Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Vista Security and System Fix...possibly more


  • This topic is locked This topic is locked
70 replies to this topic

#1 MrBlud

MrBlud

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:07:09 AM

Posted 16 December 2011 - 08:25 PM

I keep getting TCP/IP COMMAND HAS STOPPED WORKING ERRORS. My CPU usage spikes up to 100% for no reason at all. Sometimes Google redirects me to other webpages out of the blue. I also have the occasional blue screen of death due to IRQL LESS OR NOT EQUAL.

I got infected by Vista security and System Fix but I thought I cleaned them up but apparently not. Any help would be greatly appreciated.

NOTE: I tried to attach the "ark.txt" file from GMER as instructed but it says the file is too big.

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26
Run by Daniel at 18:53:46 on 2011-12-16
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3071.1696 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\system32\taskeng.exe
c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files\Eraser\Eraser.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Verizon Wireless\V CAST Music Manager\MEMonitor.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\hp\kbd\kbd.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\Steam\SteamService.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.allspark.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=desktop
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=desktop
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Speckie: {8ce7f568-67fa-4432-ba39-f5afd68e7b8b} - c:\users\daniel\appdata\roaming\speckie\Speckie32.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Steam] "c:\program files\steam\steam.exe" -silent
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [HPAdvisor] c:\program files\hewlett-packard\hp advisor\HPAdvisor.exe autoRun
uRun: [Eraser] c:\program files\eraser\Eraser.exe -hide
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [Find Duplicate Photos] "c:\program files\find duplicate photos\FindDuplicatePhotos.exe" /minimized
uRun: [Aim] "c:\program files\aim\aim.exe" /d locale=en-US
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [<NO NAME>]
mRun: [SnapfishMediaDetector] c:\program files\snapfish media detector\SnapfishMediaDetector.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [OsdMaestro] "c:\program files\hewlett-packard\on-screen osd indicator\OSD.exe"
mRun: [KBD] c:\hp\kbd\KbdStub.EXE
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [hpsysdrv] c:\hp\support\hpsysdrv.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [CCUTRAYICON] FactoryMode
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [ATICustomerCare] "c:\program files\ati\aticustomercare\ATICustomerCare.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [amd_dc_opt] c:\program files\amd\dual-core optimizer\amd_dc_opt.exe
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
StartupFolder: c:\users\daniel\appdata\roaming\micros~1\windows\startm~1\programs\startup\memoni~1.lnk - c:\program files\verizon wireless\v cast music manager\MEMonitor.exe
StartupFolder: c:\users\daniel\appdata\roaming\micros~1\windows\startm~1\programs\startup\zooskm~1.lnk - c:\program files\zooskmessenger\ZooskMessenger.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\snapfi~1.lnk - c:\program files\snapfish media detector\SnapfishMediaDetector.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &ieSpell Options - c:\program files\iespell\iespell.dll/SPELLOPTION.HTM
IE: Check &Spelling - c:\program files\iespell\iespell.dll/SPELLCHECK.HTM
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Lookup on Merriam Webster - file://c:\program files\iespell\Merriam Webster.HTM
IE: Lookup on Wikipedia - file://c:\program files\iespell\wikipedia.HTM
IE: {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - res://c:\program files\iespell\iespell.dll/SPELLCHECK.HTM
IE: {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - res://c:\program files\iespell\iespell.dll/SPELLOPTION.HTM
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
LSP: mswsock.dll
Trusted Zone: mit.edu\ca
Trusted Zone: mit.edu\ca2
Trusted Zone: mit.edu\insidemit-apps
Trusted Zone: mit.edu\vpn
Trusted Zone: mit.edu\web
DPF: ActiveGS.cab - hxxp://www.virtualapple.org/activegs.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab
DPF: {594ECDD4-A991-4208-A7B7-00DDAD9BE328} - hxxp://media.labs.live.com/all/ps/_code_/PhotosynthVista.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {99FE5072-78AA-4FEE-89BA-69A5FA55343F} - hxxp://download.microsoft.com/download/B/3/A/B3A2EA73-793D-4ABE-992D-C81140384044/igdtoolx.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{A937F0D0-0F04-49BC-83FA-09886AFCF223} : DhcpNameServer = 192.168.1.254
Notify: igfxcui - igfxdev.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\daniel\appdata\roaming\mozilla\firefox\profiles\81ek2osi.default\
FF - component: c:\program files\real\realplayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.2432.1652\npCIDetect14.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPcol400.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - plugin: c:\users\daniel\appdata\roaming\facebook\npfbplugin_1_0_3.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false
============= SERVICES / DRIVERS ===============
.
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-3-25 165648]
R1 MpKsl564447c8;MpKsl564447c8;c:\programdata\microsoft\microsoft antimalware\definition updates\{5a3c465b-0c27-4ca4-ae3d-1d7373d5d0ab}\MpKsl564447c8.sys [2011-12-16 29904]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-8-25 176128]
R2 DQLWinService;DQLWinService;c:\program files\common files\intel\inteldh\nms\adpplugins\DQLWinService.exe [2006-9-3 208896]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-6-25 21504]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-12-8 366152]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-10-23 24652]
R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2010-8-25 6380032]
R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2010-8-25 221696]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdLH3.sys [2010-7-15 99344]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-12-8 22216]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2010-10-24 65024]
R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2011-4-27 208944]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-12-26 135664]
S2 IntelDHSvcConf;Intel DH Service;c:\program files\intel\inteldh\intel media server\tools\IntelDHSvcConf.exe [2006-5-10 29696]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2009-6-1 1153368]
S2 XMLProvS;Network ProService;c:\windows\system32\svchost.exe -k xmlpros [2008-6-25 21504]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-12-26 135664]
S3 MCLServiceATL;Intel® Application Tracker;c:\program files\intel\inteldh\intel media server\shells\MCLServiceATL.exe [2006-9-11 167936]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2007-10-21 34248]
S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2007-10-21 40552]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2008-8-21 18688]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2008-8-21 8320]
S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [2007-10-10 42112]
S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\drivers\motport.sys [2007-6-20 23680]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2010-3-25 43392]
.
=============== Created Last 30 ================
.
2071-07-25 14:13:30 203576 ------w- c:\program files\microsoft games\age of empires iii\autopatcher2.exe
2011-12-16 23:46:06 29904 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{5a3c465b-0c27-4ca4-ae3d-1d7373d5d0ab}\MpKsl564447c8.sys
2011-12-16 23:46:04 56200 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{5a3c465b-0c27-4ca4-ae3d-1d7373d5d0ab}\offreg.dll
2011-12-16 00:11:38 6823496 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{5a3c465b-0c27-4ca4-ae3d-1d7373d5d0ab}\mpengine.dll
2011-12-15 01:12:55 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-12-15 01:12:55 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-12-15 01:12:53 429056 ----a-w- c:\windows\system32\EncDec.dll
2011-12-15 01:12:51 2043904 ----a-w- c:\windows\system32\win32k.sys
2011-12-15 01:12:49 49152 ----a-w- c:\windows\system32\csrsrv.dll
2011-12-15 01:12:44 2048 ----a-w- c:\windows\system32\tzres.dll
2011-12-08 23:47:13 -------- d-----w- c:\users\daniel\appdata\roaming\Malwarebytes
2011-12-08 23:47:08 -------- d-----w- c:\programdata\Malwarebytes
2011-12-08 23:47:06 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-08 23:47:05 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-12-03 21:25:21 -------- d-----w- c:\users\daniel\appdata\local\DDMSettings
2011-12-01 05:59:07 -------- d-----w- c:\program files\JDownloaderUSE
2011-11-19 22:42:52 -------- d-----w- c:\program files\iPod
2011-11-19 22:42:35 -------- d-----w- c:\program files\iTunes
.
==================== Find3M ====================
.
2011-11-13 08:51:08 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-03 22:47:42 1798144 ----a-w- c:\windows\system32\jscript9.dll
2011-11-03 22:40:21 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2011-11-03 22:39:47 1127424 ----a-w- c:\windows\system32\wininet.dll
2011-11-03 22:31:57 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-10-24 18:29:02 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-10-24 18:29:02 69632 ----a-w- c:\windows\system32\QuickTime.qts
2011-10-20 23:26:22 94208 ----a-w- c:\windows\system32\dpl100.dll
2011-09-20 21:02:55 913280 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-09-20 13:44:04 31232 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
.
============= FINISH: 18:55:42.37 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:09 AM

