Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Have had exploit.drop viruses, redirect viruses


  • This topic is locked This topic is locked
121 replies to this topic

#1 uscsteve

uscsteve

  • Members
  • 121 posts
  • OFFLINE
  •  
  • Local time:04:00 AM

Posted 27 December 2011 - 10:21 PM

I have had some problems with my computer over the past week or two. It started out with my noticing a Google Redirect virus. I thought I had solved the problem and then over the past few days I have caught exploit.drop.2, exploit.drop.6 and exploit.drop.7 viruses on my computer. Some programs I use will not open and my computer has shut off spontaneously, I've had the "blue screen of death" as well. I actually uploaded files I wanted to keep to a website in hopes of restoring computer to factory default settings but couldn't do it. When I went to restore the computer to the factory settings it took me to a screen for me to put in a username and password. It wouldn't accept my information, or any of the generic "admin", "password" logins, etc.

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26
Run by Steve at 21:04:04 on 2011-12-27
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.3061.1526 [GMT -5:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\WLTRYSVC.EXE
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\aestsrv.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Dell DataSafe Local Backup\sftservice.EXE
C:\Windows\system32\STacSV.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Dell DataSafe Local Backup\TOASTER.EXE
C:\Program Files\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
C:\Program Files\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\OEM02Mon.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\PROGRA~1\MICROS~2\Office14\OUTLOOK.EXE
C:\PROGRA~1\MICROS~2\Office14\OUTLOOK.EXE
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://www.google.com
uStart Page = hxxp://www.google.com/
uWindow Title = Internet Explorer provided by Dell
uDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=2081209
uSearch Bar = hxxp://www.google.com/ie
mStart Page = hxxp://www.google.com
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office14\GROOVEEX.DLL
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [OEM02Mon.exe] c:\windows\OEM02Mon.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [PCMService] "c:\program files\dell\mediadirect\PCMService.exe"
mRun: [Dell DataSafe Online] "c:\program files\dell datasafe online\DataSafeOnline.exe" /m
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickset.lnk - c:\program files\dell\quickset\quickset.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{11B03C47-8D6C-4BBF-8875-E65604776152} : DhcpNameServer = 172.168.1.161
TCP: Interfaces\{6BFBE2D6-4075-40AA-B0BD-1762D6FCC708} : DhcpNameServer = 192.168.0.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Name-Space Handler: ftp\* - {419A0123-4312-1122-A0C0-434FDA6DA542} - c:\program files\coreftp\pftpns.dll
Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\progra~1\google\google~3\GOEC62~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\steve\appdata\roaming\mozilla\firefox\profiles\kx4mswkq.default\
FF - prefs.js: browser.search.selectedEngine - Web Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://startsear.ch/?aff=1&src=sp&cf=f5a4f5b0-08bf-11e1-9f54-0023ae0a9f17&q=
FF - component: c:\users\steve\appdata\roaming\mozilla\firefox\profiles\kx4mswkq.default\extensions\{34b674c6-5cac-4f05-847e-6afa292138f4}\components\RadioWMPCoreGecko19.dll
FF - component: c:\users\steve\appdata\roaming\mozilla\firefox\profiles\kx4mswkq.default\extensions\{34b674c6-5cac-4f05-847e-6afa292138f4}\components\RadioWMPCoreGecko5.dll
FF - component: c:\users\steve\appdata\roaming\mozilla\firefox\profiles\kx4mswkq.default\extensions\{34b674c6-5cac-4f05-847e-6afa292138f4}\components\RadioWMPCoreGecko6.dll
FF - component: c:\users\steve\appdata\roaming\mozilla\firefox\profiles\kx4mswkq.default\extensions\{34b674c6-5cac-4f05-847e-6afa292138f4}\components\RadioWMPCoreGecko7.dll
FF - component: c:\users\steve\appdata\roaming\mozilla\firefox\profiles\kx4mswkq.default\extensions\{34b674c6-5cac-4f05-847e-6afa292138f4}\components\RadioWMPCoreGecko8.dll
FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npvsharetvplg.dll
FF - plugin: c:\users\steve\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\users\steve\appdata\roaming\electronic arts\game face\npGameFacePlugin.dll
FF - plugin: c:\users\steve\appdata\roaming\mozilla\firefox\profiles\kx4mswkq.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll
FF - plugin: c:\users\steve\appdata\roaming\mozilla\firefox\profiles\kx4mswkq.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
FF - plugin: c:\windows\system32\tvuax\npTVUAx.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Adobe DLM (powered by getPlus®): {E2883E8F-472F-4fb0-9522-AC9BF37916A7} - %profile%\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
FF - Ext: TVU Web Player: firefox@tvunetworks.com - %profile%\extensions\firefox@tvunetworks.com
FF - Ext: twetvcom Community Toolbar: {34b674c6-5cac-4f05-847e-6afa292138f4} - %profile%\extensions\{34b674c6-5cac-4f05-847e-6afa292138f4}
FF - Ext: Ad-Aware Security Toolbar: {87934c42-161d-45bc-8cef-ef18abe2a30c} - %profile%\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false
============= SERVICES / DRIVERS ===============
.
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2008-12-9 111616]
S3 hitmanpro35;Hitman Pro 3.5 Support Driver;c:\windows\system32\drivers\hitmanpro35.sys [2011-12-10 23624]
S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2008-1-20 16896]
.
=============== Created Last 30 ================
.
2011-12-27 04:17:21 -------- d-----w- c:\windows\pss
2011-12-27 04:10:53 -------- d-----w- c:\program files\CCleaner
2011-12-26 04:23:37 -------- d-----w- c:\users\steve\appdata\local\adaware
2011-12-26 04:23:35 -------- d-----w- c:\programdata\Ad-Aware Browsing Protection
2011-12-26 04:23:31 -------- d-----w- c:\program files\Toolbar Cleaner
2011-12-26 04:23:22 -------- d-----w- c:\program files\adawaretb
2011-12-15 00:36:33 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-12-15 00:36:33 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-12-15 00:36:31 429056 ----a-w- c:\windows\system32\EncDec.dll
2011-12-15 00:36:30 2043904 ----a-w- c:\windows\system32\win32k.sys
2011-12-15 00:36:28 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2011-12-15 00:36:21 49152 ----a-w- c:\windows\system32\csrsrv.dll
2011-12-15 00:36:19 2048 ----a-w- c:\windows\system32\tzres.dll
2011-12-10 19:07:18 23624 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-12-10 19:06:59 -------- d-----w- c:\programdata\Hitman Pro
2011-12-10 18:13:35 -------- dc-h--w- c:\programdata\{EBDD7DE0-D012-47DF-859B-DB1061E2D512}
.
==================== Find3M ====================
.
2011-12-04 22:42:16 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-03 22:47:42 1798144 ----a-w- c:\windows\system32\jscript9.dll
2011-11-03 22:40:21 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2011-11-03 22:39:47 1127424 ----a-w- c:\windows\system32\wininet.dll
2011-11-03 22:31:57 2382848 ----a-w- c:\windows\system32\mshtml.tlb
.
============= FINISH: 21:14:25.47 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:00 AM

