Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

dfsc.sys infected with BackDoor.Generic14.CBJJ Trojan Horse and Firefox redirects


  • This topic is locked This topic is locked
42 replies to this topic

#1 El Dragonero

El Dragonero

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:12:31 PM

Posted 15 December 2011 - 08:03 PM

Hey everyone. Thanks in advance for your help. Despite several attempts at rebooting, booting into safe mode, system restore, using Malwarebytes, Spybot, etc. with no luck, I was hoping to get some help removing a Trojan Horse AVG picked up at c:\windows\sytem32\Drivers\dfsc.sys a couple days ago. It says that the only thing it can do is ignore the threat as it's located in a "critical/system file that should not be removed." Websites constantly get redirected and new tabs pop in Firefox at random. Again, I appreciate any help anyone might be able to provide and I'd be happy to give additional information if needed. Much appreciated!

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_26
Run by aroyster at 18:41:00 on 2011-12-15
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.1974.388 [GMT -5:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_111ae7bb7f222578\STacSV.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_111ae7bb7f222578\aestsrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\BUFFALO\SLManagerEasy\Bufssvr.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\BUFFALO\SLManagerEasy\Inputps.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files\STMicroelectronics\AccelerometerP11\InstallFilterService.exe
C:\Program Files\AVG\AVG2012\avgemcx.exe
C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\PrintCtrl.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\WatchGuard\WatchGuard Mobile VPN with SSL\wgsslvpnsrc.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\System32\PrintDisp.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Windows\System32\igfxtray.exe
C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Windows\system32\conhost.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\AirVideoServer\AirVideoServer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\MozyPro\mozyprostat.exe
C:\Users\aroyster\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\AVG\AVG2012\avgui.exe
C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files\MozyPro\mozyprobackup.exe
C:\Program Files\MozyPro\mozyprobackup.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\Windows\System32\ping.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Users\aroyster\Downloads\Defogger.exe
C:\Windows\system32\conhost.exe
C:\Windows\explorer.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: YTNavAssist.YTNavAssistPlugin Class: {81017ea9-9aa8-4a6a-9734-7af40e7d593f} - c:\progra~1\yahoo!\companion\installs\cpn0\YTNavAssist.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll
BHO: Canon Easy-WebPrint EX BHO: {3785d0ad-bfff-47f6-bf5b-a587c162fed9} - c:\program files\canon\easy-webprint ex\ewpexbho.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~1\office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\progra~1\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
TB: Canon Easy-WebPrint EX: {759d9886-0c6f-4498-bab6-4a5f47c6c72f} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [RocketDock] "c:\program files\rocketdock\RocketDock.exe"
uRun: [AirVideoServer] c:\program files\airvideoserver\AirVideoServer.exe
uRun: [Google Update] "c:\users\aroyster\appdata\local\google\update\GoogleUpdate.exe" /c
mRun: [SysTrayApp] c:\program files\idt\wdm\sttray.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [PrintDisp] c:\windows\system32\PrintDisp.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [IAStorIcon] c:\program files\intel\intel® rapid storage technology\IAStorIcon.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [CanonSolutionMenuEx] c:\program files\canon\solution menu ex\CNSEMAIN.EXE /logon
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [AT&T Communication Manager] "c:\program files\at&t\communication manager\ATTCM.exe" -a
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\users\aroyster\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\aroyster\appdata\roaming\dropbox\bin\Dropbox.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mozypr~1.lnk - c:\program files\mozypro\mozyprostat.exe
uPolicies-explorer: HideSCAHealth = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~1\office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
LSP: mswsock.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1 71.250.0.12
TCP: Interfaces\{456A4F25-F56E-418E-8EBF-4B2A021C40EC} : NameServer = 172.18.202.215 172.18.202.215
TCP: Interfaces\{4680824C-E026-4F94-8977-F6EECF43C9E2} : DhcpNameServer = 192.168.1.1 71.250.0.12
TCP: Interfaces\{4680824C-E026-4F94-8977-F6EECF43C9E2}\962586974786D6 : DhcpNameServer = 10.100.1.14 10.100.1.11 10.10.1.25
TCP: Interfaces\{4680824C-E026-4F94-8977-F6EECF43C9E2}\962586974786D6D27457563747 : DhcpNameServer = 192.168.55.1
TCP: Interfaces\{87362450-8001-407E-BBB5-F1CC9DD7123F} : DhcpNameServer = 10.100.1.14 10.100.1.11 10.10.1.25
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Notify: igfxcui - igfxdev.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\aroyster\appdata\roaming\mozilla\firefox\profiles\rranf6yc.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - plugin: c:\progra~1\micros~1\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~1\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\canon\easy-photoprint ex\NPEZFFPI.DLL
FF - plugin: c:\program files\foxit software\foxit reader\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\logitech\harmony remote driver\NprtHarmonyPlugin.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: c:\users\aroyster\appdata\local\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\users\aroyster\appdata\roaming\mozilla\firefox\profiles\rranf6yc.default\extensions\{195a3098-0bd5-4e90-ae22-ba1c540afd1e}\plugins\npGarmin.dll
FF - plugin: c:\users\aroyster\appdata\roaming\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\aroyster\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-7-11 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-9-13 32592]
R0 stdflt;Disk Filter Driver for Accelerometer;c:\windows\system32\drivers\stdfltn.sys [2011-3-22 17072]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-10-7 230608]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-8-8 40016]
R1 mozyproFilter;mozyproFilter;c:\windows\system32\drivers\mozypro.sys [2011-8-29 54776]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_x86_neutral_111ae7bb7f222578\AEstSrv.exe [2011-3-21 81920]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\AVGIDSAgent.exe [2011-10-12 4433248]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776]
R2 Bufssvr;Bufssvr;c:\program files\buffalo\slmanagereasy\Bufssvr.exe [2009-6-16 95536]
R2 Credential Vault Host Control Service;Credential Vault Host Control Service;c:\program files\broadcom corporation\broadcom ush host components\cv\bin\HostControlService.exe [2010-3-23 812448]
R2 Credential Vault Host Storage;Credential Vault Host Storage;c:\program files\broadcom corporation\broadcom ush host components\cv\bin\HostStorageService.exe [2010-3-23 27040]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files\intel\intel® rapid storage technology\IAStorDataMgrSvc.exe [2011-3-22 13336]
R2 InstallFilterService;FF Install Filter Service;c:\program files\stmicroelectronics\accelerometerp11\InstallFilterService.exe [2011-3-22 60928]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein\x86\LMIGuardianSvc.exe [2011-7-6 374152]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2011-1-11 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2011-8-29 47640]
R2 mozyprobackup;MozyPro Backup Service;c:\program files\mozypro\mozyprobackup.exe [2011-8-4 53016]
R2 PassThru Service;Internet Pass-Through Service;c:\program files\htc\internet pass-through\PassThruSvr.exe [2011-3-31 80896]
R2 Printer Control;Printer Control;c:\windows\system32\PrintCtrl.exe [2011-4-24 65536]
R3 Acceler;Accelerometer Service;c:\windows\system32\drivers\Accelern.sys [2011-3-22 42672]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-7-11 134736]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-7-11 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-10-4 16720]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-4-14 45736]
R3 cvusbdrv;Dell ControlVault;c:\windows\system32\drivers\cvusbdrv.sys [2009-11-3 33832]
R3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\drivers\e1k6232.sys [2011-3-21 224424]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2011-3-21 132352]
R3 IntcDAud;Intel® Display Audio;c:\windows\system32\drivers\IntcDAud.sys [2011-3-21 209920]
R3 NETw5s32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\drivers\NETw5s32.sys [2009-9-15 6114816]
R3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 ATTRcAppSvc;AT&T RcAppSvc;c:\program files\at&t\communication manager\RcAppSvc.exe [2010-7-15 121416]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 CAATT;AT&T Con App Svc;c:\program files\at&t\communication manager\ConAppsSvc.exe [2010-7-15 125512]
S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [2009-10-26 25088]
S3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\drivers\htcnprot.sys [2010-6-23 23040]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 SWNC8UA3;Sierra Wireless MUX NDIS Driver (UMTSA3);c:\windows\system32\drivers\swnc8ua3.sys [2009-8-12 222720]
S3 SWUMXA3;Sierra Wireless USB MUX Driver (UMTSA3);c:\windows\system32\drivers\swumxa3.sys [2009-7-22 148992]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-3-22 52224]
.
=============== Created Last 30 ================
.
2011-12-15 04:31:36 336384 ----a-w- c:\users\aroyster\appdata\local\ync.exe
2011-12-13 04:29:11 -------- d-----w- c:\users\aroyster\appdata\roaming\Garmin
2011-12-06 04:05:54 -------- d-----w- c:\users\aroyster\appdata\roaming\HandBrake
2011-12-06 04:05:54 -------- d-----w- c:\users\aroyster\appdata\local\HandBrake
2011-12-06 04:04:48 -------- d-----w- c:\program files\Handbrake
.
==================== Find3M ====================
.
2011-11-24 04:25:27 2342912 ----a-w- c:\windows\system32\win32k.sys
2011-11-21 02:34:49 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-05 04:35:00 981504 ----a-w- c:\windows\system32\wininet.dll
2011-11-05 04:26:03 2048 ----a-w- c:\windows\system32\tzres.dll
2011-11-05 02:48:51 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-10-26 04:47:40 3967856 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-10-26 04:47:40 3912560 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-26 04:28:12 38912 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-24 18:29:02 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-10-24 18:29:02 69632 ----a-w- c:\windows\system32\QuickTime.qts
2011-10-15 05:38:59 534528 ----a-w- c:\windows\system32\EncDec.dll
2011-10-14 00:51:28 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2011-10-14 00:51:27 87424 ----a-w- c:\windows\system32\LMIinit.dll
2011-10-14 00:51:27 52096 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\LMIproc.dll
2011-10-14 00:51:27 30592 ----a-w- c:\windows\system32\LMIport.dll
2011-10-07 10:23:48 230608 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2011-10-04 10:21:28 16720 ----a-w- c:\windows\system32\drivers\AVGIDSShim.sys
2011-09-29 16:03:04 1290608 ----a-w- c:\windows\system32\drivers\tcpip.sys
.
============= FINISH: 18:42:17.93 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:31 PM

Posted 18 December 2011 - 04:00 PM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.
  • Do not run any other tool untill instructed to do so!


Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 El Dragonero

El Dragonero
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:12:31 PM

Posted 18 December 2011 - 09:35 PM

Thanks a ton Gringo. Turned off AVG and running ComboFix now. I'll get back to you with an update shortly.

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:31 PM

Posted 18 December 2011 - 09:41 PM

:thumbup2:
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 El Dragonero

El Dragonero
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:12:31 PM

Posted 18 December 2011 - 10:39 PM

Hey Gringo. See the ComboFix log below. As for problems, I really only ran into two. I deactivated AVG but ComboFix said it was still running for some reason so I simply continued on with AVG supposedly active. After ComboFix ran the first time and rebooted my computer it seemed to stall out while trying to delete a folder in My Documents. It wasn't frozen it just never moved passed that point after more than half an hour. I rebooted manually and re-ran ComboFix and received the log below. I re-ran AVG also and it says the Trojan Horse is still there in the same location. Please advise what you recommend I do next. Again, I appreciate the assistance.

ComboFix 11-12-18.02 - aroyster 12/18/2011 22:21:59.2.4 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.1974.852 [GMT -5:00]
Running from: c:\users\aroyster\Downloads\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\Install.exe
c:\users\aroyster\AppData\Roaming\Microsoft\Windows\Templates\404454j7j573e715i081l2vmo4j8
c:\users\aroyster\AppData\Roaming\Microsoft\Windows\Templates\aibajq2e1llp8xyh5con7d600c0o
c:\users\aroyster\AppData\Roaming\Microsoft\Windows\Templates\frvivf3i4vur5rmx1wal1i614o0j
c:\users\aroyster\g2mdlhlpx.exe
c:\windows\$NtUninstallKB7569$\3837196583\@
c:\windows\$NtUninstallKB7569$\3837196583\bckfg.tmp
c:\windows\$NtUninstallKB7569$\3837196583\cfg.ini
c:\windows\$NtUninstallKB7569$\3837196583\Desktop.ini
c:\windows\$NtUninstallKB7569$\3837196583\keywords
c:\windows\$NtUninstallKB7569$\3837196583\kwrd.dll
c:\windows\$NtUninstallKB7569$\3837196583\L\vozxmach
c:\windows\$NtUninstallKB7569$\3837196583\lsflt7.ver
c:\windows\$NtUninstallKB7569$\3837196583\U\00000001.@
c:\windows\$NtUninstallKB7569$\3837196583\U\00000002.@
c:\windows\$NtUninstallKB7569$\3837196583\U\00000004.@
c:\windows\$NtUninstallKB7569$\3837196583\U\80000000.@
c:\windows\$NtUninstallKB7569$\3837196583\U\80000004.@
c:\windows\$NtUninstallKB7569$\3837196583\U\80000032.@
c:\windows\$NtUninstallKB7569$\4138272913
.
-- Previous Run --
.
c:\windows\system32\drivers\cdrom.sys was missing
Restored copy from - c:\windows\System32\DriverStore\FileRepository\cdrom.inf_x86_neutral_6381e09675524225\cdrom.sys
.
--------
.
.
((((((((((((((((((((((((( Files Created from 2011-11-19 to 2011-12-19 )))))))))))))))))))))))))))))))
.
.
2011-12-19 03:26 . 2011-12-19 03:26 -------- d-----w- c:\users\aroyster\AppData\Local\temp
2011-12-19 03:26 . 2011-12-19 03:26 -------- d-----w- c:\users\lsg\AppData\Local\temp
2011-12-19 03:26 . 2011-12-19 03:26 -------- d-----w- c:\users\gsarlas\AppData\Local\temp
2011-12-19 03:26 . 2011-12-19 03:26 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-12-19 02:55 . 2010-11-20 04:38 108544 ----a-w- c:\windows\system32\drivers\cdrom.sys
2011-12-19 02:44 . 2009-07-13 23:11 80896 ----a-w- c:\windows\system32\drivers\i8042prt.sys
2011-12-13 04:29 . 2011-12-13 04:29 -------- d-----w- c:\users\aroyster\AppData\Roaming\Garmin
2011-12-06 04:05 . 2011-12-06 04:09 -------- d-----w- c:\users\aroyster\AppData\Roaming\HandBrake
2011-12-06 04:05 . 2011-12-06 04:05 -------- d-----w- c:\users\aroyster\AppData\Local\HandBrake
2011-12-06 04:04 . 2011-12-06 04:04 -------- d-----w- c:\program files\Handbrake
2011-12-03 16:47 . 2011-12-03 16:47 -------- d-----w- c:\users\aroyster\AppData\Roaming\Logitech
2011-12-03 16:47 . 2011-12-03 16:47 -------- d-----w- c:\program files\Logitech
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-21 02:34 . 2011-05-27 22:15 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-24 18:29 . 2011-10-24 18:29 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-10-24 18:29 . 2011-10-24 18:29 69632 ----a-w- c:\windows\system32\QuickTime.qts
2011-10-14 00:51 . 2011-08-29 22:52 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2011-10-14 00:51 . 2011-08-29 22:52 52096 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\LMIproc.dll
2011-10-14 00:51 . 2011-08-29 22:52 30592 ----a-w- c:\windows\system32\LMIport.dll
2011-10-14 00:51 . 2011-08-29 22:52 87424 ----a-w- c:\windows\system32\LMIinit.dll
2011-10-07 10:23 . 2011-10-07 10:23 230608 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2011-10-04 10:21 . 2011-10-04 10:21 16720 ----a-w- c:\windows\system32\drivers\AVGIDSShim.sys
2011-09-29 16:03 . 2011-11-09 02:33 1290608 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-17 03:43 . 2011-03-23 21:51 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\progra~1\Yahoo!\Companion\Installs\cpn0\YTNavAssist.dll" [2011-03-16 214840]
.
[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
[HKEY_CLASSES_ROOT\YTNavAssist.YTNavAssistPlugin.1]
[HKEY_CLASSES_ROOT\TypeLib\{A31F34A1-EBD2-45A2-BF6D-231C1B987CC8}]
[HKEY_CLASSES_ROOT\YTNavAssist.YTNavAssistPlugin]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\aroyster\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\aroyster\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\aroyster\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozypro]
@="{71B8CED8-5D67-4f57-89B1-F64CE6302A1E}"
[HKEY_CLASSES_ROOT\CLSID\{71B8CED8-5D67-4f57-89B1-F64CE6302A1E}]
2011-08-04 19:09 3511576 ----a-w- c:\program files\MozyPro\mozyproshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozypro2]
@="{CBAFE103-79DA-46ca-BD9A-63CBF6282882}"
[HKEY_CLASSES_ROOT\CLSID\{CBAFE103-79DA-46ca-BD9A-63CBF6282882}]
2011-08-04 19:09 3511576 ----a-w- c:\program files\MozyPro\mozyproshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozypro3]
@="{8B99EA55-1AFF-4539-80A0-A71C6011CD84}"
[HKEY_CLASSES_ROOT\CLSID\{8B99EA55-1AFF-4539-80A0-A71C6011CD84}]
2011-08-04 19:09 3511576 ----a-w- c:\program files\MozyPro\mozyproshell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"AirVideoServer"="c:\program files\AirVideoServer\AirVideoServer.exe" [2010-09-22 4923784]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-12-03 495711]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"PrintDisp"="c:\windows\system32\PrintDisp.exe" [2010-01-21 883200]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-02-02 166936]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2011-01-11 63048]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-02-02 141848]
"IAStorIcon"="c:\program files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-02-02 175640]
"CanonSolutionMenuEx"="c:\program files\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-04-02 1185112]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-03-25 2516296]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2011-12-03 2415456]
"AT&T Communication Manager"="c:\program files\AT&T\Communication Manager\ATTCM.exe" [2010-07-15 883272]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2010-06-04 292208]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-10-06 59240]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-11-13 421736]
.
c:\users\aroyster\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\aroyster\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-5-25 24176560]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
MozyPro Status.lnk - c:\program files\MozyPro\mozyprostat.exe [2011-8-4 3674904]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-3021441023-359155097-3021600902-2208\Scripts\Logon\0\0]
"Script"=incc-logon.bat
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [x]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 InstallFilterService;FF Install Filter Service;c:\program files\STMicroelectronics\AccelerometerP11\InstallFilterService.exe [2010-01-10 60928]
R2 wgsslvpnsrc;WatchGuard SSLVPN Service;c:\program files\WatchGuard\WatchGuard Mobile VPN with SSL\wgsslvpnsrc.exe [2010-07-22 69632]
R2 XMLProvS;Network ProService;c:\windows\System32\svchost.exe [2009-07-14 20992]
R3 ATTRcAppSvc;AT&T RcAppSvc;c:\program files\AT&T\Communication Manager\RcAppSvc.exe [2010-07-15 121416]
R3 CAATT;AT&T Con App Svc;c:\program files\AT&T\Communication Manager\ConAppsSvc.exe [2010-07-15 125512]
R3 HTCAND32;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [2009-10-26 25088]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [2010-06-23 23040]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]
R3 SWNC8UA3;Sierra Wireless MUX NDIS Driver (UMTSA3);c:\windows\system32\DRIVERS\swnc8ua3.sys [2009-08-12 222720]
R3 SWUMXA3;Sierra Wireless USB MUX Driver (UMTSA3);c:\windows\system32\DRIVERS\swumxa3.sys [2009-07-22 148992]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-03-22 1343400]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [2011-07-11 23120]
S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [2011-09-13 32592]
S0 stdflt;Disk Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdfltn.sys [2010-01-18 17072]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [2011-10-07 230608]
S1 mozyproFilter;mozyproFilter;c:\windows\system32\DRIVERS\mozypro.sys [2011-08-04 54776]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_111ae7bb7f222578\aestsrv.exe [2009-03-03 81920]
S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [2011-08-02 192776]
S2 Bufssvr;Bufssvr;c:\program files\BUFFALO\SLManagerEasy\Bufssvr.exe [2009-06-16 95536]
S2 Credential Vault Host Control Service;Credential Vault Host Control Service;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe [2010-03-24 812448]
S2 Credential Vault Host Storage;Credential Vault Host Storage;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe [2010-03-24 27040]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-04 13336]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [2011-10-14 374152]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\RaInfo.sys [2011-01-11 12856]
S2 mozyprobackup;MozyPro Backup Service;c:\program files\MozyPro\mozyprobackup.exe [2011-08-04 53016]
S2 PassThru Service;Internet Pass-Through Service;c:\program files\HTC\Internet Pass-Through\PassThruSvr.exe [2011-03-31 80896]
S2 Printer Control;Printer Control;c:\windows\system32\PrintCtrl.exe [2009-10-29 65536]
S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Accelern.sys [2010-01-18 42672]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [2011-07-11 134736]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [2011-07-11 24272]
S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\AVGIDSShim.Sys [2011-10-04 16720]
S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-04-14 45736]
S3 cvusbdrv;Dell ControlVault;c:\windows\system32\Drivers\cvusbdrv.sys [2009-11-03 33832]
S3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k6232.sys [2010-04-06 224424]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-01-07 132352]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2009-11-27 209920]
S3 NETw5s32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\DRIVERS\NETw5s32.sys [2009-09-15 6114816]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - BMLoad
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
xmlpros REG_MULTI_SZ XMLProvS
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-19 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2011-03-24 13:07]
.
2011-12-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3021441023-359155097-3021600902-1518Core.job
- c:\users\aroyster\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-24 00:55]
.
2011-12-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3021441023-359155097-3021600902-1518UA.job
- c:\users\aroyster\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-24 00:55]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1 71.250.0.12
TCP: Interfaces\{456A4F25-F56E-418E-8EBF-4B2A021C40EC}: NameServer = 172.18.202.215 172.18.202.215
FF - ProfilePath - c:\users\aroyster\AppData\Roaming\Mozilla\Firefox\Profiles\rranf6yc.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\.avgtdix]
"ImagePath"="\*"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-12-18 22:27:47
ComboFix-quarantined-files.txt 2011-12-19 03:27
.
Pre-Run: 123,916,038,144 bytes free
Post-Run: 123,447,824,384 bytes free
.
- - End Of File - - 4597BA4EAF68B3FC2FB43002DF18998B

