Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Vista 2012 "antivirus" virus, plus hijacker


  • This topic is locked This topic is locked
11 replies to this topic

#1 YolandaQ

YolandaQ

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:01 PM

Posted 15 December 2011 - 01:41 AM

Hi! I am running a Dell laptop with Vista Home Premium, SP 2.

I got the Vista 2012 Antivirus extravaganza today, which I was able to mostly get rid of (I believe) with Roguekiller and Malwarebytes.

However, I still have some problems that I can't seem to resolve. First of all, I can't get my Windows Security Essentials or Windows firewall to work. I get a message saying "The specific service does not exist as an installed service", error code 0x80070424, which the info on the Microsoft help site doesn't help with at all.

Also, I now have a Firefox hijacker, which Malwarebytes and Spybot are not finding.

And finally, User Account Control has kicked in, so there is now an icon for "Blocked startup programs" which wants to block Malwarebytes, and often prompts me to approve activity from other programs that I have accessed myself (for example, Steam). That doesn't bother me, but the fact that it started doing this by itself makes me wonder what else was changed.

I have HijackThis but I will wait to scan & post the log until somebody has time to help me, in case things have changed by then. Thank you so much in advance!

Yolanda

BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,661 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:01 PM

Posted 21 December 2011 - 11:35 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/432535 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 YolandaQ

YolandaQ
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:01 PM

Posted 24 December 2011 - 02:37 PM

Hi! Avast and Adaware were able to remove my hijacker and most things seem normal.

However, I can't run Microsoft Security or Microsoft Firewall, which is bothering me. I still get a message saying "The specific service does not exist as an installed service", error code 0x80070424.
Also, Windows is still blocking Malwarebytes at startup, and I can't figure out why or how to stop it.

I would really appreciate somebody just taking a look at the logs just in case, because I'm kind of worried about what might still be on here.

For question #3, yes, I do have my Windows CD available.

Thank you SO much! Happy Festivus or whatever holiday you may or may not celebrate this time of year! :)

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.19170 BrowserJavaVersion: 1.6.0_30
Run by 00 at 10:52:32 on 2011-12-24
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3069.1595 [GMT -8:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\WLTRYSVC.EXE
C:\Windows\System32\bcmwltry.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\WLANExt.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\aestsrv.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Windows\system32\STacSV.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Lavasoft\Ad-Aware\AWSC.exe
C:\Program Files\Lavasoft\Ad-Aware\AWSC.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\OEM02Mon.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\NCH Software\ExpressZip\expresszip.exe
C:\Program Files\Steam\steamapps\common\neverwinter nights 2\Override\gmer\gmer.exe
C:\Windows\system32\ctfmon.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.bing.com/?pc=ZUGO&form=ZGAPHP
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
mRun: [OEM02Mon.exe] c:\windows\OEM02Mon.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [NVHotkey] rundll32.exe c:\windows\system32\nvHotkey.dll,Start
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\nostro~1.lnk - c:\windows\installer\{548c7b77-8b04-427e-acd0-d0e6e6e59bcf}\NewShortcut2_548C7B778B04427EACD0D0E6E6E59BCF.exe
uPolicies-explorer: HideSCAHealth = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{BC4F513B-A23E-4072-AB4E-90CC4FEF972B} : NameServer = 68.105.28.13,68.105.29.13
TCP: Interfaces\{BC4F513B-A23E-4072-AB4E-90CC4FEF972B} : DhcpNameServer = 192.168.1.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\00\appdata\roaming\mozilla\firefox\profiles\cy3exsu9.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=ZUGO&form=ZGAADF&q=
FF - prefs.js: network.proxy.type - 0
FF - component: c:\program files\mozilla firefox\extensions\{82af8dca-6de9-405d-bd5e-43525bdad38a}\components\SkypeFfComponent.dll
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dv.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dvstreaming.dll
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2011-12-15 64512]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-12-15 435032]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-12-15 314456]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2011-10-11 232512]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165648]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\AEstSrv.exe [2011-1-6 73728]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-12-15 20568]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-12-15 55128]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-12-15 44768]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2011-12-12 2152152]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia updatus\daemonu.exe [2011-8-25 2255464]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2011-8-3 379496]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2011-12-12 15232]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2011-12-14 1153368]
S3 bcgame;Nostromo HID Device Minidriver;c:\windows\system32\drivers\bcgame.sys [2011-4-29 23040]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2010-10-24 43392]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2010-10-24 65024]
S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2011-4-27 208944]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2011-12-15 23:52:19 -------- d-sh--w- C:\found.000
2011-12-15 23:15:50 16432 ----a-w- c:\windows\system32\lsdelete.exe
2011-12-15 19:04:18 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-12-15 19:02:09 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys
2011-12-15 19:02:01 -------- d-----w- c:\program files\Lavasoft
2011-12-15 18:59:43 55128 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-12-15 18:59:43 435032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-12-15 18:59:27 41184 ----a-w- c:\windows\avastSS.scr
2011-12-15 18:59:18 -------- d-----w- c:\programdata\AVAST Software
2011-12-15 18:59:18 -------- d-----w- c:\program files\AVAST Software
2011-12-15 03:00:32 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-12-15 03:00:32 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-12-15 02:36:04 388096 ----a-r- c:\users\00\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-12-15 02:36:04 -------- d-----w- c:\program files\Trend Micro
2011-12-15 01:18:05 111872 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2011-12-14 20:51:55 56200 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{ba362fb6-37f7-4294-8437-5e44d2be8129}\offreg.dll
2011-12-14 01:51:10 6823496 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{ba362fb6-37f7-4294-8437-5e44d2be8129}\mpengine.dll
2011-12-07 06:22:02 -------- d-----w- c:\program files\CCleaner
2011-12-03 03:39:31 -------- d-----w- c:\users\00\appdata\local\My Games
2011-12-03 02:35:48 -------- d-----w- c:\users\00\appdata\local\Oblivion
2011-11-29 23:53:25 -------- d-----w- c:\windows\8A809006C25A4A3A9DAB94659BCDB107.TMP
2011-11-29 23:53:24 -------- d-----w- c:\program files\common files\Wise Installation Wizard
2011-11-29 23:53:23 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2011-11-29 23:53:23 527192 ----a-w- c:\windows\system32\XAudio2_7.dll
2011-11-29 23:53:23 248672 ----a-w- c:\windows\system32\d3dx11_43.dll
2011-11-29 23:53:23 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2011-11-29 23:53:22 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll
.
==================== Find3M ====================
.
2011-11-23 13:37:27 2043904 ----a-w- c:\windows\system32\win32k.sys
2011-11-10 13:54:13 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-11-08 14:42:19 2048 ----a-w- c:\windows\system32\tzres.dll
2011-11-03 06:22:04 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-03 06:17:38 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-11-03 06:17:23 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-11-03 06:17:08 71680 ----a-w- c:\windows\system32\iesetup.dll
2011-11-03 06:17:08 109056 ----a-w- c:\windows\system32\iesysprep.dll
2011-11-03 05:22:43 385024 ----a-w- c:\windows\system32\html.iec
2011-11-03 04:45:39 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2011-11-03 04:43:59 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-10-27 08:01:53 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-10-27 08:01:53 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-25 15:56:04 49152 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-14 16:02:19 429056 ----a-w- c:\windows\system32\EncDec.dll
2011-10-11 17:08:03 232512 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
.
============= FINISH: 10:53:02.77 ===============

Attached Files



#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,225 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:01 PM

Posted 26 December 2011 - 10:54 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) ( 511KB ) to your desktop. Double click the aswMBR.exe to run it

  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
  • Please post the contents of that log in your next reply.
There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.

