Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Browser redirect + windows firewall unable to start


  • Please log in to reply
18 replies to this topic

#1 Pretzlcoat

Pretzlcoat

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:12:48 PM

Posted 26 November 2011 - 04:39 AM

Google search results redirect to ads and as of late other pages have begun opening additional tabs to advertisements or other dubious sites. Also, attempting to enable my windows firewall yields an error message ("Windows firewall can't change some of your settings Error code 0x8007042c") but I have no way of confirming whether this is related to my redirect issue. I've followed the steps requested of me on the "Am I infected? What do I do?" forum and posted logs here: http://www.bleepingcomputer.com/forums/topic429207.html

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29
Run by Personcoat at 1:06:38 on 2011-11-26
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8169.6326 [GMT -8:00]
.
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\ExpressGateUtil\VAWinService.exe
C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\rundll32.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\P4G\BatteryLife.exe
C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
C:\Windows\SysWOW64\ACEngSvr.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\M-AudioTaskBarIcon.exe
C:\Users\Personcoat\Documents\WLAN Optimizr\WLAN Optimizer.exe
C:\Program Files (x86)\PdaNet for Android\PdaNetPC.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
C:\Windows\AsScrPro.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\ExpressGateUtil\VAWinAgent.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://asus.msn.com
uDefault_Page_URL = hxxp://asus.msn.com
mStart Page = hxxp://asus.msn.com
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=c:\windows\syswow64\userinit.exe,
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
uRun: [WLAN Optimizer] C:\Users\Personcoat\Documents\WLAN Optimizr\WLAN Optimizer.exe
mRun: [Nuance PDF Reader-reminder] "C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\PDF Reader\Ereg\Ereg.ini"
mRun: [ASUSPRP] "C:\Program Files (x86)\ASUS\APRP\APRP.EXE"
mRun: [FLxHCIm] "C:\Program Files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe"
mRun: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
mRun: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
mRun: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
mRun: [USBChargerPlusTray] C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
mRun: [ASUS Screen Saver Protector] C:\Windows\AsScrPro.exe
mRun: [THX TruStudio NB Settings] "C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe" /r
mRun: [UpdReg] C:\Windows\UpdReg.EXE
mRun: [VAWinAgent] C:\ExpressGateUtil\VAWinAgent.exe
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
StartupFolder: C:\Users\PERSON~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\PDANET~1.LNK - C:\Program Files (x86)\PdaNet for Android\PdaNetPC.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ASUSVI~1.LNK - C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{0E3F3F22-C4F4-43AF-BB28-74903ECFEE4B} : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{78EBF105-FBC1-492E-A0F1-97258E36EFED} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{78EBF105-FBC1-492E-A0F1-97258E36EFED}\2656C6B696E6E2437303 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{78EBF105-FBC1-492E-A0F1-97258E36EFED}\E6F657273756661627D6 : DhcpNameServer = 192.168.1.1 71.242.0.12
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 consrv:ConServerDllInitialization,2 sxssrv,4
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
mRun-x64: [Nuance PDF Reader-reminder] "C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\PDF Reader\Ereg\Ereg.ini"
mRun-x64: [ASUSPRP] "C:\Program Files (x86)\ASUS\APRP\APRP.EXE"
mRun-x64: [FLxHCIm] "C:\Program Files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe"
mRun-x64: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
mRun-x64: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
mRun-x64: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
mRun-x64: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
mRun-x64: [USBChargerPlusTray] C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
mRun-x64: [ASUS Screen Saver Protector] C:\Windows\AsScrPro.exe
mRun-x64: [THX TruStudio NB Settings] "C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe" /r
mRun-x64: [UpdReg] C:\Windows\UpdReg.EXE
mRun-x64: [VAWinAgent] C:\ExpressGateUtil\VAWinAgent.exe
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Personcoat\AppData\Roaming\Mozilla\Firefox\Profiles\sp5zan2c.default\
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll
.
============= SERVICES / DRIVERS ===============
.
R1 ATKWMIACPIIO;ATKWMIACPI Driver;C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2010-7-26 17024]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 ASMMAP64;ASMMAP64;C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-7-2 15416]
R2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe [2010-11-7 499200]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-11-23 366152]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-4-27 378472]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-7-6 2655768]
R2 VideAceWindowsService;VideAceWindowsService;C:\ExpressGateUtil\VAWinService.exe [2011-3-25 91464]
R2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe [2010-11-7 869376]
R3 AiCharger;ASUS Charger Driver;C:\Windows\system32\DRIVERS\AiCharger.sys --> C:\Windows\system32\DRIVERS\AiCharger.sys [?]
R3 bpenum;Intel® Centrino® WiMAX Enumerator;C:\Windows\system32\DRIVERS\bpenum.sys --> C:\Windows\system32\DRIVERS\bpenum.sys [?]
R3 bpusb;Intel® Centrino® WiMAX 6050 Series Function Driver;C:\Windows\system32\Drivers\bpusb.sys --> C:\Windows\system32\Drivers\bpusb.sys [?]
R3 FLxHCIc;Fresco Logic xHCI (USB3) Device Driver;C:\Windows\system32\DRIVERS\FLxHCIc.sys --> C:\Windows\system32\DRIVERS\FLxHCIc.sys [?]
R3 FLxHCIh;Fresco Logic xHCI (USB3) Hub Device Driver;C:\Windows\system32\DRIVERS\FLxHCIh.sys --> C:\Windows\system32\DRIVERS\FLxHCIh.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 MBfilt;MBfilt;C:\Windows\system32\drivers\MBfilt64.sys --> C:\Windows\system32\drivers\MBfilt64.sys [?]
R3 MEIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETwNs64.sys --> C:\Windows\system32\DRIVERS\NETwNs64.sys [?]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 BEHRINGER_PT_MIDI;Behringer MIDI driver service (pt);C:\Windows\system32\drivers\bhrngr_m.sys --> C:\Windows\system32\drivers\bhrngr_m.sys [?]
S3 bpmp;Intel® Centrino® WiMAX 6050 Series;C:\Windows\system32\DRIVERS\bpmp.sys --> C:\Windows\system32\DRIVERS\bpmp.sys [?]
S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2011-7-7 79360]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-7-7 79360]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-22 1493352]
S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);C:\Windows\system32\DRIVERS\L1C62x64.sys --> C:\Windows\system32\DRIVERS\L1C62x64.sys [?]
S3 MAUSBFASTTRACKPRO;Service for M-Audio FastTrack Pro;C:\Windows\system32\DRIVERS\MAudioFastTrackPro.sys --> C:\Windows\system32\DRIVERS\MAudioFastTrackPro.sys [?]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2011-1-5 340240]
S3 pneteth;PdaNet Broadband;C:\Windows\system32\DRIVERS\pneteth.sys --> C:\Windows\system32\DRIVERS\pneteth.sys [?]
S3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUVStor.sys --> C:\Windows\system32\Drivers\RtsUVStor.sys [?]
S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\system32\DRIVERS\SiSG664.sys --> C:\Windows\system32\DRIVERS\SiSG664.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys --> C:\Windows\system32\DRIVERS\wdcsam64.sys [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2011-11-26 08:59:20 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{F94B7C29-F561-4DA1-A9A1-5B3A644E627A}\offreg.dll
2011-11-25 21:38:13 8570192 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2011-11-25 21:38:12 8570192 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{F94B7C29-F561-4DA1-A9A1-5B3A644E627A}\mpengine.dll
2011-11-24 21:32:40 -------- d-----w- C:\Program Files\Microsoft Security Client
2011-11-24 07:38:53 -------- d-----w- C:\Users\Personcoat\AppData\Roaming\NVIDIA
2011-11-23 21:33:37 270720 ------w- C:\Windows\System32\MpSigStub.exe
2011-11-23 20:49:20 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2011-11-23 20:49:20 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2011-11-23 19:37:02 -------- d-----w- C:\Users\Personcoat\AppData\Roaming\Malwarebytes
2011-11-23 19:36:52 -------- d-----w- C:\ProgramData\Malwarebytes
2011-11-23 19:36:49 25416 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-11-23 19:36:49 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-11-23 19:08:38 -------- d-----we C:\Windows\system64
2011-11-22 19:38:51 4991496 ----a-w- C:\Windows\System32\D3DX9_38.dll
2011-11-22 19:38:51 3850760 ----a-w- C:\Windows\SysWow64\D3DX9_38.dll
2011-11-22 19:38:25 -------- d-----w- C:\Program Files (x86)\Common Files\BioWare
2011-11-09 21:40:01 886784 ----a-w- C:\Program Files\Common Files\System\wab32.dll
2011-11-09 21:40:01 708608 ----a-w- C:\Program Files (x86)\Common Files\System\wab32.dll
2011-11-09 21:39:57 1923952 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2011-11-09 21:39:55 3144704 ----a-w- C:\Windows\System32\win32k.sys
2011-11-08 21:42:08 -------- d-----w- C:\Users\Personcoat\AppData\Local\ElevatedDiagnostics
.
==================== Find3M ====================
.
2011-11-26 08:57:21 45056 ----a-w- C:\Windows\System32\acovcnt.exe
2011-10-03 20:31:18 1700352 ----a-w- C:\Windows\SysWow64\gdiplus.dll
2011-10-03 13:06:03 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2011-10-03 07:05:26 406528 ----a-w- C:\Windows\SysWow64\ReWire.dll
2011-10-03 07:05:26 338432 ----a-w- C:\Windows\SysWow64\REX Shared Library.dll
2011-09-01 05:24:07 2309120 ----a-w- C:\Windows\System32\jscript9.dll
2011-09-01 05:17:57 1389056 ----a-w- C:\Windows\System32\wininet.dll
2011-09-01 05:12:04 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2011-09-01 02:35:59 1798144 ----a-w- C:\Windows\SysWow64\jscript9.dll
2011-09-01 02:28:15 1126912 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-09-01 02:22:54 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
.
============= FINISH: 1:06:49.68 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 Aaflac

Aaflac

    Doin' Dis 'n Dat...