Posted 18 December 2011 - 05:34 PM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.
  • Do not run any other tool untill instructed to do so!


Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 MrBlud

MrBlud
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:07:09 AM

Posted 19 December 2011 - 11:11 PM

When I try to run Combofix it tells me

"ComboFix has detected the following real-time scanner(s) to be active:

antivirus: Microsoft Security Essentials
antispyware: Microsoft Security Essentials

Despite me turning off MSE as directed in the linked help guides.

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:09 AM

Posted 20 December 2011 - 01:38 AM

Hello


go ahead and run it

gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 MrBlud

MrBlud
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:07:09 AM

Posted 20 December 2011 - 08:18 PM

I tried running Combofix a total of four times today.

The first three times I got a blue screen crash/restart within 30 minutes. The fourth time it ran for around six hours before the standard blue screen crash/restart.

It never gives me a log and always says "The recycle bin on C:/ is corrupted" upon crash/restart.

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:09 AM

Posted 20 December 2011 - 09:18 PM

Hello

I want you to run this tool for me next.

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 MrBlud

MrBlud
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:07:09 AM

Posted 20 December 2011 - 09:49 PM

21:48:27.0401 6528 TDSS rootkit removing tool 2.6.23.0 Dec 13 2011 10:39:31
21:48:27.0847 6528 ============================================================
21:48:27.0847 6528 Current date / time: 2011/12/20 21:48:27.0847
21:48:27.0847 6528 SystemInfo:
21:48:27.0848 6528
21:48:27.0848 6528 OS Version: 6.0.6002 ServicePack: 2.0
21:48:27.0848 6528 Product type: Workstation
21:48:27.0848 6528 ComputerName: TELETRAN
21:48:27.0848 6528 UserName: Daniel
21:48:27.0848 6528 Windows directory: C:\Windows
21:48:27.0848 6528 System windows directory: C:\Windows
21:48:27.0848 6528 Processor architecture: Intel x86
21:48:27.0848 6528 Number of processors: 4
21:48:27.0848 6528 Page size: 0x1000
21:48:27.0848 6528 Boot type: Normal boot
21:48:27.0848 6528 ============================================================
21:48:34.0941 6528 Initialize success
21:48:38.0894 8096 ============================================================
21:48:38.0894 8096 Scan started
21:48:38.0894 8096 Mode: Manual;
21:48:38.0894 8096 ============================================================
21:48:40.0868 8096 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
21:48:40.0884 8096 ACPI - ok
21:48:41.0013 8096 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
21:48:41.0019 8096 adp94xx - ok
21:48:41.0153 8096 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
21:48:41.0159 8096 adpahci - ok
21:48:41.0226 8096 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
21:48:41.0228 8096 adpu160m - ok
21:48:41.0316 8096 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
21:48:41.0331 8096 adpu320 - ok
21:48:41.0508 8096 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
21:48:41.0512 8096 AFD - ok
21:48:41.0542 8096 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
21:48:41.0543 8096 agp440 - ok
21:48:41.0572 8096 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
21:48:41.0574 8096 aic78xx - ok
21:48:41.0637 8096 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
21:48:41.0663 8096 aliide - ok
21:48:41.0787 8096 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
21:48:41.0788 8096 amdagp - ok
21:48:41.0837 8096 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
21:48:41.0838 8096 amdide - ok
21:48:41.0898 8096 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
21:48:41.0899 8096 AmdK7 - ok
21:48:41.0924 8096 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
21:48:41.0926 8096 AmdK8 - ok
21:48:42.0474 8096 amdkmdag (da3cf5b94ad09290896e2b73df6d4173) C:\Windows\system32\DRIVERS\atikmdag.sys
21:48:42.0559 8096 amdkmdag - ok
21:48:42.0683 8096 amdkmdap (46a3f55772fd2d1526994693ae352579) C:\Windows\system32\DRIVERS\atikmpag.sys
21:48:42.0687 8096 amdkmdap - ok
21:48:42.0739 8096 AmdLLD (ad8fa28d8ed0d0a689a0559085ce0f18) C:\Windows\system32\DRIVERS\AmdLLD.sys
21:48:42.0740 8096 AmdLLD - ok
21:48:42.0800 8096 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
21:48:42.0801 8096 arc - ok
21:48:42.0944 8096 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
21:48:42.0945 8096 arcsas - ok
21:48:42.0987 8096 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
21:48:42.0988 8096 AsyncMac - ok
21:48:43.0048 8096 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
21:48:43.0048 8096 atapi - ok
21:48:43.0111 8096 AtiHDAudioService (8579387516ec86d76404ddffc22214c4) C:\Windows\system32\drivers\AtihdLH3.sys
21:48:43.0112 8096 AtiHDAudioService - ok
21:48:43.0267 8096 AtiHdmiService (f48d470154cc58cd6520771464fbec3f) C:\Windows\system32\drivers\AtiHdmi.sys
21:48:43.0270 8096 AtiHdmiService - ok
21:48:43.0457 8096 atikmdag (da3cf5b94ad09290896e2b73df6d4173) C:\Windows\system32\DRIVERS\atikmdag.sys
21:48:43.0506 8096 atikmdag - ok
21:48:43.0649 8096 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
21:48:43.0650 8096 Beep - ok
21:48:43.0672 8096 blbdrive - ok
21:48:43.0752 8096 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
21:48:43.0754 8096 bowser - ok
21:48:43.0787 8096 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
21:48:43.0788 8096 BrFiltLo - ok
21:48:43.0842 8096 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
21:48:43.0843 8096 BrFiltUp - ok
21:48:43.0901 8096 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
21:48:43.0903 8096 Brserid - ok
21:48:43.0928 8096 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
21:48:43.0929 8096 BrSerWdm - ok
21:48:43.0961 8096 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
21:48:43.0962 8096 BrUsbMdm - ok
21:48:43.0977 8096 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
21:48:43.0978 8096 BrUsbSer - ok
21:48:43.0998 8096 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
21:48:43.0999 8096 BTHMODEM - ok