===

Please Download
TDSSKiller.zip

>>> Double-click on TDSSKiller.exe to run the application.
  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue
    Posted Image
  • If a suspicious file is detected, the default action will be Skip, click on Continue
    Posted Image
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.

Please post the logs for my review.

#5 YolandaQ

YolandaQ
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:01 PM

Posted 26 December 2011 - 08:03 PM

Hello, and thank you.

MBR log:

aswMBR version 0.9.9.1120 Copyright© 2011 AVAST Software
Run date: 2011-12-26 16:25:47
-----------------------------
16:25:47.928 OS Version: Windows 6.0.6002 Service Pack 2
16:25:47.928 Number of processors: 2 586 0xF0D
16:25:47.929 ComputerName: 00-PC UserName: 00
16:25:52.401 Initialize success
16:25:52.966 AVAST engine defs: 11122601
16:26:02.233 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
16:26:02.236 Disk 0 Vendor: WDC_WD32 11.0 Size: 305245MB BusType: 3
16:26:02.244 Disk 0 MBR read successfully
16:26:02.247 Disk 0 MBR scan
16:26:02.251 Disk 0 Windows VISTA default MBR code
16:26:02.256 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 305234 MB offset 63
16:26:02.263 Disk 0 scanning sectors +625121280
16:26:02.352 Disk 0 scanning C:\Windows\system32\drivers
16:26:18.267 Service scanning
16:26:19.633 Modules scanning
16:26:24.458 Disk 0 trace - called modules:
16:26:24.469
16:26:25.865 AVAST engine scan C:\Windows
16:26:28.767 AVAST engine scan C:\Windows\system32
16:28:09.394 AVAST engine scan C:\Windows\system32\drivers
16:28:17.810 AVAST engine scan C:\Users\00
16:44:46.427 AVAST engine scan C:\ProgramData
16:46:24.019 Scan finished successfully
16:47:06.721 Disk 0 MBR has been saved successfully to "C:\Users\00\Desktop\MBR.dat"
16:47:06.728 The log file has been saved successfully to "C:\Users\00\Desktop\aswMBR.txt"


TDSS killer log:

16:54:21.0002 6120 TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16
16:54:21.0566 6120 ============================================================
16:54:21.0566 6120 Current date / time: 2011/12/26 16:54:21.0566
16:54:21.0566 6120 SystemInfo:
16:54:21.0566 6120
16:54:21.0566 6120 OS Version: 6.0.6002 ServicePack: 2.0
16:54:21.0566 6120 Product type: Workstation
16:54:21.0566 6120 ComputerName: 00-PC
16:54:21.0567 6120 UserName: 00
16:54:21.0567 6120 Windows directory: C:\Windows
16:54:21.0567 6120 System windows directory: C:\Windows
16:54:21.0567 6120 Processor architecture: Intel x86
16:54:21.0567 6120 Number of processors: 2
16:54:21.0567 6120 Page size: 0x1000
16:54:21.0567 6120 Boot type: Normal boot
16:54:21.0567 6120 ============================================================
16:54:22.0061 6120 Initialize success
16:54:42.0074 4528 ============================================================
16:54:42.0074 4528 Scan started
16:54:42.0074 4528 Mode: Manual;
16:54:42.0074 4528 ============================================================
16:54:43.0111 4528 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
16:54:43.0118 4528 ACPI - ok
16:54:43.0171 4528 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
16:54:43.0180 4528 adp94xx - ok
16:54:43.0363 4528 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
16:54:43.0369 4528 adpahci - ok
16:54:43.0407 4528 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
16:54:43.0410 4528 adpu160m - ok
16:54:43.0455 4528 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
16:54:43.0459 4528 adpu320 - ok
16:54:43.0558 4528 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
16:54:43.0564 4528 AFD - ok
16:54:43.0606 4528 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
16:54:43.0608 4528 agp440 - ok
16:54:43.0675 4528 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
16:54:43.0678 4528 aic78xx - ok
16:54:43.0708 4528 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
16:54:43.0710 4528 aliide - ok
16:54:43.0724 4528 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
16:54:43.0726 4528 amdagp - ok
16:54:43.0739 4528 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
16:54:43.0741 4528 amdide - ok
16:54:43.0755 4528 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
16:54:43.0757 4528 AmdK7 - ok
16:54:43.0793 4528 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
16:54:43.0795 4528 AmdK8 - ok
16:54:43.0832 4528 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
16:54:43.0835 4528 arc - ok
16:54:43.0905 4528 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
16:54:43.0908 4528 arcsas - ok
16:54:44.0006 4528 aswFsBlk (054df24c92b55427e0757cfff160e4f2) C:\Windows\system32\drivers\aswFsBlk.sys
16:54:44.0008 4528 aswFsBlk - ok
16:54:44.0107 4528 aswMonFlt (258143605e77e4008f1758481d6a977d) C:\Windows\system32\drivers\aswMonFlt.sys
16:54:44.0112 4528 aswMonFlt - ok
16:54:44.0127 4528 aswRdr (352d5a48ebab35a7693b048679304831) C:\Windows\system32\drivers\aswRdr.sys
16:54:44.0129 4528 aswRdr - ok
16:54:44.0195 4528 aswSnx (8d34d2b24297e27d93e847319abfdec4) C:\Windows\system32\drivers\aswSnx.sys
16:54:44.0204 4528 aswSnx - ok
16:54:44.0277 4528 aswSP (010012597333da1f46c3243f33f8409e) C:\Windows\system32\drivers\aswSP.sys
16:54:44.0283 4528 aswSP - ok
16:54:44.0301 4528 aswTdi (f9f84364416658e9786235904d448d37) C:\Windows\system32\drivers\aswTdi.sys
16:54:44.0304 4528 aswTdi - ok
16:54:44.0354 4528 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
16:54:44.0356 4528 AsyncMac - ok
16:54:44.0400 4528 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
16:54:44.0402 4528 atapi - ok
16:54:44.0503 4528 bcgame (a840dcce93c91fc4f69c04a42cd7a180) C:\Windows\system32\drivers\bcgame.sys
16:54:44.0505 4528 bcgame - ok
16:54:44.0524 4528 BCM42RLY - ok
16:54:44.0616 4528 BCM43XX (cdf7f28ffd693b1b4137845dd1ef1ccc) C:\Windows\system32\DRIVERS\bcmwl6.sys
16:54:44.0651 4528 BCM43XX - ok
16:54:44.0684 4528 bcm4sbxp (cd4646067cc7dcba1907fa0acf7e3966) C:\Windows\system32\DRIVERS\bcm4sbxp.sys
16:54:44.0687 4528 bcm4sbxp - ok
16:54:44.0728 4528 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
16:54:44.0730 4528 Beep - ok
16:54:44.0780 4528 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
16:54:44.0782 4528 blbdrive - ok
16:54:44.0836 4528 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
16:54:44.0839 4528 bowser - ok
16:54:44.0875 4528 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
16:54:44.0877 4528 BrFiltLo - ok
16:54:44.0900 4528 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
16:54:44.0902 4528 BrFiltUp - ok
16:54:44.0937 4528 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
16:54:44.0940 4528 Brserid - ok
16:54:44.0956 4528 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
16:54:44.0958 4528 BrSerWdm - ok
16:54:44.0970 4528 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
16:54:44.0973 4528 BrUsbMdm - ok
16:54:44.0986 4528 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
16:54:44.0988 4528 BrUsbSer - ok
16:54:45.0003 4528 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
16:54:45.0006 4528 BTHMODEM - ok
16:54:45.0034 4528 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
16:54:45.0038 4528 cdfs - ok
16:54:45.0088 4528 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
16:54:45.0091 4528 cdrom - ok
16:54:45.0106 4528 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
16:54:45.0108 4528 circlass - ok
16:54:45.0150 4528 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
16:54:45.0156 4528 CLFS - ok
16:54:45.0216 4528 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
16:54:45.0218 4528 CmBatt - ok
16:54:45.0252 4528 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
16:54:45.0254 4528 cmdide - ok
16:54:45.0282 4528 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
16:54:45.0284 4528 Compbatt - ok
16:54:45.0299 4528 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
16:54:45.0301 4528 crcdisk - ok
16:54:45.0332 4528 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
16:54:45.0334 4528 Crusoe - ok
16:54:45.0416 4528 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
16:54:45.0418 4528 disk - ok
16:54:45.0485 4528 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
16:54:45.0487 4528 drmkaud - ok
16:54:45.0570 4528 dtsoftbus01 (c0c7ceccb6c85994c2bc92d58e52d3f2) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
16:54:45.0576 4528 dtsoftbus01 - ok
16:54:45.0674 4528 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
16:54:45.0697 4528 DXGKrnl - ok
16:54:45.0758 4528 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
16:54:45.0762 4528 E1G60 - ok
16:54:45.0825 4528 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
16:54:45.0829 4528 Ecache - ok
16:54:45.0886 4528 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
16:54:45.0893 4528 elxstor - ok
16:54:45.0930 4528 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
16:54:45.0932 4528 ErrDev - ok
16:54:45.0995 4528 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
16:54:45.0999 4528 exfat - ok
16:54:46.0044 4528 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
16:54:46.0048 4528 fastfat - ok
16:54:46.0089 4528 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
16:54:46.0091 4528 fdc - ok
16:54:46.0166 4528 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
16:54:46.0168 4528 FileInfo - ok
16:54:46.0199 4528 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
16:54:46.0201 4528 Filetrace - ok
16:54:46.0226 4528 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
16:54:46.0229 4528 flpydisk - ok
16:54:46.0266 4528 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
16:54:46.0271 4528 FltMgr - ok
16:54:46.0313 4528 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
16:54:46.0315 4528 Fs_Rec - ok
16:54:46.0342 4528 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
16:54:46.0345 4528 gagp30kx - ok
16:54:46.0406 4528 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
16:54:46.0412 4528 HdAudAddService - ok
16:54:46.0478 4528 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
16:54:46.0499 4528 HDAudBus - ok
16:54:46.0529 4528 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
16:54:46.0531 4528 HidBth - ok
16:54:46.0556 4528 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
16:54:46.0558 4528 HidIr - ok
16:54:46.0617 4528 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
16:54:46.0619 4528 HidUsb - ok
16:54:46.0651 4528 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
16:54:46.0653 4528 HpCISSs - ok
16:54:46.0745 4528 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
16:54:46.0751 4528 HSFHWAZL - ok
16:54:46.0814 4528 HSF_DPV (e9e589c9ab799f52e18f057635a2b362) C:\Windows\system32\DRIVERS\HSX_DPV.sys
16:54:46.0835 4528 HSF_DPV - ok
16:54:46.0882 4528 HSXHWAZL (7845d2385f4dc7dfb3ccaf0c2fa4948e) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
16:54:46.0886 4528 HSXHWAZL - ok
16:54:46.0932 4528 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
16:54:46.0940 4528 HTTP - ok
16:54:46.0995 4528 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
16:54:46.0997 4528 i2omp - ok
16:54:47.0054 4528 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
16:54:47.0056 4528 i8042prt - ok
16:54:47.0096 4528 iaStor (fd7f9d74c2b35dbda400804a3f5ed5d8) C:\Windows\system32\DRIVERS\iaStor.sys
16:54:47.0099 4528 iaStor - ok
16:54:47.0137 4528 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