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:31 PM

Posted 18 December 2011 - 11:31 PM

Hello

I want you to run this tool for me next.

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 El Dragonero

El Dragonero
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:12:31 PM

Posted 19 December 2011 - 08:36 AM

Hey Gringo. Please see my log below. I again re-ran AVG and the Trojan Horse is still there and it's also now picking up a Trojan Horse Hider.OOW in both system32\drivers\tdx.sys and system32\DRIVERS\tdx.sys. I'm assuming it's all connected but just wanted to let you know.

08:17:55.0801 4148 TDSS rootkit removing tool 2.6.23.0 Dec 13 2011 10:39:31
08:17:56.0017 4148 ============================================================
08:17:56.0017 4148 Current date / time: 2011/12/19 08:17:56.0017
08:17:56.0017 4148 SystemInfo:
08:17:56.0017 4148
08:17:56.0017 4148 OS Version: 6.1.7601 ServicePack: 1.0
08:17:56.0017 4148 Product type: Workstation
08:17:56.0017 4148 ComputerName: FLD-SALES-AROYS
08:17:56.0018 4148 UserName: aroyster
08:17:56.0018 4148 Windows directory: C:\Windows
08:17:56.0018 4148 System windows directory: C:\Windows
08:17:56.0018 4148 Processor architecture: Intel x86
08:17:56.0018 4148 Number of processors: 4
08:17:56.0018 4148 Page size: 0x1000
08:17:56.0018 4148 Boot type: Normal boot
08:17:56.0018 4148 ============================================================
08:17:56.0711 4148 Initialize success
08:18:00.0921 5432 ============================================================
08:18:00.0921 5432 Scan started
08:18:00.0921 5432 Mode: Manual;
08:18:00.0921 5432 ============================================================
08:18:02.0715 5432 .avgtdix - ok
08:18:02.0902 5432 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
08:18:02.0906 5432 1394ohci - ok
08:18:02.0966 5432 Acceler (af1f178b0218b44876e63bf0b019e96b) C:\Windows\system32\DRIVERS\Accelern.sys
08:18:02.0969 5432 Acceler - ok
08:18:03.0019 5432 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
08:18:03.0025 5432 ACPI - ok
08:18:03.0066 5432 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
08:18:03.0069 5432 AcpiPmi - ok
08:18:03.0117 5432 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
08:18:03.0126 5432 adp94xx - ok
08:18:03.0142 5432 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
08:18:03.0147 5432 adpahci - ok
08:18:03.0176 5432 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
08:18:03.0181 5432 adpu320 - ok
08:18:03.0254 5432 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
08:18:03.0259 5432 AFD - ok
08:18:03.0279 5432 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
08:18:03.0282 5432 agp440 - ok
08:18:03.0331 5432 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
08:18:03.0334 5432 aic78xx - ok
08:18:03.0465 5432 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
08:18:03.0467 5432 aliide - ok
08:18:03.0520 5432 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
08:18:03.0523 5432 amdagp - ok
08:18:03.0551 5432 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
08:18:03.0553 5432 amdide - ok
08:18:03.0610 5432 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
08:18:03.0613 5432 AmdK8 - ok
08:18:03.0623 5432 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
08:18:03.0626 5432 AmdPPM - ok
08:18:03.0683 5432 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
08:18:03.0686 5432 amdsata - ok
08:18:03.0703 5432 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
08:18:03.0708 5432 amdsbs - ok
08:18:03.0725 5432 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
08:18:03.0727 5432 amdxata - ok
08:18:03.0794 5432 ApfiltrService (e8a8e6072cb7e2032e85e7735daa511f) C:\Windows\system32\DRIVERS\Apfiltr.sys
08:18:03.0799 5432 ApfiltrService - ok
08:18:03.0921 5432 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
08:18:03.0925 5432 AppID - ok
08:18:04.0001 5432 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
08:18:04.0006 5432 arc - ok
08:18:04.0018 5432 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
08:18:04.0021 5432 arcsas - ok
08:18:04.0073 5432 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
08:18:04.0074 5432 AsyncMac - ok
08:18:04.0121 5432 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
08:18:04.0123 5432 atapi - ok
08:18:04.0195 5432 AVGIDSDriver (f6878b90a8a9795116bce335238e65af) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
08:18:04.0199 5432 AVGIDSDriver - ok
08:18:04.0311 5432 AVGIDSEH (19a08a6728a6e02099d64268218cd799) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
08:18:04.0313 5432 AVGIDSEH - ok
08:18:04.0337 5432 AVGIDSFilter (f8927ab1dd086edeff2924a64dc89869) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
08:18:04.0339 5432 AVGIDSFilter - ok
08:18:04.0381 5432 AVGIDSShim (dadca567891033dcf2ec4a3f9da46ae4) C:\Windows\system32\DRIVERS\AVGIDSShim.Sys
08:18:04.0383 5432 AVGIDSShim - ok
08:18:04.0408 5432 Avgldx86 (bf8118cd5e2255387b715b534d64acd1) C:\Windows\system32\DRIVERS\avgldx86.sys
08:18:04.0412 5432 Avgldx86 - ok
08:18:04.0461 5432 Avgmfx86 (1c77ef67f196466adc9924cb288afe87) C:\Windows\system32\DRIVERS\avgmfx86.sys
08:18:04.0464 5432 Avgmfx86 - ok
08:18:04.0531 5432 Avgrkx86 (f2038ed7284b79dcef581468121192a9) C:\Windows\system32\DRIVERS\avgrkx86.sys
08:18:04.0533 5432 Avgrkx86 - ok
08:18:04.0543 5432 Avgtdix - ok
08:18:04.0615 5432 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
08:18:04.0623 5432 b06bdrv - ok
08:18:04.0735 5432 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
08:18:04.0741 5432 b57nd60x - ok
08:18:04.0796 5432 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
08:18:04.0798 5432 Beep - ok
08:18:04.0820 5432 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
08:18:04.0823 5432 blbdrive - ok
08:18:04.0879 5432 BMLoad (c9c78e00a21d3fe21ce5d81ba5b45e21) C:\Windows\system32\drivers\BMLoad.sys
08:18:04.0881 5432 BMLoad - ok
08:18:04.0948 5432 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
08:18:04.0950 5432 bowser - ok
08:18:04.0979 5432 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
08:18:04.0982 5432 BrFiltLo - ok
08:18:04.0995 5432 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
08:18:04.0997 5432 BrFiltUp - ok
08:18:05.0072 5432 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
08:18:05.0079 5432 Brserid - ok
08:18:05.0092 5432 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
08:18:05.0095 5432 BrSerWdm - ok
08:18:05.0108 5432 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
08:18:05.0110 5432 BrUsbMdm - ok
08:18:05.0119 5432 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
08:18:05.0121 5432 BrUsbSer - ok
08:18:05.0174 5432 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\Windows\system32\drivers\BthEnum.sys
08:18:05.0177 5432 BthEnum - ok
08:18:05.0193 5432 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
08:18:05.0195 5432 BTHMODEM - ok
08:18:05.0225 5432 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\Windows\system32\DRIVERS\bthpan.sys
08:18:05.0228 5432 BthPan - ok
08:18:05.0249 5432 BTHPORT (c2fbf6d271d9a94d839c416bf186ead9) C:\Windows\System32\Drivers\BTHport.sys
08:18:05.0255 5432 BTHPORT - ok
08:18:05.0306 5432 BTHUSB (c81e9413a25a439f436b1d4b6a0cf9e9) C:\Windows\System32\Drivers\BTHUSB.sys
08:18:05.0308 5432 BTHUSB - ok
08:18:05.0350 5432 btusbflt (f549c3fb145a4928e40bb1518b2034dc) C:\Windows\system32\drivers\btusbflt.sys
08:18:05.0353 5432 btusbflt - ok
08:18:05.0533 5432 catchme - ok
08:18:05.0647 5432 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
08:18:05.0650 5432 cdfs - ok
08:18:05.0709 5432 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
08:18:05.0711 5432 circlass - ok
08:18:05.0739 5432 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
08:18:05.0743 5432 CLFS - ok
08:18:05.0796 5432 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
08:18:05.0799 5432 CmBatt - ok
08:18:05.0849 5432 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
08:18:05.0851 5432 cmdide - ok
08:18:05.0874 5432 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
08:18:05.0880 5432 CNG - ok
08:18:05.0942 5432 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
08:18:05.0945 5432 Compbatt - ok
08:18:06.0056 5432 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
08:18:06.0058 5432 CompositeBus - ok
08:18:06.0130 5432 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
08:18:06.0133 5432 crcdisk - ok
08:18:06.0234 5432 CSC (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys
08:18:06.0241 5432 CSC - ok
08:18:06.0328 5432 cvusbdrv (d1697063e2cdb6575aa46d668ffee825) C:\Windows\system32\Drivers\cvusbdrv.sys
08:18:06.0330 5432 cvusbdrv - ok
08:18:06.0418 5432 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