21:48:44.0092 8096 BVRPMPR5 (da2dc84e2d14ec6dac1132caa286118d) C:\Windows\system32\drivers\BVRPMPR5.SYS
21:48:44.0094 8096 BVRPMPR5 - ok
21:48:44.0156 8096 catchme - ok
21:48:44.0361 8096 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
21:48:44.0362 8096 cdfs - ok
21:48:44.0450 8096 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
21:48:44.0452 8096 cdrom - ok
21:48:44.0528 8096 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
21:48:44.0529 8096 circlass - ok
21:48:44.0572 8096 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
21:48:44.0576 8096 CLFS - ok
21:48:44.0598 8096 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
21:48:44.0599 8096 cmdide - ok
21:48:44.0615 8096 Compbatt (82b8c91d327cfecf76cb58716f7d4997) C:\Windows\system32\drivers\compbatt.sys
21:48:44.0616 8096 Compbatt - ok
21:48:44.0659 8096 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
21:48:44.0660 8096 crcdisk - ok
21:48:44.0685 8096 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
21:48:44.0686 8096 Crusoe - ok
21:48:44.0721 8096 CrystalSysInfo - ok
21:48:44.0771 8096 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
21:48:44.0773 8096 DfsC - ok
21:48:44.0891 8096 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
21:48:44.0892 8096 disk - ok
21:48:44.0959 8096 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
21:48:44.0960 8096 drmkaud - ok
21:48:45.0047 8096 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
21:48:45.0057 8096 DXGKrnl - ok
21:48:45.0142 8096 e1express (04944f4fc4f0477185f5d26ae0ddb90e) C:\Windows\system32\DRIVERS\e1e6032.sys
21:48:45.0146 8096 e1express - ok
21:48:45.0191 8096 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
21:48:45.0193 8096 E1G60 - ok
21:48:45.0332 8096 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
21:48:45.0334 8096 Ecache - ok
21:48:45.0387 8096 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
21:48:45.0392 8096 elxstor - ok
21:48:45.0473 8096 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
21:48:45.0475 8096 exfat - ok
21:48:45.0520 8096 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
21:48:45.0522 8096 fastfat - ok
21:48:45.0583 8096 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
21:48:45.0584 8096 fdc - ok
21:48:45.0644 8096 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
21:48:45.0645 8096 FileInfo - ok
21:48:45.0682 8096 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
21:48:45.0683 8096 Filetrace - ok
21:48:45.0712 8096 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
21:48:45.0713 8096 flpydisk - ok
21:48:45.0753 8096 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
21:48:45.0756 8096 FltMgr - ok
21:48:45.0823 8096 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
21:48:45.0824 8096 Fs_Rec - ok
21:48:45.0849 8096 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
21:48:45.0851 8096 gagp30kx - ok
21:48:45.0908 8096 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\Drivers\GEARAspiWDM.sys
21:48:45.0909 8096 GEARAspiWDM - ok
21:48:46.0021 8096 HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys
21:48:46.0025 8096 HdAudAddService - ok
21:48:46.0093 8096 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
21:48:46.0101 8096 HDAudBus - ok
21:48:46.0175 8096 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
21:48:46.0176 8096 HidBth - ok
21:48:46.0206 8096 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
21:48:46.0207 8096 HidIr - ok
21:48:46.0313 8096 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
21:48:46.0358 8096 HidUsb - ok
21:48:46.0479 8096 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
21:48:46.0480 8096 HpCISSs - ok
21:48:46.0532 8096 HSF_DP (88749fbf8beb18c90e7d6626c8c1910b) C:\Windows\system32\DRIVERS\HSX_DP.sys
21:48:46.0545 8096 HSF_DP - ok
21:48:46.0598 8096 HSXHWBS2 (fe440536bd98af772130dc3a6fe1915f) C:\Windows\system32\DRIVERS\HSXHWBS2.sys
21:48:46.0603 8096 HSXHWBS2 - ok
21:48:46.0650 8096 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
21:48:46.0657 8096 HTTP - ok
21:48:46.0694 8096 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
21:48:46.0695 8096 i2omp - ok
21:48:46.0769 8096 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
21:48:46.0770 8096 i8042prt - ok
21:48:46.0802 8096 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
21:48:46.0806 8096 iaStorV - ok
21:48:46.0971 8096 igfx (62f534791ae488a475a3e508d92af4cc) C:\Windows\system32\DRIVERS\igdkmd32.sys
21:48:47.0002 8096 igfx - ok
21:48:47.0069 8096 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
21:48:47.0071 8096 iirsp - ok
21:48:47.0347 8096 IntcAzAudAddService (84ed2154239f9d013bbd3220755ada8b) C:\Windows\system32\drivers\RTKVHDA.sys
21:48:47.0380 8096 IntcAzAudAddService - ok
21:48:47.0620 8096 intelide (97469037714070e45194ed318d636401) C:\Windows\system32\DRIVERS\intelide.sys
21:48:47.0646 8096 intelide - ok
21:48:47.0812 8096 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
21:48:47.0813 8096 intelppm - ok
21:48:47.0875 8096 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:48:47.0877 8096 IpFilterDriver - ok
21:48:47.0905 8096 IpInIp - ok
21:48:47.0930 8096 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
21:48:47.0932 8096 IPMIDRV - ok
21:48:47.0970 8096 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
21:48:47.0972 8096 IPNAT - ok
21:48:48.0010 8096 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
21:48:48.0011 8096 IRENUM - ok
21:48:48.0086 8096 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
21:48:48.0087 8096 isapnp - ok
21:48:48.0172 8096 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
21:48:48.0175 8096 iScsiPrt - ok
21:48:48.0222 8096 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
21:48:48.0224 8096 iteatapi - ok
21:48:48.0276 8096 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
21:48:48.0277 8096 iteraid - ok
21:48:48.0308 8096 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
21:48:48.0309 8096 kbdclass - ok
21:48:48.0395 8096 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
21:48:48.0396 8096 kbdhid - ok
21:48:48.0467 8096 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
21:48:48.0475 8096 KSecDD - ok
21:48:48.0587 8096 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
21:48:48.0589 8096 lltdio - ok