  • Malware Response Team
  • 2,307 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:USA
  • Local time:11:48 AM

Posted 27 November 2011 - 08:06 PM

Pretzlcoat,

Please do the following:

If you have ComboFix (CF) already on your Desktop, please remove it. We'll download an updated version.

Download for ComboFix

Save ComboFix.exe to your Desktop!!

Make sure you temporarily disable your Firewall, and any other AntiSpyware applications. They may interfere with the running of CF.

Note: For information on how to disable protective programs, refer to this link

Right-click on ComboFix.exe and select: Run as Administrator

Click on Yes, to continue scanning for malware.

When finished, CF produces a report.

Please provide a copy of the C:\ComboFix.txt in your reply.


Notes:

1. Do not mouse-click the ComboFix window while it is running.
This action may cause it to stall.

2. ComboFix may reset a number of Internet Explorer's settings, including making IE the default browser.

3. CF disconnects your machine from the internet. However, the connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.



Also download the latest version of: TDSSKiller.exe

Execute the file:
Vista/Windows 7 - Right click and select: Run as Administrator

Press the button: Start Scan

The tool scans and detects two object types:
Malicious (where the malware has been identified)
Suspicious (where the malware cannot be identified)

When the scan is over, the tool outputs a list of detected objects (Malicious or Suspicious) with their description.

It automatically selects an action (Cure or Delete) for Malicious objects. Leave the setting as it is.

It also prompts the User to select an action to apply to Suspicious objects (Skip, by default). Leave the setting as it is.

After clicking 'Next/Continue', the tool applies the selected actions.


A Reboot Required prompt may appear after a disinfection. Please reboot.


By default, the tool outputs its log to the system disk root folder (the disk with the Windows operating system, normally C:\).

Logs have a name like:
C:\TDSSKiller.2.4.7_23.10.2011_15.31.43_log.txt

Please post the TDSSKiller log in your reply.



Need to see the following in your reply:
**The ComboFix log
**The TDSSKiller log
**Whether TDSSKiller needed a reboot

Old duck...


