Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

strongly infected with TR/ATRAP.gen TR/Crypt.Zpack.gen W32/Patchload.A TR/Kazy.2501 ...


  • This topic is locked This topic is locked
33 replies to this topic

#1 pfeu

pfeu

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:05:03 AM

Posted 26 November 2011 - 11:20 AM

Hello,

a fews days ago, I got an alert from my anti-virus avira about TR/ATRAP.gen and then, I got plenty of ones like described in the title.
My pc is infected and on internet, I was redirected to immensedavinciserver or swelldavinciserver and it blocked the anti-virus.

I stopped the internet connection and tried to clean the pc. My anti-virus were disabled by the virus. so I de-installed it and installed avast and did a start up scan. it was not enough. I use AVG rescue CD to scan by booting on the CD. it found a new one win32/Katusha.a. But not enough neither.
Finally, I think that my machine is badly infected and I ask your help to clean that properly.

Thank you for your help

below the DDS scan and I attached the Attach.txt and Ark.txt
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_24
Run by laptop at 2:48:22 on 2011-11-27
Microsoft Windows 7 Édition Familiale Premium 6.1.7601.1.1252.33.1036.18.3037.2184 [GMT 11:00]
.
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\System32\svchost.exe -k yksvcs
C:\windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Creative\Shared Files\CamTray.exe
C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
C:\Windows\System32\StikyNot.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\taskeng.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\windows\system32\taskhost.exe
C:\windows\system32\taskeng.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe
C:\Program Files\Samsung\Samsung Update Plus\SUPBackground.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\System32\svchost.exe -k secsvcs
C:\windows\system32\msiexec.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\windows\servicing\TrustedInstaller.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\DllHost.exe
C:\windows\system32\DllHost.exe
C:\windows\system32\conhost.exe
.
============== Pseudo HJT Report ===============
.
uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
uSearch Bar = hxxp://www.google.com/ie
uSearch Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Canon Easy-WebPrint EX BHO: {3785d0ad-bfff-47f6-bf5b-a587c162fed9} - c:\program files\canon\easy-webprint ex\ewpexbho.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No File
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Canon Easy-WebPrint EX: {759d9886-0c6f-4498-bab6-4a5f47c6c72f} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
EB: Canon Easy-WebPrint EX: {21347690-ec41-4f9a-8887-1f4aee672439} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
uRun: [Creative WebCam Tray] "c:\program files\creative\shared files\CamTray.exe"
uRun: [AutoStartNPSAgent] c:\program files\samsung\samsung new pc studio\NPSAgent.exe
uRun: [RESTART_STICKY_NOTES] c:\windows\system32\StikyNot.exe
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [UCam_Menu] "c:\program files\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\youcam" updatewithcreateonce "software\cyberlink\youcam\2.0"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [NPSStartup]
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
StartupFolder: c:\users\laptop\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\ultramon.lnk - c:\windows\installer\{b49673f8-7ab6-4a14-8213-c8a7be370010}\IcoUltraMon.ico
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xporter vers Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
LSP: mswsock.dll
DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} - hxxp://picasaweb.google.com/s/v/69.16/uploader2.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{D3A6A6E7-68F4-45E3-A662-4ACA9DE99FAE} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{DFF3BA6C-9727-4429-834F-56F333FFE8B3} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{DFF3BA6C-9727-4429-834F-56F333FFE8B3}\1646D6962716C63736C65726 : DhcpNameServer = 10.163.0.254
TCP: Interfaces\{DFF3BA6C-9727-4429-834F-56F333FFE8B3}\356425027596649602055726C69636 : DhcpNameServer = 86.64.233.85 86.64.145.141
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\laptop\appdata\roaming\mozilla\firefox\profiles\sodf3ncv.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=WLETDF&PC=WLEM&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://au.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=WLETDF&PC=WLEM&q=
FF - prefs.js: network.proxy.type - 0
FF - component: c:\program files\mozilla firefox\extensions\{82af8dca-6de9-405d-bd5e-43525bdad38a}\components\SkypeFfComponent.dll
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\canon\easy-photoprint ex\NPEZFFPI.DLL
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\programdata\zylom\zylomgamesplayer\npzylomgamesplayer.dll
FF - plugin: c:\users\laptop\appdata\roaming\facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\users\laptop\appdata\roaming\mozilla\firefox\profiles\sodf3ncv.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Skype extension: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - c:\program files\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - Ext: English (Australian) Dictionary: en-AU@dictionaries.addons.mozilla.org - %profile%\extensions\en-AU@dictionaries.addons.mozilla.org
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Ext: BitDefender QuickScan: {e001c731-5e37-4538-a5cb-8168736a2360} - %profile%\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true);user_pref(extensions.kwiclick.channel.campaign,'AddonFoxInt'
user_pref(extensions.kwiclick.channel.content,'AddonFoxInt');
user_pref(extensions.kwiclick.channel.id,'AddonFoxInt');
user_pref(extensions.kwiclick.channel.cse,'009607407620987551725:3hfwsbgoj80');
user_pref(extensions.kwiclick.channel.medium,'cpa');
user_pref(extensions.kwiclick.channel.source,'AddonFoxInt');
user_pref(extensions.kwiclick.channel.set,true);
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-11-24 442200]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-11-24 320856]
R1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\drivers\SABI.sys [2009-9-17 10752]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-23 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-13 67664]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-11-24 20568]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-11-24 54616]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-11-24 44768]
R2 UltraMonUtility;UltraMon Utility Driver;c:\program files\common files\realtime soft\ultramonmirrordrv\x32\UltraMonUtility.sys [2008-11-14 17184]
R2 yksvc;Marvell Yukon Service;c:\windows\system32\svchost.exe -k yksvcs [2009-7-14 20992]
R3 VMC326;Vimicro Camera Service VMC326;c:\windows\system32\drivers\VMC326.sys [2009-9-17 237696]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x86.sys [2009-9-28 315392]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 FsUsbExService;FsUsbExService;c:\windows\system32\fsusbexservice.exe --> c:\windows\system32\FsUsbExService.Exe [?]
S2 OberonGameConsoleService;Oberon Media Game Console service;"c:\program files\samsung casual games\gameconsole\oberongameconsoleservice.exe" --> c:\program files\samsung casual games\gameconsole\OberonGameConsoleService.exe [?]
S2 Rezip;Rezip;c:\windows\system32\rezip.exe --> c:\windows\system32\Rezip.exe [?]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2011-2-11 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2011-5-13 1492840]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2010-10-6 36608]
S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [2011-11-14 311928]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2010-10-2 27192]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-6-11 139776]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-3-28 52224]
S3 V0260VID;Live! Cam Vista IM;c:\windows\system32\drivers\V0260Vid.sys [2010-2-28 154560]
S3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\wat\WatAdminSvc.exe [2010-6-28 1343400]
.
=============== Created Last 30 ================
.
2011-11-26 15:47:10 56200 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{f6b673fb-566e-4760-80c0-945c7f00ac2c}\offreg.dll
2011-11-26 15:15:32 -------- d-----w- c:\program files\Trend Micro
2011-11-23 21:39:31 54616 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-11-23 21:39:31 442200 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-11-23 21:39:26 41184 ----a-w- c:\windows\avastSS.scr
2011-11-23 21:39:26 199304 ----a-w- c:\windows\system32\aswBoot.exe_1322359146.arl
2011-11-23 21:38:31 -------- d-----w- c:\users\laptop\appdata\local\Adobe
2011-11-23 12:38:40 -------- d-----w- c:\program files\Avira
2011-11-23 10:48:25 -------- d-----w- c:\programdata\AVAST Software
2011-11-23 10:48:25 -------- d-----w- c:\program files\AVAST Software
2011-11-23 08:12:09 -------- d-----w- c:\users\laptop\appdata\roaming\SUPERAntiSpyware.com
2011-11-23 08:12:05 -------- d-----w- c:\programdata\!SASCORE
2011-11-23 08:12:03 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-11-23 08:12:03 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-11-22 10:41:06 -------- d-----w- C:\avrescue
2011-11-22 08:45:28 6668624 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{f6b673fb-566e-4760-80c0-945c7f00ac2c}\mpengine.dll
2011-11-22 08:45:27 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-11-21 22:02:58 -------- d-sh--w- c:\windows\system32\%APPDATA%
2011-11-21 03:35:09 -------- d-----w- c:\users\laptop\appdata\local\{AD5CDE76-D321-4545-B113-B4B75D2E801E}
2011-11-21 03:34:53 -------- d-----w- c:\users\laptop\appdata\local\{00D162DC-2D79-4815-BF50-3DC33E491600}
2011-11-18 10:01:00 -------- d-----w- c:\programdata\ma-config.com
2011-11-18 10:01:00 -------- d-----w- c:\program files\ma-config.com
2011-11-09 10:03:38 -------- d-----w- c:\users\laptop\appdata\local\Apps
2011-11-09 09:44:48 1290608 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-09 09:44:43 708608 ----a-w- c:\program files\common files\system\wab32.dll
2011-11-09 09:44:41 2341888 ----a-w- c:\windows\system32\win32k.sys
2011-11-07 23:01:36 -------- d-----w- c:\users\laptop\appdata\local\{10683B01-24FC-4393-AEE9-2DC10F77164D}
2011-11-07 23:01:24 -------- d-----w- c:\users\laptop\appdata\local\{A87FEB35-BC9E-4370-985C-988E05A4617D}
2011-11-05 06:01:31 -------- d-----w- c:\users\laptop\appdata\local\{83171BFB-093D-49E8-AE31-5F405643B489}
2011-11-05 06:01:18 -------- d-----w- c:\users\laptop\appdata\local\{0BE19CCC-EFE7-4BFE-AA0A-7179A71FE8D9}
2011-10-31 10:24:18 -------- d-----w- c:\users\laptop\appdata\local\CutePDF Writer
2011-10-31 10:23:56 -------- d-----w- c:\program files\GPLGS
2011-10-31 10:22:19 87552 ----a-w- c:\windows\system32\cpwmon2k.dll
2011-10-31 10:22:19 -------- d-----w- c:\program files\Acro Software
2011-10-28 11:06:26 -------- d-----w- c:\users\laptop\appdata\local\TomTom
2011-10-28 11:06:22 -------- d-----w- c:\program files\TomTom International B.V
2011-10-28 11:06:18 -------- d-----w- c:\program files\MyTomTom 3
.
==================== Find3M ====================
.
2011-11-21 21:59:20 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-01 02:35:59 1798144 ----a-w- c:\windows\system32\jscript9.dll
2011-09-01 02:28:15 1126912 ----a-w- c:\windows\system32\wininet.dll
2011-09-01 02:22:54 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-08-31 07:00:50 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
.
============= FINISH: 2:49:34,37 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:03 PM

Posted 01 December 2011 - 03:33 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • Please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

In order for me to see the status of the infection I will need a new set of logs to start with.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.

Download DDS:

  • Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

Scan With RKUnHooker

  • Please Download Rootkit Unhooker Save it to your desktop.
  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers, Stealth,. Uncheck the rest. then Click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • Save the report somewhere where you can find it. Click Close.
Copy the entire contents of the report and paste it in a reply here.

Note** you may get this warning it is ok, just ignore

"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"


"just click on Cancel, then Accept".

information and logs:

  • In your next post I need the following

  • .logs from DDS
  • log from RKUnHooker
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 pfeu

pfeu
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:05:03 AM

Posted 01 December 2011 - 05:39 AM

Hello Gringo,

Thank you for taking care if my virus removal.

I have followed your instructions.
please find below the logs for DDS + the log for RKUnHooker

