Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Pesky virus - removed System fix but trojans or rootkits remain


  • This topic is locked This topic is locked
24 replies to this topic

#1 mcafee44

mcafee44

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:08:05 PM

Posted 08 December 2011 - 06:46 PM

Started with the system fix virus. I used the guide from bleeping computer and finally found something to remove the system fix virus. However, I still have google redirects and malwarebytes is catching outbound requests from explorer.exe and iexlore.exe on a regular basis. There are other suspicious services running (winlogon.exe and csrss.exe have no username or description and cant be stopped) as well . Vista Home Premium X64 Op System.

Attached is the DDS log.

Thanks much for any help.

Attached Files


Edited by mcafee44, 09 December 2011 - 06:09 PM.


BC AdBot (Login to Remove)

 


#2 mcafee44

mcafee44
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:08:05 PM

Posted 08 December 2011 - 07:04 PM

Attached also is the DDS.TXT

Attached Files

  • Attached File  DDS.txt   17.75KB   1 downloads


#3 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:05 PM

Posted 11 December 2011 - 02:47 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.
  • Do not run any other tool untill instructed to do so!


Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#4 mcafee44

mcafee44
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:08:05 PM

Posted 11 December 2011 - 07:02 PM

Thanks, Gringo. Browser redirects are still there still seems to be traffic going out through IE. I left while combofix was still creating the log and there was a browser window open when I came back. Here is the log.