Posted 02 January 2012 - 10:25 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/434892 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 uscsteve

uscsteve
  • Topic Starter

  • Members
  • 121 posts
  • OFFLINE
  •  
  • Local time:04:00 AM

Posted 02 January 2012 - 11:14 PM

Here is an update on my computer issues:

My computer now starts up and I get what looks like 22 messages titles "Windows - Delayed Write Failed". These messages say "Failed to save all the components for the file \\System32\\00003196. The file is corrupted or unreadable. This error may be caused by a PC hardware problem." The messages are all the same with the exception of the "00003196" part which varies.

I also have another program which automatically starts with a Windows logo in the upper left hand corner and is titled "System Fix". There are 4 tabs, "Control Panel", "Scan PC", "Repair PC" and "Settings". Supposedly, this program has detected 14 errors and there is a box I can click to "Fix Errors". I cannot close out of this program, but I could close those other error messages that popped up.

Clicking on the bottom left Windows icon to open up programs, I see no programs at all. I was able to open Firefox by typing "Firefox" into the search area which opened up the browser.

I have not been using the computer at all since I last posted.

I am going to post this in case I run into an error while trying to generate the logs. Once I generate the logs I will post more information.

#4 uscsteve

uscsteve
  • Topic Starter

  • Members
  • 121 posts
  • OFFLINE
  •  
  • Local time:04:00 AM

Posted 02 January 2012 - 11:26 PM

Cannot copy and paste so I saved the DDS.txt file and attached here.

I am leaving to go on vacation the morning of January 4th and will not have the infected computer with me. If I do not reply to this topic in the meantie, rest assured I want it to be fixed! I will be returning the 11th. Maybe there is a possibility we can get some of the work done beforehand.

