is very easy to use, I would keep this and use before you do any scans or when you want to free up some space.

:DeFogger:

  • To re-enable your Emulation drivers, double click DeFogger to run the tool.
  • The application window will appear
  • Click the Re-enable button to re-enable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK
Your Emulation drivers are now re-enabled.


:Uninstall ComboFix:

  • turn off all active protection software
  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box ComboFix /Uninstall and click OK.
  • Note the space between the X and the /Uninstall, it needs to be there.
  • Posted Image


:remove tools:

Please download OTCleanIt and save it to desktop. This tool will remove all the tools we used to clean your pc.
  • Double-click OTCleanIt.exe.
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes, if not delete it by yourself.
  • If asked to restart the computer, please do so
Note: If you receive a warning from your firewall or other security programs regarding OTCleanIt attempting to contact the internet, please allow it to do so.


:Make your Internet Explorer more secure:

  • From within Internet Explorer click on the Tools menu and then click on Options.
  • Click once on the Security tab
  • Click once on the Internet icon so it becomes highlighted.
  • Click once on the Custom Level button.
  • Change the Download signed ActiveX controls to Prompt
  • Change the Download unsigned ActiveX controls to Disable
  • Change the Initialise and script ActiveX controls not marked as safe to Disable
  • Change the Installation of desktop items to Prompt
  • Change the Launching programs and files in an IFRAME to Prompt
  • When all these settings have been made, click on the OK button.
  • If it prompts you as to whether or not you want to save the settings, press the Yes button.
    Next press the Apply button and then the OK to exit the Internet Properties page.


:Make Firefox more secure:

please visit this page to explain how to make Firefox more secure - How to Secure Firefox


Make sure your applications have all of their updates

It is also possible for other programs on your computer to have security vulnerability that can allow malware to infect you. Therefore, it is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities. You can check these by visiting Secunia Software Inspector


:Turn On Automatic Updates:

Turn On Automatic Updates
1. Click Start, click Run, type sysdm.cpl, and then press ENTER.
2. Click the Automatic Updates tab, and then click to select one of the following options. We recommend that you select the Automatic (recommended) Automatically download recommended updates for my computer and install them

If you click this setting, click to select the day and time for scheduled updates to occur. You can schedule Automatic Updates for any time of day. Remember, your computer must be on at the scheduled time for updates to be installed. After you set this option, Windows recognizes when you are online and uses your Internet connection to find updates on the Windows Update Web site or on the Microsoft Update Web site that apply to your computer. Updates are downloaded automatically in the background, and you are not notified or interrupted during this process. An icon appears in the notification area of your taskbar when the updates are being downloaded. You can point to the icon to view the download status. To pause or to resume the download, right-click the icon, and then click Pause or Resume. When the download is completed, another message appears in the notification area so that you can review the updates that are scheduled for installation. If you choose not to install at that time, Windows starts the installation on your set schedule.

or visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

:antispyware programs:

I would reccomend the download and installation of some or all of the following programs (all free), and the updating of them regularly:

  • WinPatrol As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.
  • Spyware Blaster - By altering your registry, this program stops harmful sites from installing things like ActiveX Controls on your machines.
  • Malwarebytes' Anti-Malware Malwarebytes' Anti-Malware is a new and powerful anti-malware tool. It is
    totally free but for real-time protection you will have to pay a small one-time fee. We used this to help clean your computer and recomend keeping it and using often.

Here is some great reading about how to be safer online:

PC Safety and Security - What Do I Need? from my friends at Tech Support Forum
and
COMPUTER SECURITY - a short guide to staying safer online from my friends at Malware Removal

I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can then be closed.

I Will Keep This Open For About Three Days, If Anything Comes Up - Just Come Back And Let Me Know, after that time you will have to send me a PM

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users