ComboFix 11-12-11.02 - Big Daddy 12/11/2011 15:29:53.1.2 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4054.1947 [GMT -6:00]
Running from: c:\users\Big Daddy\Desktop\Stuff I installed\ComboFix.exe
AV: AVG Anti-Virus Free *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Big Daddy\Desktop\Setup.exe
c:\windows\Downloaded Program Files\Install.inf
.
.
((((((((((((((((((((((((( Files Created from 2011-11-11 to 2011-12-11 )))))))))))))))))))))))))))))))
.
.
2011-12-11 22:08 . 2011-12-11 22:27 -------- d-----w- c:\users\Big Daddy\AppData\Local\temp
2011-12-11 22:08 . 2011-12-11 22:08 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-12-10 16:16 . 2011-11-30 08:21 8822856 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C4948A54-CC4C-4F63-9CEB-11C95FC532E8}\mpengine.dll
2011-12-07 22:05 . 2011-12-07 22:05 -------- d-----w- C:\Autoruns
2011-12-07 21:38 . 2011-12-09 23:33 -------- d-----w- c:\users\Big Daddy\Pavark
2011-12-05 21:59 . 2011-05-12 20:03 6144 ------w- c:\windows\system32\8C4F.tmp
2011-12-05 21:55 . 2011-05-12 20:03 6144 ------w- c:\windows\system32\2D2E.tmp
2011-12-05 21:55 . 2011-12-05 21:55 -------- d-----w- c:\program files (x86)\Sophos
2011-12-02 22:31 . 2011-12-02 22:31 -------- d-----w- c:\users\Big Daddy\AppData\Roaming\JAM Software
2011-12-02 22:31 . 2011-12-02 22:31 -------- d-----w- c:\program files (x86)\JAM Software
2011-12-02 07:01 . 2011-08-31 23:00 25416 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-02 05:25 . 2011-12-02 05:25 -------- d-----w- c:\programdata\IObit
2011-12-02 05:23 . 2011-12-02 06:14 -------- d-----w- c:\users\Big Daddy\AppData\Roaming\IObit
2011-12-02 05:22 . 2011-12-02 05:22 -------- d-----w- c:\program files (x86)\IObit
2011-12-01 00:06 . 2011-12-01 00:06 -------- d-----w- c:\program files (x86)\MSXML 4.0
2011-11-30 23:47 . 2011-11-30 23:47 -------- d-----w- c:\users\Big Daddy\AppData\Roaming\Leadertech
2011-11-30 23:19 . 2011-11-30 23:19 -------- d-----w- c:\users\Big Daddy\AppData\Local\SlimWare Utilities Inc
2011-11-30 23:19 . 2011-12-02 05:15 -------- d-----w- c:\program files (x86)\SlimCleaner
2011-11-30 22:16 . 2011-11-30 22:16 -------- d-----w- c:\program files (x86)\Lavasoft
2011-11-30 22:15 . 2011-11-30 22:16 -------- d-----w- c:\programdata\Lavasoft
2011-11-30 13:39 . 2011-11-30 23:50 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-11-30 00:42 . 2011-11-30 00:42 -------- d-----w- c:\users\Big Daddy\AppData\Roaming\Malwarebytes
2011-11-30 00:42 . 2011-11-30 00:42 -------- d-----w- c:\programdata\Malwarebytes
2011-11-30 00:41 . 2011-12-02 07:01 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-11-29 23:40 . 2011-12-01 03:27 -------- d-----w- c:\program files (x86)\GridinSoft Trojan Killer
2011-11-29 20:23 . 2011-11-30 19:18 -------- d-----w- C:\## aswSnx private storage
2011-11-29 18:55 . 2011-11-29 18:55 -------- d-----w- c:\programdata\AVAST Software
2011-11-29 18:55 . 2011-11-29 18:55 -------- d-----w- c:\program files\AVAST Software
2011-11-29 14:34 . 2011-11-29 14:34 -------- d-----w- c:\program files (x86)\Crystal Decisions
2011-11-29 14:34 . 2011-11-29 14:34 -------- d-----w- c:\program files (x86)\Common Files\Crystal Decisions
2011-11-29 02:59 . 2011-11-29 02:59 -------- d-----w- c:\programdata\Lexmark 7600 Series
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-15 20:29 . 2009-10-03 02:26 270720 ------w- c:\windows\system32\MpSigStub.exe
2011-10-28 01:27 . 2011-09-20 20:54 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-10-12 09:05 . 2011-03-09 22:46 18368 ----a-w- c:\programdata\Microsoft\VSA\9.0\1033\ResourceCache.dll
2011-10-12 09:05 . 2011-03-09 22:46 127456 ----a-w- c:\programdata\Microsoft\VisualStudio\9.0\1033\ResourceCache.dll
2011-10-12 09:03 . 2011-03-09 22:35 416 ----a-w- c:\programdata\Microsoft\MSDN\9.0\1033\ResourceCache.dll
2011-10-11 01:37 . 2011-03-09 23:04 397664 ----a-w- c:\programdata\Microsoft\VSTAHost\SSIS_ScriptComponent\9.0\1033\ResourceCache.dll
2011-10-11 01:37 . 2011-03-09 23:03 397664 ----a-w- c:\programdata\Microsoft\VSTAHost\SSIS_ScriptTask\9.0\1033\ResourceCache.dll
2011-10-03 11:06 . 2010-04-23 23:04 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-09-30 23:25 . 2011-10-13 14:49 1147904 ----a-w- c:\windows\system32\wininet.dll
2011-09-30 23:21 . 2011-10-13 14:49 56832 ----a-w- c:\windows\system32\licmgr10.dll
2011-09-30 23:21 . 2011-10-13 14:49 1538560 ----a-w- c:\windows\system32\inetcpl.cpl
2011-09-30 23:20 . 2011-10-13 14:49 132096 ----a-w- c:\windows\system32\iesysprep.dll
2011-09-30 23:20 . 2011-10-13 14:49 77312 ----a-w- c:\windows\system32\iesetup.dll
2011-09-30 23:06 . 2011-10-13 14:49 916480 ----a-w- c:\windows\SysWow64\wininet.dll
2011-09-30 23:02 . 2011-10-13 14:49 43520 ----a-w- c:\windows\SysWow64\licmgr10.dll
2011-09-30 23:01 . 2011-10-13 14:49 1469440 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2011-09-30 23:01 . 2011-10-13 14:49 71680 ----a-w- c:\windows\SysWow64\iesetup.dll
2011-09-30 23:01 . 2011-10-13 14:49 109056 ----a-w- c:\windows\SysWow64\iesysprep.dll
2011-09-30 22:29 . 2011-10-13 14:49 479232 ----a-w- c:\windows\system32\html.iec
2011-09-30 22:07 . 2011-10-13 14:49 385024 ----a-w- c:\windows\SysWow64\html.iec
2011-09-30 21:48 . 2011-10-13 14:49 162816 ----a-w- c:\windows\system32\ieUnatt.exe
2011-09-30 21:47 . 2011-10-13 14:49 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-09-30 21:29 . 2011-10-13 14:49 133632 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2011-09-30 21:28 . 2011-10-13 14:49 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-09-20 21:06 . 2011-11-09 15:54 1426304 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-09-20 20:48 . 2010-07-22 23:09 35664 ----a-w- c:\windows\system32\drivers\avgmfx64.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"FAStartup"="" [BU]
"AVG9_TRAY"="c:\progra~2\AVG\AVG9\avgtray.exe" [2011-10-28 2078048]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
.
c:\users\Big Daddy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled
logitech touch mouse server.lnk - c:\users\Big Daddy\AppData\Local\Temp\iTouch-Server-Win.exe [N/A]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files (x86)\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled
QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2008-7-31 1995344]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-2-6 1312096]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\FastAccess]
2008-09-05 22:16 140544 ----a-w- c:\program files (x86)\Sensible Vision\Fast Access\FALogNot.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 FACAP;facap, FastAccess Video Capture;c:\windows\system32\DRIVERS\facap.sys [x]
R3 lvpopf64;Logitech POP Suppression Filter;c:\windows\system32\DRIVERS\lvpopf64.sys [x]
R3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [x]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [x]
R3 LVUVC64;Logitech QuickCam Communicate STX(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [x]
R3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\8C4F.tmp [x]
R3 WMSvc;Web Management Service;c:\windows\system32\inetsrv\wmsvc.exe [x]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 1020768]
R4 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files (x86)\IObit\Advanced SystemCare 5\ASCService.exe [2011-11-11 490840]
R4 avg9wd;AVG Free WatchDog;c:\program files (x86)\AVG\AVG9\avgwdsvc.exe [2010-07-22 308136]
R4 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2008-12-18 155648]
R4 FAService;FAService;c:\program files (x86)\Sensible Vision\Fast Access\FAService.exe [2008-09-05 2340096]
R4 LVcKap64;Logitech AEC Driver;c:\windows\system32\DRIVERS\LVcKap64.sys [x]
R4 LVPrcS64;Process Monitor;c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2009-04-30 190488]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2010-04-03 59744]
R4 Scheduler4.5.20.32;timeXtender Scheduler 4.5.20.32;c:\program files (x86)\timeXtender\timeXtender 4.5.20.32\Scheduler.exe [2011-05-27 75776]
R4 Server4.5.20.32;timeXtender Server 4.5.20.32;c:\program files (x86)\timeXtender\timeXtender 4.5.20.32\TxServer.exe [2011-05-27 10752]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 AvgLdx64;AVG Free AVI Loader Driver x64;c:\windows\system32\Drivers\avgldx64.sys [x]
S1 AvgMfx64;AVG Free On-access Scanner Minifilter Driver x64;c:\windows\system32\Drivers\avgmfx64.sys [x]
S1 AvgTdiA;AVG Free Network Redirector x64;c:\windows\system32\Drivers\avgtdia.sys [x]
S1 RsFx0150;RsFx0150 Driver;c:\windows\system32\DRIVERS\RsFx0150.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\AESTSr64.exe [x]
S2 lxdw_device;lxdw_device;c:\windows\system32\lxdwcoms.exe [2008-05-16 1040552]
S2 lxdwCATSCustConnectService;lxdwCATSCustConnectService;c:\windows\system32\spool\DRIVERS\x64\3\\lxdwserv.exe [2008-05-16 33960]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
S2 MsDtsServer100;SQL Server Integration Services 10.0;c:\program files\Microsoft SQL Server\100\DTS\Binn\MsDtsSrvr.exe [2011-04-24 210784]
S2 ReportServer;SQL Server Reporting Services (MSSQLSERVER);c:\program files\Microsoft SQL Server\MSRS10_50.MSSQLSERVER\Reporting Services\ReportServer\bin\ReportingServicesService.exe [2011-04-24 2175328]
S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [x]
S3 itecir;ITECIR Infrared Receiver;c:\windows\system32\DRIVERS\itecir.sys [x]
S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 MSSQLFDLauncher;SQL Full-text Filter Daemon Launcher (MSSQLSERVER);c:\program files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\fdlauncher.exe [2010-04-03 32096]
S3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;c:\windows\system32\DRIVERS\OA001Ufd.sys [x]
S3 OA001Vid;Creative Camera OA001 Function Driver;c:\windows\system32\DRIVERS\OA001Vid.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-764231739-384029243-3223634610-1000Core.job
- c:\users\Big Daddy\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-08 23:17]
.
2011-12-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-764231739-384029243-3223634610-1000UA.job
- c:\users\Big Daddy\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-08 23:17]
.
2011-12-11 c:\windows\Tasks\User_Feed_Synchronization-{EA611EE8-36DD-41A6-82B5-C173B0AE0C77}.job
- c:\windows\system32\msfeedssync.exe [2011-10-13 21:29]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files (x86)\Windows Defender\MSASCui.exe" [BU]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-08-25 272896]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-12-22 4119552]
"lxdwmon.exe"="c:\program files (x86)\Lexmark 7600 Series\lxdwmon.exe" [2008-09-10 676520]
"SysTrayApp"="c:\program files (x86)\IDT\WDM\sttray64.exe" [BU]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 415256]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=c:\windows\System32\avgrssta.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/ig
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.254
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
AddRemove-UBCD4Win_is1 - c:\ubcd4win\unins000.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\8C4F.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
Completion time: 2011-12-11 16:48:51 - machine was rebooted
ComboFix-quarantined-files.txt 2011-12-11 22:48
ComboFix2.txt 2011-12-01 06:09
.
Pre-Run: 175,097,778,176 bytes free
Post-Run: 176,497,561,600 bytes free
.
- - End Of File - - 4D1442F17CCE8AC47BD09C99C503C426