**EDIT**

POSTING THE FOLLOWING DDS FROM MY OTHER COMPUTER AFTER I D/L'D THE ATTACHMENT

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26
Run by Steve at 23:17:00 on 2012-01-02
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.3061.1669 [GMT -5:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\WLTRYSVC.EXE
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\aestsrv.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\Dell DataSafe Local Backup\sftservice.EXE
C:\Windows\system32\STacSV.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Dell DataSafe Local Backup\TOASTER.EXE
C:\Windows\system32\Dwm.exe
C:\Program Files\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\OEM02Mon.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\ProgramData\jdiNQqhyasYS.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\ProgramData\Nyl62j9KeTFNF6.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://www.google.com
uStart Page = hxxp://www.google.com/
uWindow Title = Internet Explorer provided by Dell
uDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=2081209
uSearch Bar = hxxp://www.google.com/ie
mStart Page = hxxp://www.google.com
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office14\GROOVEEX.DLL
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [OEM02Mon.exe] c:\windows\OEM02Mon.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [PCMService] "c:\program files\dell\mediadirect\PCMService.exe"
mRun: [Dell DataSafe Online] "c:\program files\dell datasafe online\DataSafeOnline.exe" /m
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [jdiNQqhyasYS.exe] c:\programdata\jdiNQqhyasYS.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: DisableTaskMgr = 1 (0x1)
dPolicies-system: DisableTaskMgr = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{11B03C47-8D6C-4BBF-8875-E65604776152} : DhcpNameServer = 172.168.1.161
TCP: Interfaces\{6BFBE2D6-4075-40AA-B0BD-1762D6FCC708} : DhcpNameServer = 192.168.0.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Name-Space Handler: ftp\* - {419A0123-4312-1122-A0C0-434FDA6DA542} - c:\program files\coreftp\pftpns.dll
Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\progra~1\google\google~3\GOEC62~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\steve\appdata\roaming\mozilla\firefox\profiles\kx4mswkq.default\
FF - prefs.js: browser.search.selectedEngine - Web Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://startsear.ch/?aff=1&src=sp&cf=f5a4f5b0-08bf-11e1-9f54-0023ae0a9f17&q=
FF - component: c:\users\steve\appdata\roaming\mozilla\firefox\profiles\kx4mswkq.default\extensions\{34b674c6-5cac-4f05-847e-6afa292138f4}\components\RadioWMPCoreGecko19.dll
FF - component: c:\users\steve\appdata\roaming\mozilla\firefox\profiles\kx4mswkq.default\extensions\{34b674c6-5cac-4f05-847e-6afa292138f4}\components\RadioWMPCoreGecko5.dll
FF - component: c:\users\steve\appdata\roaming\mozilla\firefox\profiles\kx4mswkq.default\extensions\{34b674c6-5cac-4f05-847e-6afa292138f4}\components\RadioWMPCoreGecko6.dll
FF - component: c:\users\steve\appdata\roaming\mozilla\firefox\profiles\kx4mswkq.default\extensions\{34b674c6-5cac-4f05-847e-6afa292138f4}\components\RadioWMPCoreGecko7.dll
FF - component: c:\users\steve\appdata\roaming\mozilla\firefox\profiles\kx4mswkq.default\extensions\{34b674c6-5cac-4f05-847e-6afa292138f4}\components\RadioWMPCoreGecko8.dll
FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npvsharetvplg.dll
FF - plugin: c:\users\steve\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\users\steve\appdata\roaming\electronic arts\game face\npGameFacePlugin.dll
FF - plugin: c:\users\steve\appdata\roaming\mozilla\firefox\profiles\kx4mswkq.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll
FF - plugin: c:\users\steve\appdata\roaming\mozilla\firefox\profiles\kx4mswkq.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
FF - plugin: c:\windows\system32\tvuax\npTVUAx.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Adobe DLM (powered by getPlus®): {E2883E8F-472F-4fb0-9522-AC9BF37916A7} - %profile%\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
FF - Ext: TVU Web Player: firefox@tvunetworks.com - %profile%\extensions\firefox@tvunetworks.com
FF - Ext: twetvcom Community Toolbar: {34b674c6-5cac-4f05-847e-6afa292138f4} - %profile%\extensions\{34b674c6-5cac-4f05-847e-6afa292138f4}
FF - Ext: Ad-Aware Security Toolbar: {87934c42-161d-45bc-8cef-ef18abe2a30c} - %profile%\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false
============= SERVICES / DRIVERS ===============
.
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\AEstSrv.exe [2008-12-8 73728]
R2 DockLoginService;Dock Login Service;c:\program files\dell\delldock\DockLogin.exe [2008-9-23 155648]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 SftService;SoftThinks Agent Service;c:\program files\dell datasafe local backup\SftService.exe [2011-1-27 1692480]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2008-12-9 111616]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-12-26 136176]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2010-12-27 1153368]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2008-12-9 30192]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-12-26 136176]
S3 hitmanpro35;Hitman Pro 3.5 Support Driver;c:\windows\system32\drivers\hitmanpro35.sys [2011-12-10 23624]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2011-6-12 31125880]
S3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2008-1-20 21504]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2008-1-20 16896]
.
=============== Created Last 30 ================
.
2012-01-03 03:56:02 356608 ---ha-w- c:\programdata\Nyl62j9KeTFNF6.exe
2011-12-28 04:45:50 451328 ---ha-w- c:\programdata\jdiNQqhyasYS.exe
2011-12-27 04:17:21 -------- d--h--w- c:\windows\pss
2011-12-27 04:10:53 -------- d--h--w- c:\program files\CCleaner
2011-12-26 04:23:37 -------- d--h--w- c:\users\steve\appdata\local\adaware
2011-12-26 04:23:35 -------- d--h--w- c:\programdata\Ad-Aware Browsing Protection
2011-12-26 04:23:31 -------- d--h--w- c:\program files\Toolbar Cleaner
2011-12-26 04:23:22 -------- d--h--w- c:\program files\adawaretb
2011-12-15 00:36:33 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-12-15 00:36:33 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-12-15 00:36:31 429056 ----a-w- c:\windows\system32\EncDec.dll
2011-12-15 00:36:30 2043904 ----a-w- c:\windows\system32\win32k.sys
2011-12-15 00:36:28 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2011-12-15 00:36:21 49152 ----a-w- c:\windows\system32\csrsrv.dll
2011-12-15 00:36:19 2048 ----a-w- c:\windows\system32\tzres.dll
2011-12-10 19:07:18 23624 ---ha-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-12-10 19:06:59 -------- d--h--w- c:\programdata\Hitman Pro
2011-12-10 18:13:35 -------- dc-h--w- c:\programdata\{EBDD7DE0-D012-47DF-859B-DB1061E2D512}
.
==================== Find3M ====================
.
2011-12-04 22:42:16 414368 ---ha-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-03 22:47:42 1798144 ----a-w- c:\windows\system32\jscript9.dll
2011-11-03 22:40:21 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2011-11-03 22:39:47 1127424 ----a-w- c:\windows\system32\wininet.dll
2011-11-03 22:31:57 2382848 ----a-w- c:\windows\system32\mshtml.tlb
.
============= FINISH: 23:17:38.44 ===============