16:54:47.0142 4528 iaStorV - ok
16:54:47.0175 4528 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
16:54:47.0177 4528 iirsp - ok
16:54:47.0253 4528 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
16:54:47.0255 4528 intelide - ok
16:54:47.0286 4528 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
16:54:47.0289 4528 intelppm - ok
16:54:47.0333 4528 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:54:47.0336 4528 IpFilterDriver - ok
16:54:47.0348 4528 IpInIp - ok
16:54:47.0394 4528 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
16:54:47.0396 4528 IPMIDRV - ok
16:54:47.0440 4528 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
16:54:47.0444 4528 IPNAT - ok
16:54:47.0483 4528 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
16:54:47.0485 4528 IRENUM - ok
16:54:47.0513 4528 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
16:54:47.0516 4528 isapnp - ok
16:54:47.0582 4528 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
16:54:47.0587 4528 iScsiPrt - ok
16:54:47.0617 4528 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
16:54:47.0619 4528 iteatapi - ok
16:54:47.0667 4528 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
16:54:47.0669 4528 iteraid - ok
16:54:47.0700 4528 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
16:54:47.0702 4528 kbdclass - ok
16:54:47.0764 4528 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
16:54:47.0766 4528 kbdhid - ok
16:54:47.0824 4528 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
16:54:47.0833 4528 KSecDD - ok
16:54:47.0900 4528 Lbd (336abe8721cbc3110f1c6426da633417) C:\Windows\system32\DRIVERS\Lbd.sys
16:54:47.0904 4528 Lbd - ok
16:54:47.0922 4528 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
16:54:47.0924 4528 lltdio - ok
16:54:47.0967 4528 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
16:54:47.0971 4528 LSI_FC - ok
16:54:48.0001 4528 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
16:54:48.0005 4528 LSI_SAS - ok
16:54:48.0045 4528 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
16:54:48.0048 4528 LSI_SCSI - ok
16:54:48.0061 4528 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
16:54:48.0064 4528 luafv - ok
16:54:48.0117 4528 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
16:54:48.0119 4528 mdmxsdk - ok
16:54:48.0168 4528 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
16:54:48.0170 4528 megasas - ok
16:54:48.0214 4528 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
16:54:48.0222 4528 MegaSR - ok
16:54:48.0260 4528 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
16:54:48.0262 4528 Modem - ok
16:54:48.0295 4528 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
16:54:48.0297 4528 monitor - ok
16:54:48.0322 4528 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
16:54:48.0324 4528 mouclass - ok
16:54:48.0341 4528 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
16:54:48.0343 4528 mouhid - ok
16:54:48.0365 4528 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
16:54:48.0367 4528 MountMgr - ok
16:54:48.0402 4528 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\Windows\system32\DRIVERS\MpFilter.sys
16:54:48.0406 4528 MpFilter - ok
16:54:48.0447 4528 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
16:54:48.0450 4528 mpio - ok
16:54:48.0539 4528 MpKsl30abddcf - ok
16:54:48.0567 4528 MpKsl5c7a2e75 - ok
16:54:48.0575 4528 MpKsl724f8607 - ok
16:54:48.0594 4528 MpKsl758581b6 - ok
16:54:48.0608 4528 MpKsl7a36b2c4 - ok
16:54:48.0626 4528 MpKsl8896c379 - ok
16:54:48.0636 4528 MpKsle5339667 - ok
16:54:48.0744 4528 MpNWMon (2c3489660d4a8d514c123c3f0d67df46) C:\Windows\system32\DRIVERS\MpNWMon.sys
16:54:48.0747 4528 MpNWMon - ok
16:54:48.0815 4528 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
16:54:48.0817 4528 mpsdrv - ok
16:54:48.0866 4528 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
16:54:48.0869 4528 Mraid35x - ok
16:54:48.0904 4528 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
16:54:48.0908 4528 MRxDAV - ok
16:54:48.0966 4528 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
16:54:48.0969 4528 mrxsmb - ok
16:54:49.0008 4528 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:54:49.0014 4528 mrxsmb10 - ok
16:54:49.0051 4528 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:54:49.0054 4528 mrxsmb20 - ok
16:54:49.0067 4528 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
16:54:49.0070 4528 msahci - ok
16:54:49.0100 4528 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
16:54:49.0104 4528 msdsm - ok
16:54:49.0143 4528 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
16:54:49.0145 4528 Msfs - ok
16:54:49.0185 4528 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
16:54:49.0187 4528 msisadrv - ok
16:54:49.0229 4528 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
16:54:49.0231 4528 MSKSSRV - ok
16:54:49.0260 4528 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
16:54:49.0262 4528 MSPCLOCK - ok
16:54:49.0326 4528 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
16:54:49.0328 4528 MSPQM - ok
16:54:49.0365 4528 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
16:54:49.0370 4528 MsRPC - ok
16:54:49.0425 4528 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
16:54:49.0427 4528 mssmbios - ok
16:54:49.0460 4528 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
16:54:49.0462 4528 MSTEE - ok
16:54:49.0511 4528 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
16:54:49.0513 4528 Mup - ok
16:54:49.0558 4528 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
16:54:49.0562 4528 NativeWifiP - ok
16:54:49.0596 4528 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
16:54:49.0616 4528 NDIS - ok
16:54:49.0636 4528 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
16:54:49.0638 4528 NdisTapi - ok
16:54:49.0659 4528 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
16:54:49.0661 4528 Ndisuio - ok
16:54:49.0688 4528 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
16:54:49.0691 4528 NdisWan - ok
16:54:49.0709 4528 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
16:54:49.0711 4528 NDProxy - ok
16:54:49.0728 4528 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
16:54:49.0730 4528 NetBIOS - ok
16:54:49.0769 4528 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
16:54:49.0773 4528 netbt - ok
16:54:49.0822 4528 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
16:54:49.0824 4528 nfrd960 - ok
16:54:49.0877 4528 NisDrv (7b01c6172cfd0b10116175e09200d4b4) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
16:54:49.0880 4528 NisDrv - ok
16:54:49.0922 4528 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
16:54:49.0925 4528 Npfs - ok
16:54:49.0952 4528 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
16:54:49.0954 4528 nsiproxy - ok
16:54:50.0019 4528 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
16:54:50.0049 4528 Ntfs - ok
16:54:50.0080 4528 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
16:54:50.0082 4528 ntrigdigi - ok
16:54:50.0108 4528 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
16:54:50.0109 4528 Null - ok
16:54:50.0400 4528 nvlddmkm (4152708c0c24e30dae7fa87d5afe1d7b) C:\Windows\system32\DRIVERS\nvlddmkm.sys
16:54:50.0662 4528 nvlddmkm - ok
16:54:50.0694 4528 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
16:54:50.0698 4528 nvraid - ok
16:54:50.0723 4528 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
16:54:50.0725 4528 nvstor - ok
16:54:50.0768 4528 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
16:54:50.0772 4528 nv_agp - ok
16:54:50.0784 4528 NwlnkFlt - ok
16:54:50.0799 4528 NwlnkFwd - ok
16:54:50.0845 4528 OEM02Dev (19cac780b858822055f46c58a111723c) C:\Windows\system32\DRIVERS\OEM02Dev.sys
16:54:50.0851 4528 OEM02Dev - ok
16:54:50.0870 4528 OEM02Vfx (86326062a90494bdd79ce383511d7d69) C:\Windows\system32\DRIVERS\OEM02Vfx.sys
16:54:50.0872 4528 OEM02Vfx - ok
16:54:50.0917 4528 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
16:54:50.0920 4528 ohci1394 - ok
16:54:50.0946 4528 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
16:54:50.0949 4528 Parport - ok
16:54:50.0992 4528 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
16:54:50.0994 4528 partmgr - ok
16:54:51.0029 4528 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
16:54:51.0031 4528 Parvdm - ok
16:54:51.0071 4528 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
16:54:51.0075 4528 pci - ok
16:54:51.0112 4528 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
16:54:51.0114 4528 pciide - ok
16:54:51.0153 4528 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
16:54:51.0158 4528 pcmcia - ok
16:54:51.0213 4528 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
16:54:51.0236 4528 PEAUTH - ok
16:54:51.0289 4528 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
16:54:51.0292 4528 PptpMiniport - ok
16:54:51.0322 4528 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
16:54:51.0325 4528 Processor - ok
16:54:51.0415 4528 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
16:54:51.0418 4528 PSched - ok
16:54:51.0496 4528 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
16:54:51.0532 4528 ql2300 - ok
16:54:51.0576 4528 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
16:54:51.0580 4528 ql40xx - ok
16:54:51.0624 4528 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
16:54:51.0627 4528 QWAVEdrv - ok
16:54:51.0649 4528 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