#3 Pretzlcoat

Pretzlcoat
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:12:48 PM

Posted 28 November 2011 - 02:31 AM

23:25:51.0410 3440 TDSS rootkit removing tool 2.6.21.0 Nov 24 2011 12:32:44
23:25:51.0488 3440 ============================================================
23:25:51.0488 3440 Current date / time: 2011/11/27 23:25:51.0488
23:25:51.0488 3440 SystemInfo:
23:25:51.0488 3440
23:25:51.0488 3440 OS Version: 6.1.7601 ServicePack: 1.0
23:25:51.0488 3440 Product type: Workstation
23:25:51.0488 3440 ComputerName: PERSONCOAT-PC
23:25:51.0488 3440 UserName: Personcoat
23:25:51.0488 3440 Windows directory: C:\Windows
23:25:51.0488 3440 System windows directory: C:\Windows
23:25:51.0488 3440 Running under WOW64
23:25:51.0488 3440 Processor architecture: Intel x64
23:25:51.0488 3440 Number of processors: 8
23:25:51.0488 3440 Page size: 0x1000
23:25:51.0488 3440 Boot type: Normal boot
23:25:51.0488 3440 ============================================================
23:25:52.0424 3440 Initialize success
23:26:16.0635 3920 ============================================================
23:26:16.0635 3920 Scan started
23:26:16.0635 3920 Mode: Manual;
23:26:16.0635 3920 ============================================================
23:26:17.0415 3920 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
23:26:17.0415 3920 1394ohci - ok
23:26:17.0477 3920 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
23:26:17.0493 3920 ACPI - ok
23:26:17.0524 3920 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
23:26:17.0540 3920 AcpiPmi - ok
23:26:17.0571 3920 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
23:26:17.0587 3920 adp94xx - ok
23:26:17.0649 3920 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
23:26:17.0665 3920 adpahci - ok
23:26:17.0696 3920 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
23:26:17.0711 3920 adpu320 - ok
23:26:17.0789 3920 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
23:26:17.0789 3920 AFD - ok
23:26:17.0836 3920 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
23:26:17.0836 3920 agp440 - ok
23:26:17.0883 3920 AiCharger (14370049d8c9912eac7603809a77c378) C:\Windows\system32\DRIVERS\AiCharger.sys
23:26:17.0883 3920 AiCharger - ok
23:26:17.0961 3920 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
23:26:17.0961 3920 aliide - ok
23:26:18.0008 3920 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
23:26:18.0008 3920 amdide - ok
23:26:18.0023 3920 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
23:26:18.0023 3920 AmdK8 - ok
23:26:18.0086 3920 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
23:26:18.0086 3920 AmdPPM - ok
23:26:18.0133 3920 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
23:26:18.0148 3920 amdsata - ok
23:26:18.0179 3920 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
23:26:18.0179 3920 amdsbs - ok
23:26:18.0211 3920 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
23:26:18.0211 3920 amdxata - ok
23:26:18.0257 3920 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
23:26:18.0257 3920 AppID - ok
23:26:18.0320 3920 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
23:26:18.0320 3920 arc - ok
23:26:18.0351 3920 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
23:26:18.0351 3920 arcsas - ok
23:26:18.0413 3920 ASMMAP64 (4c016fd76ed5c05e84ca8cab77993961) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys
23:26:18.0413 3920 ASMMAP64 - ok
23:26:18.0523 3920 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
23:26:18.0523 3920 AsyncMac - ok
23:26:18.0569 3920 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
23:26:18.0569 3920 atapi - ok
23:26:18.0632 3920 athr (0acc06fcf46f64ed4f11e57ee461c1f4) C:\Windows\system32\DRIVERS\athrx.sys
23:26:18.0663 3920 athr - ok
23:26:18.0741 3920 ATKWMIACPIIO (1f7238a37389ed92e9d8eee975cabd54) C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys
23:26:18.0741 3920 ATKWMIACPIIO - ok
23:26:18.0881 3920 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
23:26:18.0897 3920 b06bdrv - ok
23:26:18.0944 3920 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
23:26:18.0959 3920 b57nd60a - ok
23:26:19.0022 3920 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
23:26:19.0022 3920 Beep - ok
23:26:19.0084 3920 BEHRINGER_PT_MIDI (27fd9d5ba350b719cf11fd432447d155) C:\Windows\system32\drivers\bhrngr_m.sys
23:26:19.0100 3920 BEHRINGER_PT_MIDI - ok
23:26:19.0178 3920 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
23:26:19.0178 3920 blbdrive - ok
23:26:19.0225 3920 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
23:26:19.0225 3920 bowser - ok
23:26:19.0256 3920 bpenum (597fffac47605337b1c719b4975238f0) C:\Windows\system32\DRIVERS\bpenum.sys
23:26:19.0271 3920 bpenum - ok
23:26:19.0318 3920 bpmp (f66c6ad105ef5a899207f4907366e2e2) C:\Windows\system32\DRIVERS\bpmp.sys
23:26:19.0334 3920 bpmp - ok
23:26:19.0365 3920 bpusb (ae6751f004dfebe0a7548265ccf432ce) C:\Windows\system32\Drivers\bpusb.sys
23:26:19.0365 3920 bpusb - ok
23:26:19.0396 3920 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
23:26:19.0412 3920 BrFiltLo - ok
23:26:19.0427 3920 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
23:26:19.0443 3920 BrFiltUp - ok
23:26:19.0490 3920 Bridge (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
23:26:19.0490 3920 Bridge - ok
23:26:19.0505 3920 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
23:26:19.0505 3920 BridgeMP - ok
23:26:19.0552 3920 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
23:26:19.0568 3920 Brserid - ok
23:26:19.0599 3920 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
23:26:19.0615 3920 BrSerWdm - ok
23:26:19.0646 3920 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
23:26:19.0661 3920 BrUsbMdm - ok
23:26:19.0708 3920 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
23:26:19.0708 3920 BrUsbSer - ok
23:26:19.0755 3920 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
23:26:19.0771 3920 BthEnum - ok
23:26:19.0817 3920 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
23:26:19.0833 3920 BTHMODEM - ok
23:26:19.0864 3920 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
23:26:19.0864 3920 BthPan - ok
23:26:19.0911 3920 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys
23:26:19.0927 3920 BTHPORT - ok
23:26:19.0973 3920 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys
23:26:19.0973 3920 BTHUSB - ok
23:26:20.0005 3920 catchme - ok
23:26:20.0036 3920 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
23:26:20.0036 3920 cdfs - ok
23:26:20.0098 3920 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
23:26:20.0098 3920 cdrom - ok
23:26:20.0161 3920 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
23:26:20.0176 3920 circlass - ok
23:26:20.0223 3920 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
23:26:20.0239 3920 CLFS - ok
23:26:20.0332 3920 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
23:26:20.0332 3920 CmBatt - ok
23:26:20.0379 3920 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
23:26:20.0379 3920 cmdide - ok
23:26:20.0426 3920 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
23:26:20.0441 3920 CNG - ok
23:26:20.0488 3920 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
23:26:20.0488 3920 Compbatt - ok
23:26:20.0551 3920 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys
23:26:20.0551 3920 CompositeBus - ok
23:26:20.0613 3920 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
23:26:20.0629 3920 crcdisk - ok
23:26:20.0707 3920 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
23:26:20.0707 3920 DfsC - ok
23:26:20.0753 3920 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
23:26:20.0753 3920 discache - ok
23:26:20.0800 3920 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
23:26:20.0816 3920 Disk - ok
23:26:20.0925 3920 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
23:26:20.0925 3920 drmkaud - ok
23:26:21.0003 3920 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
23:26:21.0019 3920 DXGKrnl - ok
23:26:21.0159 3920 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
23:26:21.0253 3920 ebdrv - ok
23:26:21.0331 3920 ElbyCDIO (a05fc7eca0966ebb70e4d17b855a853b) C:\Windows\system32\Drivers\ElbyCDIO.sys
23:26:21.0331 3920 ElbyCDIO - ok
23:26:21.0424 3920 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
23:26:21.0440 3920 elxstor - ok
23:26:21.0471 3920 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
23:26:21.0471 3920 ErrDev - ok
23:26:21.0565 3920 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
23:26:21.0580 3920 exfat - ok
23:26:21.0611 3920 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
23:26:21.0611 3920 fastfat - ok
23:26:21.0658 3920 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
23:26:21.0658 3920 fdc - ok
23:26:21.0752 3920 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
23:26:21.0752 3920 FileInfo - ok
23:26:21.0783 3920 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
23:26:21.0783 3920 Filetrace - ok
23:26:21.0814 3920 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
23:26:21.0814 3920 flpydisk - ok
23:26:21.0877 3920 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
23:26:21.0877 3920 FltMgr - ok
23:26:21.0923 3920 FLxHCIc (7de8a770487fc4b5e3a168ad97e1d370) C:\Windows\system32\DRIVERS\FLxHCIc.sys
23:26:21.0939 3920 FLxHCIc - ok
23:26:21.0955 3920 FLxHCIh (2d54a3319fc955029e4b371cdc088ff4) C:\Windows\system32\DRIVERS\FLxHCIh.sys
23:26:21.0955 3920 FLxHCIh - ok
23:26:22.0017 3920 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
23:26:22.0017 3920 FsDepends - ok
23:26:22.0064 3920 fssfltr (6c06701bf1db05405804d7eb610991ce) C:\Windows\system32\DRIVERS\fssfltr.sys
23:26:22.0079 3920 fssfltr - ok
23:26:22.0111 3920 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
23:26:22.0111 3920 Fs_Rec - ok
23:26:22.0173 3920 FTDIBUS (fa169871d8fadcc6539c4e8726610286) C:\Windows\system32\drivers\ftdibus.sys
23:26:22.0173 3920 FTDIBUS - ok
23:26:22.0220 3920 FTSER2K (24237091348d1efb5635a1cf9649e311) C:\Windows\system32\drivers\ftser2k.sys
23:26:22.0220 3920 FTSER2K - ok
23:26:22.0282 3920 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
23:26:22.0282 3920 fvevol - ok
23:26:22.0345 3920 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
23:26:22.0345 3920 gagp30kx - ok
23:26:22.0407 3920 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
23:26:22.0407 3920 GEARAspiWDM - ok
23:26:22.0454 3920 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
23:26:22.0454 3920 hcw85cir - ok
23:26:22.0547 3920 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
23:26:22.0547 3920 HdAudAddService - ok
23:26:22.0610 3920 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
23:26:22.0610 3920 HDAudBus - ok
23:26:22.0641 3920 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
23:26:22.0641 3920 HidBatt - ok