21:48:48.0640 8096 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
21:48:48.0642 8096 LSI_FC - ok
21:48:48.0656 8096 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
21:48:48.0658 8096 LSI_SAS - ok
21:48:48.0742 8096 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
21:48:48.0744 8096 LSI_SCSI - ok
21:48:48.0776 8096 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
21:48:48.0778 8096 luafv - ok
21:48:48.0820 8096 MBAMProtector (69a6268d7f81e53d568ab4e7e991caf3) C:\Windows\system32\drivers\mbam.sys
21:48:48.0821 8096 MBAMProtector - ok
21:48:48.0868 8096 MBAMSwissArmy - ok
21:48:48.0925 8096 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
21:48:48.0926 8096 mdmxsdk - ok
21:48:49.0013 8096 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
21:48:49.0014 8096 megasas - ok
21:48:49.0051 8096 mferkdk (41fe2f288e05a6c8ab85dd56770ffbad) C:\Windows\system32\drivers\mferkdk.sys
21:48:49.0052 8096 mferkdk - ok
21:48:49.0120 8096 mfesmfk (096b52ea918aa909ba5903d79e129005) C:\Windows\system32\drivers\mfesmfk.sys
21:48:49.0142 8096 mfesmfk - ok
21:48:49.0168 8096 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
21:48:49.0169 8096 Modem - ok
21:48:49.0232 8096 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
21:48:49.0244 8096 monitor - ok
21:48:49.0379 8096 motccgp (201bfc4ef8b33d02d133fbf6535e515b) C:\Windows\system32\DRIVERS\motccgp.sys
21:48:49.0380 8096 motccgp - ok
21:48:49.0459 8096 motccgpfl (d0242a3832eb7c97801bb25889561e23) C:\Windows\system32\DRIVERS\motccgpfl.sys
21:48:49.0496 8096 motccgpfl - ok
21:48:49.0552 8096 MotDev (80bda4ac4b2834ca522b7386fc1f6a20) C:\Windows\system32\DRIVERS\motodrv.sys
21:48:49.0553 8096 MotDev - ok
21:48:49.0585 8096 motmodem (fe80c18ba448ddd76b7bead9eb203d37) C:\Windows\system32\DRIVERS\motmodem.sys
21:48:49.0611 8096 motmodem - ok
21:48:49.0677 8096 motport (fe80c18ba448ddd76b7bead9eb203d37) C:\Windows\system32\DRIVERS\motport.sys
21:48:49.0678 8096 motport - ok
21:48:49.0725 8096 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
21:48:49.0726 8096 mouclass - ok
21:48:49.0763 8096 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
21:48:49.0764 8096 mouhid - ok
21:48:49.0848 8096 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
21:48:49.0849 8096 MountMgr - ok
21:48:49.0880 8096 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
21:48:49.0881 8096 mpio - ok
21:48:49.0929 8096 MpKsl058fef8d - ok
21:48:49.0944 8096 MpKsl48d84fc4 - ok
21:48:49.0948 8096 MpKsl6115eab7 - ok
21:48:49.0951 8096 MpKsl85cea0aa - ok
21:48:49.0955 8096 MpKsla0e68c2e - ok
21:48:49.0969 8096 MpKsla64f28e0 - ok
21:48:49.0974 8096 MpKslbc3b6ed2 - ok
21:48:49.0979 8096 MpKslde42c406 - ok
21:48:49.0993 8096 MpKslfb7bc50a - ok
21:48:50.0057 8096 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
21:48:50.0058 8096 mpsdrv - ok
21:48:50.0128 8096 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
21:48:50.0129 8096 Mraid35x - ok
21:48:50.0206 8096 MREMP50 (9bd4dcb5412921864a7aacdedfbd1923) C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
21:48:50.0207 8096 MREMP50 - ok
21:48:50.0210 8096 MREMP50a64 - ok
21:48:50.0239 8096 MRESP50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
21:48:50.0240 8096 MRESP50 - ok
21:48:50.0244 8096 MRESP50a64 - ok
21:48:50.0334 8096 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
21:48:50.0335 8096 MRxDAV - ok
21:48:50.0504 8096 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
21:48:50.0505 8096 mrxsmb - ok
21:48:50.0592 8096 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:48:50.0596 8096 mrxsmb10 - ok
21:48:50.0640 8096 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:48:50.0661 8096 mrxsmb20 - ok
21:48:50.0788 8096 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
21:48:50.0789 8096 msahci - ok
21:48:50.0859 8096 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
21:48:50.0876 8096 msdsm - ok
21:48:50.0909 8096 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
21:48:50.0910 8096 Msfs - ok
21:48:50.0971 8096 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
21:48:50.0971 8096 msisadrv - ok
21:48:51.0032 8096 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
21:48:51.0033 8096 MSKSSRV - ok
21:48:51.0096 8096 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
21:48:51.0097 8096 MSPCLOCK - ok
21:48:51.0141 8096 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
21:48:51.0142 8096 MSPQM - ok
21:48:51.0186 8096 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
21:48:51.0188 8096 MsRPC - ok
21:48:51.0244 8096 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
21:48:51.0245 8096 mssmbios - ok
21:48:51.0295 8096 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
21:48:51.0296 8096 MSTEE - ok
21:48:51.0307 8096 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
21:48:51.0308 8096 Mup - ok
21:48:51.0396 8096 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
21:48:51.0398 8096 NativeWifiP - ok
21:48:51.0457 8096 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
21:48:51.0464 8096 NDIS - ok
21:48:51.0516 8096 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
21:48:51.0518 8096 NdisTapi - ok
21:48:51.0590 8096 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
21:48:51.0591 8096 Ndisuio - ok
21:48:51.0630 8096 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
21:48:51.0632 8096 NdisWan - ok
21:48:51.0675 8096 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
21:48:51.0676 8096 NDProxy - ok
21:48:51.0706 8096 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
21:48:51.0707 8096 NetBIOS - ok
21:48:51.0785 8096 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
21:48:51.0788 8096 netbt - ok
21:48:51.0827 8096 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
21:48:51.0829 8096 nfrd960 - ok
21:48:51.0939 8096 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
21:48:51.0940 8096 Npfs - ok
21:48:51.0985 8096 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
21:48:51.0986 8096 nsiproxy - ok
21:48:52.0076 8096 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
21:48:52.0092 8096 Ntfs - ok
21:48:52.0125 8096 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
21:48:52.0126 8096 ntrigdigi - ok
21:48:52.0189 8096 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