16:54:51.0652 4528 RasAcd - ok
16:54:51.0676 4528 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
16:54:51.0679 4528 Rasl2tp - ok
16:54:51.0715 4528 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
16:54:51.0717 4528 RasPppoe - ok
16:54:51.0734 4528 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
16:54:51.0737 4528 RasSstp - ok
16:54:51.0776 4528 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
16:54:51.0781 4528 rdbss - ok
16:54:51.0802 4528 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
16:54:51.0804 4528 RDPCDD - ok
16:54:51.0842 4528 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
16:54:51.0848 4528 rdpdr - ok
16:54:51.0862 4528 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
16:54:51.0864 4528 RDPENCDD - ok
16:54:51.0901 4528 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
16:54:51.0906 4528 RDPWD - ok
16:54:51.0955 4528 rimmptsk (d85e3fa9f5b1f29bb4ed185c450d1470) C:\Windows\system32\DRIVERS\rimmptsk.sys
16:54:51.0957 4528 rimmptsk - ok
16:54:51.0999 4528 rimsptsk (db8eb01c58c9fada00c70b1775278ae0) C:\Windows\system32\DRIVERS\rimsptsk.sys
16:54:52.0001 4528 rimsptsk - ok
16:54:52.0016 4528 rismxdp (6c1f93c0760c9f79a1869d07233df39d) C:\Windows\system32\DRIVERS\rixdptsk.sys
16:54:52.0019 4528 rismxdp - ok
16:54:52.0043 4528 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
16:54:52.0046 4528 rspndr - ok
16:54:52.0086 4528 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
16:54:52.0089 4528 sbp2port - ok
16:54:52.0153 4528 sdbus (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys
16:54:52.0157 4528 sdbus - ok
16:54:52.0179 4528 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
16:54:52.0181 4528 secdrv - ok
16:54:52.0222 4528 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
16:54:52.0225 4528 Serenum - ok
16:54:52.0239 4528 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
16:54:52.0243 4528 Serial - ok
16:54:52.0257 4528 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
16:54:52.0259 4528 sermouse - ok
16:54:52.0304 4528 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
16:54:52.0306 4528 sffdisk - ok
16:54:52.0334 4528 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
16:54:52.0336 4528 sffp_mmc - ok
16:54:52.0350 4528 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
16:54:52.0353 4528 sffp_sd - ok
16:54:52.0384 4528 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
16:54:52.0387 4528 sfloppy - ok
16:54:52.0417 4528 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
16:54:52.0420 4528 sisagp - ok
16:54:52.0434 4528 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
16:54:52.0436 4528 SiSRaid2 - ok
16:54:52.0461 4528 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
16:54:52.0464 4528 SiSRaid4 - ok
16:54:52.0509 4528 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
16:54:52.0512 4528 Smb - ok
16:54:52.0542 4528 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
16:54:52.0544 4528 spldr - ok
16:54:52.0614 4528 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
16:54:52.0620 4528 srv - ok
16:54:52.0670 4528 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
16:54:52.0674 4528 srv2 - ok
16:54:52.0702 4528 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
16:54:52.0705 4528 srvnet - ok
16:54:52.0862 4528 STHDA (6a2a5e809c2c0178326d92b19ee4aad3) C:\Windows\system32\drivers\stwrt.sys
16:54:52.0869 4528 STHDA - ok
16:54:52.0894 4528 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
16:54:52.0897 4528 swenum - ok
16:54:52.0932 4528 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
16:54:52.0934 4528 Symc8xx - ok
16:54:52.0962 4528 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
16:54:52.0964 4528 Sym_hi - ok
16:54:52.0986 4528 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
16:54:52.0989 4528 Sym_u3 - ok
16:54:53.0067 4528 Tcpip (16731b631f28f63cd9f4cb60940e7ddd) C:\Windows\system32\drivers\tcpip.sys
16:54:53.0090 4528 Tcpip - ok
16:54:53.0119 4528 Tcpip6 (16731b631f28f63cd9f4cb60940e7ddd) C:\Windows\system32\DRIVERS\tcpip.sys
16:54:53.0126 4528 Tcpip6 - ok
16:54:53.0177 4528 tcpipreg (3fc13f09af9be487c7b4fac4070a036c) C:\Windows\system32\drivers\tcpipreg.sys
16:54:53.0180 4528 tcpipreg - ok
16:54:53.0209 4528 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
16:54:53.0212 4528 TDPIPE - ok
16:54:53.0226 4528 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
16:54:53.0228 4528 TDTCP - ok
16:54:53.0275 4528 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
16:54:53.0278 4528 tdx - ok
16:54:53.0316 4528 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
16:54:53.0319 4528 TermDD - ok
16:54:53.0381 4528 TrueSight (f69641efdb19acb4753b0155f7fdeed5) c:\windows\system32\drivers\TrueSight.sys
16:54:53.0384 4528 TrueSight - ok
16:54:53.0423 4528 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
16:54:53.0426 4528 tssecsrv - ok
16:54:53.0445 4528 tunnel (119b8184e106baedc83fce5ddf3950da) C:\Windows\system32\DRIVERS\tunnel.sys
16:54:53.0447 4528 tunnel - ok
16:54:53.0487 4528 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
16:54:53.0490 4528 uagp35 - ok
16:54:53.0537 4528 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
16:54:53.0543 4528 udfs - ok
16:54:53.0585 4528 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
16:54:53.0587 4528 uliagpkx - ok
16:54:53.0605 4528 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
16:54:53.0611 4528 uliahci - ok
16:54:53.0646 4528 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
16:54:53.0649 4528 UlSata - ok
16:54:53.0664 4528 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
16:54:53.0668 4528 ulsata2 - ok
16:54:53.0697 4528 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
16:54:53.0699 4528 umbus - ok
16:54:53.0755 4528 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
16:54:53.0758 4528 usbccgp - ok
16:54:53.0788 4528 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
16:54:53.0791 4528 usbcir - ok
16:54:53.0843 4528 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
16:54:53.0846 4528 usbehci - ok
16:54:53.0862 4528 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
16:54:53.0868 4528 usbhub - ok
16:54:53.0892 4528 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
16:54:53.0894 4528 usbohci - ok
16:54:53.0917 4528 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
16:54:53.0919 4528 usbprint - ok
16:54:53.0959 4528 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:54:53.0962 4528 USBSTOR - ok
16:54:53.0982 4528 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
16:54:53.0985 4528 usbuhci - ok
16:54:54.0031 4528 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
16:54:54.0036 4528 usbvideo - ok
16:54:54.0068 4528 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
16:54:54.0071 4528 vga - ok
16:54:54.0100 4528 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
16:54:54.0103 4528 VgaSave - ok
16:54:54.0140 4528 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
16:54:54.0142 4528 viaagp - ok
16:54:54.0166 4528 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
16:54:54.0168 4528 ViaC7 - ok
16:54:54.0193 4528 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
16:54:54.0195 4528 viaide - ok
16:54:54.0227 4528 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
16:54:54.0229 4528 volmgr - ok
16:54:54.0270 4528 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
16:54:54.0276 4528 volmgrx - ok
16:54:54.0304 4528 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
16:54:54.0310 4528 volsnap - ok
16:54:54.0345 4528 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
16:54:54.0350 4528 vsmraid - ok
16:54:54.0434 4528 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
16:54:54.0436 4528 WacomPen - ok
16:54:54.0473 4528 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
16:54:54.0476 4528 Wanarp - ok
16:54:54.0488 4528 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
16:54:54.0489 4528 Wanarpv6 - ok
16:54:54.0511 4528 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
16:54:54.0514 4528 Wd - ok
16:54:54.0552 4528 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
16:54:54.0574 4528 Wdf01000 - ok
16:54:54.0653 4528 winachsf (4daca8f07537d4d7e3534bb99294aa26) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
16:54:54.0676 4528 winachsf - ok
16:54:54.0724 4528 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
16:54:54.0726 4528 WmiAcpi - ok
16:54:54.0794 4528 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
16:54:54.0796 4528 WpdUsb - ok
16:54:54.0833 4528 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
16:54:54.0836 4528 ws2ifsl - ok
16:54:54.0888 4528 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
16:54:54.0892 4528 WUDFRd - ok
16:54:54.0978 4528 XAudio (5a7ff9a18ff6d7e0527fe3abf9204ef8) C:\Windows\system32\DRIVERS\xaudio.sys
16:54:54.0981 4528 XAudio - ok
16:54:55.0000 4528 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
16:54:55.0029 4528 \Device\Harddisk0\DR0 - ok
16:54:55.0033 4528 Boot (0x1200) (985dd9683a3bce3a724e3c4cddf3c7e4) \Device\Harddisk0\DR0\Partition0
16:54:55.0034 4528 \Device\Harddisk0\DR0\Partition0 - ok
16:54:55.0035 4528 ============================================================
16:54:55.0036 4528 Scan finished
16:54:55.0036 4528 ============================================================
16:54:55.0047 6108 Detected object count: 0
16:54:55.0047 6108 Actual detected object count: 0