23:26:22.0672 3920 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
23:26:22.0672 3920 HidBth - ok
23:26:22.0735 3920 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
23:26:22.0735 3920 HidIr - ok
23:26:22.0766 3920 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
23:26:22.0766 3920 HidUsb - ok
23:26:22.0813 3920 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
23:26:22.0828 3920 HpSAMD - ok
23:26:22.0859 3920 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
23:26:22.0891 3920 HTTP - ok
23:26:22.0906 3920 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
23:26:22.0906 3920 hwpolicy - ok
23:26:22.0969 3920 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
23:26:22.0969 3920 i8042prt - ok
23:26:23.0015 3920 iaStor (d7921d5a870b11cc1adab198a519d50a) C:\Windows\system32\DRIVERS\iaStor.sys
23:26:23.0031 3920 iaStor - ok
23:26:23.0093 3920 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
23:26:23.0109 3920 iaStorV - ok
23:26:23.0140 3920 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
23:26:23.0156 3920 iirsp - ok
23:26:23.0281 3920 IntcAzAudAddService (7d24e44761ee029680bd8da23fab8fb4) C:\Windows\system32\drivers\RTKVHD64.sys
23:26:23.0296 3920 IntcAzAudAddService - ok
23:26:23.0343 3920 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
23:26:23.0359 3920 intelide - ok
23:26:23.0405 3920 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
23:26:23.0405 3920 intelppm - ok
23:26:23.0468 3920 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
23:26:23.0468 3920 IpFilterDriver - ok
23:26:23.0499 3920 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
23:26:23.0499 3920 IPMIDRV - ok
23:26:23.0530 3920 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
23:26:23.0530 3920 IPNAT - ok
23:26:23.0608 3920 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
23:26:23.0608 3920 IRENUM - ok
23:26:23.0639 3920 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
23:26:23.0639 3920 isapnp - ok
23:26:23.0686 3920 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
23:26:23.0686 3920 iScsiPrt - ok
23:26:23.0733 3920 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
23:26:23.0733 3920 kbdclass - ok
23:26:23.0780 3920 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
23:26:23.0780 3920 kbdhid - ok
23:26:23.0842 3920 kbfiltr (e63ef8c3271d014f14e2469ce75fecb4) C:\Windows\system32\DRIVERS\kbfiltr.sys
23:26:23.0842 3920 kbfiltr - ok
23:26:23.0905 3920 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
23:26:23.0905 3920 KSecDD - ok
23:26:23.0936 3920 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
23:26:23.0936 3920 KSecPkg - ok
23:26:23.0983 3920 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
23:26:23.0983 3920 ksthunk - ok
23:26:24.0061 3920 L1C (033b4aed2c5519072c0d81e00804d003) C:\Windows\system32\DRIVERS\L1C62x64.sys
23:26:24.0061 3920 L1C - ok
23:26:24.0139 3920 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
23:26:24.0139 3920 lltdio - ok
23:26:24.0217 3920 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
23:26:24.0232 3920 LSI_FC - ok
23:26:24.0263 3920 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
23:26:24.0279 3920 LSI_SAS - ok
23:26:24.0310 3920 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
23:26:24.0310 3920 LSI_SAS2 - ok
23:26:24.0341 3920 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
23:26:24.0341 3920 LSI_SCSI - ok
23:26:24.0388 3920 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
23:26:24.0404 3920 luafv - ok
23:26:24.0451 3920 MAUSBFASTTRACKPRO (066991e50a5cbbeefb2ec6880069cdb5) C:\Windows\system32\DRIVERS\MAudioFastTrackPro.sys
23:26:24.0451 3920 MAUSBFASTTRACKPRO - ok
23:26:24.0529 3920 MBAMProtector (23a854450dab5c9b7a42ab9be6f2e4bd) C:\Windows\system32\drivers\mbam.sys
23:26:24.0529 3920 MBAMProtector - ok
23:26:24.0591 3920 MBfilt (8ff2d95cba49b405c5de27039ff0bf35) C:\Windows\system32\drivers\MBfilt64.sys
23:26:24.0591 3920 MBfilt - ok
23:26:24.0638 3920 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
23:26:24.0653 3920 megasas - ok
23:26:24.0700 3920 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
23:26:24.0700 3920 MegaSR - ok
23:26:24.0763 3920 MEIx64 (1c6e73fc46b509eff9d0086aa37132df) C:\Windows\system32\DRIVERS\HECIx64.sys
23:26:24.0763 3920 MEIx64 - ok
23:26:24.0825 3920 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
23:26:24.0825 3920 Modem - ok
23:26:24.0872 3920 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
23:26:24.0872 3920 monitor - ok
23:26:24.0919 3920 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
23:26:24.0919 3920 mouclass - ok
23:26:24.0950 3920 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
23:26:24.0950 3920 mouhid - ok
23:26:25.0012 3920 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
23:26:25.0028 3920 mountmgr - ok
23:26:25.0059 3920 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
23:26:25.0059 3920 mpio - ok
23:26:25.0090 3920 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
23:26:25.0090 3920 mpsdrv - ok
23:26:25.0137 3920 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
23:26:25.0137 3920 MRxDAV - ok
23:26:25.0168 3920 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
23:26:25.0184 3920 mrxsmb - ok
23:26:25.0199 3920 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
23:26:25.0215 3920 mrxsmb10 - ok
23:26:25.0246 3920 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
23:26:25.0246 3920 mrxsmb20 - ok
23:26:25.0277 3920 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
23:26:25.0277 3920 msahci - ok
23:26:25.0309 3920 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
23:26:25.0309 3920 msdsm - ok
23:26:25.0387 3920 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
23:26:25.0387 3920 Msfs - ok
23:26:25.0433 3920 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
23:26:25.0433 3920 mshidkmdf - ok
23:26:25.0480 3920 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
23:26:25.0480 3920 msisadrv - ok
23:26:25.0527 3920 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
23:26:25.0543 3920 MSKSSRV - ok
23:26:25.0589 3920 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
23:26:25.0589 3920 MSPCLOCK - ok
23:26:25.0621 3920 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
23:26:25.0621 3920 MSPQM - ok
23:26:25.0652 3920 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
23:26:25.0667 3920 MsRPC - ok
23:26:25.0699 3920 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
23:26:25.0699 3920 mssmbios - ok
23:26:25.0730 3920 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
23:26:25.0730 3920 MSTEE - ok
23:26:25.0792 3920 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
23:26:25.0792 3920 MTConfig - ok
23:26:25.0823 3920 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
23:26:25.0823 3920 Mup - ok
23:26:25.0901 3920 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
23:26:25.0901 3920 NativeWifiP - ok
23:26:26.0011 3920 NDIS (c38b8ae57f78915905064a9a24dc1586) C:\Windows\system32\drivers\ndis.sys
23:26:26.0042 3920 NDIS - ok
23:26:26.0104 3920 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
23:26:26.0104 3920 NdisCap - ok
23:26:26.0151 3920 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
23:26:26.0151 3920 NdisTapi - ok
23:26:26.0198 3920 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
23:26:26.0198 3920 Ndisuio - ok
23:26:26.0229 3920 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
23:26:26.0229 3920 NdisWan - ok
23:26:26.0276 3920 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
23:26:26.0276 3920 NDProxy - ok
23:26:26.0323 3920 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
23:26:26.0323 3920 NetBIOS - ok
23:26:26.0369 3920 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
23:26:26.0385 3920 NetBT - ok
23:26:26.0635 3920 NETwNs64 (b9c587bdaa61a689883439d5ae6fe7f3) C:\Windows\system32\DRIVERS\NETwNs64.sys
23:26:26.0806 3920 NETwNs64 - ok
23:26:26.0869 3920 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
23:26:26.0869 3920 nfrd960 - ok
23:26:26.0884 3920 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
23:26:26.0900 3920 Npfs - ok
23:26:26.0931 3920 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
23:26:26.0931 3920 nsiproxy - ok
23:26:27.0056 3920 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
23:26:27.0149 3920 Ntfs - ok
23:26:27.0181 3920 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
23:26:27.0181 3920 Null - ok
23:26:27.0243 3920 NVHDA (f2662fdc20518ee8a8eed4f61ba42349) C:\Windows\system32\drivers\nvhda64v.sys
23:26:27.0243 3920 NVHDA - ok
23:26:27.0524 3920 nvlddmkm (b6d7d3ebb1401b04b48f40c3d0ce5b09) C:\Windows\system32\DRIVERS\nvlddmkm.sys
23:26:27.0571 3920 nvlddmkm - ok
23:26:27.0617 3920 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
23:26:27.0633 3920 nvraid - ok
23:26:27.0649 3920 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
23:26:27.0664 3920 nvstor - ok
23:26:27.0742 3920 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
23:26:27.0758 3920 nv_agp - ok
23:26:27.0789 3920 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
23:26:27.0789 3920 ohci1394 - ok
23:26:27.0836 3920 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
23:26:27.0836 3920 Parport - ok
23:26:27.0867 3920 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
23:26:27.0867 3920 partmgr - ok
23:26:27.0914 3920 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
23:26:27.0929 3920 pci - ok
23:26:27.0961 3920 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
23:26:27.0961 3920 pciide - ok
23:26:27.0992 3920 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
23:26:28.0007 3920 pcmcia - ok
23:26:28.0039 3920 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
23:26:28.0039 3920 pcw - ok
23:26:28.0070 3920 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
23:26:28.0085 3920 PEAUTH - ok
23:26:28.0210 3920 pneteth (8ac5649c9070674d4607301c180ab10b) C:\Windows\system32\DRIVERS\pneteth.sys
23:26:28.0226 3920 pneteth - ok
23:26:28.0304 3920 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
23:26:28.0304 3920 PptpMiniport - ok
23:26:28.0335 3920 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
23:26:28.0351 3920 Processor - ok
23:26:28.0382 3920 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
23:26:28.0397 3920 Psched - ok
23:26:28.0460 3920 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
23:26:28.0491 3920 ql2300 - ok
23:26:28.0553 3920 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
23:26:28.0553 3920 ql40xx - ok
23:26:28.0569 3920 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
23:26:28.0569 3920 QWAVEdrv - ok
23:26:28.0616 3920 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
23:26:28.0631 3920 RasAcd - ok
23:26:28.0678 3920 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