21:48:52.0190 8096 Null - ok
21:48:52.0223 8096 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
21:48:52.0243 8096 nvraid - ok
21:48:52.0287 8096 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
21:48:52.0289 8096 nvstor - ok
21:48:52.0340 8096 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
21:48:52.0342 8096 nv_agp - ok
21:48:52.0351 8096 NwlnkFlt - ok
21:48:52.0363 8096 NwlnkFwd - ok
21:48:52.0463 8096 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
21:48:52.0464 8096 ohci1394 - ok
21:48:52.0510 8096 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
21:48:52.0512 8096 Parport - ok
21:48:52.0593 8096 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
21:48:52.0594 8096 partmgr - ok
21:48:52.0616 8096 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
21:48:52.0617 8096 Parvdm - ok
21:48:52.0708 8096 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
21:48:52.0710 8096 pci - ok
21:48:52.0755 8096 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
21:48:52.0764 8096 pciide - ok
21:48:52.0883 8096 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
21:48:52.0886 8096 pcmcia - ok
21:48:53.0076 8096 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\Windows\system32\Drivers\pcouffin.sys
21:48:53.0099 8096 pcouffin - ok
21:48:53.0187 8096 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
21:48:53.0199 8096 PEAUTH - ok
21:48:53.0293 8096 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
21:48:53.0295 8096 PptpMiniport - ok
21:48:53.0316 8096 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
21:48:53.0317 8096 Processor - ok
21:48:53.0362 8096 Ps2 (390c204ced3785609ab24e9c52054a84) C:\Windows\system32\DRIVERS\PS2.sys
21:48:53.0363 8096 Ps2 - ok
21:48:53.0451 8096 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
21:48:53.0453 8096 PSched - ok
21:48:53.0501 8096 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\Windows\system32\Drivers\PxHelp20.sys
21:48:53.0502 8096 PxHelp20 - ok
21:48:53.0605 8096 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
21:48:53.0618 8096 ql2300 - ok
21:48:53.0683 8096 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
21:48:53.0686 8096 ql40xx - ok
21:48:53.0760 8096 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
21:48:53.0760 8096 QWAVEdrv - ok
21:48:53.0799 8096 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
21:48:53.0800 8096 RasAcd - ok
21:48:53.0865 8096 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
21:48:53.0868 8096 Rasl2tp - ok
21:48:53.0943 8096 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
21:48:53.0944 8096 RasPppoe - ok
21:48:53.0981 8096 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
21:48:53.0983 8096 RasSstp - ok
21:48:54.0080 8096 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
21:48:54.0084 8096 rdbss - ok
21:48:54.0116 8096 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
21:48:54.0118 8096 RDPCDD - ok
21:48:54.0168 8096 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
21:48:54.0188 8096 rdpdr - ok
21:48:54.0236 8096 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
21:48:54.0237 8096 RDPENCDD - ok
21:48:54.0318 8096 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
21:48:54.0321 8096 RDPWD - ok
21:48:54.0445 8096 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
21:48:54.0447 8096 rspndr - ok
21:48:54.0478 8096 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
21:48:54.0480 8096 sbp2port - ok
21:48:54.0530 8096 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
21:48:54.0531 8096 secdrv - ok
21:48:54.0586 8096 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
21:48:54.0587 8096 Serenum - ok
21:48:54.0649 8096 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
21:48:54.0652 8096 Serial - ok
21:48:54.0712 8096 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
21:48:54.0713 8096 sermouse - ok
21:48:54.0821 8096 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
21:48:54.0822 8096 sffdisk - ok
21:48:54.0864 8096 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
21:48:54.0865 8096 sffp_mmc - ok
21:48:54.0897 8096 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
21:48:54.0898 8096 sffp_sd - ok
21:48:54.0909 8096 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
21:48:54.0910 8096 sfloppy - ok
21:48:54.0948 8096 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
21:48:54.0949 8096 sisagp - ok
21:48:54.0996 8096 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
21:48:54.0998 8096 SiSRaid2 - ok
21:48:55.0038 8096 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
21:48:55.0040 8096 SiSRaid4 - ok
21:48:55.0086 8096 Smb (975ac46f1d0023eff6dde8e2a91cf18a) C:\Windows\system32\DRIVERS\smb.sys
21:48:55.0088 8096 Smb - ok
21:48:55.0263 8096 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
21:48:55.0264 8096 spldr - ok
21:48:55.0386 8096 sptd (d390675b8ce45e5fb359338e5e649329) C:\Windows\System32\Drivers\sptd.sys
21:48:55.0397 8096 sptd - ok
21:48:55.0599 8096 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
21:48:55.0604 8096 srv - ok
21:48:55.0676 8096 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
21:48:55.0679 8096 srv2 - ok
21:48:55.0720 8096 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
21:48:55.0723 8096 srvnet - ok
21:48:55.0772 8096 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
21:48:55.0773 8096 swenum - ok
21:48:55.0808 8096 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
21:48:55.0809 8096 Symc8xx - ok
21:48:55.0852 8096 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
21:48:55.0854 8096 Sym_hi - ok
21:48:55.0872 8096 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
21:48:55.0874 8096 Sym_u3 - ok
21:48:55.0977 8096 Tcpip (16731b631f28f63cd9f4cb60940e7ddd) C:\Windows\system32\drivers\tcpip.sys
21:48:55.0985 8096 Tcpip - ok
21:48:56.0027 8096 Tcpip6 (16731b631f28f63cd9f4cb60940e7ddd) C:\Windows\system32\DRIVERS\tcpip.sys
21:48:56.0034 8096 Tcpip6 - ok
21:48:56.0070 8096 tcpipreg (3fc13f09af9be487c7b4fac4070a036c) C:\Windows\system32\drivers\tcpipreg.sys
21:48:56.0072 8096 tcpipreg - ok
21:48:56.0107 8096 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
21:48:56.0108 8096 TDPIPE - ok
21:48:56.0162 8096 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