08:18:06.0419 5432 discache - ok
08:18:06.0529 5432 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
08:18:06.0532 5432 Disk - ok
08:18:06.0609 5432 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
08:18:06.0611 5432 drmkaud - ok
08:18:06.0663 5432 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
08:18:06.0674 5432 DXGKrnl - ok
08:18:06.0729 5432 e1kexpress (19e30c3c80d8ce29944b3f30ff9c8b76) C:\Windows\system32\DRIVERS\e1k6232.sys
08:18:06.0734 5432 e1kexpress - ok
08:18:06.0847 5432 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
08:18:06.0892 5432 ebdrv - ok
08:18:06.0968 5432 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
08:18:06.0975 5432 elxstor - ok
08:18:07.0017 5432 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
08:18:07.0019 5432 ErrDev - ok
08:18:07.0120 5432 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
08:18:07.0124 5432 exfat - ok
08:18:07.0151 5432 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
08:18:07.0155 5432 fastfat - ok
08:18:07.0236 5432 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
08:18:07.0238 5432 fdc - ok
08:18:07.0270 5432 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
08:18:07.0286 5432 FileInfo - ok
08:18:07.0339 5432 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
08:18:07.0342 5432 Filetrace - ok
08:18:07.0353 5432 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
08:18:07.0356 5432 flpydisk - ok
08:18:07.0439 5432 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
08:18:07.0444 5432 FltMgr - ok
08:18:07.0476 5432 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
08:18:07.0479 5432 FsDepends - ok
08:18:07.0507 5432 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
08:18:07.0509 5432 Fs_Rec - ok
08:18:07.0553 5432 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
08:18:07.0556 5432 fvevol - ok
08:18:07.0663 5432 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
08:18:07.0666 5432 gagp30kx - ok
08:18:07.0739 5432 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
08:18:07.0741 5432 GEARAspiWDM - ok
08:18:07.0772 5432 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
08:18:07.0785 5432 hcw85cir - ok
08:18:07.0891 5432 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
08:18:07.0897 5432 HdAudAddService - ok
08:18:07.0948 5432 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
08:18:07.0952 5432 HDAudBus - ok
08:18:07.0968 5432 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
08:18:07.0970 5432 HidBatt - ok
08:18:07.0984 5432 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
08:18:07.0988 5432 HidBth - ok
08:18:08.0061 5432 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
08:18:08.0063 5432 HidIr - ok
08:18:08.0115 5432 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys
08:18:08.0117 5432 HidUsb - ok
08:18:08.0173 5432 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
08:18:08.0175 5432 HpSAMD - ok
08:18:08.0236 5432 HTCAND32 (950cc1e6ae3a6cd23e0945cde089b02c) C:\Windows\system32\Drivers\ANDROIDUSB.sys
08:18:08.0238 5432 HTCAND32 - ok
08:18:08.0335 5432 htcnprot (339adefad60353f960e3ca67ce468c24) C:\Windows\system32\DRIVERS\htcnprot.sys
08:18:08.0337 5432 htcnprot - ok
08:18:08.0394 5432 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
08:18:08.0402 5432 HTTP - ok
08:18:08.0462 5432 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
08:18:08.0463 5432 hwpolicy - ok
08:18:08.0524 5432 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
08:18:08.0711 5432 i8042prt - ok
08:18:08.0842 5432 iaStor (26541a068572f650a2fa490726fe81be) C:\Windows\system32\DRIVERS\iaStor.sys
08:18:08.0847 5432 iaStor - ok
08:18:08.0908 5432 iaStorV (934af4d7c5f457b9f0743f4299b77b67) C:\Windows\system32\drivers\iaStorV.sys
08:18:08.0915 5432 iaStorV - ok
08:18:09.0053 5432 igfx (4ee7874572a515d112d2f35112f5ad41) C:\Windows\system32\DRIVERS\igdkmd32.sys
08:18:09.0115 5432 igfx - ok
08:18:09.0207 5432 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
08:18:09.0210 5432 iirsp - ok
08:18:09.0269 5432 Impcd (1e8154841a0a24d6b38778f07831a82b) C:\Windows\system32\DRIVERS\Impcd.sys
08:18:09.0272 5432 Impcd - ok
08:18:09.0325 5432 IntcDAud (2d79c681ce6d53a0c6c725a84594df4c) C:\Windows\system32\DRIVERS\IntcDAud.sys
08:18:09.0329 5432 IntcDAud - ok
08:18:09.0382 5432 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
08:18:09.0384 5432 intelide - ok
08:18:09.0418 5432 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
08:18:09.0422 5432 intelppm - ok
08:18:09.0438 5432 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
08:18:09.0440 5432 IpFilterDriver - ok
08:18:09.0484 5432 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
08:18:09.0487 5432 IPMIDRV - ok
08:18:09.0575 5432 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
08:18:09.0579 5432 IPNAT - ok
08:18:09.0646 5432 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
08:18:09.0648 5432 IRENUM - ok
08:18:09.0660 5432 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
08:18:09.0662 5432 isapnp - ok
08:18:09.0685 5432 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
08:18:09.0691 5432 iScsiPrt - ok
08:18:09.0742 5432 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys
08:18:09.0745 5432 kbdclass - ok
08:18:09.0769 5432 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys
08:18:09.0772 5432 kbdhid - ok
08:18:09.0821 5432 KSecDD (412cea1aa78cc02a447f5c9e62b32ff1) C:\Windows\system32\Drivers\ksecdd.sys
08:18:09.0824 5432 KSecDD - ok
08:18:09.0841 5432 KSecPkg (26c046977e85b95036453d7b88ba1820) C:\Windows\system32\Drivers\ksecpkg.sys
08:18:09.0845 5432 KSecPkg - ok
08:18:09.0967 5432 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
08:18:09.0970 5432 lltdio - ok
08:18:10.0120 5432 LMIInfo (4f69faaabb7db0d43e327c0b6aab40fc) C:\Program Files\LogMeIn\x86\RaInfo.sys
08:18:10.0123 5432 LMIInfo - ok
08:18:10.0175 5432 lmimirr (4477689e2d8ae6b78ba34c9af4cc1ed1) C:\Windows\system32\DRIVERS\lmimirr.sys
08:18:10.0177 5432 lmimirr - ok
08:18:10.0191 5432 LMIRfsClientNP - ok
08:18:10.0219 5432 LMIRfsDriver (3faa563ddf853320f90259d455a01d79) C:\Windows\system32\drivers\LMIRfsDriver.sys
08:18:10.0221 5432 LMIRfsDriver - ok
08:18:10.0327 5432 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
08:18:10.0331 5432 LSI_FC - ok
08:18:10.0342 5432 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
08:18:10.0345 5432 LSI_SAS - ok
08:18:10.0359 5432 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
08:18:10.0362 5432 LSI_SAS2 - ok
08:18:10.0375 5432 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
08:18:10.0378 5432 LSI_SCSI - ok
08:18:10.0428 5432 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
08:18:10.0431 5432 luafv - ok
08:18:10.0443 5432 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
08:18:10.0445 5432 megasas - ok
08:18:10.0474 5432 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
08:18:10.0478 5432 MegaSR - ok
08:18:10.0512 5432 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
08:18:10.0514 5432 Modem - ok
08:18:10.0558 5432 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
08:18:10.0559 5432 monitor - ok
08:18:10.0604 5432 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
08:18:10.0626 5432 mouclass - ok
08:18:10.0670 5432 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
08:18:10.0672 5432 mouhid - ok
08:18:10.0768 5432 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
08:18:10.0770 5432 mountmgr - ok
08:18:10.0849 5432 mozyproFilter (e071f07600540ca92197ebfbd9b0c9ae) C:\Windows\system32\DRIVERS\mozypro.sys
08:18:10.0851 5432 mozyproFilter - ok
08:18:10.0903 5432 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
08:18:10.0907 5432 mpio - ok
08:18:10.0937 5432 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
08:18:10.0941 5432 mpsdrv - ok
08:18:10.0965 5432 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
08:18:10.0968 5432 MRxDAV - ok
08:18:11.0011 5432 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
08:18:11.0014 5432 mrxsmb - ok
08:18:11.0115 5432 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
08:18:11.0120 5432 mrxsmb10 - ok
08:18:11.0144 5432 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
08:18:11.0147 5432 mrxsmb20 - ok
08:18:11.0168 5432 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\drivers\msahci.sys
08:18:11.0171 5432 msahci - ok
08:18:11.0190 5432 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\drivers\msdsm.sys
08:18:11.0194 5432 msdsm - ok
08:18:11.0229 5432 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
08:18:11.0232 5432 Msfs - ok
08:18:11.0263 5432 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
08:18:11.0265 5432 mshidkmdf - ok