23:26:28.0678 3920 RasAgileVpn - ok
23:26:28.0709 3920 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
23:26:28.0709 3920 Rasl2tp - ok
23:26:28.0756 3920 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
23:26:28.0772 3920 RasPppoe - ok
23:26:28.0803 3920 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
23:26:28.0803 3920 RasSstp - ok
23:26:28.0834 3920 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
23:26:28.0850 3920 rdbss - ok
23:26:28.0881 3920 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
23:26:28.0881 3920 rdpbus - ok
23:26:28.0912 3920 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
23:26:28.0912 3920 RDPCDD - ok
23:26:28.0928 3920 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
23:26:28.0943 3920 RDPENCDD - ok
23:26:28.0959 3920 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
23:26:28.0975 3920 RDPREFMP - ok
23:26:29.0006 3920 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
23:26:29.0006 3920 RDPWD - ok
23:26:29.0053 3920 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
23:26:29.0053 3920 rdyboost - ok
23:26:29.0146 3920 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
23:26:29.0146 3920 RFCOMM - ok
23:26:29.0224 3920 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
23:26:29.0224 3920 rspndr - ok
23:26:29.0287 3920 RSUSBVSTOR (e57fac2cdb73f06586ed2ed310b80932) C:\Windows\system32\Drivers\RtsUVStor.sys
23:26:29.0287 3920 RSUSBVSTOR - ok
23:26:29.0333 3920 RTL8167 (afc12dfa4c7b089673ad67402ca19edb) C:\Windows\system32\DRIVERS\Rt64win7.sys
23:26:29.0349 3920 RTL8167 - ok
23:26:29.0380 3920 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
23:26:29.0380 3920 sbp2port - ok
23:26:29.0411 3920 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
23:26:29.0411 3920 scfilter - ok
23:26:29.0489 3920 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
23:26:29.0489 3920 secdrv - ok
23:26:29.0552 3920 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
23:26:29.0552 3920 Serenum - ok
23:26:29.0583 3920 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
23:26:29.0583 3920 Serial - ok
23:26:29.0630 3920 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
23:26:29.0630 3920 sermouse - ok
23:26:29.0677 3920 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
23:26:29.0677 3920 sffdisk - ok
23:26:29.0739 3920 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
23:26:29.0739 3920 sffp_mmc - ok
23:26:29.0770 3920 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
23:26:29.0770 3920 sffp_sd - ok
23:26:29.0817 3920 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
23:26:29.0817 3920 sfloppy - ok
23:26:29.0864 3920 SiSGbeLH (1bc348cf6baa90ec8e533ef6e6a69933) C:\Windows\system32\DRIVERS\SiSG664.sys
23:26:29.0864 3920 SiSGbeLH - ok
23:26:29.0926 3920 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
23:26:29.0926 3920 SiSRaid2 - ok
23:26:29.0957 3920 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
23:26:29.0957 3920 SiSRaid4 - ok
23:26:29.0989 3920 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
23:26:29.0989 3920 Smb - ok
23:26:30.0067 3920 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
23:26:30.0067 3920 spldr - ok
23:26:30.0113 3920 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
23:26:30.0129 3920 srv - ok
23:26:30.0160 3920 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
23:26:30.0176 3920 srv2 - ok
23:26:30.0223 3920 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
23:26:30.0223 3920 srvnet - ok
23:26:30.0332 3920 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
23:26:30.0332 3920 stexstor - ok
23:26:30.0379 3920 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
23:26:30.0379 3920 swenum - ok
23:26:30.0488 3920 SynTP (f0d7c68cda9784689caa72c17af393b2) C:\Windows\system32\DRIVERS\SynTP.sys
23:26:30.0488 3920 SynTP - ok
23:26:30.0581 3920 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
23:26:30.0628 3920 Tcpip - ok
23:26:30.0675 3920 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
23:26:30.0691 3920 TCPIP6 - ok
23:26:30.0737 3920 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
23:26:30.0737 3920 tcpipreg - ok
23:26:30.0784 3920 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
23:26:30.0784 3920 TDPIPE - ok
23:26:30.0831 3920 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
23:26:30.0831 3920 TDTCP - ok
23:26:30.0878 3920 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
23:26:30.0878 3920 tdx - ok
23:26:30.0925 3920 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys
23:26:30.0925 3920 TermDD - ok
23:26:31.0018 3920 Tpkd (832f9d02b20de69c52e81dbe13599ee1) C:\Windows\system32\drivers\Tpkd.sys
23:26:31.0034 3920 Tpkd - ok
23:26:31.0081 3920 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
23:26:31.0081 3920 tssecsrv - ok
23:26:31.0127 3920 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
23:26:31.0127 3920 TsUsbFlt - ok
23:26:31.0159 3920 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
23:26:31.0159 3920 TsUsbGD - ok
23:26:31.0205 3920 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
23:26:31.0205 3920 tunnel - ok
23:26:31.0237 3920 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
23:26:31.0237 3920 uagp35 - ok
23:26:31.0283 3920 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
23:26:31.0283 3920 udfs - ok
23:26:31.0346 3920 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
23:26:31.0346 3920 uliagpkx - ok
23:26:31.0393 3920 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
23:26:31.0393 3920 umbus - ok
23:26:31.0439 3920 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
23:26:31.0439 3920 UmPass - ok
23:26:31.0502 3920 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
23:26:31.0517 3920 USBAAPL64 - ok
23:26:31.0564 3920 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
23:26:31.0580 3920 usbaudio - ok
23:26:31.0611 3920 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
23:26:31.0611 3920 usbccgp - ok
23:26:31.0658 3920 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
23:26:31.0673 3920 usbcir - ok
23:26:31.0689 3920 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
23:26:31.0705 3920 usbehci - ok
23:26:31.0751 3920 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
23:26:31.0767 3920 usbhub - ok
23:26:31.0798 3920 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
23:26:31.0798 3920 usbohci - ok
23:26:31.0829 3920 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\drivers\usbprint.sys
23:26:31.0829 3920 usbprint - ok
23:26:31.0861 3920 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
23:26:31.0861 3920 USBSTOR - ok
23:26:31.0892 3920 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
23:26:31.0892 3920 usbuhci - ok
23:26:31.0954 3920 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
23:26:31.0970 3920 usbvideo - ok
23:26:32.0032 3920 VClone (fd911873c0bb6945fa38c16e9a2b58f9) C:\Windows\system32\DRIVERS\VClone.sys
23:26:32.0032 3920 VClone - ok
23:26:32.0095 3920 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
23:26:32.0095 3920 vdrvroot - ok
23:26:32.0141 3920 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
23:26:32.0157 3920 vga - ok
23:26:32.0188 3920 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
23:26:32.0188 3920 VgaSave - ok
23:26:32.0235 3920 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
23:26:32.0251 3920 vhdmp - ok
23:26:32.0266 3920 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
23:26:32.0282 3920 viaide - ok
23:26:32.0313 3920 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
23:26:32.0313 3920 volmgr - ok
23:26:32.0344 3920 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
23:26:32.0360 3920 volmgrx - ok
23:26:32.0391 3920 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
23:26:32.0391 3920 volsnap - ok
23:26:32.0438 3920 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
23:26:32.0438 3920 vsmraid - ok
23:26:32.0485 3920 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
23:26:32.0485 3920 vwifibus - ok
23:26:32.0516 3920 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
23:26:32.0516 3920 vwififlt - ok
23:26:32.0594 3920 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
23:26:32.0594 3920 vwifimp - ok
23:26:32.0641 3920 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
23:26:32.0641 3920 WacomPen - ok
23:26:32.0687 3920 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
23:26:32.0687 3920 WANARP - ok
23:26:32.0719 3920 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
23:26:32.0719 3920 Wanarpv6 - ok
23:26:32.0765 3920 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
23:26:32.0765 3920 Wd - ok
23:26:32.0812 3920 WDC_SAM (a3d04ebf5227886029b4532f20d026f7) C:\Windows\system32\DRIVERS\wdcsam64.sys
23:26:32.0812 3920 WDC_SAM - ok
23:26:32.0859 3920 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
23:26:32.0859 3920 Wdf01000 - ok
23:26:32.0921 3920 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
23:26:32.0921 3920 WfpLwf - ok
23:26:32.0968 3920 WimFltr (52ded146e4797e6ccf94799e8e22bb2a) C:\Windows\system32\DRIVERS\wimfltr.sys
23:26:32.0984 3920 WimFltr - ok
23:26:33.0015 3920 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
23:26:33.0015 3920 WIMMount - ok
23:26:33.0124 3920 WinUSB (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUSB.sys
23:26:33.0124 3920 WinUSB - ok
23:26:33.0187 3920 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
23:26:33.0187 3920 WmiAcpi - ok
23:26:33.0265 3920 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
23:26:33.0265 3920 ws2ifsl - ok
23:26:33.0311 3920 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
23:26:33.0327 3920 WudfPf - ok
23:26:33.0358 3920 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
23:26:33.0358 3920 WUDFRd - ok
23:26:33.0436 3920 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
23:26:33.0452 3920 \Device\Harddisk0\DR0 - ok
23:26:33.0748 3920 MBR (0x1B8) (64b1e91c5c6c2157642651010728f90f) \Device\Harddisk1\DR1
23:26:33.0811 3920 \Device\Harddisk1\DR1 - ok
23:26:33.0811 3920 Boot (0x1200) (8865d94572abae2f8f2afa98b9d3c0e3) \Device\Harddisk0\DR0\Partition0
23:26:33.0811 3920 \Device\Harddisk0\DR0\Partition0 - ok
23:26:33.0826 3920 Boot (0x1200) (b1f4d14cbcb1a9517810f24ef71b5002) \Device\Harddisk1\DR1\Partition0
23:26:33.0889 3920 \Device\Harddisk1\DR1\Partition0 - ok
23:26:33.0889 3920 Boot (0x1200) (2555bea6f5052abb2abaa738131b25b6) \Device\Harddisk1\DR1\Partition1
23:26:33.0889 3920 \Device\Harddisk1\DR1\Partition1 - ok
23:26:33.0889 3920 ============================================================
23:26:33.0889 3920 Scan finished
23:26:33.0889 3920 ============================================================
23:26:33.0904 3348 Detected object count: 0
23:26:33.0904 3348 Actual detected object count: 0
23:26:58.0896 4544 Deinitialize success