DDS log
-----------------
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_24
Run by laptop at 21:28:21 on 2011-12-01
Microsoft Windows 7 Édition Familiale Premium 6.1.7601.1.1252.33.1036.18.3037.1724 [GMT 11:00]
.
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\System32\svchost.exe -k yksvcs
C:\windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\windows\System32\spoolsv.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\windows\system32\taskeng.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe
C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\windows\System32\svchost.exe -k secsvcs
C:\Program Files\Creative\Shared Files\CamTray.exe
C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
C:\windows\servicing\TrustedInstaller.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\windows\system32\SearchIndexer.exe
C:\Windows\System32\StikyNot.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\windows\system32\taskmgr.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\windows\system32\svchost.exe"
C:\windows\system32\vssvc.exe
C:\windows\System32\svchost.exe -k swprv
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\explorer.exe
C:\windows\system32\taskhost.exe
C:\windows\explorer.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\system32\DllHost.exe
C:\windows\system32\DllHost.exe
C:\windows\system32\conhost.exe
C:\windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
uSearch Bar = hxxp://www.google.com/ie
uSearch Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Canon Easy-WebPrint EX BHO: {3785d0ad-bfff-47f6-bf5b-a587c162fed9} - c:\program files\canon\easy-webprint ex\ewpexbho.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No File
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Canon Easy-WebPrint EX: {759d9886-0c6f-4498-bab6-4a5f47c6c72f} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
EB: Canon Easy-WebPrint EX: {21347690-ec41-4f9a-8887-1f4aee672439} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
uRun: [Creative WebCam Tray] "c:\program files\creative\shared files\CamTray.exe"
uRun: [AutoStartNPSAgent] c:\program files\samsung\samsung new pc studio\NPSAgent.exe
uRun: [RESTART_STICKY_NOTES] c:\windows\system32\StikyNot.exe
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10t_Plugin.exe -update plugin
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [UCam_Menu] "c:\program files\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\youcam" updatewithcreateonce "software\cyberlink\youcam\2.0"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [NPSStartup]
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
StartupFolder: c:\users\laptop\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\ultramon.lnk - c:\windows\installer\{b49673f8-7ab6-4a14-8213-c8a7be370010}\IcoUltraMon.ico
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xporter vers Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
LSP: mswsock.dll
DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} - hxxp://picasaweb.google.com/s/v/69.16/uploader2.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{D3A6A6E7-68F4-45E3-A662-4ACA9DE99FAE} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{DFF3BA6C-9727-4429-834F-56F333FFE8B3} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{DFF3BA6C-9727-4429-834F-56F333FFE8B3}\1646D6962716C63736C65726 : DhcpNameServer = 10.163.0.254
TCP: Interfaces\{DFF3BA6C-9727-4429-834F-56F333FFE8B3}\356425027596649602055726C69636 : DhcpNameServer = 86.64.233.85 86.64.145.141
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\laptop\appdata\roaming\mozilla\firefox\profiles\sodf3ncv.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=WLETDF&PC=WLEM&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://au.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=WLETDF&PC=WLEM&q=
FF - prefs.js: network.proxy.type - 0
FF - component: c:\program files\mozilla firefox\extensions\{82af8dca-6de9-405d-bd5e-43525bdad38a}\components\SkypeFfComponent.dll
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\canon\easy-photoprint ex\NPEZFFPI.DLL
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\programdata\zylom\zylomgamesplayer\npzylomgamesplayer.dll
FF - plugin: c:\users\laptop\appdata\roaming\facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\users\laptop\appdata\roaming\mozilla\firefox\profiles\sodf3ncv.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Skype extension: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - c:\program files\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - Ext: English (Australian) Dictionary: en-AU@dictionaries.addons.mozilla.org - %profile%\extensions\en-AU@dictionaries.addons.mozilla.org
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Ext: BitDefender QuickScan: {e001c731-5e37-4538-a5cb-8168736a2360} - %profile%\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
FF - Ext: avast! WebRep: wrc@avast.com - c:\program files\avast software\avast\webrep\FF
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true);user_pref(extensions.kwiclick.channel.campaign,'AddonFoxInt'
user_pref(extensions.kwiclick.channel.content,'AddonFoxInt');
user_pref(extensions.kwiclick.channel.id,'AddonFoxInt');
user_pref(extensions.kwiclick.channel.cse,'009607407620987551725:3hfwsbgoj80');
user_pref(extensions.kwiclick.channel.medium,'cpa');
user_pref(extensions.kwiclick.channel.source,'AddonFoxInt');
user_pref(extensions.kwiclick.channel.set,true);
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-11-24 442200]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-11-24 320856]
R1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\drivers\SABI.sys [2009-9-17 10752]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-23 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-13 67664]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-11-24 20568]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-11-24 54616]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-11-24 44768]
R2 UltraMonUtility;UltraMon Utility Driver;c:\program files\common files\realtime soft\ultramonmirrordrv\x32\UltraMonUtility.sys [2008-11-14 17184]
R2 yksvc;Marvell Yukon Service;c:\windows\system32\svchost.exe -k yksvcs [2009-7-14 20992]
R3 VMC326;Vimicro Camera Service VMC326;c:\windows\system32\drivers\VMC326.sys [2009-9-17 237696]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x86.sys [2009-9-28 315392]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 FsUsbExService;FsUsbExService;c:\windows\system32\fsusbexservice.exe --> c:\windows\system32\FsUsbExService.Exe [?]
S2 OberonGameConsoleService;Oberon Media Game Console service;"c:\program files\samsung casual games\gameconsole\oberongameconsoleservice.exe" --> c:\program files\samsung casual games\gameconsole\OberonGameConsoleService.exe [?]
S2 Rezip;Rezip;c:\windows\system32\rezip.exe --> c:\windows\system32\Rezip.exe [?]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2011-2-11 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2011-5-13 1492840]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2010-10-6 36608]
S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [2011-11-14 311928]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2010-10-2 27192]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-6-11 139776]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-3-28 52224]
S3 V0260VID;Live! Cam Vista IM;c:\windows\system32\drivers\V0260Vid.sys [2010-2-28 154560]
S3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\wat\WatAdminSvc.exe [2010-6-28 1343400]
.
=============== Created Last 30 ================
.
2011-12-01 10:26:27 6668624 ----a-w- c:\programdata\microsoft\windows defender\definition updates\backup\mpengine.dll
2011-12-01 10:26:25 56200 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{6b76aed4-3f40-402d-b4b4-66ac12bfe8cf}\offreg.dll
2011-12-01 10:26:24 6668624 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{6b76aed4-3f40-402d-b4b4-66ac12bfe8cf}\mpengine.dll
2011-11-26 15:15:32 -------- d-----w- c:\program files\Trend Micro
2011-11-23 21:39:31 54616 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-11-23 21:39:31 442200 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-11-23 21:39:26 41184 ----a-w- c:\windows\avastSS.scr
2011-11-23 21:39:26 199304 ----a-w- c:\windows\system32\aswBoot.exe_1322359146.arl
2011-11-23 21:38:31 -------- d-----w- c:\users\laptop\appdata\local\Adobe
2011-11-23 12:38:40 -------- d-----w- c:\program files\Avira
2011-11-23 10:48:25 -------- d-----w- c:\programdata\AVAST Software
2011-11-23 10:48:25 -------- d-----w- c:\program files\AVAST Software
2011-11-23 08:12:09 -------- d-----w- c:\users\laptop\appdata\roaming\SUPERAntiSpyware.com
2011-11-23 08:12:05 -------- d-----w- c:\programdata\!SASCORE
2011-11-23 08:12:03 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-11-23 08:12:03 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-11-22 10:41:06 -------- d-----w- C:\avrescue
2011-11-22 08:45:27 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-11-21 22:02:58 -------- d-sh--w- c:\windows\system32\%APPDATA%
2011-11-21 03:35:09 -------- d-----w- c:\users\laptop\appdata\local\{AD5CDE76-D321-4545-B113-B4B75D2E801E}
2011-11-21 03:34:53 -------- d-----w- c:\users\laptop\appdata\local\{00D162DC-2D79-4815-BF50-3DC33E491600}
2011-11-18 10:01:00 -------- d-----w- c:\programdata\ma-config.com
2011-11-18 10:01:00 -------- d-----w- c:\program files\ma-config.com
2011-11-09 10:03:38 -------- d-----w- c:\users\laptop\appdata\local\Apps
2011-11-09 09:44:48 1290608 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-09 09:44:43 708608 ----a-w- c:\program files\common files\system\wab32.dll
2011-11-09 09:44:41 2341888 ----a-w- c:\windows\system32\win32k.sys
2011-11-07 23:01:36 -------- d-----w- c:\users\laptop\appdata\local\{10683B01-24FC-4393-AEE9-2DC10F77164D}
2011-11-07 23:01:24 -------- d-----w- c:\users\laptop\appdata\local\{A87FEB35-BC9E-4370-985C-988E05A4617D}
2011-11-05 06:01:31 -------- d-----w- c:\users\laptop\appdata\local\{83171BFB-093D-49E8-AE31-5F405643B489}
2011-11-05 06:01:18 -------- d-----w- c:\users\laptop\appdata\local\{0BE19CCC-EFE7-4BFE-AA0A-7179A71FE8D9}
.
==================== Find3M ====================
.
2011-11-21 21:59:20 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
============= FINISH: 21:29:06,31 ===============


Attach DDS log
------------------
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Édition Familiale Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 18/02/2010 07:51:27
System Uptime: 01/12/2011 21:18:57 (0 hours ago)
.
Motherboard: SAMSUNG ELECTRONICS CO., LTD. | | R520/R522/R620
Processor: Pentium® Dual-Core CPU T4300 @ 2.10GHz | U2E1 | 1197/mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 82 GiB total, 34,245 GiB free.
D: is FIXED (NTFS) - 201 GiB total, 136,224 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP208: 18/11/2011 21:00:12 - Installed Ma-Config.com
RP209: 22/11/2011 19:45:04 - Windows Update
RP210: 23/11/2011 23:34:48 - avast! Free Antivirus Setup
RP211: 01/12/2011 21:23:00 - Windows Update
.
==== Installed Programs ======================
.
.
Update for Microsoft Office 2007 (KB2508958)
2007 Microsoft Office system
7-Zip 4.65
Adobe Flash Player 10 Plugin
Adobe Flash Player 11 ActiveX
Adobe Reader 9.4.5 - Français
AnyPC Client
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Atheros Client Installation Program
ATI Catalyst Install Manager
avast! Free Antivirus
BatteryLifeExtender
Bonjour
Canon Easy-WebPrint EX
Canon MP Navigator EX 3.0
Canon MP270 series MP Drivers
Canon Utilities Easy-PhotoPrint EX
Canon Utilities My Printer
Canon Utilities Solution Menu
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CCleaner
ChargeableUSB
Creative Live! Cam Vista IM Driver (1.10.04.00)
Creative Software AutoUpdate
Creative System Information
Creative WebCam Center
CutePDF Writer 2.8
CyberLink YouCam
D3DX10
e-tax 2011
Easy Display Manager
Easy Network Manager
Easy SpeedUp Manager
EasyBatteryManager
Facebook Plug-In
Farm Frenzy 2
Fichiers de prise en charge de l'installation de Microsoft SQL Server (Français)
Galerie de photos Windows Live
Game Pack
Gestionnaire de contacts professionnels pour Outlook 2007 SP2
Governor of Poker 2
HijackThis 2.0.2
Intel® Matrix Storage Manager
iPhoneBrowser
iTunes
Java Auto Updater
Java™ 6 Update 22
Java™ 6 Update 24
Juniper Networks Cache Cleaner 6.5.0
Juniper Networks Network Connect 6.5.0
Juniper Networks Setup Client
Juniper Networks Setup Client Activex Control
Junk Mail filter update
LSI HDA Modem
Ma-Config.com
Malwarebytes' Anti-Malware version 1.51.2.1300
Manuel d'utilisation de Creative Live! Cam Vista IM (Français)
Marvell Miniport Driver
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile FRA Language Pack
Microsoft Application Error Reporting
Microsoft Office 2003 Web Components
Microsoft Office 2007 Primary Interop Assemblies
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (French) 2007
Microsoft Office Excel MUI (French) 2007
Microsoft Office File Validation Add-In
Microsoft Office Live Add-in 1.3
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (French) 2007
Microsoft Office PowerPoint MUI (French) 2007
Microsoft Office Professional Hybrid 2007
Microsoft Office Proof (Arabic) 2007
Microsoft Office Proof (Dutch) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (German) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (French) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (French) 2007
Microsoft Office Shared MUI (French) 2007
Microsoft Office Small Business Connectivity Components
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (French) 2007
Microsoft Silverlight
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
Microsoft SQL Server Native Client
Microsoft SQL Server VSS Writer
Microsoft Text-to-Speech Engine 4.0 (English)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Mise à jour Microsoft Office Excel 2007 Help (KB963678)
Mise à jour Microsoft Office Outlook 2007 Help (KB963677)
Mise à jour Microsoft Office Powerpoint 2007 Help (KB963669)
Mise à jour Microsoft Office Word 2007 Help (KB963665)
Module linguistique Microsoft .NET Framework 4 Client Profile FRA
Mozilla Firefox (3.6.10)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MyTomTom 3.1.0.432
Namuga 1.3M Webcam
OpenOffice.org 3.3
Package de pilotes Windows - MobileTop (sshpmdm) Modem (01/26/2008 2.6.0.0)
Package de pilotes Windows - MobileTop (sshpmdm) Modem (02/23/2007 2.5.0.0)
Package de pilotes Windows - MobileTop (sshpusb) USB (02/23/2007 2.5.0.0)
Package de pilotes Windows - Nokia pccsmcfd (10/12/2007 6.85.4.0)
PC Connectivity Solution
Picasa 3
QuickTime
ReadPlease 2003/ReadPlease PLUS 2003
Realtek High Definition Audio Driver
REALTEK Wireless LAN Software
Revo Uninstaller Pro 2.4.1
SAMSUNG Mobile Composite Device Software
Samsung Mobile Modem Device Software
SAMSUNG Mobile Modem Driver Set
SAMSUNG Mobile Modem V2 Software
Samsung Mobile phone USB driver Drive Software
SAMSUNG Mobile USB Modem 1.0 Software
SAMSUNG Mobile USB Modem Software
Samsung New PC Studio
Samsung New PC Studio USB Driver Installer
Samsung Recovery Solution 4
Samsung Support Center
Samsung Update Plus
SAMSUNG USB Mobile Device Software
SamsungConnectivityCableDriver
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2553074)
Security Update for 2007 Microsoft Office System (KB2553089)
Security Update for 2007 Microsoft Office System (KB2553090)
Security Update for 2007 Microsoft Office System (KB2584063)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2553073)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
Security Update for Microsoft Office Publisher 2007 (KB2284697)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Security Update for Module linguistique Microsoft .NET Framework 4 Client Profile FRA (KB2478663)
Security Update for Module linguistique Microsoft .NET Framework 4 Client Profile FRA (KB2518870)
Skype Toolbars
Skype™ 5.3
SUPERAntiSpyware
Synaptics Pointing Device Driver
UltraMon
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Outlook 2007 (KB2583910)
Update for Outlook 2007 Junk Email Filter (KB2596560)
User Guide
Visual Studio C++ 10.0 Runtime
VLC media player 1.1.11
Windows Live
Windows Live Communications Platform
Windows Live Family Safety
Windows Live FolderShare
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Player Firefox Plugin
Zylom Games Player Plugin
.
==== End Of File ===========================