Attached Files

  • Attached File  MBR.zip   542bytes   0 downloads


#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,225 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:01 PM

Posted 27 December 2011 - 08:56 AM

These logs are clean.

Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop

IMPORTANT....

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Do not install any other programs until this if fixed.


How to : Disable Anti-virus and Firewall...
http://www.bleepingcomputer.com/forums/topic114351.html

Double click on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt
Note:
Do not mouse click ComboFix's window while it's running. That may cause it to stall


Note: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

===

Third party programs if not up to date can be the cause infiltration of an infection.

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Please post the logs and let me know what problem persists.

#7 YolandaQ

YolandaQ
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:01 PM

Posted 29 December 2011 - 02:27 PM

Hello! I kept getting a message from Combofix that my Windows antivirus software was still running. However, as mentioned above, I can't run it at all, and I couldn't find anything in Task Manager that looked like it. So I went ahead and tried Combofix anyway. It seemed to work, but I still can't run Windows Security or Windows Firewall. Other than that, everything seems to be working fine. Thanks.


Combofix:

ComboFix 11-12-29.04 - 00 12/29/2011 10:46:50.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3069.2298 [GMT -8:00]
Running from: c:\users\00\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Search Toolbar
c:\program files\Search Toolbar\SearchToolbar.dll
c:\windows\$NtUninstallKB31220$
c:\windows\$NtUninstallKB31220$\141062556\@
c:\windows\$NtUninstallKB31220$\141062556\bckfg.tmp
c:\windows\$NtUninstallKB31220$\141062556\cfg.ini
c:\windows\$NtUninstallKB31220$\141062556\Desktop.ini
c:\windows\$NtUninstallKB31220$\141062556\keywords
c:\windows\$NtUninstallKB31220$\141062556\kwrd.dll
c:\windows\$NtUninstallKB31220$\141062556\L\qnbwvoto
c:\windows\$NtUninstallKB31220$\141062556\lsflt7.ver
c:\windows\$NtUninstallKB31220$\141062556\U\00000001.@
c:\windows\$NtUninstallKB31220$\141062556\U\00000002.@
c:\windows\$NtUninstallKB31220$\141062556\U\00000004.@
c:\windows\$NtUninstallKB31220$\141062556\U\80000000.@
c:\windows\$NtUninstallKB31220$\141062556\U\80000004.@
c:\windows\$NtUninstallKB31220$\141062556\U\80000032.@
c:\windows\$NtUninstallKB31220$\3539038834
.
.
((((((((((((((((((((((((( Files Created from 2011-11-28 to 2011-12-29 )))))))))))))))))))))))))))))))
.
.
2011-12-29 19:09 . 2011-12-29 19:10 -------- d-----w- c:\users\00\AppData\Local\temp
2011-12-29 19:09 . 2011-12-29 19:09 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2011-12-29 19:09 . 2011-12-29 19:09 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-12-26 07:36 . 2011-12-26 07:36 -------- d-----w- c:\users\00\AppData\Local\SWTOR
2011-12-26 00:48 . 2011-12-26 00:48 -------- d-----w- c:\program files\Common Files\BioWare
2011-12-25 20:12 . 2011-12-25 20:12 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-12-15 23:52 . 2011-12-15 23:52 -------- d-----w- C:\found.000
2011-12-15 23:15 . 2011-12-15 19:04 16432 ----a-w- c:\windows\system32\lsdelete.exe
2011-12-15 19:04 . 2011-12-15 19:04 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-12-15 19:02 . 2011-12-12 18:07 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys
2011-12-15 19:02 . 2011-12-15 19:02 -------- d-----w- c:\program files\Lavasoft
2011-12-15 19:02 . 2011-12-15 19:02 -------- d-----w- c:\programdata\Lavasoft
2011-12-15 18:59 . 2011-11-28 17:53 314456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-12-15 18:59 . 2011-11-28 17:51 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-12-15 18:59 . 2011-11-28 17:53 435032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-12-15 18:59 . 2011-11-28 17:52 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-12-15 18:59 . 2011-11-28 17:52 52952 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-12-15 18:59 . 2011-11-28 17:52 55128 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-12-15 18:59 . 2011-11-28 18:01 41184 ----a-w- c:\windows\avastSS.scr
2011-12-15 18:59 . 2011-11-28 18:01 199816 ----a-w- c:\windows\system32\aswBoot.exe
2011-12-15 18:59 . 2011-12-15 18:59 -------- d-----w- c:\programdata\AVAST Software
2011-12-15 18:59 . 2011-12-15 18:59 -------- d-----w- c:\program files\AVAST Software
2011-12-15 18:53 . 2011-12-15 18:53 -------- d-----w- c:\program files\Common Files\Java
2011-12-15 03:00 . 2011-12-15 08:48 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-12-15 03:00 . 2011-12-15 03:01 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-12-15 02:36 . 2011-12-15 02:36 388096 ----a-r- c:\users\00\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-12-15 02:36 . 2011-12-15 02:36 -------- d-----w- c:\program files\Trend Micro
2011-12-15 01:18 . 2011-12-15 02:27 111872 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2011-12-14 20:51 . 2011-12-14 20:51 56200 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BA362FB6-37F7-4294-8437-5E44D2BE8129}\offreg.dll
2011-12-14 01:51 . 2011-11-21 10:47 6823496 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BA362FB6-37F7-4294-8437-5E44D2BE8129}\mpengine.dll
2011-12-07 06:22 . 2011-12-07 06:22 -------- d-----w- c:\program files\CCleaner
2011-12-03 03:39 . 2011-12-03 03:39 -------- d-----w- c:\users\00\AppData\Local\My Games
2011-12-03 02:35 . 2011-12-03 02:35 -------- d-----w- c:\users\00\AppData\Local\Oblivion
2011-11-29 23:53 . 2011-11-29 23:53 -------- d-----w- c:\windows\8A809006C25A4A3A9DAB94659BCDB107.TMP
2011-11-29 23:53 . 2011-11-29 23:53 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2011-11-29 23:53 . 2010-06-02 12:55 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2011-11-29 23:53 . 2010-06-02 12:55 527192 ----a-w- c:\windows\system32\XAudio2_7.dll
2011-11-29 23:53 . 2010-05-26 19:41 248672 ----a-w- c:\windows\system32\d3dx11_43.dll
2011-11-29 23:53 . 2010-05-26 19:41 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2011-11-29 23:53 . 2010-05-26 19:41 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-21 10:47 . 2011-01-23 17:49 6823496 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-11-10 13:54 . 2011-01-23 23:43 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-10-11 17:08 . 2011-10-11 17:08 232512 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2011-10-11 16:10 . 2011-10-11 16:10 703824 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FD278A35-7F66-4EF0-87A7-6362683161AA}\gapaengine.dll
2011-10-07 03:48 . 2011-11-04 03:05 6668624 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Updates\mpengine.dll
2011-11-09 20:46 . 2011-09-02 16:05 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-11-28 18:01 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02 94208 ----a-w- c:\users\00\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02 94208 ----a-w- c:\users\00\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02 94208 ----a-w- c:\users\00\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02 94208 ----a-w- c:\users\00\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EADM"="c:\program files\Origin\Origin.exe" [2011-11-07 28846216]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2007-05-10 36864]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-12-08 3444736]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-02-12 174872]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-09-13 405504]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2011-08-03 309352]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-11-28 3744552]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Nostromo Loadout Manager.lnk - c:\windows\Installer\{548C7B77-8B04-427E-ACD0-D0E6E6E59BCF}\NewShortcut2_548C7B778B04427EACD0D0E6E6E59BCF.exe [2011-4-29 45056]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-933506636-4052340945-155764619-1000]
"EnableNotificationsRef"=dword:00000001
.
R1 MpKsl30abddcf;MpKsl30abddcf;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{78E11A67-043B-4DFA-B157-B78AFDCC17AC}\MpKsl30abddcf.sys [x]
R1 MpKsl5c7a2e75;MpKsl5c7a2e75;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2D57FF88-7628-453A-8690-CBDBFF174077}\MpKsl5c7a2e75.sys [x]
R1 MpKsl724f8607;MpKsl724f8607;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{04118F47-FE13-4030-AD5C-38AF27A52E56}\MpKsl724f8607.sys [x]
R1 MpKsl758581b6;MpKsl758581b6;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{870C3218-6011-445F-A822-BDA7BA424B86}\MpKsl758581b6.sys [x]
R1 MpKsl7a36b2c4;MpKsl7a36b2c4;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{445A0A79-01CE-415A-90C8-953C18599DE9}\MpKsl7a36b2c4.sys [x]
R1 MpKsl8896c379;MpKsl8896c379;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B0F92A47-5942-4D42-8303-7FADA0AB96E6}\MpKsl8896c379.sys [x]
R1 MpKsle5339667;MpKsle5339667;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7C95E56A-43F9-4378-803F-7D30571F3AAE}\MpKsle5339667.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 bcgame;Nostromo HID Device Minidriver;c:\windows\system32\drivers\bcgame.sys [2007-08-14 23040]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [2011-12-12 15232]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 43392]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 65024]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 208944]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2011-12-12 64512]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-10-11 232512]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe [2007-09-20 73728]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-11-28 55128]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2011-12-15 2152152]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-08-03 2255464]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-08-03 379496]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.bing.com/?pc=ZUGO&form=ZGAPHP
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{BC4F513B-A23E-4072-AB4E-90CC4FEF972B}: NameServer = 68.105.28.13,68.105.29.13
FF - ProfilePath - c:\users\00\AppData\Roaming\Mozilla\Firefox\Profiles\cy3exsu9.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=ZUGO&form=ZGAADF&q=
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-MsMpSvc
AddRemove-LiveCode Player - c:\users\00\AppData\Local\RunRev\Components\LiveCodePlayer\9\setup.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-29 11:09
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
.
c:\windows\TEMP\_avast_\unp12420837.tmp 828104 bytes executable
.
scan completed successfully
hidden files: 1
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-933506636-4052340945-155764619-1000\Software\SecuROM\License information*]
"datasecu"=hex:22,f9,6e,7b,9f,44,e7,5f,43,3b,ca,65,59,a6,f4,d9,c2,51,79,0e,f7,
5c,de,a8,0e,bb,93,c1,60,6a,dc,fc,a3,45,ec,e6,a5,4e,24,d2,16,e2,d4,eb,35,b7,\
"rkeysecu"=hex:c0,d1,45,a3,49,4b,d4,38,01,f4,a3,b3,1d,3f,22,52
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(656)
c:\windows\System32\BCMLogon.dll
.
Completion time: 2011-12-29 11:14:56
ComboFix-quarantined-files.txt 2011-12-29 19:14
.
Pre-Run: 17,453,207,552 bytes free
Post-Run: 17,530,863,616 bytes free
.
- - End Of File - - 9A3D4E6129A5AE4A1A1D3A75AFE57746