21:48:56.0163 8096 TDTCP - ok
21:48:56.0211 8096 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
21:48:56.0213 8096 tdx - ok
21:48:56.0277 8096 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
21:48:56.0279 8096 TermDD - ok
21:48:56.0328 8096 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
21:48:56.0329 8096 tssecsrv - ok
21:48:56.0426 8096 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
21:48:56.0451 8096 tunmp - ok
21:48:56.0512 8096 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
21:48:56.0514 8096 tunnel - ok
21:48:56.0561 8096 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
21:48:56.0563 8096 uagp35 - ok
21:48:56.0612 8096 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
21:48:56.0616 8096 udfs - ok
21:48:56.0660 8096 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
21:48:56.0662 8096 uliagpkx - ok
21:48:56.0710 8096 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
21:48:56.0714 8096 uliahci - ok
21:48:56.0738 8096 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
21:48:56.0740 8096 UlSata - ok
21:48:56.0809 8096 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
21:48:56.0811 8096 ulsata2 - ok
21:48:56.0853 8096 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
21:48:56.0854 8096 umbus - ok
21:48:56.0905 8096 UMPass (88bd96a1baeed33ee8bdf9499c07a841) C:\Windows\system32\DRIVERS\umpass.sys
21:48:56.0906 8096 UMPass - ok
21:48:57.0014 8096 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
21:48:57.0015 8096 USBAAPL - ok
21:48:57.0064 8096 usbbus (5353218b3265e3b8190335059f697a11) C:\Windows\system32\DRIVERS\lgusbbus.sys
21:48:57.0065 8096 usbbus - ok
21:48:57.0109 8096 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
21:48:57.0111 8096 usbccgp - ok
21:48:57.0162 8096 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
21:48:57.0164 8096 usbcir - ok
21:48:57.0217 8096 UsbDiag (7dd3eefc62a1ef44e5f940fa651ed9ed) C:\Windows\system32\DRIVERS\lgusbdiag.sys
21:48:57.0218 8096 UsbDiag - ok
21:48:57.0301 8096 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
21:48:57.0303 8096 usbehci - ok
21:48:57.0397 8096 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
21:48:57.0400 8096 usbhub - ok
21:48:57.0498 8096 USBModem (083031a78822eccbd7510bccd3e20d4c) C:\Windows\system32\DRIVERS\lgusbmodem.sys
21:48:57.0499 8096 USBModem - ok
21:48:57.0581 8096 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
21:48:57.0582 8096 usbohci - ok
21:48:57.0648 8096 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
21:48:57.0650 8096 usbprint - ok
21:48:57.0709 8096 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
21:48:57.0710 8096 usbscan - ok
21:48:57.0771 8096 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:48:57.0772 8096 USBSTOR - ok
21:48:57.0802 8096 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
21:48:57.0803 8096 usbuhci - ok
21:48:57.0900 8096 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
21:48:57.0901 8096 vga - ok
21:48:57.0935 8096 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
21:48:57.0937 8096 VgaSave - ok
21:48:57.0962 8096 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
21:48:57.0964 8096 viaagp - ok
21:48:57.0988 8096 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
21:48:57.0989 8096 ViaC7 - ok
21:48:58.0132 8096 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
21:48:58.0133 8096 viaide - ok
21:48:58.0195 8096 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
21:48:58.0197 8096 volmgr - ok
21:48:58.0248 8096 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
21:48:58.0251 8096 volmgrx - ok
21:48:58.0346 8096 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
21:48:58.0350 8096 volsnap - ok
21:48:58.0397 8096 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
21:48:58.0398 8096 vsmraid - ok
21:48:58.0477 8096 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
21:48:58.0478 8096 WacomPen - ok
21:48:58.0511 8096 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
21:48:58.0513 8096 Wanarp - ok
21:48:58.0526 8096 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
21:48:58.0527 8096 Wanarpv6 - ok
21:48:58.0628 8096 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
21:48:58.0649 8096 Wd - ok
21:48:58.0699 8096 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
21:48:58.0707 8096 Wdf01000 - ok
21:48:58.0810 8096 winachsf (72cc6a8ca7891031d6380db5025c773c) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
21:48:58.0820 8096 winachsf - ok
21:48:58.0929 8096 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
21:48:58.0930 8096 WmiAcpi - ok
21:48:59.0036 8096 WpdUsb (0cec23084b51b8288099eb710224e955) C:\Windows\system32\DRIVERS\wpdusb.sys
21:48:59.0037 8096 WpdUsb - ok
21:48:59.0083 8096 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
21:48:59.0084 8096 ws2ifsl - ok
21:48:59.0148 8096 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
21:48:59.0150 8096 WUDFRd - ok
21:48:59.0214 8096 XAudio (dab33cfa9dd24251aaa389ff36b64d4b) C:\Windows\system32\DRIVERS\xaudio.sys
21:48:59.0216 8096 XAudio - ok
21:48:59.0321 8096 xnacc (9eea6d029fef5f3016d089b1a603837d) C:\Windows\system32\DRIVERS\xnacc.sys
21:48:59.0330 8096 xnacc - ok
21:48:59.0364 8096 MBR (0x1B8) (8913823ff508ccf109db74b636c301da) \Device\Harddisk0\DR0
21:48:59.0396 8096 \Device\Harddisk0\DR0 - ok
21:48:59.0401 8096 MBR (0x1B8) (bbb0a0725ad66f38b1a32135f3cb55d6) \Device\Harddisk6\DR6
21:48:59.0409 8096 \Device\Harddisk6\DR6 - ok
21:48:59.0412 8096 Boot (0x1200) (45faf4a624a1c51a348bc01d6e4e38fb) \Device\Harddisk0\DR0\Partition0
21:48:59.0413 8096 \Device\Harddisk0\DR0\Partition0 - ok
21:48:59.0417 8096 Boot (0x1200) (9b56dfa5f0c61ccbd986cf7e0f1fe0f8) \Device\Harddisk0\DR0\Partition1
21:48:59.0418 8096 \Device\Harddisk0\DR0\Partition1 - ok
21:48:59.0435 8096 Boot (0x1200) (a0a89782c34c14b5d8a36ff847890997) \Device\Harddisk6\DR6\Partition0
21:48:59.0436 8096 \Device\Harddisk6\DR6\Partition0 - ok
21:48:59.0438 8096 ============================================================
21:48:59.0438 8096 Scan finished
21:48:59.0438 8096 ============================================================
21:48:59.0452 3332 Detected object count: 0
21:48:59.0452 3332 Actual detected object count: 0