RKUnHooker log
----------------
RkU Version: 3.8.389.593, Type LE (SR2)
==============================================
OS Name: Windows 7
Version 6.1.7601 (Service Pack 1)
Number of processors #2
==============================================
>Drivers
==============================================
0x9680E000 C:\windows\system32\DRIVERS\atikmdag.sys 5505024 bytes (ATI Technologies Inc., ATI Radeon Kernel Mode Driver)
0x83040000 C:\windows\system32\ntoskrnl.exe 4206592 bytes (Microsoft Corporation, NT Kernel & System)
0x83040000 PnpManager 4206592 bytes
0x83040000 RAW 4206592 bytes
0x83040000 WMIxWDM 4206592 bytes
0x97837000 C:\windows\system32\drivers\RTKVHDA.sys 2772992 bytes (Realtek Semiconductor Corp., Realtek® High Definition Audio Function Driver)
0x9A0E0000 Win32k 2424832 bytes
0x9A0E0000 C:\windows\System32\win32k.sys 2424832 bytes (Microsoft Corporation, Pilote Win32 multi-utilisateurs)
0x8C03B000 C:\windows\System32\drivers\tcpip.sys 1351680 bytes (Microsoft Corporation, Pilote TCP/IP)
0x96EC2000 C:\windows\system32\DRIVERS\athr.sys 1286144 bytes (Atheros Communications, Inc., Atheros Extensible Wireless LAN device driver)
0x8BD71000 C:\windows\System32\Drivers\Ntfs.sys 1241088 bytes (Microsoft Corporation, Pilote du système de fichiers NT)
0x97590000 C:\windows\System32\Drivers\dump_iaStor.sys 892928 bytes
0x8BC05000 C:\windows\system32\DRIVERS\iaStor.sys 892928 bytes (Intel Corporation, Intel Matrix Storage Manager driver - ia32)
0x96D4E000 C:\windows\System32\drivers\dxgkrnl.sys 749568 bytes (Microsoft Corporation, DirectX Graphics Kernel)
0x8BB3D000 C:\windows\system32\drivers\ndis.sys 749568 bytes (Microsoft Corporation, Pilote NDIS 6.20)
0x8B8F0000 C:\windows\system32\CI.dll 700416 bytes (Microsoft Corporation, Module d’intégrité du code)
0x8C2AA000 C:\windows\system32\drivers\peauth.sys 618496 bytes (Microsoft Corporation, Protected Environment Authentication and Authorization Export Driver)
0x976D3000 C:\windows\system32\drivers\HTTP.sys 544768 bytes (Microsoft Corporation, HTTP Pile du protocole)
0x8B810000 C:\windows\system32\mcupdate_GenuineIntel.dll 544768 bytes (Microsoft Corporation, Intel Microcode Update Library)
0x8B99B000 C:\windows\system32\drivers\Wdf01000.sys 462848 bytes (Microsoft Corporation, Runtime de l’infrastructure de pilotes en mode noyau)
0x92C26000 C:\windows\System32\Drivers\aswSnx.SYS 458752 bytes (AVAST Software, avast! Virtualization Driver)
0x8BEDE000 C:\windows\System32\Drivers\cng.sys 380928 bytes (Microsoft Corporation, Kernel Cryptography, Next Generation)
0x92D4A000 C:\windows\system32\drivers\afd.sys 368640 bytes
0xA5888000 C:\windows\System32\DRIVERS\srv.sys 335872 bytes (Microsoft Corporation, Server driver)
0x92F96000 C:\windows\system32\DRIVERS\yk62x86.sys 331776 bytes (-, -)
0x974F8000 C:\windows\system32\drivers\HdAudio.sys 327680 bytes (Microsoft Corporation, High Definition Audio Function Driver)
0xA5838000 C:\windows\System32\DRIVERS\srv2.sys 327680 bytes (Microsoft Corporation, Smb 2.0 Server driver)
0x92F28000 C:\windows\System32\Drivers\aswSP.SYS 315392 bytes (AVAST Software, avast! self protection module)
0x96E68000 C:\windows\system32\DRIVERS\USBPORT.SYS 307200 bytes (Microsoft Corporation, Pilote de port USB 1.1 & 2.0)
0x8BADC000 C:\windows\System32\drivers\volmgrx.sys 307200 bytes (Microsoft Corporation, Pilote d’extension du gestionnaire de volumes)
0x8BA1A000 C:\windows\system32\drivers\ACPI.sys 294912 bytes (Microsoft Corporation, Pilote ACPI pour NT)
0x9766A000 C:\windows\system32\DRIVERS\nwifi.sys 286720 bytes (Microsoft Corporation, Pilote de miniport WiFi natif)
0x974A3000 C:\windows\system32\DRIVERS\usbhub.sys 278528 bytes (Microsoft Corporation, Default Hub Driver for USB)
0x8B8AE000 C:\windows\system32\CLFS.SYS 270336 bytes (Microsoft Corporation, Common Log File System Driver)
0x92EA1000 C:\windows\system32\DRIVERS\rdbss.sys 266240 bytes (Microsoft Corporation, Pilote du sous-système de mise en mémoire tampon de lecteur redirigé)
0x8C1B6000 C:\windows\system32\drivers\volsnap.sys 258048 bytes (Microsoft Corporation, Pilote de cliché instantané du volume)
0x8BF52000 C:\windows\system32\drivers\NETIO.SYS 253952 bytes (Microsoft Corporation, Network I/O Subsystem)
0x977A6000 C:\windows\system32\DRIVERS\mrxsmb10.sys 241664 bytes (Microsoft Corporation, Longhorn SMB Downlevel SubRdr)
0x97AF3000 C:\windows\System32\Drivers\VMC326.sys 241664 bytes (Vimicro Corporation, Vimicro USB Video Class Camera)
0x8C3C1000 C:\windows\system32\DRIVERS\SynTP.sys 237568 bytes (Synaptics Incorporated, Synaptics Touchpad Driver)
0x96E05000 C:\windows\System32\drivers\dxgmms1.sys 233472 bytes (Microsoft Corporation, DirectX Graphics MMS)
0x97BB8000 C:\windows\system32\drivers\aswMonFlt.sys 229376 bytes (AVAST Software, avast! File System Minifilter for Windows 2003/Vista)
0x83009000 ACPI_HAL 225280 bytes
0x83009000 C:\windows\system32\halmacpi.dll 225280 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0x8BD2C000 C:\windows\system32\drivers\fltmgr.sys 212992 bytes (Microsoft Corporation, Gestionnaire de filtres de système de fichiers Microsoft)
0x97461000 C:\windows\system32\drivers\ks.sys 212992 bytes (Microsoft Corporation, Kernel CSA Library)
0x8C242000 C:\windows\System32\DRIVERS\fvevol.sys 204800 bytes (Microsoft Corporation, BitLocker Drive Encryption Driver)
0x92DD6000 C:\windows\System32\DRIVERS\netbt.sys 204800 bytes (Microsoft Corporation, MBT Transport driver)
0x8C185000 C:\windows\System32\drivers\fwpkclnt.sys 200704 bytes (Microsoft Corporation, FWP/IPsec Kernel-Mode API)
0x97548000 C:\windows\system32\drivers\portcls.sys 192512 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0x8C1FD000 C:\windows\System32\drivers\rdyboost.sys 184320 bytes (Microsoft Corporation, ReadyBoost Driver)
0x8BEA0000 C:\windows\System32\Drivers\msrpc.sys 176128 bytes (Microsoft Corporation, Kernel Remote Procedure Call Provider)
0x8BA73000 C:\windows\system32\drivers\pci.sys 172032 bytes (Microsoft Corporation, Énumérateur Plug-and-Play PCI pour NT)
0x8C285000 C:\windows\system32\DRIVERS\CLASSPNP.SYS 151552 bytes (Microsoft Corporation, SCSI Class System Dll)
0x8BF90000 C:\windows\System32\Drivers\ksecpkg.sys 151552 bytes (Microsoft Corporation, Kernel Security Support Provider Interface Packages)
0x8BCE8000 C:\windows\system32\drivers\ataport.SYS 143360 bytes (Microsoft Corporation, ATAPI Driver Extension)
0x97783000 C:\windows\system32\DRIVERS\mrxsmb.sys 143360 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0x8BFD8000 C:\windows\system32\DRIVERS\ndiswan.sys 139264 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0x92E71000 C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS 139264 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASKUTIL.SYS)
0x8C341000 C:\windows\System32\DRIVERS\srvnet.sys 135168 bytes (Microsoft Corporation, Server Network driver)
0x92F75000 C:\windows\system32\DRIVERS\tunnel.sys 135168 bytes (Microsoft Corporation, Pilote d’interface de tunnel Microsoft)
0x92CB0000 C:\windows\System32\drivers\VIDEOPRT.SYS 135168 bytes (Microsoft Corporation, Video Port Driver)
0x8C3A2000 C:\windows\system32\drivers\cdrom.sys 126976 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0x96E3E000 C:\windows\system32\drivers\HDAudBus.sys 126976 bytes (Microsoft Corporation, High Definition Audio Bus Driver)
0x92E0F000 C:\windows\system32\DRIVERS\pacer.sys 126976 bytes (Microsoft Corporation, Planificateur de paquets QoS)
0x9A370000 C:\windows\System32\cdd.dll 122880 bytes (Microsoft Corporation, Canonical Display Driver)
0x97B9D000 C:\windows\system32\drivers\luafv.sys 110592 bytes (Microsoft Corporation, Pilote de filtre de virtualisation de fichier LUA)
0x977E1000 C:\windows\system32\DRIVERS\mrxsmb20.sys 110592 bytes (Microsoft Corporation, Longhorn SMB 2.0 Redirector)
0x97800000 C:\windows\system32\drivers\WudfPf.sys 106496 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver)
0x97758000 C:\windows\system32\DRIVERS\bowser.sys 102400 bytes (Microsoft Corporation, NT Lan Manager Datagram Receiver Driver)
0x97577000 C:\windows\system32\drivers\drmk.sys 102400 bytes (Microsoft Corporation, Microsoft Trusted Audio Drivers)
0x92F02000 C:\windows\System32\Drivers\dfsc.sys 98304 bytes (Microsoft Corporation, DFS Namespace Client Driver)
0x92FE7000 C:\windows\system32\drivers\i8042prt.sys 98304 bytes (Microsoft Corporation, Pilote de port i8042)
0x8BFB5000 C:\windows\system32\DRIVERS\rasl2tp.sys 98304 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0x97419000 C:\windows\system32\DRIVERS\raspppoe.sys 98304 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0x97431000 C:\windows\system32\DRIVERS\raspptp.sys 94208 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0x97448000 C:\windows\system32\DRIVERS\rassstp.sys 94208 bytes (Microsoft Corporation, RAS SSTP Miniport Call Manager)
0x92D0F000 C:\windows\system32\DRIVERS\tdx.sys 94208 bytes (Microsoft Corporation, TDI Translation Driver)
0x97ADC000 C:\windows\system32\DRIVERS\usbccgp.sys 94208 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
0x8BB27000 C:\windows\System32\drivers\mountmgr.sys 90112 bytes (Microsoft Corporation, Gestionnaire des points de montage)
0x97B61000 C:\windows\system32\drivers\HIDCLASS.SYS 77824 bytes (Microsoft Corporation, Hid Class Library)
0x8BECB000 C:\windows\System32\Drivers\ksecdd.sys 77824 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0x976C0000 C:\windows\system32\DRIVERS\rspndr.sys 77824 bytes (Microsoft Corporation, Link-Layer Topology Responder Driver for NDIS 6)
0x92E4D000 C:\windows\system32\DRIVERS\wanarp.sys 77824 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0x8C01F000 C:\windows\system32\DRIVERS\AgileVpn.sys 73728 bytes (Microsoft Corporation, RAS Agile Vpn Miniport Call Manager)
0x8C000000 C:\windows\system32\DRIVERS\intelppm.sys 73728 bytes (Microsoft Corporation, Processor Device Driver)
0x97771000 C:\windows\System32\drivers\mpsdrv.sys 73728 bytes (Microsoft Corporation, Microsoft Protection Service Driver)
0x8C274000 C:\windows\system32\DRIVERS\disk.sys 69632 bytes (Microsoft Corporation, PnP Disk Driver)
0x97B3B000 C:\windows\System32\Drivers\dump_dumpfve.sys 69632 bytes
0x8BD60000 C:\windows\system32\drivers\fileinfo.sys 69632 bytes (Microsoft Corporation, FileInfo Filter Driver)
0x974E7000 C:\windows\System32\Drivers\NDProxy.SYS 69632 bytes (Microsoft Corporation, NDIS Proxy)
0x8BAA8000 C:\windows\System32\drivers\partmgr.sys 69632 bytes (Microsoft Corporation, Partition Management Driver)
0x8B895000 C:\windows\system32\PSHED.dll 69632 bytes (Microsoft Corporation, Pilote d’erreurs matérielles spécifiques à une plateforme)
0x92E60000 C:\windows\system32\drivers\termdd.sys 69632 bytes (Microsoft Corporation, Remote Desktop Server Driver)
0x92E2E000 C:\windows\system32\DRIVERS\vwififlt.sys 69632 bytes (Microsoft Corporation, Virtual WiFi Filter Driver)
0x9781A000 C:\windows\system32\DRIVERS\lltdio.sys 65536 bytes (Microsoft Corporation, Link-Layer Topology Mapper I/O Driver)
0x8C22A000 C:\windows\System32\Drivers\mup.sys 65536 bytes (Microsoft Corporation, Multiple UNC Provider Driver)
0x976B0000 C:\windows\system32\DRIVERS\ndisuio.sys 65536 bytes (Microsoft Corporation, Pilote d’E/S du mode utilisateur NDIS)
0x8BACC000 C:\windows\system32\drivers\volmgr.sys 65536 bytes (Microsoft Corporation, Volume Manager Driver)
0x96EB3000 C:\windows\system32\DRIVERS\usbehci.sys 61440 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0x92F1A000 C:\windows\system32\DRIVERS\blbdrive.sys 57344 bytes (Microsoft Corporation, BLB Drive Driver)
0x92E3F000 C:\windows\system32\DRIVERS\netbios.sys 57344 bytes (Microsoft Corporation, NetBIOS interface driver)
0x92D01000 C:\windows\System32\Drivers\Npfs.SYS 57344 bytes (Microsoft Corporation, NPFS Driver)
0x8BD15000 C:\windows\system32\drivers\PCIIDEX.SYS 57344 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0x8BF3B000 C:\windows\System32\drivers\pcw.sys 57344 bytes (Microsoft Corporation, Performance Counters for Windows Driver)
0x97495000 C:\windows\system32\drivers\umbus.sys 57344 bytes (Microsoft Corporation, User-Mode Bus Enumerator)
0x8BA0C000 C:\windows\system32\drivers\WDFLDR.SYS 57344 bytes (Microsoft Corporation, Kernel Mode Driver Framework Loader)
!!!!!!!!!!!Hidden driver: 0x92D3D000 00001720 53248 bytes
0x8C012000 C:\windows\system32\drivers\CompositeBus.sys 53248 bytes (Microsoft Corporation, Multi-Transport Composite Bus Enumerator)
0x97B2E000 C:\windows\System32\Drivers\crashdmp.sys 53248 bytes (Microsoft Corporation, Crash Dump Driver)
0x92C00000 C:\windows\system32\drivers\kbdclass.sys 53248 bytes (Microsoft Corporation, Pilote de la classe Clavier)
0x92C0D000 C:\windows\system32\drivers\mouclass.sys 53248 bytes (Microsoft Corporation, Pilote de la classe Souris)
0x97BF3000 C:\windows\System32\drivers\tcpipreg.sys 53248 bytes (Microsoft Corporation, TCP/IP Registry Compatibility Driver)
0x92CD1000 C:\windows\System32\drivers\watchdog.sys 53248 bytes (Microsoft Corporation, Watchdog Driver)
0x92EF6000 C:\windows\System32\drivers\discache.sys 49152 bytes (Microsoft Corporation, System Indexer/Cache Driver)
0x97B7B000 C:\windows\system32\drivers\kbdhid.sys 49152 bytes (Microsoft Corporation, Pilote de filtre clavier HID)
0x92D26000 C:\windows\system32\DRIVERS\TDI.SYS 49152 bytes (Microsoft Corporation, TDI Wrapper)
0x92CA4000 C:\windows\System32\drivers\vga.sys 49152 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0x92D32000 C:\windows\System32\Drivers\aswTdi.SYS 45056 bytes (AVAST Software, avast! TDI Filter Driver)
0x8BAC1000 C:\windows\system32\DRIVERS\BATTC.SYS 45056 bytes (Microsoft Corporation, Battery Class Driver)
0x92DBA000 C:\windows\system32\DRIVERS\dsNcAdpt.sys 45056 bytes (Juniper Networks, dsNcAdapter)
0x97B56000 C:\windows\system32\drivers\hidusb.sys 45056 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0x97B92000 C:\windows\system32\DRIVERS\monitor.sys 45056 bytes (Microsoft Corporation, Monitor Driver)
0x97B87000 C:\windows\system32\DRIVERS\mouhid.sys 45056 bytes (Microsoft Corporation, Pilote de filtre souris HID)
0x92CF6000 C:\windows\System32\Drivers\Msfs.SYS 45056 bytes (Microsoft Corporation, Mailslot driver)
0x8BFCD000 C:\windows\system32\DRIVERS\ndistapi.sys 45056 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0x96E5D000 C:\windows\system32\DRIVERS\usbuhci.sys 45056 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0x8BA9D000 C:\windows\system32\drivers\vdrvroot.sys 45056 bytes (Microsoft Corporation, Énumérateur racine de lecteur virtuel)
0x97B4C000 C:\windows\System32\drivers\Dxapi.sys 40960 bytes (Microsoft Corporation, DirectX API Driver)
0x8BD0B000 C:\windows\system32\drivers\msahci.sys 40960 bytes (Microsoft Corporation, MS AHCI 1.0 Standard Driver)
0x92EEC000 C:\windows\system32\drivers\mssmbios.sys 40960 bytes (Microsoft Corporation, System Management BIOS Driver)
0x92EE2000 C:\windows\system32\drivers\nsiproxy.sys 40960 bytes (Microsoft Corporation, NSI Proxy)
0x9782A000 C:\windows\System32\Drivers\secdrv.SYS 40960 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver)
0x96800000 C:\windows\system32\DRIVERS\vwifibus.sys 40960 bytes (Microsoft Corporation, Pilote de bus WiFi virtuel)
!!!!!!!!!!!Hidden driver: 0x92DC6000 2161665392 36864 bytes
0x8BD23000 C:\windows\system32\drivers\amdxata.sys 36864 bytes (Advanced Micro Devices, Storage Filter Driver)
0x8BCDF000 C:\windows\system32\drivers\atapi.sys 36864 bytes (Microsoft Corporation, ATAPI IDE Miniport Driver)
0xA594B000 C:\windows\System32\Drivers\BlackBox.SYS 36864 bytes (RKU Driver)
0x8BF49000 C:\windows\System32\Drivers\Fs_Rec.sys 36864 bytes (Microsoft Corporation, File System Recognizer Driver)
0x9A340000 C:\windows\System32\TSDDD.dll 36864 bytes (Microsoft Corporation, Framebuffer Display Driver)
0x8BA62000 C:\windows\system32\drivers\WMILIB.SYS 36864 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0x8B8A6000 C:\windows\system32\BOOTVID.dll 32768 bytes (Microsoft Corporation, VGA Boot Driver)
0x8BAB9000 C:\windows\system32\DRIVERS\compbatt.sys 32768 bytes (Microsoft Corporation, Composite Battery Driver)
0x8C23A000 C:\windows\System32\drivers\hwpolicy.sys 32768 bytes (Microsoft Corporation, Hardware Policy Driver)
0x80BBE000 C:\windows\system32\kdcom.dll 32768 bytes (Microsoft Corporation, Serial Kernel Debugger)
0x8BA6B000 C:\windows\system32\drivers\msisadrv.sys 32768 bytes (Microsoft Corporation, ISA Driver)
0x92CDE000 C:\windows\System32\DRIVERS\RDPCDD.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x92CE6000 C:\windows\system32\drivers\rdpencdd.sys 32768 bytes (Microsoft Corporation, RDP Encoder Miniport)
0x92CEE000 C:\windows\system32\drivers\rdprefmp.sys 32768 bytes (Microsoft Corporation, RDP Reflector Driver Miniport)
0x92E99000 C:\windows\system32\Drivers\SABI.sys 32768 bytes (SAMSUNG ELECTRONICS, SAMSUNG Kernel Driver)
0x8C1F5000 C:\windows\System32\Drivers\spldr.sys 32768 bytes (Microsoft Corporation, loader for security processor)
0x92DCF000 C:\windows\System32\Drivers\aswRdr.SYS 28672 bytes (AVAST Software, avast! TDI RDR Driver)
0x92C9D000 C:\windows\System32\Drivers\Beep.SYS 28672 bytes (Microsoft Corporation, BEEP Driver)
0x97B74000 C:\windows\system32\drivers\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0xA5944000 C:\Users\laptop\AppData\Local\Temp\mbr.sys 28672 bytes
0x92C96000 C:\windows\System32\Drivers\Null.SYS 28672 bytes (Microsoft Corporation, NULL Driver)
0x92E08000 C:\windows\system32\DRIVERS\wfplwf.sys 28672 bytes (Microsoft Corporation, WFP NDIS 6.20 Lightweight Filter Driver)
0x92C1A000 C:\windows\system32\DRIVERS\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)
0x92E93000 C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS 24576 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASDIFSV.SYS)
0x9680A000 C:\windows\system32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver)
0x97BF0000 C:\windows\System32\Drivers\aswFsBlk.SYS 12288 bytes (AVAST Software, avast! File System Access Blocking Driver)
0x97834000 C:\Program Files\Common Files\Realtime Soft\UltraMonMirrorDrv\x32\UltraMonUtility.sys 12288 bytes (Realtime Soft Ltd, UltraMon Utility Driver)
0x9745F000 C:\windows\system32\drivers\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0x96FFC000 C:\windows\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
==============================================
>Stealth
==============================================
0x92DCA3E0 Unknown thread object [ ETHREAD 0x87237020 ] TID: 312, 600 bytes
0x92DCA3E0 Unknown thread object [ ETHREAD 0x870DD9D8 ] TID: 316, 600 bytes
0x92D43BB0 Unknown thread object [ ETHREAD 0x870DD700 ] TID: 320, 600 bytes
0x92D43BB0 Unknown thread object [ ETHREAD 0x87237D48 ] TID: 324, 600 bytes