Checkup:

Results of screen317's Security Check version 0.99.30
Windows Vista Service Pack 2 x86 (UAC is enabled)
Internet Explorer 8 Out of date!
``````````````````````````````
Antivirus/Firewall Check:

avast! Free Antivirus
Microsoft Security Essentials
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Ad-Aware
Malwarebytes' Anti-Malware
CCleaner
Java™ 6 Update 30
Adobe Flash Player 11.1.102.55
Adobe Reader 9 Adobe Reader out of date!
Mozilla Firefox 8.0. Firefox out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent

Ad-Aware AAWService.exe
Ad-Aware AAWTray.exe
Spybot Teatimer.exe is disabled!
AVAST Software Avast AvastSvc.exe
``````````End of Log````````````

#8 nasdaq

nasdaq

  • Malware Response Team
  • 39,225 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:01 PM

Posted 30 December 2011 - 09:51 AM

As a security measure.
Get the latest version of the Adobe Reader.
http://get.adobe.com/reader/
Before your download I suggest you unckeck the box on the top right "Include in your download" this is not required. While the installation is in progress you can also deny the installation of any other programs that may be suggested.

When installed remove your old version of the Reader using the Add/Remove Programs applet if present.
===

Open notepad and copy/paste the text in the quote box below into it:

Driver::
MpKsl30abddcf
MpKsl5c7a2e75
MpKsl724f8607
MpKsl758581b6
MpKsl7a36b2c4
MpKsl8896c379
MpKsle5339667


Save this as CFScript on your desktop.

Posted Image

Referring to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log.
===

Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the following option is checked:
    • Windows Firewall
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


#9 YolandaQ

YolandaQ
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:01 PM

Posted 01 January 2012 - 02:38 PM

Here's Combofix:

ComboFix 12-01-01.02 - 00 01/01/2012 11:06:41.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3069.1652 [GMT -8:00]
Running from: c:\users\00\Downloads\ComboFix.exe
Command switches used :: c:\users\00\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\00\AppData\Roaming\Mozilla\Firefox\Profiles\cy3exsu9.default\searchplugins\bing-zugo.xml
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_MPKSL30ABDDCF
-------\Legacy_MPKSL5C7A2E75
-------\Legacy_MPKSL724F8607
-------\Legacy_MPKSL758581B6
-------\Legacy_MPKSL7A36B2C4
-------\Legacy_MPKSL8896C379
-------\Legacy_MPKSLE5339667
-------\Service_MpKsl30abddcf
-------\Service_MpKsl5c7a2e75
-------\Service_MpKsl724f8607
-------\Service_MpKsl758581b6
-------\Service_MpKsl7a36b2c4
-------\Service_MpKsl8896c379
-------\Service_MpKsle5339667
-------\Service_wuauserv
.
.
((((((((((((((((((((((((( Files Created from 2011-12-01 to 2012-01-01 )))))))))))))))))))))))))))))))
.
.
2012-01-01 19:17 . 2012-01-01 19:20 -------- d-----w- c:\users\00\AppData\Local\temp
2011-12-26 07:36 . 2011-12-26 07:36 -------- d-----w- c:\users\00\AppData\Local\SWTOR
2011-12-26 00:48 . 2011-12-26 00:48 -------- d-----w- c:\program files\Common Files\BioWare
2011-12-25 20:12 . 2011-12-25 20:12 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-12-15 23:52 . 2011-12-15 23:52 -------- d-----w- C:\found.000
2011-12-15 23:15 . 2011-12-15 19:04 16432 ----a-w- c:\windows\system32\lsdelete.exe
2011-12-15 19:04 . 2011-12-15 19:04 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-12-15 19:02 . 2011-12-12 18:07 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys
2011-12-15 19:02 . 2011-12-15 19:02 -------- d-----w- c:\program files\Lavasoft
2011-12-15 19:02 . 2011-12-15 19:02 -------- d-----w- c:\programdata\Lavasoft
2011-12-15 18:59 . 2011-11-28 17:53 314456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-12-15 18:59 . 2011-11-28 17:51 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-12-15 18:59 . 2011-11-28 17:53 435032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-12-15 18:59 . 2011-11-28 17:52 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-12-15 18:59 . 2011-11-28 17:52 52952 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-12-15 18:59 . 2011-11-28 17:52 55128 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-12-15 18:59 . 2011-11-28 18:01 41184 ----a-w- c:\windows\avastSS.scr
2011-12-15 18:59 . 2011-11-28 18:01 199816 ----a-w- c:\windows\system32\aswBoot.exe
2011-12-15 18:59 . 2011-12-15 18:59 -------- d-----w- c:\programdata\AVAST Software
2011-12-15 18:59 . 2011-12-15 18:59 -------- d-----w- c:\program files\AVAST Software
2011-12-15 18:53 . 2011-12-15 18:53 -------- d-----w- c:\program files\Common Files\Java
2011-12-15 03:00 . 2011-12-15 08:48 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-12-15 03:00 . 2011-12-15 03:01 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-12-15 02:36 . 2011-12-15 02:36 388096 ----a-r- c:\users\00\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-12-15 02:36 . 2011-12-15 02:36 -------- d-----w- c:\program files\Trend Micro
2011-12-15 01:18 . 2011-12-15 02:27 111872 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2011-12-14 20:51 . 2011-12-14 20:51 56200 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BA362FB6-37F7-4294-8437-5E44D2BE8129}\offreg.dll
2011-12-14 01:51 . 2011-11-21 10:47 6823496 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BA362FB6-37F7-4294-8437-5E44D2BE8129}\mpengine.dll
2011-12-07 06:22 . 2011-12-07 06:22 -------- d-----w- c:\program files\CCleaner
2011-12-03 03:39 . 2011-12-03 03:39 -------- d-----w- c:\users\00\AppData\Local\My Games
2011-12-03 02:35 . 2011-12-03 02:35 -------- d-----w- c:\users\00\AppData\Local\Oblivion
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-10 23:24 . 2011-02-27 19:46 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-21 10:47 . 2011-01-23 17:49 6823496 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-11-10 13:54 . 2011-01-23 23:43 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-10-11 17:08 . 2011-10-11 17:08 232512 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2011-10-11 16:10 . 2011-10-11 16:10 703824 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FD278A35-7F66-4EF0-87A7-6362683161AA}\gapaengine.dll
2011-10-07 03:48 . 2011-11-04 03:05 6668624 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Updates\mpengine.dll
2011-11-09 20:46 . 2011-09-02 16:05 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-11-28 18:01 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02 94208 ----a-w- c:\users\00\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02 94208 ----a-w- c:\users\00\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02 94208 ----a-w- c:\users\00\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02 94208 ----a-w- c:\users\00\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EADM"="c:\program files\Origin\Origin.exe" [2011-11-07 28846216]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2007-05-10 36864]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-12-08 3444736]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-02-12 174872]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-09-13 405504]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2011-08-03 309352]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-11-28 3744552]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Nostromo Loadout Manager.lnk - c:\windows\Installer\{548C7B77-8B04-427E-ACD0-D0E6E6E59BCF}\NewShortcut2_548C7B778B04427EACD0D0E6E6E59BCF.exe [2011-4-29 45056]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-933506636-4052340945-155764619-1000]
"EnableNotificationsRef"=dword:00000001
.
R3 bcgame;Nostromo HID Device Minidriver;c:\windows\system32\drivers\bcgame.sys [2007-08-14 23040]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 43392]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 65024]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 208944]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2011-12-12 64512]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-10-11 232512]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe [2007-09-20 73728]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-11-28 55128]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2011-12-15 2152152]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-08-03 2255464]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-08-03 379496]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [2011-12-12 15232]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - LAVASOFT_KERNEXPLORER
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-01 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-12-12 19:04]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.bing.com/?pc=ZUGO&form=ZGAPHP
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{BC4F513B-A23E-4072-AB4E-90CC4FEF972B}: NameServer = 68.105.28.13,68.105.29.13
FF - ProfilePath - c:\users\00\AppData\Roaming\Mozilla\Firefox\Profiles\cy3exsu9.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=ZUGO&form=ZGAADF&q=
FF - prefs.js: network.proxy.type - 0
.
.
**************************************************************************
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files:
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-933506636-4052340945-155764619-1000\Software\SecuROM\License information*]
"datasecu"=hex:22,f9,6e,7b,9f,44,e7,5f,43,3b,ca,65,59,a6,f4,d9,c2,51,79,0e,f7,
5c,de,a8,0e,bb,93,c1,60,6a,dc,fc,a3,45,ec,e6,a5,4e,24,d2,16,e2,d4,eb,35,b7,\
"rkeysecu"=hex:c0,d1,45,a3,49,4b,d4,38,01,f4,a3,b3,1d,3f,22,52
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(660)
c:\windows\System32\BCMLogon.dll
.
- - - - - - - > 'Explorer.exe'(3108)
c:\users\00\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\NVIDIA Corporation\Display\nvxdsync.exe
c:\windows\system32\nvvsvc.exe
c:\windows\System32\WLTRYSVC.EXE
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\system32\WLANExt.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\windows\system32\STacSV.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
c:\program files\NVIDIA Corporation\Display\nvtray.exe
c:\windows\System32\bcmwltry.exe
c:\windows\system32\wbem\unsecapp.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Completion time: 2012-01-01 11:27:39 - machine was rebooted
ComboFix-quarantined-files.txt 2012-01-01 19:27
ComboFix2.txt 2011-12-29 19:14
.
Pre-Run: 17,377,554,432 bytes free
Post-Run: 17,222,823,936 bytes free
.
- - End Of File - - D1FF1A5E46ECAB4EA8AAAD19DD4DD605

FSS log:

Farbar Service Scanner
Ran by 00 (administrator) on 01-01-2012 at 11:35:46
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************



Windows Firewall:
=============
MpsSvc Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open MpsSvc registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open MpsSvc registry key. The service key does not exist.
Checking ServiceDll: Attention! Unable to open MpsSvc registry key. The service key does not exist.
Checking LEGACY_MpsSvc: Attention! Unable to open LEGACY_MpsSvc\0000 registry key. The key does not exist.

bfe Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open bfe registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open bfe registry key. The service key does not exist.
Checking ServiceDll: Attention! Unable to open bfe registry key. The service key does not exist.
Checking LEGACY_bfe: Attention! Unable to open LEGACY_bfe\0000 registry key. The key does not exist.

mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.


Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall"=DWORD:0


File Check:
========
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****

#10 nasdaq

nasdaq

  • Malware Response Team
  • 39,225 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:01 PM

Posted 01 January 2012 - 04:24 PM

Please download Vista.zip file from here: http://www.smartestc...y-network-keys/
Unzip the file to your desktop.

These files will be extracted:
afd.reg
nsiproxy.reg
tdx.reg
Legacy_afd.reg
Legacy_nsiproxy.reg
Legacy_tdx.reg
wscsvc.reg
legacy_wscsvc.reg
bfe.reg
mpssvc.reg
start_services.bat


Double-click each one of the 8 .reg files in turn and click Yes to add it to the Registry
Allow registry merge.
When the 8 file have been executed.
Restart computer and see if internet works.

#11 YolandaQ

YolandaQ
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:01 PM

Posted 05 January 2012 - 07:22 PM

I did those, and the internet does work. However, none of the legacy reg files worked. When I double clicked on them, I got a message, "Cannot import: not all data was successfully written to registry. Some keys are open by the system or other processes." All the other .reg files worked fine. Windows security/firewall still won't work.

However, if you are fairly confident from the logs I posted that the actual viruses themselves are probably gone, I'm not that concerned about the firewall. I don't want to take up any more of your time on something non-critical when so many people have major problems. I really appreciate your help! Thank you, and take care.

#12 nasdaq

nasdaq

  • Malware Response Team
  • 39,225 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:01 PM

Posted 06 January 2012 - 09:32 AM

I would install this free version of Comodo Firewall.

http://personalfirewall.comodo.com/
===

Time for some housekeeping

The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following bold text into the Run box and click OK:

ComboFix /Uninstall
===

Delete the other tools we used.

Surf Safely, and Think Prevention!
===




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users