08:18:11.0306 5432 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
08:18:11.0309 5432 msisadrv - ok
08:18:11.0370 5432 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
08:18:11.0372 5432 MSKSSRV - ok
08:18:11.0398 5432 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
08:18:11.0400 5432 MSPCLOCK - ok
08:18:11.0513 5432 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
08:18:11.0516 5432 MSPQM - ok
08:18:11.0536 5432 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
08:18:11.0541 5432 MsRPC - ok
08:18:11.0569 5432 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
08:18:11.0572 5432 mssmbios - ok
08:18:11.0601 5432 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
08:18:11.0604 5432 MSTEE - ok
08:18:11.0617 5432 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
08:18:11.0619 5432 MTConfig - ok
08:18:11.0658 5432 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
08:18:11.0661 5432 Mup - ok
08:18:11.0731 5432 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
08:18:11.0736 5432 NativeWifiP - ok
08:18:11.0796 5432 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
08:18:11.0807 5432 NDIS - ok
08:18:11.0824 5432 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
08:18:11.0827 5432 NdisCap - ok
08:18:11.0854 5432 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
08:18:11.0856 5432 NdisTapi - ok
08:18:11.0904 5432 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
08:18:11.0907 5432 Ndisuio - ok
08:18:11.0985 5432 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
08:18:11.0989 5432 NdisWan - ok
08:18:12.0034 5432 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
08:18:12.0038 5432 NDProxy - ok
08:18:12.0080 5432 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
08:18:12.0082 5432 NetBIOS - ok
08:18:12.0171 5432 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
08:18:12.0175 5432 NetBT - ok
08:18:12.0362 5432 NETw5s32 (ef51b405ad8acaae6f0231290d20f516) C:\Windows\system32\DRIVERS\NETw5s32.sys
08:18:12.0428 5432 NETw5s32 - ok
08:18:12.0541 5432 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
08:18:12.0544 5432 nfrd960 - ok
08:18:12.0602 5432 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
08:18:12.0605 5432 Npfs - ok
08:18:12.0627 5432 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
08:18:12.0629 5432 nsiproxy - ok
08:18:12.0695 5432 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
08:18:12.0725 5432 Ntfs - ok
08:18:12.0746 5432 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
08:18:12.0749 5432 Null - ok
08:18:12.0811 5432 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
08:18:12.0815 5432 nvraid - ok
08:18:12.0894 5432 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
08:18:12.0898 5432 nvstor - ok
08:18:12.0947 5432 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
08:18:12.0950 5432 nv_agp - ok
08:18:13.0007 5432 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
08:18:13.0009 5432 ohci1394 - ok
08:18:13.0093 5432 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
08:18:13.0096 5432 Parport - ok
08:18:13.0147 5432 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys
08:18:13.0152 5432 partmgr - ok
08:18:13.0170 5432 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
08:18:13.0173 5432 Parvdm - ok
08:18:13.0304 5432 PBADRV (4088c1ecd1f54281a92fa663b0fdc36f) C:\Windows\system32\DRIVERS\PBADRV.sys
08:18:13.0307 5432 PBADRV - ok
08:18:13.0331 5432 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
08:18:13.0335 5432 pci - ok
08:18:13.0416 5432 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
08:18:13.0419 5432 pciide - ok
08:18:13.0453 5432 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
08:18:13.0458 5432 pcmcia - ok
08:18:13.0521 5432 PCTINDIS5 (1e715247efffdda938c085913045d599) C:\Windows\system32\PCTINDIS5.SYS
08:18:13.0543 5432 PCTINDIS5 - ok
08:18:13.0578 5432 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
08:18:13.0581 5432 pcw - ok
08:18:13.0605 5432 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
08:18:13.0615 5432 PEAUTH - ok
08:18:13.0746 5432 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
08:18:13.0750 5432 PptpMiniport - ok
08:18:13.0801 5432 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
08:18:13.0803 5432 Processor - ok
08:18:13.0855 5432 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
08:18:13.0857 5432 Psched - ok
08:18:13.0896 5432 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
08:18:13.0920 5432 ql2300 - ok
08:18:13.0932 5432 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
08:18:13.0934 5432 ql40xx - ok
08:18:13.0957 5432 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
08:18:13.0959 5432 QWAVEdrv - ok
08:18:13.0970 5432 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
08:18:13.0971 5432 RasAcd - ok
08:18:14.0006 5432 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
08:18:14.0008 5432 RasAgileVpn - ok
08:18:14.0028 5432 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
08:18:14.0030 5432 Rasl2tp - ok
08:18:14.0132 5432 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
08:18:14.0135 5432 RasPppoe - ok
08:18:14.0163 5432 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
08:18:14.0166 5432 RasSstp - ok
08:18:14.0217 5432 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
08:18:14.0222 5432 rdbss - ok
08:18:14.0238 5432 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
08:18:14.0240 5432 rdpbus - ok
08:18:14.0257 5432 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
08:18:14.0258 5432 RDPCDD - ok
08:18:14.0305 5432 RDPDR (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys
08:18:14.0309 5432 RDPDR - ok
08:18:14.0376 5432 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
08:18:14.0377 5432 RDPENCDD - ok
08:18:14.0400 5432 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
08:18:14.0401 5432 RDPREFMP - ok
08:18:14.0429 5432 RDPWD (288b06960d78428ff89e811632684e20) C:\Windows\system32\drivers\RDPWD.sys
08:18:14.0434 5432 RDPWD - ok
08:18:14.0559 5432 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
08:18:14.0564 5432 rdyboost - ok
08:18:14.0649 5432 RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\Windows\system32\DRIVERS\rfcomm.sys
08:18:14.0653 5432 RFCOMM - ok
08:18:14.0716 5432 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\Windows\system32\DRIVERS\RimSerial.sys
08:18:14.0719 5432 RimVSerPort - ok
08:18:14.0793 5432 ROOTMODEM (564297827d213f52c7a3a2ff749568ca) C:\Windows\system32\Drivers\RootMdm.sys
08:18:14.0795 5432 ROOTMODEM - ok
08:18:14.0896 5432 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
08:18:14.0899 5432 rspndr - ok
08:18:14.0941 5432 s3cap (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys
08:18:14.0943 5432 s3cap - ok
08:18:15.0000 5432 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
08:18:15.0003 5432 sbp2port - ok
08:18:15.0057 5432 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
08:18:15.0060 5432 scfilter - ok
08:18:15.0116 5432 sdbus (0328be1c7f1cba23848179f8762e391c) C:\Windows\system32\drivers\sdbus.sys
08:18:15.0120 5432 sdbus - ok
08:18:15.0169 5432 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
08:18:15.0172 5432 secdrv - ok
08:18:15.0259 5432 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
08:18:15.0261 5432 Serenum - ok
08:18:15.0319 5432 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
08:18:15.0322 5432 Serial - ok
08:18:15.0374 5432 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
08:18:15.0376 5432 sermouse - ok
08:18:15.0450 5432 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
08:18:15.0452 5432 sffdisk - ok
08:18:15.0475 5432 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
08:18:15.0478 5432 sffp_mmc - ok
08:18:15.0490 5432 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
08:18:15.0492 5432 sffp_sd - ok
08:18:15.0525 5432 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
08:18:15.0527 5432 sfloppy - ok
08:18:15.0564 5432 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
08:18:15.0567 5432 sisagp - ok
08:18:15.0597 5432 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
08:18:15.0603 5432 SiSRaid2 - ok
08:18:15.0614 5432 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
08:18:15.0619 5432 SiSRaid4 - ok
08:18:15.0640 5432 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
08:18:15.0642 5432 Smb - ok
08:18:15.0703 5432 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
08:18:15.0706 5432 spldr - ok
08:18:15.0808 5432 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
08:18:15.0815 5432 srv - ok
08:18:15.0853 5432 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
08:18:15.0860 5432 srv2 - ok
08:18:15.0877 5432 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