Cheers,
Patrice

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:03 PM

Posted 01 December 2011 - 08:00 AM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 pfeu

pfeu
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:05:03 AM

Posted 01 December 2011 - 04:48 PM

Hello Gringo,

I got this message "unable to create a backup of the current registry file C:\windows\System32\config\COMPON~1! during the ComboFix execution.
Otherwise, it ran properly.
please find below the log:

ComboFix 11-12-01.03 - laptop 02/12/2011 8:27.1.2 - x86
Microsoft Windows 7 Édition Familiale Premium 6.1.7601.1.1252.33.1036.18.3037.2365 [GMT 11:00]
Lancé depuis: c:\users\laptop\Desktop\ComboFix2.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\FullRemove.exe
c:\users\laptop\AppData\Roaming\.#
c:\windows\$NtUninstallKB50273$
c:\windows\$NtUninstallKB50273$\576483336
c:\windows\$NtUninstallKB50273$\976486826\@
c:\windows\$NtUninstallKB50273$\976486826\L\xadqgnnk
c:\windows\$NtUninstallKB50273$\976486826\loader.tlb
c:\windows\$NtUninstallKB50273$\976486826\U\$000000c0
c:\windows\$NtUninstallKB50273$\976486826\U\$80000000
c:\windows\$NtUninstallKB50273$\976486826\U\$800000cb
c:\windows\$NtUninstallKB50273$\976486826\U\$800000cf
c:\windows\$NtUninstallKB50273$\976486826\U\@00000001
c:\windows\$NtUninstallKB50273$\976486826\U\@000000c0
c:\windows\$NtUninstallKB50273$\976486826\U\@000000cb
c:\windows\$NtUninstallKB50273$\976486826\U\@000000cf
c:\windows\$NtUninstallKB50273$\976486826\U\@80000000
c:\windows\$NtUninstallKB50273$\976486826\U\@800000c0
c:\windows\$NtUninstallKB50273$\976486826\U\@800000cb
c:\windows\$NtUninstallKB50273$\976486826\U\@800000cf
c:\windows\system32\
c:\windows\system32\c_21904.nls
.
Une copie infectée de c:\windows\system32\drivers\afd.sys a été trouvée et désinfectée
Copie restaurée à partir de - The cat found it :)
.
((((((((((((((((((((((((((((( Fichiers créés du 2011-11-01 au 2011-12-01 ))))))))))))))))))))))))))))))))))))
.
.
2011-12-01 21:37 . 2011-12-01 21:37 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6B76AED4-3F40-402D-B4B4-66AC12BFE8CF}\offreg.dll
2011-12-01 21:36 . 2011-12-01 21:38 -------- d-----w- c:\users\laptop\AppData\Local\temp
2011-12-01 10:29 . 2011-12-01 10:29 -------- d-----w- c:\users\laptop\AppData\Local\Apple
2011-12-01 10:26 . 2011-10-17 14:28 6668624 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6B76AED4-3F40-402D-B4B4-66AC12BFE8CF}\mpengine.dll
2011-11-26 15:15 . 2011-11-26 15:15 -------- d-----w- c:\program files\Trend Micro
2011-11-23 21:39 . 2011-09-06 19:37 320856 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-11-23 21:39 . 2011-09-06 19:36 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-11-23 21:39 . 2011-09-06 19:36 52568 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-11-23 21:39 . 2011-09-06 19:36 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-11-23 21:39 . 2011-09-06 19:38 442200 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-11-23 21:39 . 2011-09-06 19:36 54616 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-11-23 21:39 . 2011-09-06 19:45 41184 ----a-w- c:\windows\avastSS.scr
2011-11-23 21:39 . 2011-09-06 19:45 199304 ----a-w- c:\windows\system32\aswBoot.exe_1322359146.arl
2011-11-23 21:38 . 2011-11-23 21:38 -------- d-----w- c:\users\laptop\AppData\Local\Adobe
2011-11-23 12:38 . 2011-11-23 12:38 -------- d-----w- c:\program files\Avira
2011-11-23 10:48 . 2011-11-23 21:39 -------- d-----w- c:\programdata\AVAST Software
2011-11-23 10:48 . 2011-11-23 10:48 -------- d-----w- c:\program files\AVAST Software
2011-11-23 08:12 . 2011-11-23 08:12 -------- d-----w- c:\users\laptop\AppData\Roaming\SUPERAntiSpyware.com
2011-11-23 08:12 . 2011-11-23 08:12 -------- d-----w- c:\programdata\!SASCORE
2011-11-23 08:12 . 2011-11-23 12:26 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-11-23 08:12 . 2011-11-23 08:12 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-11-23 08:07 . 2011-11-23 08:07 -------- d-----w- c:\windows\Sun
2011-11-22 10:41 . 2011-11-22 10:41 -------- d-----w- C:\avrescue
2011-11-22 08:45 . 2011-05-24 07:14 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-11-21 22:02 . 2011-11-21 22:02 -------- d-sh--w- c:\windows\system32\%APPDATA%
2011-11-18 10:01 . 2011-11-18 10:01 -------- d-----w- c:\program files\ma-config.com
2011-11-18 10:01 . 2011-11-18 10:01 -------- d-----w- c:\programdata\ma-config.com
2011-11-09 10:03 . 2011-11-09 10:03 -------- d-----w- c:\users\laptop\AppData\Local\Apps
2011-11-09 09:44 . 2011-09-29 16:03 1290608 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-09 09:44 . 2011-10-01 04:37 708608 ----a-w- c:\program files\Common Files\System\wab32.dll
2011-11-09 09:44 . 2011-09-29 03:37 2341888 ----a-w- c:\windows\system32\win32k.sys
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-21 21:59 . 2011-06-28 10:52 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-03 03:36 . 2010-06-24 00:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-09-06 19:45 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Creative WebCam Tray"="c:\program files\Creative\Shared Files\CamTray.exe" [2005-10-27 299008]
"AutoStartNPSAgent"="c:\program files\Samsung\Samsung New PC Studio\NPSAgent.exe" [2010-10-06 102400]
"RESTART_STICKY_NOTES"="c:\windows\System32\StikyNot.exe" [2009-07-14 354304]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-09-01 98304]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-09-29 7744032]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-02-26 1713448]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-02-25 218408]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-04-28 142120]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-07-27 1983816]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2009-03-18 767312]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-08-31 1047208]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-08-31 1047208]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-09-06 3722416]
.
c:\users\laptop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
UltraMon.lnk - c:\windows\Installer\{B49673F8-7AB6-4A14-8213-C8A7BE370010}\IcoUltraMon.ico [2010-12-9 29310]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0aswBoot.exe /A:* /L:1036 /KBD:3 /dir:C:\Program
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [x]
R2 OberonGameConsoleService;Oberon Media Game Console service;c:\program files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe [x]
R2 Rezip;Rezip;c:\windows\SYSTEM32\Rezip.exe [x]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2009-07-14 36608]
R3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [2011-11-13 311928]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [2009-12-30 27192]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]
R3 TrueSight;TrueSight;c:\windows\system32\drivers\TrueSight.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 V0260VID;Live! Cam Vista IM;c:\windows\system32\DRIVERS\V0260Vid.sys [2007-05-25 154560]
R3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-27 1343400]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [2009-05-28 10752]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2011-07-22 12880]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 67664]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-09-06 54616]
S2 UltraMonUtility;UltraMon Utility Driver;c:\program files\Common Files\Realtime Soft\UltraMonMirrorDrv\x32\UltraMonUtility.sys [2008-11-13 17184]
S2 yksvc;Marvell Yukon Service;c:\windows\System32\svchost.exe [2009-07-14 20992]
S3 VMC326;Vimicro Camera Service VMC326;c:\windows\system32\Drivers\VMC326.sys [2009-08-10 237696]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-09-28 315392]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
yksvcs REG_MULTI_SZ yksvc
.
Contenu du dossier 'Tâches planifiées'
.
.
------- Examen supplémentaire -------
.
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\laptop\AppData\Roaming\Mozilla\Firefox\Profiles\sodf3ncv.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=WLETDF&PC=WLEM&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://au.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=WLETDF&PC=WLEM&q=
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Skype extension: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - c:\program files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - Ext: English (Australian) Dictionary: en-AU@dictionaries.addons.mozilla.org - %profile%\extensions\en-AU@dictionaries.addons.mozilla.org
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Ext: BitDefender QuickScan: {e001c731-5e37-4538-a5cb-8168736a2360} - %profile%\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
FF - Ext: avast! WebRep: wrc@avast.com - c:\program files\AVAST Software\Avast\WebRep\FF
FF - user.js: yahoo.homepage.dontask - true);user_pref(extensions.kwiclick.channel.campaign,'AddonFoxInt'
user_pref(extensions.kwiclick.channel.content,'AddonFoxInt');
user_pref(extensions.kwiclick.channel.id,'AddonFoxInt');
user_pref(extensions.kwiclick.channel.cse,'009607407620987551725:3hfwsbgoj80');
user_pref(extensions.kwiclick.channel.medium,'cpa');
user_pref(extensions.kwiclick.channel.source,'AddonFoxInt');
user_pref(extensions.kwiclick.channel.set,true);
.
- - - - ORPHELINS SUPPRIMES - - - -
.
Toolbar-Locked - (no file)
HKLM-Run-NPSStartup - (no file)
AddRemove-LSI Soft Modem - c:\windows\agrsmdel
.
.
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.1.7601
.
CreateFile("\\.\PHYSICALDRIVE0"): Le processus ne peut pas accéder au fichier car ce fichier est utilisé par un autre processus.
device: opened successfully
user: error reading MBR
kernel: MBR read successfully
user != kernel MBR !!!
.
**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,f6,c1,2c,de,2b,c1,51,44,89,88,64,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,f6,c1,2c,de,2b,c1,51,44,89,88,64,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\system32\taskhost.exe
c:\program files\Samsung\Samsung Update Plus\SUPBackground.exe
c:\program files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
c:\program files\Samsung\Samsung Support Center\SSCKbdHk.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\system32\conhost.exe
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\windows\system32\msiexec.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\windows\system32\sppsvc.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Heure de fin: 2011-12-02 08:43:05 - La machine a redémarré
ComboFix-quarantined-files.txt 2011-12-01 21:43
.
Avant-CF: 36 409 864 192 octets libres
Après-CF: 36 717 285 376 octets libres
.
- - End Of File - - 63A7A74031BEC3DBF425312FC0F89946

#6 pfeu

pfeu
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:05:03 AM

Posted 01 December 2011 - 05:05 PM

Gringo,

just to add that a chkdsk were automatically launched at one reboot during the comboFix execution.

I am checking the behaviour of my computer to see if it goes better.
in order to do that, I would like to de-install avast (that I installed because the virus disabled antivir) and re-install from scratch antivir.
then, perform full scan.
are you ok with that ?

Cheers,
Patrice

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:03 PM

Posted 01 December 2011 - 09:24 PM

Hello


don't run any scans yet


I want you to run this tool for me next.

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 pfeu

pfeu
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:05:03 AM

Posted 01 December 2011 - 10:25 PM

Hello Gringo,

I am afraid that I misunderstood your previous message
""How is the computer doing now?""
My first thought was to scan the pc in order to check that.
I have already scanned the pc using gmer (and compare the two log files), bitfender on line and avast.
And finally, I asked regarding antivir as I had to install it.

what do you advise regarding that:
- I continue and run TDSSKiller as you mentionned in your last post
- or I re-run combofix and then run TDSSKiller
- or doing something else?

Please let me know.

thank you
Patrice

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:03 PM

Posted 01 December 2011 - 11:47 PM

Hello


Don't run any scans that I do not ask for - we don't want something removed that I have no control over and the results of the scans my only confuse you.


at this time I would like you to scan with TDSSKiller


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 pfeu

pfeu
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:05:03 AM

Posted 02 December 2011 - 03:29 AM

Hello Gringo,

please find attached the log file. nothing was detected.