Did not need to reboot after running TDSSKiller

Attached Files



#4 Aaflac

Aaflac

    Doin' Dis 'n Dat...


  • Malware Response Team
  • 2,307 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:USA
  • Local time:11:48 AM

Posted 28 November 2011 - 10:41 PM

ComboFix report posted for ease of use:

ComboFix 11-11-27.02 - Personcoat 11/27/2011 23:06:45.1.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8169.6758 [GMT -8:00]
Running from: c:\users\Personcoat\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\hosts
c:\programdata\Roaming
c:\windows\AsPatch10430001.exe
c:\windows\system32\consrv.dll
c:\windows\System64
.
.
((((((((((((((((((((((((( Files Created from 2011-10-28 to 2011-11-28 )))))))))))))))))))))))))))))))
.
.
2011-11-26 18:42 . 2011-11-26 18:41 32256 ----a-w- c:\windows\SysWow64\8fpYKTg.com
2011-11-25 21:38 . 2011-10-18 09:27 8570192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F94B7C29-F561-4DA1-A9A1-5B3A644E627A}\mpengine.dll
2011-11-24 21:32 . 2011-11-24 22:05 -------- d-----w- c:\program files\Microsoft Security Client
2011-11-24 07:38 . 2011-11-24 07:38 -------- d-----w- c:\users\Personcoat\AppData\Roaming\NVIDIA
2011-11-24 07:38 . 2011-11-24 22:05 -------- d-----w- c:\program files (x86)\AGEIA Technologies
2011-11-23 21:33 . 2011-05-25 02:14 270720 ------w- c:\windows\system32\MpSigStub.exe
2011-11-23 20:49 . 2011-11-23 21:08 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-11-23 20:49 . 2011-11-23 20:51 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2011-11-23 19:37 . 2011-11-23 19:37 -------- d-----w- c:\users\Personcoat\AppData\Roaming\Malwarebytes
2011-11-23 19:36 . 2011-11-23 19:36 -------- d-----w- c:\programdata\Malwarebytes
2011-11-23 19:36 . 2011-11-24 23:47 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-11-23 19:36 . 2011-09-01 01:00 25416 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-23 19:08 . 2011-11-23 19:08 -------- d-----w- c:\windows\Sun
2011-11-22 19:38 . 2008-05-30 22:11 4991496 ----a-w- c:\windows\system32\D3DX9_38.dll
2011-11-22 19:38 . 2008-05-30 22:11 3850760 ----a-w- c:\windows\SysWow64\D3DX9_38.dll
2011-11-22 19:38 . 2011-11-24 06:52 -------- d-----w- c:\program files (x86)\Common Files\BioWare
2011-11-22 19:38 . 2011-11-22 19:38 -------- d-----w- c:\program files (x86)\Electronic Arts
2011-11-09 21:40 . 2011-10-01 05:45 886784 ----a-w- c:\program files\Common Files\System\wab32.dll
2011-11-09 21:40 . 2011-10-01 04:37 708608 ----a-w- c:\program files (x86)\Common Files\System\wab32.dll
2011-11-09 21:39 . 2011-09-29 16:29 1923952 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-09 21:39 . 2011-09-29 04:03 3144704 ----a-w- c:\windows\system32\win32k.sys
2011-11-08 21:42 . 2011-11-08 21:42 -------- d-----w- c:\users\Personcoat\AppData\Local\ElevatedDiagnostics
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-28 07:12 . 2011-09-09 06:28 45056 ----a-w- c:\windows\system32\acovcnt.exe
2011-10-03 20:31 . 2011-10-03 20:31 1700352 ----a-w- c:\windows\SysWow64\gdiplus.dll
2011-10-03 13:06 . 2011-10-09 21:15 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-10-03 07:05 . 2011-10-03 07:05 406528 ----a-w- c:\windows\SysWow64\ReWire.dll
2011-10-03 07:05 . 2011-10-03 07:05 338432 ----a-w- c:\windows\SysWow64\REX Shared Library.dll
2011-09-09 06:28 . 2010-06-24 18:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-09-01 05:24 . 2011-10-12 08:02 2309120 ----a-w- c:\windows\system32\jscript9.dll
2011-09-01 05:17 . 2011-10-12 08:02 1389056 ----a-w- c:\windows\system32\wininet.dll
2011-09-01 05:12 . 2011-10-12 08:02 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-09-01 02:35 . 2011-10-12 08:02 1798144 ----a-w- c:\windows\SysWow64\jscript9.dll
2011-09-01 02:28 . 2011-10-12 08:02 1126912 ----a-w- c:\windows\SysWow64\wininet.dll
2011-09-01 02:22 . 2011-10-12 08:02 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WLAN Optimizer"="c:\users\Personcoat\Documents\WLAN Optimizr\WLAN Optimizer.exe" [2009-08-08 109056]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Nuance PDF Reader-reminder"="c:\program files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" [2008-11-03 328992]
"ASUSPRP"="c:\program files (x86)\ASUS\APRP\APRP.EXE" [2011-04-11 2018032]
"FLxHCIm"="c:\program files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe" [2011-04-08 43008]
"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2010-08-17 5732992]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-10-07 170624]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2010-09-23 1601536]
"USBChargerPlusTray"="c:\program files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe" [2011-04-18 496560]
"ASUS Screen Saver Protector"="c:\windows\AsScrPro.exe" [2011-07-07 3058304]
"THX TruStudio NB Settings"="c:\program files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe" [2011-03-17 909312]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"VAWinAgent"="c:\expressgateutil\VAWinAgent.exe" [2011-04-08 45448]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-06 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-08-19 421736]
"VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-09-01 449608]
.
c:\users\Personcoat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
PdaNet Desktop.lnk - c:\program files (x86)\PdaNet for Android\PdaNetPC.exe [2011-10-2 480880]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AsusVibeLauncher.lnk - c:\program files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe [2011-4-11 548528]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Best Buy pc app.lnk - c:\programdata\Best Buy pc app\ClickOnceSetup.exe [2011-2-25 15776]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 BEHRINGER_PT_MIDI;Behringer MIDI driver service (pt);c:\windows\system32\drivers\bhrngr_m.sys [x]
R3 bpmp;Intel® Centrino® WiMAX 6050 Series;c:\windows\system32\DRIVERS\bpmp.sys [x]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2011-07-07 79360]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-07-07 79360]
R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys [x]
R3 MAUSBFASTTRACKPRO;Service for M-Audio FastTrack Pro;c:\windows\system32\DRIVERS\MAudioFastTrackPro.sys [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-01-05 340240]
R3 pneteth;PdaNet Broadband;c:\windows\system32\DRIVERS\pneteth.sys [x]
R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUVStor.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2010-07-26 17024]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-03 15416]
S2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;c:\program files\Intel\WiMAX\Bin\DMAgent.exe [2010-11-07 499200]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-09-01 366152]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-04-27 378472]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-10-06 2655768]
S2 VideAceWindowsService;VideAceWindowsService;c:\expressgateutil\VAWinService.exe [2011-03-26 91464]
S2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;c:\program files\Intel\WiMAX\Bin\AppSrv.exe [2010-11-07 869376]
S3 AiCharger;ASUS Charger Driver;c:\windows\system32\DRIVERS\AiCharger.sys [x]
S3 bpenum;Intel® Centrino® WiMAX Enumerator;c:\windows\system32\DRIVERS\bpenum.sys [x]
S3 bpusb;Intel® Centrino® WiMAX 6050 Series Function Driver;c:\windows\system32\Drivers\bpusb.sys [x]
S3 FLxHCIc;Fresco Logic xHCI (USB3) Device Driver;c:\windows\system32\DRIVERS\FLxHCIc.sys [x]
S3 FLxHCIh;Fresco Logic xHCI (USB3) Hub Device Driver;c:\windows\system32\DRIVERS\FLxHCIh.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys [x]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-28 c:\windows\Tasks\At1.job
- c:\windows\system32\8fpYKTg.com [2011-11-26 18:41]
.
2011-11-28 c:\windows\Tasks\At11.job
- c:\windows\system32\8fpYKTg.com [2011-11-26 18:41]
.
2011-11-28 c:\windows\Tasks\At13.job
- c:\windows\system32\8fpYKTg.com [2011-11-26 18:41]
.
2011-11-28 c:\windows\Tasks\At15.job
- c:\windows\system32\8fpYKTg.com [2011-11-26 18:41]
.
2011-11-28 c:\windows\Tasks\At17.job
- c:\windows\system32\8fpYKTg.com [2011-11-26 18:41]
.
2011-11-28 c:\windows\Tasks\At19.job
- c:\windows\system32\8fpYKTg.com [2011-11-26 18:41]
.
2011-11-26 c:\windows\Tasks\At21.job
- c:\windows\system32\8fpYKTg.com [2011-11-26 18:41]
.
2011-11-26 c:\windows\Tasks\At23.job
- c:\windows\system32\8fpYKTg.com [2011-11-26 18:41]
.
2011-11-26 c:\windows\Tasks\At25.job
- c:\windows\system32\8fpYKTg.com [2011-11-26 18:41]
.
2011-11-26 c:\windows\Tasks\At27.job
- c:\windows\system32\8fpYKTg.com [2011-11-26 18:41]
.
2011-11-26 c:\windows\Tasks\At29.job
- c:\windows\system32\8fpYKTg.com [2011-11-26 18:41]
.
2011-11-28 c:\windows\Tasks\At3.job
- c:\windows\system32\8fpYKTg.com [2011-11-26 18:41]
.
2011-11-28 c:\windows\Tasks\At31.job
- c:\windows\system32\8fpYKTg.com [2011-11-26 18:41]
.
2011-11-28 c:\windows\Tasks\At33.job
- c:\windows\system32\8fpYKTg.com [2011-11-26 18:41]
.
2011-11-28 c:\windows\Tasks\At35.job
- c:\windows\system32\8fpYKTg.com [2011-11-26 18:41]
.
2011-11-28 c:\windows\Tasks\At37.job
- c:\windows\system32\8fpYKTg.com [2011-11-26 18:41]
.
2011-11-28 c:\windows\Tasks\At39.job
- c:\windows\system32\8fpYKTg.com [2011-11-26 18:41]
.
2011-11-28 c:\windows\Tasks\At41.job
- c:\windows\system32\8fpYKTg.com [2011-11-26 18:41]
.
2011-11-28 c:\windows\Tasks\At43.job
- c:\windows\system32\8fpYKTg.com [2011-11-26 18:41]
.
2011-11-28 c:\windows\Tasks\At45.job
- c:\windows\system32\8fpYKTg.com [2011-11-26 18:41]
.
2011-11-28 c:\windows\Tasks\At47.job
- c:\windows\system32\8fpYKTg.com [2011-11-26 18:41]
.
2011-11-28 c:\windows\Tasks\At5.job
- c:\windows\system32\8fpYKTg.com [2011-11-26 18:41]
.
2011-11-28 c:\windows\Tasks\At7.job
- c:\windows\system32\8fpYKTg.com [2011-11-26 18:41]
.
2011-11-28 c:\windows\Tasks\At9.job
- c:\windows\system32\8fpYKTg.com [2011-11-26 18:41]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-04-07 11788392]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-01-05 1933584]
"IntelWirelessWiMAX"="c:\program files\Intel\WiMAX\Bin\WiMAXCU.exe" [2010-11-14 1605632]
"THXCfg64"="c:\windows\system32\RunDLL32.exe" [2009-07-14 45568]
"M-Audio Taskbar Icon"="c:\windows\system32\M-AudioTaskBarIcon.exe" [2010-12-07 798728]
"combofix"="c:\combofix\CF17510.3XE" [2010-11-20 345088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://asus.msn.com
mStart Page = hxxp://asus.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Personcoat\AppData\Roaming\Mozilla\Firefox\Profiles\sp5zan2c.default\
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
SafeBoot-01784100.sys
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-SynAsusAcpi - c:\program files (x86)\Synaptics\SynTP\SynAsusAcpi.exe
AddRemove-Free PURE-POne1.5_is1 - c:\program files (x86)\vstplugins\Pure-Pone\unins000.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\ASUS\SmartLogon\sensorsrv.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2011-11-27 23:16:28 - machine was rebooted
ComboFix-quarantined-files.txt 2011-11-28 07:16
.
Pre-Run: 320,665,767,936 bytes free
Post-Run: 320,419,680,256 bytes free
.
- - End Of File - - 3CDFCB59F87FF36C697DC4FBDA7E611E