08:18:15.0882 5432 srvnet - ok
08:18:15.0953 5432 stdflt (a5b83c8050572622e5c43b5b3326a129) C:\Windows\system32\DRIVERS\stdfltn.sys
08:18:15.0956 5432 stdflt - ok
08:18:15.0975 5432 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
08:18:15.0978 5432 stexstor - ok
08:18:16.0023 5432 STHDA (4e5c74bd3244139ecaa73cc2c0f8b86b) C:\Windows\system32\DRIVERS\stwrt.sys
08:18:16.0030 5432 STHDA - ok
08:18:16.0158 5432 storflt (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys
08:18:16.0161 5432 storflt - ok
08:18:16.0194 5432 storvsc (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys
08:18:16.0196 5432 storvsc - ok
08:18:16.0252 5432 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
08:18:16.0254 5432 swenum - ok
08:18:16.0324 5432 swmsflt (4f3ca882769b78b7f9b1dd96df4b6996) C:\Windows\system32\DRIVERS\swmsflt.sys
08:18:16.0326 5432 swmsflt - ok
08:18:16.0394 5432 SWNC8UA3 (e67b60cf0482b5381cdbca203e3af9ca) C:\Windows\system32\DRIVERS\swnc8ua3.sys
08:18:16.0399 5432 SWNC8UA3 - ok
08:18:16.0455 5432 SWUMXA3 (8d4ee23f4f326d246fa988a9d891d9f1) C:\Windows\system32\DRIVERS\swumxa3.sys
08:18:16.0458 5432 SWUMXA3 - ok
08:18:16.0556 5432 tap0901 (7bd3ef7ba8d1044132ca4869aa8d5297) C:\Windows\system32\DRIVERS\tap0901.sys
08:18:16.0559 5432 tap0901 - ok
08:18:16.0642 5432 Tcpip (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\drivers\tcpip.sys
08:18:16.0661 5432 Tcpip - ok
08:18:16.0703 5432 TCPIP6 (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\DRIVERS\tcpip.sys
08:18:16.0712 5432 TCPIP6 - ok
08:18:16.0762 5432 tcpipBM (b1a9e04d803fde6b78314455211b726e) C:\Windows\system32\drivers\tcpipBM.sys
08:18:16.0763 5432 tcpipBM - ok
08:18:16.0810 5432 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
08:18:16.0812 5432 tcpipreg - ok
08:18:16.0859 5432 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
08:18:16.0861 5432 TDPIPE - ok
08:18:16.0872 5432 TDTCP (2c10395baa4847f83042813c515cc289) C:\Windows\system32\drivers\tdtcp.sys
08:18:16.0874 5432 TDTCP - ok
08:18:17.0005 5432 tdx (0b82444215871fa9284a9a88f9019503) C:\Windows\system32\DRIVERS\tdx.sys
08:18:17.0247 5432 tdx - ok
08:18:17.0431 5432 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
08:18:17.0434 5432 TermDD - ok
08:18:17.0539 5432 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
08:18:17.0541 5432 tssecsrv - ok
08:18:17.0629 5432 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
08:18:17.0631 5432 TsUsbFlt - ok
08:18:17.0731 5432 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
08:18:17.0735 5432 tunnel - ok
08:18:17.0830 5432 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
08:18:17.0833 5432 uagp35 - ok
08:18:17.0869 5432 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
08:18:17.0874 5432 udfs - ok
08:18:17.0965 5432 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
08:18:17.0968 5432 uliagpkx - ok
08:18:18.0025 5432 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\DRIVERS\umbus.sys
08:18:18.0027 5432 umbus - ok
08:18:18.0059 5432 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
08:18:18.0062 5432 UmPass - ok
08:18:18.0138 5432 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
08:18:18.0140 5432 USBAAPL - ok
08:18:18.0223 5432 usbaudio (1d9f2bd026e8e2d45033a4df3f16b78c) C:\Windows\system32\drivers\usbaudio.sys
08:18:18.0227 5432 usbaudio - ok
08:18:18.0328 5432 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
08:18:18.0331 5432 usbccgp - ok
08:18:18.0377 5432 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
08:18:18.0380 5432 usbcir - ok
08:18:18.0426 5432 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\drivers\usbehci.sys
08:18:18.0429 5432 usbehci - ok
08:18:18.0484 5432 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
08:18:18.0489 5432 usbhub - ok
08:18:18.0509 5432 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\drivers\usbohci.sys
08:18:18.0511 5432 usbohci - ok
08:18:18.0543 5432 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
08:18:18.0545 5432 usbprint - ok
08:18:18.0600 5432 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
08:18:18.0603 5432 usbscan - ok
08:18:18.0696 5432 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
08:18:18.0700 5432 USBSTOR - ok
08:18:18.0747 5432 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\drivers\usbuhci.sys
08:18:18.0749 5432 usbuhci - ok
08:18:18.0794 5432 usbvideo (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\Windows\System32\Drivers\usbvideo.sys
08:18:18.0799 5432 usbvideo - ok
08:18:18.0853 5432 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
08:18:18.0855 5432 vdrvroot - ok
08:18:18.0930 5432 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
08:18:18.0933 5432 vga - ok
08:18:18.0995 5432 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
08:18:18.0998 5432 VgaSave - ok
08:18:19.0240 5432 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
08:18:19.0244 5432 vhdmp - ok
08:18:19.0291 5432 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
08:18:19.0293 5432 viaagp - ok
08:18:19.0333 5432 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
08:18:19.0336 5432 ViaC7 - ok
08:18:19.0376 5432 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
08:18:19.0378 5432 viaide - ok
08:18:19.0426 5432 vmbus (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys
08:18:19.0429 5432 vmbus - ok
08:18:19.0594 5432 VMBusHID (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys
08:18:19.0596 5432 VMBusHID - ok
08:18:19.0686 5432 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
08:18:19.0689 5432 volmgr - ok
08:18:19.0775 5432 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
08:18:19.0780 5432 volmgrx - ok
08:18:19.0840 5432 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
08:18:19.0846 5432 volsnap - ok
08:18:19.0933 5432 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
08:18:19.0938 5432 vsmraid - ok
08:18:20.0092 5432 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
08:18:20.0094 5432 vwifibus - ok
08:18:20.0184 5432 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
08:18:20.0187 5432 vwififlt - ok
08:18:20.0217 5432 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
08:18:20.0220 5432 WacomPen - ok
08:18:20.0309 5432 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
08:18:20.0313 5432 WANARP - ok
08:18:20.0318 5432 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
08:18:20.0320 5432 Wanarpv6 - ok
08:18:20.0491 5432 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
08:18:20.0493 5432 Wd - ok
08:18:20.0523 5432 Wdf01000 (73c5809c82828e34232f9811cb51490e) C:\Windows\system32\drivers\Wdf01000.sys
08:18:20.0530 5432 Suspicious file (Forged): C:\Windows\system32\drivers\Wdf01000.sys. Real md5: 73c5809c82828e34232f9811cb51490e, Fake md5: 9950e3d0f08141c7e89e64456ae7dc73
08:18:20.0532 5432 Wdf01000 ( Virus.Win32.Rloader.a ) - infected
08:18:20.0532 5432 Wdf01000 - detected Virus.Win32.Rloader.a (0)
08:18:20.0613 5432 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
08:18:20.0615 5432 WfpLwf - ok
08:18:20.0654 5432 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
08:18:20.0657 5432 WIMMount - ok
08:18:20.0873 5432 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys
08:18:20.0875 5432 WinUsb - ok
08:18:20.0926 5432 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
08:18:20.0928 5432 WmiAcpi - ok
08:18:20.0989 5432 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
08:18:20.0991 5432 ws2ifsl - ok
08:18:21.0081 5432 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
08:18:21.0084 5432 WudfPf - ok
08:18:21.0119 5432 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
08:18:21.0123 5432 WUDFRd - ok
08:18:21.0241 5432 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
08:18:21.0251 5432 \Device\Harddisk0\DR0 - ok
08:18:21.0254 5432 Boot (0x1200) (0800777f7873e941710288e5876b77fd) \Device\Harddisk0\DR0\Partition0
08:18:21.0255 5432 \Device\Harddisk0\DR0\Partition0 - ok
08:18:21.0268 5432 Boot (0x1200) (1de2f50b37a9ed94de4e6af65e7bc128) \Device\Harddisk0\DR0\Partition1
08:18:21.0269 5432 \Device\Harddisk0\DR0\Partition1 - ok
08:18:21.0270 5432 ============================================================
08:18:21.0270 5432 Scan finished
08:18:21.0270 5432 ============================================================
08:18:21.0281 3996 Detected object count: 1
08:18:21.0281 3996 Actual detected object count: 1
08:18:31.0028 3996 Backup copy not found, trying to cure infected file..
08:18:31.0033 3996 Cure success, using it..
08:18:31.0047 3996 C:\Windows\system32\drivers\Wdf01000.sys - will be cured on reboot
08:18:31.0048 3996 Wdf01000 ( Virus.Win32.Rloader.a ) - User select action: Cure
08:18:42.0417 5232 Deinitialize success