19:11:02.0742 2364 TDSS rootkit removing tool 2.6.21.0 Nov 24 2011 12:32:44
19:11:03.0553 2364 ============================================================
19:11:03.0553 2364 Current date / time: 2011/12/02 19:11:03.0553
19:11:03.0553 2364 SystemInfo:
19:11:03.0553 2364
19:11:03.0553 2364 OS Version: 6.1.7601 ServicePack: 1.0
19:11:03.0553 2364 Product type: Workstation
19:11:03.0553 2364 ComputerName: LAPTOP-PC
19:11:03.0553 2364 UserName: laptop
19:11:03.0553 2364 Windows directory: C:\windows
19:11:03.0553 2364 System windows directory: C:\windows
19:11:03.0553 2364 Processor architecture: Intel x86
19:11:03.0553 2364 Number of processors: 2
19:11:03.0553 2364 Page size: 0x1000
19:11:03.0553 2364 Boot type: Normal boot
19:11:03.0553 2364 ============================================================
19:11:04.0006 2364 Initialize success
19:11:07.0063 3724 ============================================================
19:11:07.0063 3724 Scan started
19:11:07.0063 3724 Mode: Manual;
19:11:07.0063 3724 ============================================================
19:11:07.0656 3724 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\windows\system32\drivers\1394ohci.sys
19:11:07.0656 3724 1394ohci - ok
19:11:07.0703 3724 ACPI (cea80c80bed809aa0da6febc04733349) C:\windows\system32\drivers\ACPI.sys
19:11:07.0703 3724 ACPI - ok
19:11:07.0750 3724 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\windows\system32\drivers\acpipmi.sys
19:11:07.0750 3724 AcpiPmi - ok
19:11:07.0874 3724 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\windows\system32\DRIVERS\adp94xx.sys
19:11:07.0890 3724 adp94xx - ok
19:11:07.0921 3724 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\windows\system32\DRIVERS\adpahci.sys
19:11:07.0921 3724 adpahci - ok
19:11:07.0937 3724 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\windows\system32\DRIVERS\adpu320.sys
19:11:07.0937 3724 adpu320 - ok
19:11:08.0062 3724 AFD (c427f91a748cd342a2b3f9278d9fd6a5) C:\windows\system32\drivers\afd.sys
19:11:08.0062 3724 AFD - ok
19:11:08.0140 3724 AgereSoftModem (07758c2196a62f207f77556311e7459a) C:\windows\system32\DRIVERS\AGRSM.sys
19:11:08.0155 3724 AgereSoftModem - ok
19:11:08.0233 3724 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\windows\system32\drivers\agp440.sys
19:11:08.0233 3724 agp440 - ok
19:11:08.0389 3724 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\windows\system32\DRIVERS\djsvs.sys
19:11:08.0389 3724 aic78xx - ok
19:11:08.0467 3724 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\windows\system32\drivers\aliide.sys
19:11:08.0467 3724 aliide - ok
19:11:08.0530 3724 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\windows\system32\drivers\amdagp.sys
19:11:08.0530 3724 amdagp - ok
19:11:08.0592 3724 amdide (cd5914170297126b6266860198d1d4f0) C:\windows\system32\drivers\amdide.sys
19:11:08.0592 3724 amdide - ok
19:11:08.0654 3724 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\windows\system32\DRIVERS\amdk8.sys
19:11:08.0654 3724 AmdK8 - ok
19:11:08.0686 3724 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\windows\system32\DRIVERS\amdppm.sys
19:11:08.0686 3724 AmdPPM - ok
19:11:08.0748 3724 amdsata (d320bf87125326f996d4904fe24300fc) C:\windows\system32\drivers\amdsata.sys
19:11:08.0748 3724 amdsata - ok
19:11:08.0779 3724 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\windows\system32\DRIVERS\amdsbs.sys
19:11:08.0795 3724 amdsbs - ok
19:11:08.0857 3724 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\windows\system32\drivers\amdxata.sys
19:11:08.0857 3724 amdxata - ok
19:11:08.0935 3724 AppID (aea177f783e20150ace5383ee368da19) C:\windows\system32\drivers\appid.sys
19:11:08.0935 3724 AppID - ok
19:11:09.0044 3724 arc (2932004f49677bd84dbc72edb754ffb3) C:\windows\system32\DRIVERS\arc.sys
19:11:09.0044 3724 arc - ok
19:11:09.0060 3724 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\windows\system32\DRIVERS\arcsas.sys
19:11:09.0060 3724 arcsas - ok
19:11:09.0185 3724 aswFsBlk (c47623ffd181a1e7d63574dde2a0a711) C:\windows\system32\drivers\aswFsBlk.sys
19:11:09.0185 3724 aswFsBlk - ok
19:11:09.0278 3724 aswMonFlt (4804753a4ec7d67cc22d226bffd1c1e3) C:\windows\system32\drivers\aswMonFlt.sys
19:11:09.0278 3724 aswMonFlt - ok
19:11:09.0388 3724 aswRdr (36239e24470a3dd81fae37510953cc6c) C:\windows\system32\drivers\aswRdr.sys
19:11:09.0388 3724 aswRdr - ok
19:11:09.0481 3724 aswSnx (caa846e9c83836bdc3d2d700c678db65) C:\windows\system32\drivers\aswSnx.sys
19:11:09.0481 3724 aswSnx - ok
19:11:09.0559 3724 aswSP (748ae7f2d7da33adb063fe05704a9969) C:\windows\system32\drivers\aswSP.sys
19:11:09.0559 3724 aswSP - ok
19:11:09.0653 3724 aswTdi (ca9925ce1dbd07ffe1eb357752cf5577) C:\windows\system32\drivers\aswTdi.sys
19:11:09.0653 3724 aswTdi - ok
19:11:09.0731 3724 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\windows\system32\DRIVERS\asyncmac.sys
19:11:09.0746 3724 AsyncMac - ok
19:11:09.0809 3724 atapi (338c86357871c167a96ab976519bf59e) C:\windows\system32\drivers\atapi.sys
19:11:09.0809 3724 atapi - ok
19:11:09.0902 3724 athr (8efa8e1c4c5eea27951a8dd015ffe4cd) C:\windows\system32\DRIVERS\athr.sys
19:11:09.0918 3724 athr - ok
19:11:10.0183 3724 atikmdag (745c79700646c3f285cd09775618a04b) C:\windows\system32\DRIVERS\atikmdag.sys
19:11:10.0308 3724 atikmdag - ok
19:11:10.0636 3724 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\windows\system32\DRIVERS\bxvbdx.sys
19:11:10.0667 3724 b06bdrv - ok
19:11:10.0807 3724 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\windows\system32\DRIVERS\b57nd60x.sys
19:11:10.0807 3724 b57nd60x - ok
19:11:10.0994 3724 Beep (505506526a9d467307b3c393dedaf858) C:\windows\system32\drivers\Beep.sys
19:11:10.0994 3724 Beep - ok
19:11:11.0057 3724 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\windows\system32\DRIVERS\blbdrive.sys
19:11:11.0057 3724 blbdrive - ok
19:11:11.0135 3724 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\windows\system32\DRIVERS\bowser.sys
19:11:11.0150 3724 bowser - ok
19:11:11.0197 3724 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\windows\system32\DRIVERS\BrFiltLo.sys
19:11:11.0197 3724 BrFiltLo - ok
19:11:11.0228 3724 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\windows\system32\DRIVERS\BrFiltUp.sys
19:11:11.0228 3724 BrFiltUp - ok
19:11:11.0587 3724 Brserid (845b8ce732e67f3b4133164868c666ea) C:\windows\System32\Drivers\Brserid.sys
19:11:11.0603 3724 Brserid - ok
19:11:11.0774 3724 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\windows\System32\Drivers\BrSerWdm.sys
19:11:11.0774 3724 BrSerWdm - ok
19:11:11.0930 3724 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\windows\System32\Drivers\BrUsbMdm.sys
19:11:11.0930 3724 BrUsbMdm - ok
19:11:12.0133 3724 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\windows\System32\Drivers\BrUsbSer.sys
19:11:12.0149 3724 BrUsbSer - ok
19:11:12.0305 3724 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\windows\system32\drivers\BthEnum.sys
19:11:12.0320 3724 BthEnum - ok
19:11:12.0367 3724 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\windows\system32\DRIVERS\bthmodem.sys
19:11:12.0367 3724 BTHMODEM - ok
19:11:12.0476 3724 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\windows\system32\DRIVERS\bthpan.sys
19:11:12.0476 3724 BthPan - ok
19:11:12.0554 3724 BTHPORT (c2fbf6d271d9a94d839c416bf186ead9) C:\windows\System32\Drivers\BTHport.sys
19:11:12.0554 3724 BTHPORT - ok
19:11:12.0804 3724 BTHUSB (c81e9413a25a439f436b1d4b6a0cf9e9) C:\windows\System32\Drivers\BTHUSB.sys
19:11:12.0820 3724 BTHUSB - ok
19:11:12.0898 3724 catchme - ok
19:11:13.0085 3724 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\windows\system32\DRIVERS\cdfs.sys
19:11:13.0100 3724 cdfs - ok
19:11:13.0319 3724 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\windows\system32\drivers\cdrom.sys
19:11:13.0319 3724 cdrom - ok
19:11:13.0428 3724 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\windows\system32\DRIVERS\circlass.sys
19:11:13.0428 3724 circlass - ok
19:11:13.0475 3724 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\windows\system32\CLFS.sys
19:11:13.0475 3724 CLFS - ok
19:11:13.0631 3724 CmBatt (dea805815e587dad1dd2c502220b5616) C:\windows\system32\DRIVERS\CmBatt.sys
19:11:13.0631 3724 CmBatt - ok
19:11:13.0678 3724 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\windows\system32\drivers\cmdide.sys
19:11:13.0678 3724 cmdide - ok
19:11:13.0709 3724 CNG (1b675691ed940766149c93e8f4488d68) C:\windows\system32\Drivers\cng.sys
19:11:13.0724 3724 CNG - ok
19:11:13.0834 3724 Compbatt (a6023d3823c37043986713f118a89bee) C:\windows\system32\DRIVERS\compbatt.sys
19:11:13.0834 3724 Compbatt - ok
19:11:13.0896 3724 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\windows\system32\drivers\CompositeBus.sys
19:11:13.0896 3724 CompositeBus - ok
19:11:14.0005 3724 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\windows\system32\DRIVERS\crcdisk.sys
19:11:14.0005 3724 crcdisk - ok
19:11:14.0083 3724 DfsC (f024449c97ec1e464aaffda18593db88) C:\windows\system32\Drivers\dfsc.sys
19:11:14.0099 3724 DfsC - ok
19:11:14.0192 3724 discache (1a050b0274bfb3890703d490f330c0da) C:\windows\system32\drivers\discache.sys
19:11:14.0192 3724 discache - ok
19:11:14.0239 3724 Disk (565003f326f99802e68ca78f2a68e9ff) C:\windows\system32\DRIVERS\disk.sys
19:11:14.0255 3724 Disk - ok
19:11:14.0411 3724 driverhardwarev2 (0f1189883690949ba7a9f68339587e51) C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys
19:11:14.0426 3724 driverhardwarev2 - ok
19:11:14.0536 3724 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\windows\system32\drivers\drmkaud.sys
19:11:14.0536 3724 drmkaud - ok
19:11:14.0692 3724 dsNcAdpt (b2c3f71b86e25c3df78339ddb40a7562) C:\windows\system32\DRIVERS\dsNcAdpt.sys
19:11:14.0692 3724 dsNcAdpt - ok
19:11:14.0770 3724 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\windows\System32\drivers\dxgkrnl.sys
19:11:14.0785 3724 DXGKrnl - ok
19:11:14.0972 3724 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\windows\system32\DRIVERS\evbdx.sys
19:11:15.0050 3724 ebdrv - ok
19:11:15.0191 3724 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\windows\system32\DRIVERS\elxstor.sys
19:11:15.0206 3724 elxstor - ok
19:11:15.0284 3724 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\windows\system32\drivers\errdev.sys
19:11:15.0284 3724 ErrDev - ok
19:11:15.0362 3724 exfat (2dc9108d74081149cc8b651d3a26207f) C:\windows\system32\drivers\exfat.sys
19:11:15.0362 3724 exfat - ok
19:11:15.0394 3724 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\windows\system32\drivers\fastfat.sys
19:11:15.0394 3724 fastfat - ok
19:11:15.0503 3724 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\windows\system32\DRIVERS\fdc.sys
19:11:15.0503 3724 fdc - ok
19:11:15.0534 3724 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\windows\system32\drivers\fileinfo.sys
19:11:15.0534 3724 FileInfo - ok
19:11:15.0550 3724 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\windows\system32\drivers\filetrace.sys
19:11:15.0550 3724 Filetrace - ok
19:11:15.0565 3724 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\windows\system32\DRIVERS\flpydisk.sys
19:11:15.0565 3724 flpydisk - ok
19:11:15.0690 3724 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\windows\system32\drivers\fltmgr.sys
19:11:15.0690 3724 FltMgr - ok
19:11:15.0721 3724 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\windows\system32\drivers\FsDepends.sys
19:11:15.0721 3724 FsDepends - ok
19:11:15.0768 3724 fssfltr (d909075fa72c090f27aa926c32cb4612) C:\windows\system32\DRIVERS\fssfltr.sys
19:11:15.0768 3724 fssfltr - ok
19:11:15.0940 3724 FsUsbExDisk (790a4ca68f44be35967b3df61f3e4675) C:\windows\system32\FsUsbExDisk.SYS
19:11:15.0940 3724 FsUsbExDisk - ok
19:11:16.0080 3724 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\windows\system32\drivers\Fs_Rec.sys
19:11:16.0080 3724 Fs_Rec - ok
19:11:16.0142 3724 fvevol (8a73e79089b282100b9393b644cb853b) C:\windows\system32\DRIVERS\fvevol.sys
19:11:16.0142 3724 fvevol - ok
19:11:16.0252 3724 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\windows\system32\DRIVERS\gagp30kx.sys
19:11:16.0252 3724 gagp30kx - ok
19:11:16.0283 3724 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\windows\system32\DRIVERS\GEARAspiWDM.sys
19:11:16.0283 3724 GEARAspiWDM - ok
19:11:16.0392 3724 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\windows\system32\drivers\hcw85cir.sys
19:11:16.0408 3724 hcw85cir - ok
19:11:16.0470 3724 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\windows\system32\drivers\HdAudio.sys
19:11:16.0470 3724 HdAudAddService - ok
19:11:16.0595 3724 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\windows\system32\drivers\HDAudBus.sys
19:11:16.0595 3724 HDAudBus - ok
19:11:16.0626 3724 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\windows\system32\DRIVERS\HidBatt.sys
19:11:16.0626 3724 HidBatt - ok
19:11:16.0657 3724 HidBth (89448f40e6df260c206a193a4683ba78) C:\windows\system32\DRIVERS\hidbth.sys
19:11:16.0673 3724 HidBth - ok
19:11:16.0766 3724 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\windows\system32\DRIVERS\hidir.sys
19:11:16.0766 3724 HidIr - ok
19:11:16.0829 3724 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\windows\system32\drivers\hidusb.sys
19:11:16.0829 3724 HidUsb - ok