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:09 AM

Posted 20 December 2011 - 10:14 PM

Hello

This is the tool I would like you to try and run next.

Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.



Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 MrBlud

MrBlud
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:07:09 AM

Posted 20 December 2011 - 11:18 PM

aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-12-20 22:25:06
-----------------------------
22:25:06.910 OS Version: Windows 6.0.6002 Service Pack 2
22:25:06.911 Number of processors: 4 586 0xF07
22:25:06.912 ComputerName: TELETRAN UserName: Daniel
22:25:27.656 Initialize success
22:26:16.108 AVAST engine defs: 11122001
22:27:13.128 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
22:27:13.131 Disk 0 Vendor: Hitachi_HDT725040VLA360 V5COA7BA Size: 381554MB BusType: 3
22:27:15.156 Disk 0 MBR read successfully
22:27:15.159 Disk 0 MBR scan
22:27:15.163 Disk 0 unknown MBR code
22:27:15.168 Disk 0 scanning sectors +781417665
22:27:15.241 Disk 0 scanning C:\Windows\system32\drivers
22:27:24.218 File: C:\Windows\system32\drivers\smb.sys **INFECTED** Win32:Alureon-AOT [Rtk]
22:27:27.433 Service scanning
22:27:28.910 Modules scanning
22:27:34.152 Module: C:\Windows\system32\DRIVERS\smb.sys **SUSPICIOUS**
22:27:36.959 Disk 0 trace - called modules:
22:27:36.993 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x874b9f10]<<
22:27:37.322 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85a9a340]
22:27:37.328 3 CLASSPNP.SYS[8a99d8b3] -> nt!IofCallDriver -> [0x87424aa8]
22:27:37.334 \Driver\00002181[0x87423970] -> IRP_MJ_CREATE -> 0x874b9f10
22:27:39.351 AVAST engine scan C:\Windows
22:27:45.109 AVAST engine scan C:\Windows\system32
22:30:24.741 AVAST engine scan C:\Windows\system32\drivers
22:30:36.566 File: C:\Windows\system32\drivers\smb.sys **INFECTED** Win32:Alureon-AOT [Rtk]
22:30:42.973 AVAST engine scan C:\Users\Daniel
23:02:12.385 AVAST engine scan C:\ProgramData
23:08:13.538 Scan finished successfully
23:09:08.159 Disk 0 MBR has been saved successfully to "C:\Users\Daniel\Desktop\MBR.dat"
23:09:08.164 The log file has been saved successfully to "C:\Users\Daniel\Desktop\aswMBR.txt"

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:09 AM

Posted 21 December 2011 - 12:13 AM

Hello

I would like you to run this tool for me - fixTDSS

download it to your desktop and start the program

Follow the prompts and Ok any security prompts

when it is complete it will say the infection was cleared or no infection was found - let me know what it says

after it is complete I want you to restart the computer and try to rerun ASWMbr for me and send me the report

  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 MrBlud

MrBlud
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:07:09 AM

Posted 21 December 2011 - 02:39 AM

FixTDSS said I was infected with Backdoor.Tidserv.