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:05 PM

Posted 11 December 2011 - 08:33 PM

Hello

I want you to run this tool for me next.

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 mcafee44

mcafee44
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:08:05 PM

Posted 11 December 2011 - 10:56 PM

Thanks, Gringo.

Nothing detected. Log below.

21:52:38.0811 4956 TDSS rootkit removing tool 2.6.22.0 Dec 7 2011 13:21:06
21:52:39.0252 4956 ============================================================
21:52:39.0252 4956 Current date / time: 2011/12/11 21:52:39.0252
21:52:39.0252 4956 SystemInfo:
21:52:39.0252 4956
21:52:39.0252 4956 OS Version: 6.0.6002 ServicePack: 2.0
21:52:39.0252 4956 Product type: Workstation
21:52:39.0252 4956 ComputerName: BIGDADDY-PC
21:52:39.0252 4956 UserName: Big Daddy
21:52:39.0252 4956 Windows directory: C:\Windows
21:52:39.0252 4956 System windows directory: C:\Windows
21:52:39.0252 4956 Running under WOW64
21:52:39.0252 4956 Processor architecture: Intel x64
21:52:39.0253 4956 Number of processors: 2
21:52:39.0253 4956 Page size: 0x1000
21:52:39.0253 4956 Boot type: Normal boot
21:52:39.0253 4956 ============================================================
21:52:40.0734 4956 Initialize success
21:52:46.0708 0728 ============================================================
21:52:46.0708 0728 Scan started
21:52:46.0708 0728 Mode: Manual;
21:52:46.0708 0728 ============================================================
21:52:51.0353 0728 ACPI (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys
21:52:51.0362 0728 ACPI - ok
21:52:51.0686 0728 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys
21:52:51.0720 0728 adp94xx - ok
21:52:51.0840 0728 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys
21:52:51.0851 0728 adpahci - ok
21:52:51.0965 0728 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys
21:52:51.0970 0728 adpu160m - ok
21:52:52.0043 0728 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys
21:52:52.0052 0728 adpu320 - ok
21:52:52.0332 0728 AFD (0cc146c4addea45791b18b1e2659f4a9) C:\Windows\system32\drivers\afd.sys
21:52:52.0345 0728 AFD - ok
21:52:52.0543 0728 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys
21:52:52.0547 0728 agp440 - ok
21:52:52.0688 0728 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys
21:52:52.0703 0728 aic78xx - ok
21:52:52.0837 0728 aliide (9544c2c55541c0c6bfd7b489d0e7d430) C:\Windows\system32\drivers\aliide.sys
21:52:52.0840 0728 aliide - ok
21:52:52.0897 0728 amdide (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys
21:52:52.0904 0728 amdide - ok
21:52:53.0097 0728 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys
21:52:53.0107 0728 AmdK8 - ok
21:52:53.0268 0728 ApfiltrService (8c85c812569df851e7a2159147323dfa) C:\Windows\system32\DRIVERS\Apfiltr.sys
21:52:53.0280 0728 ApfiltrService - ok
21:52:53.0426 0728 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys
21:52:53.0435 0728 arc - ok
21:52:53.0472 0728 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys
21:52:53.0477 0728 arcsas - ok
21:52:53.0598 0728 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys
21:52:53.0605 0728 AsyncMac - ok
21:52:53.0665 0728 atapi (e68d9b3a3905619732f7fe039466a623) C:\Windows\system32\drivers\atapi.sys
21:52:53.0666 0728 atapi - ok
21:52:53.0833 0728 AvgLdx64 (b447db072bf939db9e07bef2adf4ecbd) C:\Windows\system32\Drivers\avgldx64.sys
21:52:53.0841 0728 AvgLdx64 - ok
21:52:53.0954 0728 AvgMfx64 (0db5a749acd8e66091736f88c40207bd) C:\Windows\system32\Drivers\avgmfx64.sys
21:52:53.0968 0728 AvgMfx64 - ok
21:52:54.0041 0728 AvgTdiA (8aa68c0ba2b84fd7eb3e1f10bbfc825b) C:\Windows\system32\Drivers\avgtdia.sys
21:52:54.0050 0728 AvgTdiA - ok
21:52:54.0162 0728 BCM42RLY (a7c9995ba861fce78b2ceaae61d39fd7) C:\Windows\system32\drivers\BCM42RLY.sys
21:52:54.0182 0728 BCM42RLY - ok
21:52:54.0496 0728 BCM43XX (d32f962b71fee6bdaaee630bb2c17280) C:\Windows\system32\DRIVERS\bcmwl664.sys
21:52:54.0530 0728 BCM43XX - ok
21:52:54.0767 0728 Beep - ok
21:52:54.0894 0728 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys
21:52:54.0898 0728 blbdrive - ok
21:52:55.0124 0728 bowser (2348447a80920b2493a9b582a23e81e1) C:\Windows\system32\DRIVERS\bowser.sys
21:52:55.0155 0728 bowser - ok
21:52:55.0261 0728 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys
21:52:55.0264 0728 BrFiltLo - ok
21:52:55.0355 0728 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys
21:52:55.0374 0728 BrFiltUp - ok
21:52:55.0554 0728 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys
21:52:55.0576 0728 Brserid - ok
21:52:55.0630 0728 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys
21:52:55.0664 0728 BrSerWdm - ok
21:52:55.0722 0728 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys
21:52:55.0727 0728 BrUsbMdm - ok
21:52:55.0788 0728 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys
21:52:55.0792 0728 BrUsbSer - ok
21:52:55.0964 0728 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys
21:52:55.0990 0728 BTHMODEM - ok
21:52:56.0339 0728 catchme - ok
21:52:56.0671 0728 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys
21:52:56.0699 0728 cdfs - ok
21:52:56.0788 0728 cdrom (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys
21:52:56.0793 0728 cdrom - ok
21:52:56.0900 0728 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\DRIVERS\circlass.sys
21:52:56.0904 0728 circlass - ok
21:52:57.0074 0728 CLFS (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys
21:52:57.0099 0728 CLFS - ok
21:52:57.0544 0728 CmBatt (b52d9a14ce4101577900a364ba86f3df) C:\Windows\system32\DRIVERS\CmBatt.sys
21:52:57.0573 0728 CmBatt - ok
21:52:57.0697 0728 cmdide (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys
21:52:57.0717 0728 cmdide - ok
21:52:57.0822 0728 Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\DRIVERS\compbatt.sys
21:52:57.0826 0728 Compbatt - ok
21:52:57.0881 0728 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys
21:52:57.0884 0728 crcdisk - ok