19:11:16.0922 3724 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\windows\system32\drivers\HpSAMD.sys
19:11:16.0938 3724 HpSAMD - ok
19:11:17.0016 3724 HTTP (871917b07a141bff43d76d8844d48106) C:\windows\system32\drivers\HTTP.sys
19:11:17.0032 3724 HTTP - ok
19:11:17.0094 3724 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\windows\system32\drivers\hwpolicy.sys
19:11:17.0094 3724 hwpolicy - ok
19:11:17.0156 3724 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\windows\system32\drivers\i8042prt.sys
19:11:17.0156 3724 i8042prt - ok
19:11:17.0234 3724 iaStor (d483687eace0c065ee772481a96e05f5) C:\windows\system32\DRIVERS\iaStor.sys
19:11:17.0234 3724 iaStor - ok
19:11:17.0297 3724 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\windows\system32\drivers\iaStorV.sys
19:11:17.0297 3724 iaStorV - ok
19:11:17.0515 3724 igfx (ad626f6964f4d364d226c39e06872dd3) C:\windows\system32\DRIVERS\igdkmd32.sys
19:11:17.0640 3724 igfx - ok
19:11:17.0749 3724 iirsp (4173ff5708f3236cf25195fecd742915) C:\windows\system32\DRIVERS\iirsp.sys
19:11:17.0749 3724 iirsp - ok
19:11:17.0874 3724 IntcAzAudAddService (db96b8bd676bb24bd4f1dc53ca1f182c) C:\windows\system32\drivers\RTKVHDA.sys
19:11:17.0905 3724 IntcAzAudAddService - ok
19:11:17.0983 3724 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\windows\system32\drivers\intelide.sys
19:11:17.0983 3724 intelide - ok
19:11:18.0046 3724 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\windows\system32\DRIVERS\intelppm.sys
19:11:18.0046 3724 intelppm - ok
19:11:18.0155 3724 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\windows\system32\DRIVERS\ipfltdrv.sys
19:11:18.0155 3724 IpFilterDriver - ok
19:11:18.0217 3724 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\windows\system32\drivers\IPMIDrv.sys
19:11:18.0233 3724 IPMIDRV - ok
19:11:18.0326 3724 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\windows\system32\drivers\ipnat.sys
19:11:18.0326 3724 IPNAT - ok
19:11:18.0373 3724 IRENUM (42996cff20a3084a56017b7902307e9f) C:\windows\system32\drivers\irenum.sys
19:11:18.0373 3724 IRENUM - ok
19:11:18.0467 3724 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\windows\system32\drivers\isapnp.sys
19:11:18.0467 3724 isapnp - ok
19:11:18.0498 3724 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\windows\system32\drivers\msiscsi.sys
19:11:18.0498 3724 iScsiPrt - ok
19:11:18.0545 3724 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\windows\system32\drivers\kbdclass.sys
19:11:18.0545 3724 kbdclass - ok
19:11:18.0654 3724 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\windows\system32\drivers\kbdhid.sys
19:11:18.0654 3724 kbdhid - ok
19:11:18.0701 3724 KSecDD (412cea1aa78cc02a447f5c9e62b32ff1) C:\windows\system32\Drivers\ksecdd.sys
19:11:18.0701 3724 KSecDD - ok
19:11:18.0748 3724 KSecPkg (26c046977e85b95036453d7b88ba1820) C:\windows\system32\Drivers\ksecpkg.sys
19:11:18.0748 3724 KSecPkg - ok
19:11:18.0904 3724 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\windows\system32\DRIVERS\lltdio.sys
19:11:18.0904 3724 lltdio - ok
19:11:18.0966 3724 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\windows\system32\DRIVERS\lsi_fc.sys
19:11:18.0966 3724 LSI_FC - ok
19:11:19.0044 3724 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\windows\system32\DRIVERS\lsi_sas.sys
19:11:19.0060 3724 LSI_SAS - ok
19:11:19.0106 3724 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\windows\system32\DRIVERS\lsi_sas2.sys
19:11:19.0106 3724 LSI_SAS2 - ok
19:11:19.0122 3724 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\windows\system32\DRIVERS\lsi_scsi.sys
19:11:19.0122 3724 LSI_SCSI - ok
19:11:19.0247 3724 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\windows\system32\drivers\luafv.sys
19:11:19.0262 3724 luafv - ok
19:11:19.0294 3724 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\windows\system32\DRIVERS\megasas.sys
19:11:19.0294 3724 megasas - ok
19:11:19.0418 3724 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\windows\system32\DRIVERS\MegaSR.sys
19:11:19.0434 3724 MegaSR - ok
19:11:19.0465 3724 Modem (f001861e5700ee84e2d4e52c712f4964) C:\windows\system32\drivers\modem.sys
19:11:19.0465 3724 Modem - ok
19:11:19.0512 3724 monitor (79d10964de86b292320e9dfe02282a23) C:\windows\system32\DRIVERS\monitor.sys
19:11:19.0512 3724 monitor - ok
19:11:19.0621 3724 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\windows\system32\drivers\mouclass.sys
19:11:19.0621 3724 mouclass - ok
19:11:19.0668 3724 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\windows\system32\DRIVERS\mouhid.sys
19:11:19.0668 3724 mouhid - ok
19:11:19.0715 3724 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\windows\system32\drivers\mountmgr.sys
19:11:19.0715 3724 mountmgr - ok
19:11:19.0808 3724 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\windows\system32\drivers\mpio.sys
19:11:19.0808 3724 mpio - ok
19:11:19.0840 3724 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\windows\system32\drivers\mpsdrv.sys
19:11:19.0840 3724 mpsdrv - ok
19:11:19.0886 3724 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\windows\system32\drivers\mrxdav.sys
19:11:19.0886 3724 MRxDAV - ok
19:11:19.0996 3724 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\windows\system32\DRIVERS\mrxsmb.sys
19:11:20.0011 3724 mrxsmb - ok
19:11:20.0058 3724 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\windows\system32\DRIVERS\mrxsmb10.sys
19:11:20.0058 3724 mrxsmb10 - ok
19:11:20.0074 3724 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\windows\system32\DRIVERS\mrxsmb20.sys
19:11:20.0074 3724 mrxsmb20 - ok
19:11:20.0167 3724 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\windows\system32\drivers\msahci.sys
19:11:20.0167 3724 msahci - ok
19:11:20.0198 3724 msdsm (55055f8ad8be27a64c831322a780a228) C:\windows\system32\drivers\msdsm.sys
19:11:20.0198 3724 msdsm - ok
19:11:20.0261 3724 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\windows\system32\drivers\Msfs.sys
19:11:20.0261 3724 Msfs - ok
19:11:20.0354 3724 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\windows\System32\drivers\mshidkmdf.sys
19:11:20.0354 3724 mshidkmdf - ok
19:11:20.0401 3724 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\windows\system32\drivers\msisadrv.sys
19:11:20.0401 3724 msisadrv - ok
19:11:20.0526 3724 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\windows\system32\drivers\MSKSSRV.sys
19:11:20.0526 3724 MSKSSRV - ok
19:11:20.0557 3724 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\windows\system32\drivers\MSPCLOCK.sys
19:11:20.0557 3724 MSPCLOCK - ok
19:11:20.0573 3724 MSPQM (f456e973590d663b1073e9c463b40932) C:\windows\system32\drivers\MSPQM.sys
19:11:20.0573 3724 MSPQM - ok
19:11:20.0604 3724 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\windows\system32\drivers\MsRPC.sys
19:11:20.0604 3724 MsRPC - ok
19:11:20.0682 3724 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\windows\system32\drivers\mssmbios.sys
19:11:20.0682 3724 mssmbios - ok
19:11:20.0744 3724 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\windows\system32\drivers\MSTEE.sys
19:11:20.0744 3724 MSTEE - ok
19:11:20.0838 3724 MTConfig (33599130f44e1f34631cea241de8ac84) C:\windows\system32\DRIVERS\MTConfig.sys
19:11:20.0838 3724 MTConfig - ok
19:11:20.0869 3724 Mup (159fad02f64e6381758c990f753bcc80) C:\windows\system32\Drivers\mup.sys
19:11:20.0869 3724 Mup - ok
19:11:20.0978 3724 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\windows\system32\DRIVERS\nwifi.sys
19:11:20.0978 3724 NativeWifiP - ok
19:11:21.0072 3724 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\windows\system32\drivers\ndis.sys
19:11:21.0088 3724 NDIS - ok
19:11:21.0197 3724 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\windows\system32\DRIVERS\ndiscap.sys
19:11:21.0212 3724 NdisCap - ok
19:11:21.0259 3724 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\windows\system32\DRIVERS\ndistapi.sys
19:11:21.0259 3724 NdisTapi - ok
19:11:21.0384 3724 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\windows\system32\DRIVERS\ndisuio.sys
19:11:21.0400 3724 Ndisuio - ok
19:11:21.0446 3724 NdisWan (38fbe267e7e6983311179230facb1017) C:\windows\system32\DRIVERS\ndiswan.sys
19:11:21.0446 3724 NdisWan - ok
19:11:21.0493 3724 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\windows\system32\drivers\NDProxy.sys
19:11:21.0493 3724 NDProxy - ok
19:11:21.0618 3724 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\windows\system32\DRIVERS\netbios.sys
19:11:21.0618 3724 NetBIOS - ok
19:11:21.0665 3724 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\windows\system32\DRIVERS\netbt.sys
19:11:21.0665 3724 NetBT - ok
19:11:21.0805 3724 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\windows\system32\DRIVERS\nfrd960.sys
19:11:21.0805 3724 nfrd960 - ok
19:11:21.0852 3724 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\windows\system32\drivers\Npfs.sys
19:11:21.0852 3724 Npfs - ok
19:11:21.0946 3724 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\windows\system32\drivers\nsiproxy.sys
19:11:21.0946 3724 nsiproxy - ok
19:11:22.0024 3724 Ntfs (81189c3d7763838e55c397759d49007a) C:\windows\system32\drivers\Ntfs.sys
19:11:22.0039 3724 Ntfs - ok
19:11:22.0133 3724 Null (f9756a98d69098dca8945d62858a812c) C:\windows\system32\drivers\Null.sys
19:11:22.0133 3724 Null - ok
19:11:22.0164 3724 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\windows\system32\drivers\nvraid.sys
19:11:22.0180 3724 nvraid - ok
19:11:22.0258 3724 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\windows\system32\drivers\nvstor.sys
19:11:22.0258 3724 nvstor - ok
19:11:22.0320 3724 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\windows\system32\drivers\nv_agp.sys
19:11:22.0320 3724 nv_agp - ok
19:11:22.0414 3724 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\windows\system32\drivers\ohci1394.sys
19:11:22.0414 3724 ohci1394 - ok
19:11:22.0476 3724 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\windows\system32\DRIVERS\parport.sys
19:11:22.0476 3724 Parport - ok
19:11:22.0523 3724 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\windows\system32\drivers\partmgr.sys
19:11:22.0523 3724 partmgr - ok
19:11:22.0601 3724 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\windows\system32\DRIVERS\parvdm.sys
19:11:22.0601 3724 Parvdm - ok
19:11:22.0741 3724 pccsmcfd (175cc28dcf819f78caa3fbd44ad9e52a) C:\windows\system32\DRIVERS\pccsmcfd.sys
19:11:22.0757 3724 pccsmcfd - ok
19:11:22.0788 3724 pci (673e55c3498eb970088e812ea820aa8f) C:\windows\system32\drivers\pci.sys
19:11:22.0788 3724 pci - ok
19:11:22.0804 3724 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\windows\system32\drivers\pciide.sys
19:11:22.0804 3724 pciide - ok
19:11:22.0897 3724 pcmcia (f396431b31693e71e8a80687ef523506) C:\windows\system32\DRIVERS\pcmcia.sys
19:11:22.0913 3724 pcmcia - ok
19:11:22.0928 3724 pcw (250f6b43d2b613172035c6747aeeb19f) C:\windows\system32\drivers\pcw.sys
19:11:22.0928 3724 pcw - ok
19:11:22.0960 3724 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\windows\system32\drivers\peauth.sys
19:11:22.0975 3724 PEAUTH - ok
19:11:23.0147 3724 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\windows\system32\DRIVERS\raspptp.sys
19:11:23.0147 3724 PptpMiniport - ok
19:11:23.0162 3724 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\windows\system32\DRIVERS\processr.sys
19:11:23.0178 3724 Processor - ok
19:11:23.0318 3724 Psched (6270ccae2a86de6d146529fe55b3246a) C:\windows\system32\DRIVERS\pacer.sys
19:11:23.0318 3724 Psched - ok
19:11:23.0365 3724 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\windows\system32\DRIVERS\ql2300.sys
19:11:23.0381 3724 ql2300 - ok
19:11:23.0474 3724 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\windows\system32\DRIVERS\ql40xx.sys
19:11:23.0474 3724 ql40xx - ok
19:11:23.0506 3724 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\windows\system32\drivers\qwavedrv.sys
19:11:23.0506 3724 QWAVEdrv - ok
19:11:23.0537 3724 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\windows\system32\DRIVERS\rasacd.sys
19:11:23.0537 3724 RasAcd - ok
19:11:23.0646 3724 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\windows\system32\DRIVERS\AgileVpn.sys
19:11:23.0646 3724 RasAgileVpn - ok
19:11:23.0677 3724 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\windows\system32\DRIVERS\rasl2tp.sys
19:11:23.0677 3724 Rasl2tp - ok
19:11:23.0802 3724 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\windows\system32\DRIVERS\raspppoe.sys
19:11:23.0818 3724 RasPppoe - ok
19:11:23.0833 3724 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\windows\system32\DRIVERS\rassstp.sys
19:11:23.0833 3724 RasSstp - ok
19:11:23.0880 3724 rdbss (d528bc58a489409ba40334ebf96a311b) C:\windows\system32\DRIVERS\rdbss.sys
19:11:23.0880 3724 rdbss - ok
19:11:23.0974 3724 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\windows\system32\DRIVERS\rdpbus.sys
19:11:23.0974 3724 rdpbus - ok
19:11:24.0020 3724 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\windows\system32\DRIVERS\RDPCDD.sys
19:11:24.0020 3724 RDPCDD - ok
19:11:24.0067 3724 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\windows\system32\drivers\rdpencdd.sys
19:11:24.0067 3724 RDPENCDD - ok
19:11:24.0161 3724 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\windows\system32\drivers\rdprefmp.sys
19:11:24.0161 3724 RDPREFMP - ok