Old duck...


#5 Aaflac

Aaflac

    Doin' Dis 'n Dat...


  • Malware Response Team
  • 2,307 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:USA
  • Local time:11:48 AM

Posted 28 November 2011 - 10:50 PM

Pretzlcoat,

Have you attempted to download any AntiVirus program on this computer?


Still see some malware entries in CF,...we will get to them, but first, let's get some additional information to rule out a Bootkit.

Please download aswMBR:
http://public.avast.com/~gmerek/aswMBR.exe

Save it to the Desktop.

Vista/Windows 7 users: Right-click and select: Run as Administrator

Click Scan

Upon completion of the scan, click ‘Save log’ and save it to the Desktop,
Note - Do NOT attempt any fix anything!!.

Please post the aswMBR log in your reply.


Also, you will notice that another file is created on the Desktop.
It is named MBR.dat

Please keep the file on the Desktop, and do not do anything with it.
This is important, just in case we need to have access to the MBR information.

Howerer, do submit MBR.dat for analysis to VirusTotal


Use the 'Browse' button to navigate to the location of the file.
Click on the file Then, click the 'Open' button.
The file is now displayed in the Submit Box.

Scroll down and click 'Send File', and wait for the results
If you get a message saying: 'File has already been analyzed', click 'Reanalyze file now'
Once scanned, please provide the link to the results page in your reply.

Edited by Aaflac, 28 November 2011 - 10:57 PM.

Old duck...


#6 Pretzlcoat

Pretzlcoat
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:12:48 PM

Posted 29 November 2011 - 02:58 AM

The only anti-virus I've downloaded is Microsoft security essentials.

aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-11-28 23:51:35
-----------------------------
23:51:35.260 OS Version: Windows x64 6.1.7601 Service Pack 1
23:51:35.260 Number of processors: 8 586 0x2A07
23:51:35.260 ComputerName: PERSONCOAT-PC UserName: Personcoat
23:51:41.874 Initialize success
23:52:17.272 AVAST engine download error: 0
23:52:28.879 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
23:52:28.879 Disk 0 Vendor: ST950042 0002 Size: 476940MB BusType: 3
23:52:28.879 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-2
23:52:28.894 Disk 1 Vendor: ST950042 0002 Size: 476940MB BusType: 3
23:52:28.910 Disk 0 MBR read successfully
23:52:28.910 Disk 0 MBR scan
23:52:28.925 Disk 0 Windows 7 default MBR code
23:52:28.925 Service scanning
23:52:30.813 Modules scanning
23:52:30.813 Disk 0 trace - called modules:
23:52:30.875 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll
23:52:30.891 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8009090790]
23:52:30.891 3 CLASSPNP.SYS[fffff88001bcb43f] -> nt!IofCallDriver -> [0xfffffa80071ec480]
23:52:30.907 5 ACPI.sys[fffff88000efa7a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80071f0050]
23:52:30.922 Scan finished successfully
23:52:48.566 Disk 0 MBR has been saved successfully to "C:\Users\Personcoat\Desktop\MBR.dat"
23:52:48.628 The log file has been saved successfully to "C:\Users\Personcoat\Desktop\aswMBR.txt"


As of this posting I am unable to access virustotal.com

#7 Aaflac

Aaflac

    Doin' Dis 'n Dat...


  • Malware Response Team
  • 2,307 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:USA
  • Local time:11:48 AM

Posted 29 November 2011 - 09:21 AM

Pretzlcoat,

Please do the following:

Continue to disable (temporarily) all AntiVirus and AntiMalware programs so they do not interfere with the running of ComboFix, specially Spybot Seaech and Destroy.

Open Notepad ('Start' + 'R', type: notepad Click: OK)

Copy/paste the text in the code box below to it:

KILLALL::

Files::
c:\windows\SysWow64\8fpYKTg.com
c:\windows\Tasks\At1.job
c:\windows\Tasks\At11.job
c:\windows\Tasks\At13.job
c:\windows\Tasks\At15.job
c:\windows\Tasks\At17.job
c:\windows\Tasks\At19.job
c:\windows\Tasks\At21.job
c:\windows\Tasks\At23.job
c:\windows\Tasks\At25.job
c:\windows\Tasks\At27.job
c:\windows\Tasks\At29.job
c:\windows\Tasks\At3.job
c:\windows\Tasks\At31.job
c:\windows\Tasks\At33.job
c:\windows\Tasks\At35.job
c:\windows\Tasks\At37.job
c:\windows\Tasks\At39.job
c:\windows\Tasks\At41.job
c:\windows\Tasks\At43.job
c:\windows\Tasks\At45.job
c:\windows\Tasks\At47.job
c:\windows\Tasks\At5.job
c:\windows\Tasks\At7.job
c:\windows\Tasks\At9.job

Save to your Desktop as CFScript.txt

In Notepad:
Click File > Save as..., and save to the Desktop
In the File Name box, type: CFScript.txt
Click: Save

Close all open windows so that you are at the Desktop.

Referring to the picture below, using your mouse, left button, drag CFScript into ComboFix.exe
Posted Image

When finished, CF produces a log located at C:\ComboFix.txt

Please post the new Combofix.txt in your reply.


Note: Do not mouse-click the ComboFix window while it is running. It may cause CF to stall.


Now,try going to VirusTotal (Post #5, and see if it works.

On Microsoft Security Essentials...don't see it installed or any other AV progam.Did you not keep MSE?

Edited by Aaflac, 29 November 2011 - 11:25 AM.

Old duck...


#8 Pretzlcoat

Pretzlcoat
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:12:48 PM

Posted 29 November 2011 - 01:59 PM

Combofix.txt attached.

virustotal.com results:

http://www.virustotal.com/file-scan/report.html?id=442e5464db57daf051c5609863d4da09069f9c2394f4ed2a28ef4f65c7c5567d-1322591954

When I installed MSE it became "windows defender" in my control panel, I guess....

Attached Files



#9 Aaflac

Aaflac

    Doin' Dis 'n Dat...


  • Malware Response Team
  • 2,307 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:USA
  • Local time:11:48 AM

Posted 29 November 2011 - 05:28 PM

Pretzlcoat,

In your initial post, you mentioned the following concerns:
1. Google search results redirect to ads,etc.