21:52:58.0093 0728 DfsC (8b722ba35205c71e7951cdc4cdbade19) C:\Windows\system32\Drivers\dfsc.sys
21:52:58.0118 0728 DfsC - ok
21:52:58.0254 0728 disk (b0107e40ecdb5fa692ebf832f295d905) C:\Windows\system32\drivers\disk.sys
21:52:58.0279 0728 disk - ok
21:52:58.0389 0728 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys
21:52:58.0393 0728 drmkaud - ok
21:52:58.0817 0728 DXGKrnl (b8e554e502d5123bc111f99d6a2181b4) C:\Windows\System32\drivers\dxgkrnl.sys
21:52:58.0839 0728 DXGKrnl - ok
21:52:59.0366 0728 e1express (17d40652ef3e55eeae187a89df40965a) C:\Windows\system32\DRIVERS\e1e6032e.sys
21:52:59.0397 0728 e1express - ok
21:52:59.0718 0728 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys
21:52:59.0741 0728 E1G60 - ok
21:52:59.0903 0728 Ecache (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys
21:52:59.0908 0728 Ecache - ok
21:53:00.0153 0728 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys
21:53:00.0182 0728 elxstor - ok
21:53:00.0378 0728 ErrDev (991fab6aa066e1214efb5b496fb7959a) C:\Windows\system32\drivers\errdev.sys
21:53:00.0396 0728 ErrDev - ok
21:53:00.0591 0728 exfat (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys
21:53:00.0599 0728 exfat - ok
21:53:00.0711 0728 FACAP (e7f412035b832013fa32f412246c5bff) C:\Windows\system32\DRIVERS\facap.sys
21:53:00.0721 0728 FACAP - ok
21:53:00.0876 0728 fastfat (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys
21:53:00.0883 0728 fastfat - ok
21:53:01.0009 0728 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys
21:53:01.0025 0728 fdc - ok
21:53:01.0315 0728 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys
21:53:01.0342 0728 FileInfo - ok
21:53:01.0497 0728 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys
21:53:01.0515 0728 Filetrace - ok
21:53:01.0664 0728 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
21:53:01.0693 0728 flpydisk - ok
21:53:01.0828 0728 FltMgr (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys
21:53:01.0836 0728 FltMgr - ok
21:53:02.0083 0728 Fs_Rec (29d99e860a1ca0a03c6a733fdd0da703) C:\Windows\system32\drivers\Fs_Rec.sys
21:53:02.0088 0728 Fs_Rec - ok
21:53:02.0146 0728 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys
21:53:02.0164 0728 gagp30kx - ok
21:53:02.0338 0728 HDAudBus (f942c5820205f2fb453243edfec82a3d) C:\Windows\system32\DRIVERS\HDAudBus.sys
21:53:02.0361 0728 HDAudBus - ok
21:53:02.0612 0728 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys
21:53:02.0626 0728 HidBth - ok
21:53:02.0801 0728 HidIr (5f47839455d01ff6403b008d481a6f5b) C:\Windows\system32\DRIVERS\hidir.sys
21:53:02.0805 0728 HidIr - ok
21:53:02.0907 0728 HidUsb (443bdd2d30bb4f00795c797e2cf99edf) C:\Windows\system32\DRIVERS\hidusb.sys
21:53:02.0920 0728 HidUsb - ok
21:53:03.0026 0728 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys
21:53:03.0036 0728 HpCISSs - ok
21:53:03.0324 0728 HTTP (098f1e4e5c9cb5b0063a959063631610) C:\Windows\system32\drivers\HTTP.sys
21:53:03.0364 0728 HTTP - ok
21:53:03.0842 0728 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys
21:53:03.0845 0728 i2omp - ok
21:53:03.0937 0728 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys
21:53:03.0963 0728 i8042prt - ok
21:53:04.0079 0728 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys
21:53:04.0093 0728 iaStorV - ok
21:53:05.0005 0728 igfx (677aa5991026a65ada128c4b59cf2bad) C:\Windows\system32\DRIVERS\igdkmd64.sys
21:53:05.0289 0728 igfx - ok
21:53:05.0506 0728 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys
21:53:05.0533 0728 iirsp - ok
21:53:05.0669 0728 IntcHdmiAddService (dea2ab452b4fa773187369c4b6517320) C:\Windows\system32\drivers\IntcHdmi.sys
21:53:05.0676 0728 IntcHdmiAddService - ok
21:53:05.0795 0728 intelide (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys
21:53:05.0799 0728 intelide - ok
21:53:05.0874 0728 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys
21:53:05.0878 0728 intelppm - ok
21:53:06.0009 0728 IpFilterDriver (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:53:06.0014 0728 IpFilterDriver - ok
21:53:06.0057 0728 IpInIp - ok
21:53:06.0106 0728 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys
21:53:06.0130 0728 IPMIDRV - ok
21:53:06.0254 0728 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys
21:53:06.0282 0728 IPNAT - ok
21:53:06.0317 0728 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys
21:53:06.0320 0728 IRENUM - ok
21:53:06.0402 0728 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys
21:53:06.0405 0728 isapnp - ok
21:53:06.0509 0728 iScsiPrt (e4fdf99599f27ec25d2cf6d754243520) C:\Windows\system32\DRIVERS\msiscsi.sys
21:53:06.0516 0728 iScsiPrt - ok
21:53:06.0618 0728 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys
21:53:06.0627 0728 iteatapi - ok
21:53:06.0744 0728 itecir (5fef11c18ec25cdcb27e6c8680690b69) C:\Windows\system32\DRIVERS\itecir.sys
21:53:06.0790 0728 itecir - ok
21:53:06.0865 0728 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys
21:53:06.0884 0728 iteraid - ok
21:53:07.0251 0728 k57nd60a (2798447996feb5a58b584c8443acad02) C:\Windows\system32\DRIVERS\k57nd60a.sys
21:53:07.0280 0728 k57nd60a - ok
21:53:07.0605 0728 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys
21:53:07.0633 0728 kbdclass - ok
21:53:07.0765 0728 kbdhid (dbdf75d51464fbc47d0104ec3d572c05) C:\Windows\system32\DRIVERS\kbdhid.sys
21:53:07.0790 0728 kbdhid - ok
21:53:07.0990 0728 KSecDD (476e2c1dcea45895994bef11c2a98715) C:\Windows\system32\Drivers\ksecdd.sys
21:53:08.0003 0728 KSecDD - ok
21:53:08.0159 0728 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys
21:53:08.0191 0728 ksthunk - ok
21:53:08.0383 0728 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys
21:53:08.0411 0728 lltdio - ok
21:53:08.0737 0728 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys
21:53:08.0758 0728 LSI_FC - ok
21:53:08.0908 0728 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys
21:53:08.0913 0728 LSI_SAS - ok
21:53:09.0150 0728 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys
21:53:09.0168 0728 LSI_SCSI - ok
21:53:09.0324 0728 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys
21:53:09.0335 0728 luafv - ok
21:53:09.0415 0728 LVcKap64 - ok
21:53:09.0630 0728 lvpopf64 (4db7d24f69354073a1c13f5889e63208) C:\Windows\system32\DRIVERS\lvpopf64.sys
21:53:09.0645 0728 lvpopf64 - ok
21:53:09.0901 0728 LVPr2M64 (7717a2cb550267860d3933f3fba0216f) C:\Windows\system32\DRIVERS\LVPr2M64.sys
21:53:09.0905 0728 LVPr2M64 - ok
21:53:09.0910 0728 LVPr2Mon (7717a2cb550267860d3933f3fba0216f) C:\Windows\system32\DRIVERS\LVPr2M64.sys
21:53:09.0915 0728 LVPr2Mon - ok
21:53:10.0176 0728 LVRS64 (125ae13c293889001b8456cf3eb04a40) C:\Windows\system32\DRIVERS\lvrs64.sys
21:53:10.0207 0728 LVRS64 - ok
21:53:11.0109 0728 LVUVC64 (a5b0494409fb08dcdc42a216c6eab0f7) C:\Windows\system32\DRIVERS\lvuvc64.sys
21:53:11.0352 0728 LVUVC64 - ok
21:53:11.0465 0728 MBAMProtector (23a854450dab5c9b7a42ab9be6f2e4bd) C:\Windows\system32\drivers\mbam.sys
21:53:11.0468 0728 MBAMProtector - ok
21:53:11.0575 0728 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys
21:53:11.0578 0728 megasas - ok
21:53:11.0685 0728 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys
21:53:11.0698 0728 MegaSR - ok
21:53:11.0772 0728 MEMSWEEP2 (f9ce67e9e0226079b59107b649851f96) C:\Windows\system32\8C4F.tmp
21:53:11.0774 0728 MEMSWEEP2 - ok
21:53:11.0904 0728 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys
21:53:11.0907 0728 Modem - ok
21:53:11.0956 0728 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys
21:53:11.0960 0728 monitor - ok
21:53:12.0014 0728 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys
21:53:12.0017 0728 mouclass - ok
21:53:12.0082 0728 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys
21:53:12.0085 0728 mouhid - ok
21:53:12.0156 0728 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys
21:53:12.0167 0728 MountMgr - ok
21:53:12.0221 0728 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys
21:53:12.0231 0728 mpio - ok
21:53:12.0289 0728 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys
21:53:12.0303 0728 mpsdrv - ok
21:53:12.0362 0728 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys
21:53:12.0375 0728 Mraid35x - ok
21:53:12.0505 0728 MRxDAV (7c1de4aa96dc0c071611f9e7de02a68d) C:\Windows\system32\drivers\mrxdav.sys
21:53:12.0525 0728 MRxDAV - ok
21:53:12.0665 0728 mrxsmb (1485811b320ff8c7edad1caebb1c6c2b) C:\Windows\system32\DRIVERS\mrxsmb.sys
21:53:12.0689 0728 mrxsmb - ok
21:53:12.0915 0728 mrxsmb10 (3b929a60c833fc615fd97fba82bc7632) C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:53:12.0924 0728 mrxsmb10 - ok
21:53:13.0023 0728 mrxsmb20 (c64ab3e1f53b4f5b5bb6d796b2d7bec3) C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:53:13.0029 0728 mrxsmb20 - ok
21:53:13.0131 0728 msahci (aa459f2ab3ab603c357ff117cae3d818) C:\Windows\system32\drivers\msahci.sys
21:53:13.0137 0728 msahci - ok
21:53:13.0258 0728 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys
21:53:13.0271 0728 msdsm - ok
21:53:13.0449 0728 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys
21:53:13.0462 0728 Msfs - ok
21:53:13.0681 0728 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys
21:53:13.0696 0728 msisadrv - ok
21:53:13.0849 0728 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys
21:53:13.0852 0728 MSKSSRV - ok
21:53:13.0937 0728 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys
21:53:13.0941 0728 MSPCLOCK - ok
21:53:14.0036 0728 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys
21:53:14.0050 0728 MSPQM - ok
21:53:14.0238 0728 MsRPC (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys
21:53:14.0253 0728 MsRPC - ok
21:53:14.0486 0728 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys
21:53:14.0495 0728 mssmbios - ok
21:53:14.0682 0728 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys
21:53:14.0687 0728 MSTEE - ok
21:53:14.0839 0728 Mup (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys
21:53:14.0853 0728 Mup - ok
21:53:14.0990 0728 NativeWifiP (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS\nwifi.sys
21:53:15.0013 0728 NativeWifiP - ok
21:53:15.0287 0728 NDIS (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers\ndis.sys
21:53:15.0309 0728 NDIS - ok
21:53:15.0482 0728 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys
21:53:15.0498 0728 NdisTapi - ok
21:53:15.0612 0728 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys
21:53:15.0618 0728 Ndisuio - ok
21:53:15.0737 0728 NdisWan (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS\ndiswan.sys
21:53:15.0745 0728 NdisWan - ok
21:53:15.0816 0728 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys
21:53:15.0825 0728 NDProxy - ok
21:53:15.0920 0728 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys
21:53:15.0924 0728 NetBIOS - ok
21:53:16.0071 0728 netbt (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS\netbt.sys
21:53:16.0087 0728 netbt - ok
21:53:16.0267 0728 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys
21:53:16.0281 0728 nfrd960 - ok
21:53:16.0390 0728 Npfs (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys
21:53:16.0394 0728 Npfs - ok
21:53:16.0477 0728 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys
21:53:16.0488 0728 nsiproxy - ok
21:53:16.0780 0728 Ntfs (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys
21:53:16.0833 0728 Ntfs - ok
21:53:16.0941 0728 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys
21:53:16.0944 0728 Null - ok
21:53:17.0027 0728 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys
21:53:17.0041 0728 nvraid - ok
21:53:17.0156 0728 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys
21:53:17.0164 0728 nvstor - ok
21:53:17.0221 0728 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys
21:53:17.0236 0728 nv_agp - ok
21:53:17.0269 0728 NwlnkFlt - ok
21:53:17.0377 0728 NwlnkFwd - ok
21:53:17.0538 0728 OA001Ufd (404b0121ae1a75d9a63b6934eb07c258) C:\Windows\system32\DRIVERS\OA001Ufd.sys
21:53:17.0545 0728 OA001Ufd - ok
21:53:17.0622 0728 OA001Vid (4b69d156db42b26425ab3b172fa50d92) C:\Windows\system32\DRIVERS\OA001Vid.sys
21:53:17.0632 0728 OA001Vid - ok