19:11:24.0208 3724 RDPWD (288b06960d78428ff89e811632684e20) C:\windows\system32\drivers\RDPWD.sys
19:11:24.0208 3724 RDPWD - ok
19:11:24.0270 3724 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\windows\system32\drivers\rdyboost.sys
19:11:24.0270 3724 rdyboost - ok
19:11:24.0410 3724 Revoflt (b9bb8e2093c1615ad6ea55ad96214354) C:\windows\system32\DRIVERS\revoflt.sys
19:11:24.0410 3724 Revoflt - ok
19:11:24.0488 3724 RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\windows\system32\DRIVERS\rfcomm.sys
19:11:24.0488 3724 RFCOMM - ok
19:11:24.0613 3724 rspndr (032b0d36ad92b582d869879f5af5b928) C:\windows\system32\DRIVERS\rspndr.sys
19:11:24.0613 3724 rspndr - ok
19:11:24.0644 3724 RTL8167 (7dfd48e24479b68b258d8770121155a0) C:\windows\system32\DRIVERS\Rt86win7.sys
19:11:24.0644 3724 RTL8167 - ok
19:11:24.0722 3724 SABI (6e5fbb7cbaec47038b945d5e9b144a64) C:\windows\system32\Drivers\SABI.sys
19:11:24.0722 3724 SABI - ok
19:11:24.0816 3724 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
19:11:24.0816 3724 SASDIFSV - ok
19:11:24.0847 3724 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
19:11:24.0863 3724 SASKUTIL - ok
19:11:24.0972 3724 sbp2port (05d860da1040f111503ac416ccef2bca) C:\windows\system32\drivers\sbp2port.sys
19:11:24.0972 3724 sbp2port - ok
19:11:25.0019 3724 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\windows\system32\DRIVERS\scfilter.sys
19:11:25.0019 3724 scfilter - ok
19:11:25.0066 3724 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\windows\system32\drivers\secdrv.sys
19:11:25.0066 3724 secdrv - ok
19:11:25.0222 3724 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\windows\system32\DRIVERS\serenum.sys
19:11:25.0222 3724 Serenum - ok
19:11:25.0253 3724 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\windows\system32\DRIVERS\serial.sys
19:11:25.0253 3724 Serial - ok
19:11:25.0284 3724 sermouse (79bffb520327ff916a582dfea17aa813) C:\windows\system32\DRIVERS\sermouse.sys
19:11:25.0284 3724 sermouse - ok
19:11:25.0440 3724 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\windows\system32\drivers\sffdisk.sys
19:11:25.0440 3724 sffdisk - ok
19:11:25.0456 3724 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\windows\system32\drivers\sffp_mmc.sys
19:11:25.0456 3724 sffp_mmc - ok
19:11:25.0471 3724 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\windows\system32\drivers\sffp_sd.sys
19:11:25.0471 3724 sffp_sd - ok
19:11:25.0502 3724 sfloppy (db96666cc8312ebc45032f30b007a547) C:\windows\system32\DRIVERS\sfloppy.sys
19:11:25.0502 3724 sfloppy - ok
19:11:25.0627 3724 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\windows\system32\drivers\sisagp.sys
19:11:25.0627 3724 sisagp - ok
19:11:25.0690 3724 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\windows\system32\DRIVERS\SiSRaid2.sys
19:11:25.0690 3724 SiSRaid2 - ok
19:11:25.0705 3724 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\windows\system32\DRIVERS\sisraid4.sys
19:11:25.0705 3724 SiSRaid4 - ok
19:11:25.0799 3724 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\windows\system32\DRIVERS\smb.sys
19:11:25.0814 3724 Smb - ok
19:11:25.0861 3724 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\windows\system32\drivers\spldr.sys
19:11:25.0861 3724 spldr - ok
19:11:26.0002 3724 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\windows\system32\DRIVERS\srv.sys
19:11:26.0002 3724 srv - ok
19:11:26.0017 3724 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\windows\system32\DRIVERS\srv2.sys
19:11:26.0033 3724 srv2 - ok
19:11:26.0048 3724 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\windows\system32\DRIVERS\srvnet.sys
19:11:26.0048 3724 srvnet - ok
19:11:26.0173 3724 sscdbus (d6870895fe46a464a19141440eb6cc1e) C:\windows\system32\DRIVERS\sscdbus.sys
19:11:26.0173 3724 sscdbus - ok
19:11:26.0220 3724 sscdmdfl (0fe167362e4689b716cdc8d93adedda8) C:\windows\system32\DRIVERS\sscdmdfl.sys
19:11:26.0220 3724 sscdmdfl - ok
19:11:26.0345 3724 sscdmdm (55a15707e32b6709242ad127e62ca55a) C:\windows\system32\DRIVERS\sscdmdm.sys
19:11:26.0345 3724 sscdmdm - ok
19:11:26.0407 3724 stexstor (db32d325c192b801df274bfd12a7e72b) C:\windows\system32\DRIVERS\stexstor.sys
19:11:26.0407 3724 stexstor - ok
19:11:26.0485 3724 swenum (e58c78a848add9610a4db6d214af5224) C:\windows\system32\drivers\swenum.sys
19:11:26.0485 3724 swenum - ok
19:11:26.0610 3724 SynTP (069e5728e565bd401347cb94732c4733) C:\windows\system32\DRIVERS\SynTP.sys
19:11:26.0610 3724 SynTP - ok
19:11:26.0704 3724 Tcpip (65d10b191c59c5501a1263fc33f6894b) C:\windows\system32\drivers\tcpip.sys
19:11:26.0719 3724 Tcpip - ok
19:11:26.0860 3724 TCPIP6 (65d10b191c59c5501a1263fc33f6894b) C:\windows\system32\DRIVERS\tcpip.sys
19:11:26.0875 3724 TCPIP6 - ok
19:11:27.0000 3724 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\windows\system32\drivers\tcpipreg.sys
19:11:27.0000 3724 tcpipreg - ok
19:11:27.0047 3724 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\windows\system32\drivers\tdpipe.sys
19:11:27.0047 3724 TDPIPE - ok
19:11:27.0078 3724 TDTCP (2c10395baa4847f83042813c515cc289) C:\windows\system32\drivers\tdtcp.sys
19:11:27.0078 3724 TDTCP - ok
19:11:27.0172 3724 tdx (b459575348c20e8121d6039da063c704) C:\windows\system32\DRIVERS\tdx.sys
19:11:27.0187 3724 tdx - ok
19:11:27.0203 3724 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\windows\system32\drivers\termdd.sys
19:11:27.0203 3724 TermDD - ok
19:11:27.0359 3724 TrueSight (f69641efdb19acb4753b0155f7fdeed5) c:\windows\system32\drivers\TrueSight.sys
19:11:27.0359 3724 TrueSight - ok
19:11:27.0421 3724 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\windows\system32\DRIVERS\tssecsrv.sys
19:11:27.0421 3724 tssecsrv - ok
19:11:27.0468 3724 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\windows\system32\drivers\tsusbflt.sys
19:11:27.0468 3724 TsUsbFlt - ok
19:11:27.0577 3724 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\windows\system32\DRIVERS\tunnel.sys
19:11:27.0577 3724 tunnel - ok
19:11:27.0624 3724 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\windows\system32\DRIVERS\uagp35.sys
19:11:27.0624 3724 uagp35 - ok
19:11:27.0671 3724 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\windows\system32\DRIVERS\udfs.sys
19:11:27.0671 3724 udfs - ok
19:11:27.0764 3724 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\windows\system32\drivers\uliagpkx.sys
19:11:27.0764 3724 uliagpkx - ok
19:11:27.0811 3724 UltraMonUtility (5a5bd0f66e84eb039cb227520d49908c) C:\Program Files\Common Files\Realtime Soft\UltraMonMirrorDrv\x32\UltraMonUtility.sys
19:11:27.0811 3724 UltraMonUtility - ok
19:11:27.0920 3724 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\windows\system32\drivers\umbus.sys
19:11:27.0920 3724 umbus - ok
19:11:27.0967 3724 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\windows\system32\DRIVERS\umpass.sys
19:11:27.0967 3724 UmPass - ok
19:11:28.0030 3724 USBAAPL (e8c1b9ebac65288e1b51e8a987d98af6) C:\windows\system32\Drivers\usbaapl.sys
19:11:28.0030 3724 USBAAPL - ok
19:11:28.0123 3724 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\windows\system32\DRIVERS\usbccgp.sys
19:11:28.0123 3724 usbccgp - ok
19:11:28.0170 3724 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\windows\system32\drivers\usbcir.sys
19:11:28.0170 3724 usbcir - ok
19:11:28.0201 3724 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\windows\system32\DRIVERS\usbehci.sys
19:11:28.0201 3724 usbehci - ok
19:11:28.0326 3724 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\windows\system32\DRIVERS\usbhub.sys
19:11:28.0326 3724 usbhub - ok
19:11:28.0357 3724 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\windows\system32\DRIVERS\usbohci.sys
19:11:28.0373 3724 usbohci - ok
19:11:28.0466 3724 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\windows\system32\DRIVERS\usbprint.sys
19:11:28.0466 3724 usbprint - ok
19:11:28.0513 3724 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\windows\system32\DRIVERS\usbscan.sys
19:11:28.0513 3724 usbscan - ok
19:11:28.0544 3724 USBSTOR (f991ab9cc6b908db552166768176896a) C:\windows\system32\drivers\USBSTOR.SYS
19:11:28.0544 3724 USBSTOR - ok
19:11:28.0622 3724 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\windows\system32\DRIVERS\usbuhci.sys
19:11:28.0622 3724 usbuhci - ok
19:11:28.0700 3724 usbvideo (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\windows\System32\Drivers\usbvideo.sys
19:11:28.0700 3724 usbvideo - ok
19:11:28.0825 3724 usb_rndisx (d82f43d15fdaa666856c0190cb73e7c9) C:\windows\system32\DRIVERS\usb8023x.sys
19:11:28.0825 3724 usb_rndisx - ok
19:11:28.0903 3724 V0260VID (b8a50ce1d777764416446f71a9d3a3dc) C:\windows\system32\DRIVERS\V0260Vid.sys
19:11:28.0903 3724 V0260VID - ok
19:11:29.0012 3724 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\windows\system32\drivers\vdrvroot.sys
19:11:29.0012 3724 vdrvroot - ok
19:11:29.0059 3724 vga (17c408214ea61696cec9c66e388b14f3) C:\windows\system32\DRIVERS\vgapnp.sys
19:11:29.0059 3724 vga - ok
19:11:29.0075 3724 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\windows\System32\drivers\vga.sys
19:11:29.0090 3724 VgaSave - ok
19:11:29.0168 3724 vhdmp (5461686cca2fda57b024547733ab42e3) C:\windows\system32\drivers\vhdmp.sys
19:11:29.0168 3724 vhdmp - ok
19:11:29.0215 3724 viaagp (c829317a37b4bea8f39735d4b076e923) C:\windows\system32\drivers\viaagp.sys
19:11:29.0215 3724 viaagp - ok
19:11:29.0231 3724 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\windows\system32\DRIVERS\viac7.sys
19:11:29.0231 3724 ViaC7 - ok
19:11:29.0309 3724 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\windows\system32\drivers\viaide.sys
19:11:29.0324 3724 viaide - ok
19:11:29.0356 3724 VMC326 (88c52f322117f60b7a0c89d683e30f6a) C:\windows\system32\Drivers\VMC326.sys
19:11:29.0356 3724 VMC326 - ok
19:11:29.0371 3724 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\windows\system32\drivers\volmgr.sys
19:11:29.0387 3724 volmgr - ok
19:11:29.0402 3724 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\windows\system32\drivers\volmgrx.sys
19:11:29.0418 3724 volmgrx - ok
19:11:29.0496 3724 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\windows\system32\drivers\volsnap.sys
19:11:29.0512 3724 volsnap - ok
19:11:29.0574 3724 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\windows\system32\DRIVERS\vsmraid.sys
19:11:29.0574 3724 vsmraid - ok
19:11:29.0605 3724 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\windows\system32\DRIVERS\vwifibus.sys
19:11:29.0605 3724 vwifibus - ok
19:11:29.0714 3724 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\windows\system32\DRIVERS\vwififlt.sys
19:11:29.0714 3724 vwififlt - ok
19:11:29.0746 3724 WacomPen (de3721e89c653aa281428c8a69745d90) C:\windows\system32\DRIVERS\wacompen.sys
19:11:29.0746 3724 WacomPen - ok
19:11:29.0792 3724 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\windows\system32\DRIVERS\wanarp.sys
19:11:29.0808 3724 WANARP - ok
19:11:29.0808 3724 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\windows\system32\DRIVERS\wanarp.sys
19:11:29.0808 3724 Wanarpv6 - ok
19:11:29.0980 3724 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\windows\system32\DRIVERS\wd.sys
19:11:29.0980 3724 Wd - ok
19:11:30.0011 3724 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\windows\system32\drivers\Wdf01000.sys
19:11:30.0011 3724 Wdf01000 - ok
19:11:30.0167 3724 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\windows\system32\DRIVERS\wfplwf.sys
19:11:30.0167 3724 WfpLwf - ok
19:11:30.0198 3724 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\windows\system32\drivers\wimmount.sys
19:11:30.0198 3724 WIMMount - ok
19:11:30.0370 3724 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\windows\system32\DRIVERS\WinUsb.sys
19:11:30.0370 3724 WinUsb - ok
19:11:30.0416 3724 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\windows\system32\drivers\wmiacpi.sys
19:11:30.0416 3724 WmiAcpi - ok
19:11:30.0479 3724 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\windows\system32\drivers\ws2ifsl.sys
19:11:30.0479 3724 ws2ifsl - ok
19:11:30.0604 3724 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\windows\system32\drivers\WudfPf.sys
19:11:30.0619 3724 WudfPf - ok
19:11:30.0635 3724 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\windows\system32\DRIVERS\WUDFRd.sys
19:11:30.0635 3724 WUDFRd - ok
19:11:30.0791 3724 yukonw7 (30b73eb97218a16cbc6de535782a1b35) C:\windows\system32\DRIVERS\yk62x86.sys
19:11:30.0806 3724 yukonw7 - ok
19:11:30.0869 3724 MBR (0x1B8) (2e5debb2116b3417023e0d6562d7ed07) \Device\Harddisk0\DR0
19:11:31.0087 3724 \Device\Harddisk0\DR0 - ok
19:11:31.0087 3724 Boot (0x1200) (620d63c6c70847cf6c08d4e280e7d476) \Device\Harddisk0\DR0\Partition0
19:11:31.0087 3724 \Device\Harddisk0\DR0\Partition0 - ok
19:11:31.0103 3724 Boot (0x1200) (397640d9a25040831d309d54180fcbd0) \Device\Harddisk0\DR0\Partition1
19:11:31.0103 3724 \Device\Harddisk0\DR0\Partition1 - ok
19:11:31.0134 3724 Boot (0x1200) (fada9960b27cf6691016a0bcda27cc4f) \Device\Harddisk0\DR0\Partition2
19:11:31.0134 3724 \Device\Harddisk0\DR0\Partition2 - ok
19:11:31.0134 3724 ============================================================
19:11:31.0134 3724 Scan finished
19:11:31.0134 3724 ============================================================
19:11:31.0150 2816 Detected object count: 0
19:11:31.0150 2816 Actual detected object count: 0