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:31 PM

Posted 19 December 2011 - 01:49 PM

Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure "Include All Files" option remains checked.
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 El Dragonero

El Dragonero
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:12:31 PM

Posted 19 December 2011 - 04:15 PM

For some reason I can't connect to the Internet with the computer now (despite several attempts at fixing the network connection and even using my phone as a wifi point) so I downloaded FSS on to a thumb drive off my wife's computer. But after saving it down on my desktop the program won't load up and run. Any ideas Gringo? Thanks.

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:31 PM

Posted 19 December 2011 - 09:37 PM

Try and redownload it again and run it
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 El Dragonero

El Dragonero
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:12:31 PM

Posted 19 December 2011 - 11:46 PM

Same issue unfortunately. I tried it three times with the same result.

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:31 PM

Posted 20 December 2011 - 01:50 AM

please run the following:

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:

    :filefind
    NetBT.sys
    afd.sys
    ipsec.sys
    tdx.sys
    
    :reg
    HKEY_LOCAL_MACHINE\system\currentcontrolset\services\afd /s
    HKEY_LOCAL_MACHINE\system\currentcontrolset\services\netbt /s
    HKEY_LOCAL_MACHINE\system\currentcontrolset\services\ipsec /s
    HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tdx /s
    
    
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 El Dragonero

El Dragonero
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:12:31 PM

Posted 20 December 2011 - 04:23 PM

I guess the issue was with the thumb drive I was using as I tried with another and was able to run both FSS and SystemLook. The FSS log is first, followed by SystemLook's. Thanks Gringo!

Farbar Service Scanner
Ran by aroyster (administrator) on 20-12-2011 at 14:49:24
Microsoft Windows 7 Professional Service Pack 2 (X86)
********************************************************

Service Check:
==============
Dhcp Service is not running. Checking service configuration:
The start type of Dhcp service is OK.
The ImagePath of Dhcp service is OK.
The ServiceDll of Dhcp: "C:\Windows\system32\dhcpcore.dll".

Dnscache Service is not running. Checking service configuration:
The start type of Dnscache service is OK.
The ImagePath of Dnscache service is OK.
The ServiceDll of Dnscache: "C:\Windows\System32\dnsrslvr.dll".

tdx Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open tdx registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open tdx registry key. The service key does not exist.


File Check:
===========
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll
[2011-03-22 10:55] - [2010-11-20 03:21] - 0376832 ____A (Microsoft Corporation)

C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcore.dll
[2011-03-22 10:55] - [2010-11-20 03:18] - 0254464 ____A (Microsoft Corporation)

C:\Windows\system32\Drivers\afd.sys
[2011-06-15 19:11] - [2011-04-24 21:18] - 0338944 ____A (Microsoft Corporation)

C:\Windows\system32\Drivers\tdx.sys
[2011-03-22 10:55] - [2010-11-19 23:39] - 0074752 ____A () 0B82444215871FA9284A9A88F9019503

C:\Windows\system32\Drivers\tcpip.sys
[2011-11-08 21:33] - [2011-09-29 11:03] - 1290608 ____A (Microsoft Corporation)

C:\Windows\system32\dnsrslvr.dll
[2011-04-17 06:57] - [2011-03-03 00:38] - 0132608 ____A (Microsoft Corporation)


Connection Status:
==================
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.

**** End of log ****

SystemLook 30.07.11 by jpshortstuff
Log created at 14:52 on 20/12/2011 by aroyster
Administrator - Elevation successful

========== filefind ==========

Searching for "NetBT.sys"
C:\Windows\System32\drivers\netbt.sys --a---- 187904 bytes [15:54 22/03/2011] [04:39 20/11/2010] 280122DDCF04B378EDD1AD54D71C1E54
C:\Windows\winsxs\x86_microsoft-windows-netbt_31bf3856ad364e35_6.1.7600.16385_none_603b1e855897bcd6\netbt.sys --a---- 187904 bytes [23:12 13/07/2009] [23:12 13/07/2009] DD52A733BF4CA5AF84562A5E2F963B91
C:\Windows\winsxs\x86_microsoft-windows-netbt_31bf3856ad364e35_6.1.7601.17514_none_626c324d55864070\netbt.sys --a---- 187904 bytes [15:54 22/03/2011] [04:39 20/11/2010] 280122DDCF04B378EDD1AD54D71C1E54

Searching for "afd.sys"
C:\Windows\System32\drivers\afd.sys --a---- 338944 bytes [00:11 16/06/2011] [02:18 25/04/2011] 9EBBBA55060F786F0FCAA3893BFA2806
C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16385_none_d7be98b5bfc0b4c1\afd.sys --a---- 338944 bytes [23:12 13/07/2009] [23:12 13/07/2009] DDC040FDB01EF1712A6B13E52AFB104C
C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16802_none_d81220b5bf827af7\afd.sys --a---- 338944 bytes [00:11 16/06/2011] [02:35 25/04/2011] 0DB7A48388D54D154EBEC120461A0FCD
C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.20951_none_d864ad9ad8c98d1f\afd.sys --a---- 338944 bytes [00:11 16/06/2011] [02:27 25/04/2011] C114AB7A1550D42EA1700FFD4179CF5A
C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17514_none_d9efac7dbcaf385b\afd.sys --a---- 338944 bytes [15:54 22/03/2011] [04:40 20/11/2010] 1151FD4FB0216CFED887BFDE29EBD516
C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17603_none_d9f97e05bca8003a\afd.sys --a---- 338944 bytes [00:11 16/06/2011] [02:18 25/04/2011] 9EBBBA55060F786F0FCAA3893BFA2806
C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.21712_none_da774a9ad5cea29e\afd.sys --a---- 338944 bytes [00:11 16/06/2011] [03:24 25/04/2011] C427F91A748CD342A2B3F9278D9FD6A5

Searching for "ipsec.sys"
No files found.