Here is the aswMBR log:

aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-12-21 01:28:47
-----------------------------
01:28:47.386 OS Version: Windows 6.0.6002 Service Pack 2
01:28:47.387 Number of processors: 4 586 0xF07
01:28:47.387 ComputerName: TELETRAN UserName: Daniel
01:32:04.507 Initialize success
01:32:37.552 AVAST engine defs: 11122001
01:38:00.522 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
01:38:00.525 Disk 0 Vendor: Hitachi_HDT725040VLA360 V5COA7BA Size: 381554MB BusType: 3
01:38:02.612 Disk 0 MBR read successfully
01:38:02.615 Disk 0 MBR scan
01:38:02.619 Disk 0 unknown MBR code
01:38:02.622 Disk 0 scanning sectors +781417665
01:38:02.851 Disk 0 scanning C:\Windows\system32\drivers
01:38:24.843 File: C:\Windows\system32\drivers\smb.sys **INFECTED** Win32:Alureon-AOT [Rtk]
01:38:29.254 Service scanning
01:38:30.956 Modules scanning
01:38:49.627 Module: C:\Windows\system32\DRIVERS\smb.sys **SUSPICIOUS**
01:39:04.307 Disk 0 trace - called modules:
01:39:04.316 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x872ccf10]<<
01:39:04.322 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x860dc7d8]
01:39:04.327 3 CLASSPNP.SYS[8a9aa8b3] -> nt!IofCallDriver -> [0x87242a40]
01:39:04.333 \Driver\00001008[0x871d2af8] -> IRP_MJ_CREATE -> 0x872ccf10
01:39:06.326 AVAST engine scan C:\Windows
01:39:22.657 AVAST engine scan C:\Windows\system32
01:43:53.013 AVAST engine scan C:\Windows\system32\drivers
01:44:13.029 File: C:\Windows\system32\drivers\smb.sys **INFECTED** Win32:Alureon-AOT [Rtk]
01:44:27.186 AVAST engine scan C:\Users\Daniel
02:21:50.565 AVAST engine scan C:\ProgramData
02:33:16.291 Scan finished successfully
02:36:06.442 Disk 0 MBR has been saved successfully to "C:\Users\Daniel\Desktop\MBR.dat"
02:36:06.447 The log file has been saved successfully to "C:\Users\Daniel\Desktop\aswMBR.txt"

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:09 AM

Posted 21 December 2011 - 03:17 AM

restart the computer and run aswmbr once more please


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 MrBlud

MrBlud
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:07:09 AM

Posted 21 December 2011 - 02:03 PM

aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-12-21 13:18:01
-----------------------------
13:18:01.498 OS Version: Windows 6.0.6002 Service Pack 2
13:18:01.499 Number of processors: 4 586 0xF07
13:18:01.499 ComputerName: TELETRAN UserName: Daniel
13:18:04.390 Initialize success
13:18:17.656 AVAST engine defs: 11122001
13:18:19.847 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
13:18:19.849 Disk 0 Vendor: Hitachi_HDT725040VLA360 V5COA7BA Size: 381554MB BusType: 3
13:18:21.887 Disk 0 MBR read successfully
13:18:21.889 Disk 0 MBR scan
13:18:21.893 Disk 0 unknown MBR code
13:18:21.896 Disk 0 scanning sectors +781417665
13:18:21.981 Disk 0 scanning C:\Windows\system32\drivers
13:18:37.310 File: C:\Windows\system32\drivers\smb.sys **INFECTED** Win32:Alureon-AOT [Rtk]
13:18:41.537 Service scanning
13:18:43.408 Modules scanning
13:18:51.236 Module: C:\Windows\system32\DRIVERS\smb.sys **SUSPICIOUS**
13:18:55.590 Disk 0 trace - called modules:
13:18:55.632 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x872adf10]<<
13:18:55.963 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85a98110]
13:18:55.968 3 CLASSPNP.SYS[8a9a28b3] -> nt!IofCallDriver -> [0x8721caa8]
13:18:55.973 \Driver\00001364[0x87221ae8] -> IRP_MJ_CREATE -> 0x872adf10
13:18:58.398 AVAST engine scan C:\Windows
13:19:06.571 AVAST engine scan C:\Windows\system32
13:21:56.035 AVAST engine scan C:\Windows\system32\drivers
13:22:04.545 File: C:\Windows\system32\drivers\smb.sys **INFECTED** Win32:Alureon-AOT [Rtk]
13:22:12.083 AVAST engine scan C:\Users\Daniel
13:53:20.368 AVAST engine scan C:\ProgramData
13:59:48.766 Scan finished successfully
14:02:47.386 Disk 0 MBR has been saved successfully to "C:\Users\Daniel\Desktop\MBR.dat"
14:02:47.392 The log file has been saved successfully to "C:\Users\Daniel\Desktop\aswMBR.txt"

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:09 AM

Posted 21 December 2011 - 02:19 PM

run fixtdss again for me


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 MrBlud

MrBlud
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:07:09 AM

Posted 21 December 2011 - 10:19 PM

I ran fixtdss again and it said "Backdoor.Tidserv. has not been found on the system"




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users