Cheers,
Patrice

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:03 PM

Posted 02 December 2011 - 03:36 AM

Hello

This is the tool I would like you to try and run next.

Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.



Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 pfeu

pfeu
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:05:03 AM

Posted 02 December 2011 - 05:37 AM

Hello Gringo,

please find below the log

aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-12-02 20:13:29
-----------------------------
20:13:29.180 OS Version: Windows 6.1.7601 Service Pack 1
20:13:29.180 Number of processors: 2 586 0x170A
20:13:29.180 ComputerName: LAPTOP-PC UserName: laptop
20:13:50.568 Initialize success
20:13:50.677 AVAST engine defs: 11120200
20:14:05.310 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
20:14:05.310 Disk 0 Vendor: Hitachi_ PB3O Size: 305245MB BusType: 3
20:14:05.341 Disk 0 MBR read successfully
20:14:05.356 Disk 0 MBR scan
20:14:05.356 Disk 0 unknown MBR code
20:14:05.356 Disk 0 scanning sectors +625139712
20:14:05.434 Disk 0 scanning C:\windows\system32\drivers
20:14:13.952 Service scanning
20:14:15.372 Modules scanning
20:14:22.392 Disk 0 trace - called modules:
20:14:22.423 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys halmacpi.dll
20:14:22.438 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86da77c8]
20:14:22.438 3 CLASSPNP.SYS[8c3a059e] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x85f55028]
20:14:23.359 AVAST engine scan C:\windows
20:14:25.574 AVAST engine scan C:\windows\system32
20:14:28.288 File: C:\windows\system32\aswBoot.exe_1322359146.arl **INFECTED** Win32:Patched-WQ [Trj]
20:15:53.683 AVAST engine scan C:\windows\system32\drivers
20:16:02.497 AVAST engine scan C:\Users\laptop
20:18:36.641 AVAST engine scan C:\ProgramData
20:19:10.056 Scan finished successfully
20:31:22.181 Disk 0 MBR has been saved successfully to "C:\Users\laptop\Desktop\MBR.dat"
20:31:22.197 The log file has been saved successfully to "C:\Users\laptop\Desktop\aswMBR.txt"


Thank you
Patrice

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:03 PM

Posted 02 December 2011 - 07:22 AM

let me know if the computer has any symptoms now


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 pfeu

pfeu
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:05:03 AM

Posted 03 December 2011 - 02:43 AM

Hello,

I tried to surf on internet and I did not notice the redirect behaviour anymore.
what do you think we can do next ?

Thank you
Patrice

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:03 PM

Posted 03 December 2011 - 03:49 AM

Your Java is out of date.

It can be updated by the Java control panel
  • click on Start-> Control Panel (Classic View)-> Java (looks like a coffee cup) -> Update Tab -> Update Now.
  • An update should begin;
  • follow the prompts

TFC(Temp File Cleaner):

  • Please download TFC to your desktop,
  • Save any unsaved work. TFC will close all open application windows.
  • Double-click TFC.exe to run the program.
  • If prompted, click "Yes" to reboot.
Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. Only if needed will you be prompted to reboot.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users