21:53:17.0795 0728 ohci1394 (b5b1ce65ac15bbd11c0619e3ef7cfc28) C:\Windows\system32\DRIVERS\ohci1394.sys
21:53:17.0877 0728 ohci1394 - ok
21:53:18.0264 0728 Parport (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys
21:53:18.0273 0728 Parport - ok
21:53:18.0425 0728 partmgr (f9b5eda4c17a2be7663f064dbf0fe254) C:\Windows\system32\drivers\partmgr.sys
21:53:18.0444 0728 partmgr - ok
21:53:18.0641 0728 pci (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys
21:53:18.0660 0728 pci - ok
21:53:18.0813 0728 pciide (8d618c829034479985a9ed56106cc732) C:\Windows\system32\drivers\pciide.sys
21:53:18.0816 0728 pciide - ok
21:53:18.0919 0728 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys
21:53:18.0927 0728 pcmcia - ok
21:53:19.0045 0728 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys
21:53:19.0070 0728 PEAUTH - ok
21:53:19.0237 0728 PptpMiniport (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys
21:53:19.0243 0728 PptpMiniport - ok
21:53:19.0283 0728 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\drivers\processr.sys
21:53:19.0287 0728 Processor - ok
21:53:19.0385 0728 PSched (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys
21:53:19.0400 0728 PSched - ok
21:53:19.0510 0728 PxHlpa64 (87b04878a6d59d6c79251dc960c674c1) C:\Windows\system32\Drivers\PxHlpa64.sys
21:53:19.0523 0728 PxHlpa64 - ok
21:53:19.0603 0728 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys
21:53:19.0632 0728 ql2300 - ok
21:53:19.0840 0728 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys
21:53:19.0876 0728 ql40xx - ok
21:53:20.0225 0728 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys
21:53:20.0245 0728 QWAVEdrv - ok
21:53:20.0757 0728 R300 (2a09a6b271d1f50adf5e33b37d460de6) C:\Windows\system32\DRIVERS\atikmdag.sys
21:53:20.0835 0728 R300 - ok
21:53:20.0985 0728 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys
21:53:21.0000 0728 RasAcd - ok
21:53:21.0253 0728 Rasl2tp (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys
21:53:21.0280 0728 Rasl2tp - ok
21:53:21.0467 0728 RasPppoe (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys
21:53:21.0478 0728 RasPppoe - ok
21:53:21.0636 0728 RasSstp (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys
21:53:21.0657 0728 RasSstp - ok
21:53:21.0783 0728 rdbss (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\Windows\system32\DRIVERS\rdbss.sys
21:53:21.0807 0728 rdbss - ok
21:53:21.0896 0728 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys
21:53:21.0899 0728 RDPCDD - ok
21:53:22.0075 0728 rdpdr (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys
21:53:22.0108 0728 rdpdr - ok
21:53:22.0342 0728 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys
21:53:22.0364 0728 RDPENCDD - ok
21:53:22.0650 0728 RDPWD (b1d741c87cea8d7282146366cc9c3f81) C:\Windows\system32\drivers\RDPWD.sys
21:53:22.0704 0728 RDPWD - ok
21:53:22.0904 0728 rimmptsk (d13d70fac45fc1df69f88559b1f72f0a) C:\Windows\system32\DRIVERS\rimmpx64.sys
21:53:22.0909 0728 rimmptsk - ok
21:53:23.0009 0728 rimsptsk (bb9edc55b0b8cb4fcd713428820e0776) C:\Windows\system32\DRIVERS\rimspx64.sys
21:53:23.0015 0728 rimsptsk - ok
21:53:23.0258 0728 rismxdp (481c3fdeacaae04b74c58288dbc91df9) C:\Windows\system32\DRIVERS\rixdpx64.sys
21:53:23.0275 0728 rismxdp - ok
21:53:23.0480 0728 RsFx0150 (eb1c539e621a35a49f7692b0eb565ab9) C:\Windows\system32\DRIVERS\RsFx0150.sys
21:53:23.0501 0728 RsFx0150 - ok
21:53:23.0840 0728 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys
21:53:23.0845 0728 rspndr - ok
21:53:23.0960 0728 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys
21:53:23.0965 0728 sbp2port - ok
21:53:24.0112 0728 sdbus (be100bc2be2513314c717bb2c4cfff10) C:\Windows\system32\DRIVERS\sdbus.sys
21:53:24.0132 0728 sdbus - ok
21:53:24.0296 0728 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
21:53:24.0308 0728 secdrv - ok
21:53:24.0503 0728 Serenum (f71bfe7ac6c52273b7c82cbf1bb2a222) C:\Windows\system32\drivers\serenum.sys
21:53:24.0521 0728 Serenum - ok
21:53:24.0661 0728 Serial (e62fac91ee288db29a9696a9d279929c) C:\Windows\system32\drivers\serial.sys
21:53:24.0675 0728 Serial - ok
21:53:24.0797 0728 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys
21:53:24.0800 0728 sermouse - ok
21:53:24.0940 0728 sffdisk (3a19c899bcf0ea24cfec2038e6a489db) C:\Windows\system32\DRIVERS\sffdisk.sys
21:53:24.0958 0728 sffdisk - ok
21:53:25.0013 0728 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys
21:53:25.0017 0728 sffp_mmc - ok
21:53:25.0057 0728 sffp_sd (fdca63a2eee528585eb66ceac183ec22) C:\Windows\system32\DRIVERS\sffp_sd.sys
21:53:25.0060 0728 sffp_sd - ok
21:53:25.0167 0728 sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys
21:53:25.0178 0728 sfloppy - ok
21:53:25.0254 0728 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys
21:53:25.0258 0728 SiSRaid2 - ok
21:53:25.0325 0728 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys
21:53:25.0330 0728 SiSRaid4 - ok
21:53:25.0508 0728 Smb (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys
21:53:25.0515 0728 Smb - ok
21:53:25.0696 0728 spldr (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys
21:53:25.0699 0728 spldr - ok
21:53:25.0876 0728 srv (880a57fccb571ebd063d4dd50e93e46d) C:\Windows\system32\DRIVERS\srv.sys
21:53:25.0890 0728 srv - ok
21:53:26.0087 0728 srv2 (a1ad14a6d7a37891fffeca35ebbb0730) C:\Windows\system32\DRIVERS\srv2.sys
21:53:26.0097 0728 srv2 - ok
21:53:26.0229 0728 srvnet (4bed62f4fa4d8300973f1151f4c4d8a7) C:\Windows\system32\DRIVERS\srvnet.sys
21:53:26.0246 0728 srvnet - ok
21:53:26.0411 0728 STHDA (ba16447226abfd342e130d2f24f73d32) C:\Windows\system32\DRIVERS\stwrt64.sys
21:53:26.0424 0728 STHDA - ok
21:53:26.0723 0728 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys
21:53:26.0782 0728 swenum - ok
21:53:26.0924 0728 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys
21:53:26.0927 0728 Symc8xx - ok
21:53:27.0006 0728 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys
21:53:27.0010 0728 Sym_hi - ok
21:53:27.0061 0728 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys
21:53:27.0064 0728 Sym_u3 - ok
21:53:27.0185 0728 Tcpip (2cc45d932bd193cd4117321d469ad6b2) C:\Windows\system32\drivers\tcpip.sys
21:53:27.0220 0728 Tcpip - ok
21:53:27.0374 0728 Tcpip6 (2cc45d932bd193cd4117321d469ad6b2) C:\Windows\system32\DRIVERS\tcpip.sys
21:53:27.0388 0728 Tcpip6 - ok
21:53:27.0490 0728 tcpipreg (c7e72a4071ee0200e3c075dacfb2b334) C:\Windows\system32\drivers\tcpipreg.sys
21:53:27.0495 0728 tcpipreg - ok
21:53:27.0539 0728 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys
21:53:27.0543 0728 TDPIPE - ok
21:53:27.0571 0728 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys
21:53:27.0576 0728 TDTCP - ok
21:53:27.0648 0728 tdx (458919c8c42e398dc4802178d5ffee27) C:\Windows\system32\DRIVERS\tdx.sys
21:53:27.0653 0728 tdx - ok
21:53:27.0733 0728 TermDD (8c19678d22649ec002ef2282eae92f98) C:\Windows\system32\DRIVERS\termdd.sys
21:53:27.0737 0728 TermDD - ok
21:53:27.0858 0728 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys
21:53:27.0862 0728 tssecsrv - ok
21:53:27.0958 0728 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys
21:53:27.0962 0728 tunmp - ok
21:53:28.0054 0728 tunnel (30a9b3f45ad081bffc3bcaa9c812b609) C:\Windows\system32\DRIVERS\tunnel.sys
21:53:28.0058 0728 tunnel - ok
21:53:28.0143 0728 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys
21:53:28.0147 0728 uagp35 - ok
21:53:28.0252 0728 udfs (faf2640a2a76ed03d449e443194c4c34) C:\Windows\system32\DRIVERS\udfs.sys
21:53:28.0263 0728 udfs - ok
21:53:28.0363 0728 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys
21:53:28.0368 0728 uliagpkx - ok
21:53:28.0410 0728 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys
21:53:28.0419 0728 uliahci - ok
21:53:28.0606 0728 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys
21:53:28.0637 0728 UlSata - ok
21:53:28.0853 0728 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys
21:53:28.0859 0728 ulsata2 - ok
21:53:29.0089 0728 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys
21:53:29.0102 0728 umbus - ok
21:53:29.0319 0728 usbaudio (c6ba890de6e41857fbe84175519cae7d) C:\Windows\system32\drivers\usbaudio.sys
21:53:29.0383 0728 usbaudio - ok
21:53:29.0789 0728 usbccgp (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys
21:53:29.0834 0728 usbccgp - ok
21:53:29.0930 0728 usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys
21:53:29.0943 0728 usbcir - ok
21:53:30.0101 0728 usbehci (827e44de934a736ea31e91d353eb126f) C:\Windows\system32\DRIVERS\usbehci.sys
21:53:30.0121 0728 usbehci - ok
21:53:30.0506 0728 usbhub (bb35cd80a2ececfadc73569b3d70c7d1) C:\Windows\system32\DRIVERS\usbhub.sys
21:53:30.0584 0728 usbhub - ok
21:53:30.0896 0728 usbohci (eba14ef0c07cec233f1529c698d0d154) C:\Windows\system32\drivers\usbohci.sys
21:53:30.0900 0728 usbohci - ok
21:53:31.0261 0728 usbprint (acfee697af477021bb3ec78c5431fed2) C:\Windows\system32\drivers\usbprint.sys
21:53:31.0328 0728 usbprint - ok
21:53:31.0504 0728 usbscan (ea0bf666868964fbe8cb10e50c97b9f1) C:\Windows\system32\DRIVERS\usbscan.sys
21:53:31.0522 0728 usbscan - ok
21:53:31.0710 0728 USBSTOR (b854c1558fca0c269a38663e8b59b581) C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:53:31.0808 0728 USBSTOR - ok
21:53:31.0932 0728 usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys
21:53:31.0953 0728 usbuhci - ok
21:53:32.0377 0728 usbvideo (fc33099877790d51b0927b7039059855) C:\Windows\system32\Drivers\usbvideo.sys
21:53:32.0400 0728 usbvideo - ok
21:53:32.0719 0728 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys
21:53:32.0734 0728 vga - ok
21:53:32.0842 0728 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys
21:53:32.0846 0728 VgaSave - ok
21:53:32.0880 0728 viaide (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys
21:53:32.0883 0728 viaide - ok
21:53:32.0960 0728 volmgr (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys
21:53:32.0995 0728 volmgr - ok
21:53:33.0456 0728 volmgrx (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys
21:53:33.0521 0728 volmgrx - ok
21:53:33.0921 0728 volsnap (5280aada24ab36b01a84a6424c475c8d) C:\Windows\system32\drivers\volsnap.sys
21:53:33.0930 0728 volsnap - ok
21:53:34.0065 0728 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys
21:53:34.0089 0728 vsmraid - ok
21:53:34.0432 0728 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys
21:53:34.0454 0728 WacomPen - ok
21:53:34.0816 0728 Wanarp (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
21:53:34.0821 0728 Wanarp - ok
21:53:34.0827 0728 Wanarpv6 (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
21:53:34.0831 0728 Wanarpv6 - ok
21:53:35.0136 0728 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys
21:53:35.0169 0728 Wd - ok
21:53:35.0475 0728 Wdf01000 (d02e7e4567da1e7582fbf6a91144b0df) C:\Windows\system32\drivers\Wdf01000.sys
21:53:35.0528 0728 Wdf01000 - ok
21:53:36.0009 0728 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\DRIVERS\wmiacpi.sys
21:53:36.0078 0728 WmiAcpi - ok
21:53:36.0644 0728 WpdUsb (5e2401b3fc1089c90e081291357371a9) C:\Windows\system32\DRIVERS\wpdusb.sys
21:53:36.0660 0728 WpdUsb - ok
21:53:36.0835 0728 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys
21:53:36.0839 0728 ws2ifsl - ok
21:53:37.0162 0728 WUDFRd (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys
21:53:37.0183 0728 WUDFRd - ok
21:53:37.0251 0728 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
21:53:37.0277 0728 \Device\Harddisk0\DR0 - ok
21:53:37.0309 0728 Boot (0x1200) (ffcc10b934e1e18fa9c2ef1d9a0faf87) \Device\Harddisk0\DR0\Partition0
21:53:37.0325 0728 \Device\Harddisk0\DR0\Partition0 - ok
21:53:37.0335 0728 Boot (0x1200) (f93b5ff268962d47f3db4c3aa966fba3) \Device\Harddisk0\DR0\Partition1
21:53:37.0380 0728 \Device\Harddisk0\DR0\Partition1 - ok
21:53:37.0381 0728 ============================================================
21:53:37.0381 0728 Scan finished
21:53:37.0381 0728 ============================================================
21:53:37.0398 4532 Detected object count: 0
21:53:37.0398 4532 Actual detected object count: 0