2. Attempting to enable Windows firewall yields an error message
("Windows firewall can't change some of your settings Error code 0x8007042c")

Are these issues still happening?



In so far as Microsoft Security Essentials goes, it is not installed on the computer, and Windows Defender is not an AntiVirus.

Let's try another install...
Go Here
Press: More languages and versions

Under Windows Version, where it says Select your version, click the drop arrow
Select: Windows Vista/Windows 7 64-bit
Press Download (to the right)

Save to your Desktop
Right-click the downloaded file: mseinstall.exe
Select: Run as Administrator

Follow the prompts to install the program.

After MSE is installed, it will prompt you to run a Scan.
Please do so, and note if it finds and removes any malware.


When done with MSE, please get an extra ComboFix report:

•Press the "Windows Key" + "R"
•Copy/paste the following into the Open box:

"C:\Qoobox\Add-Remove Programs.txt"

•Click: OK

(If the above does not work, copy/paste without the quotes)

Please provide the Add-Remove Programs report in your reply.



Last, go back to VirusTotal

Use the 'Browse' button to navigate to the location of the following file:

c:\windows\SysWow64\8fpYKTg.com

If you can't find the file, you may need to show hidden files in Windows 7:
http://www.bleepingcomputer.com/tutorials/show-hidden-files-in-windows-7/

Click on the file, then, click the 'Open' button.
The file is now displayed in the Submit Box.

Scroll down and click 'Send File', and wait for the results
If you get a message saying: 'File has already been analyzed', click 'Reanalyze file now'
Once scanned, please provide the link to the results page in your reply.


Thanks.

Old duck...


#10 Pretzlcoat

Pretzlcoat
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:12:48 PM

Posted 30 November 2011 - 01:10 PM

As of right now I can no longer re-create the google redirect or the firewall issue which I originally had. Additionally, Installing MSE and running a scan reminded me/may explain exactly what happened last time I attempted to download MSE. You see, about a week ago I downloaded MSE, ran a scan and it found 1 malicious item . After cleaning up the problem I attempted to restart windows but was unable to as I got some strange errors which, after attempting to restore the computer to a previous state, seemed to resolve themselves. With windows running again, MSE was apparently absent and I guess I just assumed Windows defender was the same thing. Running MSE just now found 1 threat: TrojanDownloader:Win32/Unruy.H

Add-remove Programs report:
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Apple Application Support
Apple Software Update
ASUS AI Recovery
ASUS Live Update
ASUS SmartLogon
ASUS Splendid Video Enhancement Technology
ASUS USB Charger Plus
ASUS Virtual Camera
AsusScr_G74 Series_ENG
AsusVibe2.0
ATK Package
Batman: Arkham Asylum - Demo
Best Buy pc app
D3DX10
Diablo II
ExpressGateCloud
FREE PURE-PONE V1.5
Intel® Control Center
Intel® Management Engine Components
Java Auto Updater
Java™ 6 Update 29
Junk Mail filter update
Live 8.2.2
Malwarebytes' Anti-Malware version 1.51.2.1300
Mesh Runtime
Microsoft Office 2010
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Monome Serial 0.2.1.5
Mozilla Firefox 8.0 (x86 en-US)
MSVCRT
MSVCRT_amd64
Nuance PDF Reader
NVIDIA Stereoscopic 3D Driver
PdaNet for Android 3.02
Portal 2
QuickTime
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
Realtek USB 2.0 Reader Driver
Reason 5.0
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Sonnox Oxford Inflator Native VST v1.5.1
Spybot - Search & Destroy
Star Wars: The Old Republic
Steam
THX TruStudio
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
VirtualCloneDrive
Waves Complete VST RTAS TDM v7.1.16
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinFlash
Wireless Console 3
World of Warcraft
World of Warcraft Public Test


I am unable to find the file you mentioned (8fpYKTg.com) despite following the steps in the "how to show hidden files in windows 7" tutorial. Also, thanks so much for your help thus far!

Edited by Pretzlcoat, 30 November 2011 - 01:16 PM.


#11 Aaflac

Aaflac

    Doin' Dis 'n Dat...


  • Malware Response Team
  • 2,307 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:USA
  • Local time:11:48 AM

Posted 30 November 2011 - 10:53 PM

Pretzlcoat,

If I understand you correctly, you can now enable the Windows firewall. Is that correct?

On Microsoft Security Essentials, it should be showing in Control Panel > Programs and Features.
Will you check, and see if it is?

Is TrojanDownloader:Win32/Unruy.H the same malicious item that MSE found when you last ran a scan? We do not want to perform any action that will not allow you to start Windows once again, as it happened the last time. So, for now, let's see what the following program finds, instead of using MSE:

Please download RogueKiller and save it to the Desktop:
http://tigzy.geekstogo.com/Tools/RogueKiller.exe
•Close all runwindows
•Vista/Win7 - Right-click the icon and select: Run as Administrator
•When prompted, type 1 (SCAN) and then press: Enter
•A report opens on the Desktop: RKreport.txt

Please copy/paste the RKreport.txt , and provide it in your reply.

Edited by Aaflac, 30 November 2011 - 10:54 PM.

Old duck...


#12 Pretzlcoat

Pretzlcoat
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:12:48 PM

Posted 30 November 2011 - 11:35 PM

Windows firewall is working fine now and MSE shows up in Control Panel > Programs and Features

The virus found by MSE this second time around is not the same as the one previously removed. Initially I thought that it was but was able to confirm otherwise by exploring the "History" tab in MSE.


RogueKiller V6.1.11 [11/30/2011] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User: Personcoat [Admin rights]
Mode: Scan -- Date : 11/30/2011 20:33:05

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 3 ¤¤¤
[SUSP PATH] ASUS Patch 10430001.job : C:\Windows\AsPatch10430001.exe -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost


Finished : << RKreport[1].txt >>
RKreport[1].txt

#13 Aaflac

Aaflac

    Doin' Dis 'n Dat...


  • Malware Response Team
  • 2,307 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:USA
  • Local time:11:48 AM

Posted 01 December 2011 - 01:19 AM

Please disable your AntiVirus program and any AntiSpyware programs while performing the following scan. It will preclude conflicts, and will speed up scan time.

Since you are using Windows Seven, go to the Start button, look for the browser icon, right-click it and select: Run as Administrator.

In the browser address bar, copy paste the following:
http://www.eset.com/us/online-scanner

Press the ESET Online Scanner button
  • In the prompt that appears, check 'Yes' to Accept Terms of Use, and click the 'Start' button
  • Allow the ActiveX to download, and click: 'Install'
  • Click Start
  • Make sure that the option Remove found threats is unticked. We need to make sure there are no false positives.
  • Click Scan
  • Wait for the scan to finish. It may take a while!
  • If any threats are found, click the 'List of found threats', then click Export to text file....
  • Save the file to your desktop as: ESET Scan.

Please provide the contents of the ESET Scan in your reply.


Also, download Security Check

Save it to the Desktop.
Right-click SecurityCheck.exe and select: Run as Administrator
Follow the on-screen instructions (on the black screen)
When done, a Notepad document opens automatically: checkup.txt

Please post the contents of checkup.txt in your reply.

Thanks.

Edited by Aaflac, 01 December 2011 - 01:20 AM.

Old duck...


#14 Pretzlcoat

Pretzlcoat
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:12:48 PM

Posted 01 December 2011 - 01:27 PM

C:\Qoobox\Quarantine\C\Windows\System32\consrv.dll.vir Win64/Sirefef.E trojan
C:\Users\Personcoat\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19\15d54fd3-4b44e995 a variant of Win32/Kryptik.VZH trojan



Results of screen317's Security Check version 0.99.24
Windows 7 x64 (UAC is enabled)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware
Java™ 6 Update 29
Adobe Flash Player ( 10.0.32.18) Flash Player Out of Date!
Mozilla Firefox (x86 en-US..)
````````````````````````````````
Process Check:
objlist.exe by Laurent

Windows Defender MSMpEng.exe
Malwarebytes' Anti-Malware mbamservice.exe
Microsoft Security Essentials msseces.exe
Microsoft Security Client Antimalware MsMpEng.exe
``````````End of Log````````````

#15 Aaflac

Aaflac

    Doin' Dis 'n Dat...


  • Malware Response Team
  • 2,307 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:USA
  • Local time:11:48 AM

Posted 01 December 2011 - 05:29 PM

Please run ESET once again.

This time, it shuld go faster, since you already downloaded the preliminaries.
  • Make sure that the option Remove found threats is ticked/checked.
  • Click Scan
  • If any threats are found, click the 'List of found threats', then click Export to text file....
  • Save the file to your desktop as: ESET Scan2.

Please provide the contents of the ESET Scan2 in your reply.

Old duck...





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users