Searching for "tdx.sys"
C:\Windows\System32\drivers\tdx.sys --a---- 74752 bytes [15:55 22/03/2011] [04:39 20/11/2010] 0B82444215871FA9284A9A88F9019503
C:\Windows\winsxs\x86_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.1.7600.16385_none_ea141e6f3d693e28\tdx.sys --a---- 74240 bytes [23:12 13/07/2009] [23:12 13/07/2009] CB39E896A2A83702D1737BFD402B3542

========== reg ==========

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\afd]
"BootFlags"= 0x0000000001 (1)
"DisplayName"="@%systemroot%\system32\drivers\afd.sys,-1000"
"Group"="PNP_TDI"
"ImagePath"="\SystemRoot\system32\drivers\afd.sys"
"Description"="@%systemroot%\system32\drivers\afd.sys,-1000"
"ErrorControl"= 0x0000000001 (1)
"Start"= 0x0000000001 (1)
"Type"= 0x0000000001 (1)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\afd\Parameters]
(No values found)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\afd\Enum]
"0"="Root\LEGACY_AFD\0000"
"Count"= 0x0000000001 (1)
"NextInstance"= 0x0000000001 (1)


[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\netbt]
"DisplayName"="@%SystemRoot%\system32\drivers\netbt.sys,-2"
"Group"="PNP_TDI"
"ImagePath"="System32\DRIVERS\netbt.sys"
"Description"="@%SystemRoot%\system32\drivers\netbt.sys,-1"
"ErrorControl"= 0x0000000001 (1)
"Start"= 0x0000000001 (1)
"Type"= 0x0000000001 (1)
"DependOnService"="Tdx tcpip"
"Tag"= 0x0000000057 (87)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\netbt\Linkage]
"OtherDependencies"="Tcpip"
"Bind"="\Device\Tcpip_{456A4F25-F56E-418E-8EBF-4B2A021C40EC} \Device\Tcpip_{A89C087F-4C0D-4A57-A815-EADE5536C348} \Device\Tcpip_{87362450-8001-407E-BBB5-F1CC9DD7123F} \Device\Tcpip_{4680824C-E026-4F94-8977-F6EECF43C9E2} \Device\Tcpip_{56D90879-B663-49A5-B947-4B1D370A2B23} \Device\Tcpip6_{172C6858-007C-4F89-863A-53D5947BFCF2} \Device\Tcpip6_{E0C742A2-DC50-4D99-AACA-33C6DE1EEACA} \Device\Tcpip6_{9A8A2209-8465-4F26-9A92-0D6DEC172E86} \Device\Tcpip6_{F46DF07F-631D-4BAB-BB99-D7A696F5DB7B} \Device\Tcpip6_{F4DDB936-1603-4864-9AF3-85744201E306} \Device\Tcpip6_{F5ECCFB0-673F-4EE4-B4BE-6BC2B73DF77F} \Device\Tcpip6_{A89C087F-4C0D-4A57-A815-EADE5536C348} \Device\Tcpip6_{87362450-8001-407E-BBB5-F1CC9DD7123F} \Device\Tcpip6_{4680824C-E026-4F94-8977-F6EECF43C9E2} \Device\Tcpip6_{56D90879-B663-49A5-B947-4B1D370A2B23}"
"Route"=""Tcpip" "{456A4F25-F56E-418E-8EBF-4B2A021C40EC}" "Tcpip" "{A89C087F-4C0D-4A57-A815-EADE5536C348}" "Tcpip" "{87362450-8001-407E-BBB5-F1CC9DD7123F}" "Tcpip" "{4680824C-E026-4F94-8977-F6EECF43C9E2}" "Tcpip" "{56D90879-B663-49A5-B947-4B1D370A2B23}" "Tcpip6" "{172C6858-007C-4F89-863A-53D5947BFCF2}" "Tcpip6" "{E0C742A2-DC50-4D99-AACA-33C6DE1EEACA}" "Tcpip6" "{9A8A2209-8465-4F26-9A92-0D6DEC172E86}" "Tcpip6" "{F46DF07F-631D-4BAB-BB99-D7A696F5DB7B}" "Tcpip6" "{F4DDB936-1603-4864-9AF3-85744201E306}" "Tcpip6" "{F5ECCFB0-673F-4EE4-B4BE-6BC2B73DF77F}" "Tcpip6" "{A89C087F-4C0D-4A57-A815-EADE5536C348}" "Tcpip6" "{87362450-8001-407E-BBB5-F1CC9DD7123F}" "Tcpip6" "{4680824C-E026-4F94-8977-F6EECF43C9E2}" "Tcpip6" "{56D90879-B663-49A5-B947-4B1D370A2B23}""
"Export"="\Device\NetBT_Tcpip_{456A4F25-F56E-418E-8EBF-4B2A021C40EC} \Device\NetBT_Tcpip_{A89C087F-4C0D-4A57-A815-EADE5536C348} \Device\NetBT_Tcpip_{87362450-8001-407E-BBB5-F1CC9DD7123F} \Device\NetBT_Tcpip_{4680824C-E026-4F94-8977-F6EECF43C9E2} \Device\NetBT_Tcpip_{56D90879-B663-49A5-B947-4B1D370A2B23} \Device\NetBT_Tcpip6_{172C6858-007C-4F89-863A-53D5947BFCF2} \Device\NetBT_Tcpip6_{E0C742A2-DC50-4D99-AACA-33C6DE1EEACA} \Device\NetBT_Tcpip6_{9A8A2209-8465-4F26-9A92-0D6DEC172E86} \Device\NetBT_Tcpip6_{F46DF07F-631D-4BAB-BB99-D7A696F5DB7B} \Device\NetBT_Tcpip6_{F4DDB936-1603-4864-9AF3-85744201E306} \Device\NetBT_Tcpip6_{F5ECCFB0-673F-4EE4-B4BE-6BC2B73DF77F} \Device\NetBT_Tcpip6_{A89C087F-4C0D-4A57-A815-EADE5536C348} \Device\NetBT_Tcpip6_{87362450-8001-407E-BBB5-F1CC9DD7123F} \Device\NetBT_Tcpip6_{4680824C-E026-4F94-8977-F6EECF43C9E2} \Device\NetBT_Tcpip6_{56D90879-B663-49A5-B947-4B1D370A2B23}"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\netbt\Parameters]
"BcastNameQueryCount"= 0x0000000003 (3)
"BcastQueryTimeout"= 0x00000002ee (750)
"CacheTimeout"= 0x00000927c0 (600000)
"EnableLMHOSTS"= 0x0000000001 (1)
"NameServerPort"= 0x0000000089 (137)
"NameSrvQueryCount"= 0x0000000003 (3)
"NameSrvQueryTimeout"= 0x00000005dc (1500)
"NbProvider"="_tcp"
"SessionKeepAlive"= 0x000036ee80 (3600000)
"Size/Small/Medium/Large"= 0x0000000001 (1)
"TransportBindName"="\Device\"
"UseNewSmb"= 0x0000000001 (1)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\netbt\Parameters\Interfaces]
(No values found)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\netbt\Parameters\Interfaces\Tcpip_{456A4F25-F56E-418E-8EBF-4B2A021C40EC}]
"NameServerList"=" "
"NetbiosOptions"= 0x0000000000 (0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\netbt\Parameters\Interfaces\Tcpip_{4680824C-E026-4F94-8977-F6EECF43C9E2}]
"NameServerList"=" "
"NetbiosOptions"= 0x0000000000 (0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\netbt\Parameters\Interfaces\Tcpip_{56D90879-B663-49A5-B947-4B1D370A2B23}]
"NameServerList"=" "
"NetbiosOptions"= 0x0000000000 (0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\netbt\Parameters\Interfaces\Tcpip_{87362450-8001-407E-BBB5-F1CC9DD7123F}]
"NameServerList"=" "
"NetbiosOptions"= 0x0000000000 (0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\netbt\Parameters\Interfaces\Tcpip_{A89C087F-4C0D-4A57-A815-EADE5536C348}]
"NameServerList"=" "
"NetbiosOptions"= 0x0000000000 (0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\netbt\Security]
"Security"=01 00 04 80 b4 00 00 00 c0 00 00 00 00 00 00 00 14 00 00 00 02 00 a0 00 07 00 00 00 00 00 14 00 8d 01 02 00 01 01 00 00 00 00 00 05 0b 00 00 00 00 00 18 00 ff 01 0f 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 00 00 18 00 ff 01 0f 00 01 02 00 00 00 00 00 05 20 00 00 00 25 02 00 00 00 00 14 00 fd 01 02 00 01 01 00 00 00 00 00 05 12 00 00 00 00 00 14 00 40 00 00 00 01 01 00 00 00 00 00 05 13 00 00 00 00 00 14 00 40 00 00 00 01 01 00 00 00 00 00 05 14 00 00 00 00 00 18 00 9d 01 02 00 01 02 00 00 00 00 00 05 20 00 00 00 2c 02 00 00 01 01 00 00 00 00 00 05 12 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00 (REG_BINARY)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\netbt\Enum]
"0"="Root\LEGACY_NETBT\0000"
"Count"= 0x0000000001 (1)
"NextInstance"= 0x0000000001 (1)


[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\ipsec]
(Unable to open key - key not found)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tdx]
(Unable to open key - key not found)

-= EOF =-

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:31 PM

Posted 20 December 2011 - 04:53 PM

Hello


I would like you to go here - http://www.smartestcomputing.us.com/files/download/9-registry-network-keys/ and download seven.zip

open the file and double click on TDX.reg and when asked to merge allow it

restart computer and test connection



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 El Dragonero

El Dragonero
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:12:31 PM

Posted 20 December 2011 - 07:18 PM

Awesome. Back up and running, Gringo.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users