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:05 PM

Posted 11 December 2011 - 11:06 PM

Hello

This is the tool I would like you to try and run next.

Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.



Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 mcafee44

mcafee44
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:08:05 PM

Posted 12 December 2011 - 12:10 AM

when I tried to run aswmbr, i blue screened with 'driver_irql_not_less_or_equal'. This happened once before when I tried to stop one of the processes I thought was suspicious.

My redirects appear to have stopped, though. Malwarebytes is still stopping outbound traffic. Also, IE shuts down when I'm on this forum.

Edited by mcafee44, 12 December 2011 - 12:11 AM.


#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:05 PM

Posted 12 December 2011 - 12:30 AM

Hello

I would like you to run this tool for me - fixTDSS

download it to your desktop and start the program

Follow the prompts and Ok any security prompts

when it is complete it will say the infection was cleared or no infection was found - let me know what it says

after it is complete I want you to restart the computer and try to rerun ASWMbr for me and send me the report

  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 mcafee44

mcafee44
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:08:05 PM

Posted 12 December 2011 - 12:47 AM

It ran. Gave me this message. 'suspicious use of kernel callback but mbr appears intact. no infection found'. I tried aswmbr again but it bluescreened again. driver cited in the blue screen was ataport.sys.

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:05 PM

Posted 12 December 2011 - 12:54 AM

Greetings

I need you to make a bootable usb and to make a screenshot for me - follow the instructions below to do this

How to create a bootable Puppy USB Drive

  • Download and save a copy of the latest Puppy ISO file
  • Download and save a copy of Unetbootin for Windows.
  • Insert an empty formatted USB drive into a USB port on the computer that's being used to create the bootable USB.
  • Launch Unetbootin ....
  • Ensure that Disk Image is selected.
  • Using the browse button ... browse to and select the Puppy ISO file.
  • Ensure that Type: is set to USB Drive and that the Drive: letter corresponds to the USB drive.
  • Click OK
Unetbootin will now copy the Puppy files to the USB and make it a bootable device.

Next

You need to change the boot order of the computer to boot from a USB drive ....

  • Read HERE for instructions how to do this.

Now boot into Puppylinux

when you get to the desktop Click on each of the drive items found in the bottom left corner to mount them (when mounted they will have a red cross next to them)

Next - Launch GParted which is found at Menu > System > GParted partition manager,
Click to select All Drives then click Okay
I need you to take a screenshot of the window that opens up - to do this follow these instructions

To take a screenshot in Puppy ....

With the GParted window open ...

  • Click menu > Graphic > mtPaint-snapshot screen capture
  • A small window will open ....

    • Click Capture Now
    • Click OK
  • The mtPaint program will open ....
    • Click File > Save
    • Double click on ../
    • Double click on mnt/
    • Double click on sdb1/
    • Set File Format to JPEG
    • Enter screenshot1 into the text box
    • Click OK

This will save a file screenshot1.jpeg into the USB drive, paste or attach this to your next post

Next

  • Click menu > shutdown > power off computer
  • If prompted to save the session click on No

Puppy will now close down.

remove the usb and save it - we will use it again - boot back into windows and send me the screen capture

gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 mcafee44

mcafee44
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:08:05 PM

Posted 12 December 2011 - 02:10 AM

Here is the screenshot. I couldn't mount the 4th partition (sda4) or run the utility with 'all drives' but the sda I think shows you what you are looking for.

Attached File  screenshot1.jpg   118.15KB   5 downloads

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:05 PM

Posted 12 December 2011 - 02:44 AM

Hello


yes you do have a new virus on this computer



while booted into g-parted I want you to right click on the OS partition and select "Manage partitions"

Check the boot flag option


restart the computer and see if you still have the same problems


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 mcafee44

mcafee44
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:08:05 PM

Posted 12 December 2011 - 09:36 AM

Nice, Gringo. This changed some things for sure. The first thing I noticed was that my IGoogle page displayed correctly for the first time since all this began. Redirects still appear to be gone. I did try to run aswmbr again but bluescreened again.

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:05 PM

Posted 13 December 2011 - 12:27 AM

Hello


That is good news


Now boot back into GParted and right click on the partition that is hidden and select delete



restart the computer and let me know how things are


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users