Attached Files


Edited by uscsteve, 03 January 2012 - 12:15 AM.


#5 uscsteve

uscsteve
  • Topic Starter

  • Members
  • 121 posts
  • OFFLINE
  •  
  • Local time:04:00 AM

Posted 03 January 2012 - 12:08 AM

Also, I do not have a Windows CD/DVD update. It did not come with this computer.....it was just pre-installed.

#6 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,772 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:11:00 AM

Posted 03 January 2012 - 04:27 AM

Hi,

One or more of the identified infections is a backdoor trojan.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do.

Have you tried leaving the user name and password empty and just hit enter? If so could you please get me a screen shot/photo of the password prompt?

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#7 uscsteve

uscsteve
  • Topic Starter

  • Members
  • 121 posts
  • OFFLINE
  •  
  • Local time:04:00 AM

Posted 03 January 2012 - 08:57 AM

Attached are screenshots of the prompt and the rejection screen. I did try entering nothing. I will read up on the links you posted. I'm open to starting from scratch with the cpu as I didn't have all that much on there in the first place.

Attached Files



#8 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,772 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:11:00 AM

Posted 03 January 2012 - 09:17 AM

Hi,

administrator - administrator isn't making you lucky either I guess? Do you have the recovery CDs by any chance?

I'm not sure this is something where the malware is interfering, but just to be safe, let's disable it and see where we can go from there:
Please download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Temporarily disable isable your AntiVirus and AntiSpyware applications. They may otherwise interfere with our tools
    Usually this can be done via a right click on the System Tray icon, check this tutorial for disabling the most common security programs: Link

  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#9 uscsteve

uscsteve
  • Topic Starter

  • Members
  • 121 posts
  • OFFLINE
  •  
  • Local time:04:00 AM

Posted 03 January 2012 - 08:37 PM

Running ComboFix took me to a blue screen that said "Administrator: AutoScan" at the top and then "Please wait. ComboFix is preparing to run. Attempting to create a new System Restore point" and then it said it was backing up the registry. Then it went directly to a blue screen that still says "Administrator: AutoScan" at the top with a message of "Scanning for infected files . . . This typically doesn't take more than 10 minutes However, scan times for badly infected machines may easily double"

This went on for 45 minutes before I looked up some stuff and this doesn't appear to be the way that it is supposed to go. Suggestions now?

#10 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,772 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:11:00 AM

Posted 03 January 2012 - 08:43 PM

Hi,

could you try running it in safe mode? If it does nothing for more than 10minutes let me know. (You should see stages being enumerated if everything goes by plan)

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#11 uscsteve

uscsteve
  • Topic Starter

  • Members
  • 121 posts
  • OFFLINE
  •  
  • Local time:04:00 AM

Posted 03 January 2012 - 09:12 PM

Hi Myrti.....same problem unfortunately! Nothing happening.

#12 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,772 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:11:00 AM

Posted 03 January 2012 - 09:32 PM

Hi,

could you please create a bootable flash drive and run some tests off it for me:
Try this please. You will need a USB drive.

Download http://unetbootin.sourceforge.net/unetbootin-xpud-windows-latest.exe & http://noahdfear.net/downloads/bootable/xPUD/xpud-0.9.2.iso to the desktop of your clean computer
  • Insert your USB drive
  • Press Start > My Computer > right click your USB drive > choose Format > Quick format
  • Double click the unetbootin-xpud-windows-387.exe that you just downloaded
  • Press Run then OK and make sure to select the downloaded ISO file as source and don't let the installer get the linux from th internet.
  • It will install a little bootable OS on your USB
  • After it has completed do not choose to reboot the clean computer simply close the installer
  • Remove the USB and insert it in the sick computer
  • Boot the Sick computer
  • Press F12 and choose to boot from the USB
  • Follow the prompts
  • A Welcome to xPUD screen will appear
  • Press File
  • Expand mnt
  • You will see a list of folders: sda1,2...usually corresponds to your HDD
  • sdb1 is likely your USB, please open that and confirm it's your flash drive.
  • If it is your flash drive press Tool at the top
  • Choose Open Terminal
  • Type in: dd if=/dev/sda of=MBRbackup.zip bs=512 count=1 and hit Enter.

MBRbackup.zip should be created on your flash drive, please attach it to your next reply.

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#13 uscsteve

uscsteve
  • Topic Starter

  • Members
  • 121 posts
  • OFFLINE
  •  
  • Local time:04:00 AM

Posted 04 January 2012 - 12:10 AM

Myrti,

I have done as you instructed. Unfortunately, I leave for a vacation in 4 hours and will not be taking the infected computer with me. I will return the evening of the 11th (Eastern Time) and I would definitely like to continue this to fix the problem. I don't want someone to close this thinking I have just disappeared.

Thanks,
Steve

Attached Files



#14 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,772 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:11:00 AM

Posted 04 January 2012 - 01:34 PM

Hi,

ok, I will keep the topic open. Should I accidentally close it please send me a PM to request reopening it.

When you have the time, please run TDSSKiller, it should take care of one of the infections you have:
  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.
  • Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK.

    "%userprofile%\Desktop\TDSSKiller.exe" -l C:\TDSSKiller.txt

  • If it says "Hidden service detected" DO NOT type anything in. Just press Enter on your keyboard to not do anything to the file.
  • When it is done, a log file should be created on your C: drive called "TDSSKiller.txt" please copy and paste the contents of that file here.

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#15 uscsteve

uscsteve
  • Topic Starter

  • Members
  • 121 posts
  • OFFLINE
  •  
  • Local time:04:00 AM

Posted 12 January 2012 - 01:00 AM

I'm back ready to get started on this again! Here is what I found:


00:57:21.0321 3788 TDSS rootkit removing tool 2.7.0.0 Jan 10 2012 09:14:26
00:57:21.0642 3788 ============================================================
00:57:21.0642 3788 Current date / time: 2012/01/12 00:57:21.0642
00:57:21.0642 3788 SystemInfo:
00:57:21.0642 3788
00:57:21.0642 3788 OS Version: 6.0.6002 ServicePack: 2.0
00:57:21.0642 3788 Product type: Workstation
00:57:21.0642 3788 ComputerName: STEVE-PC
00:57:21.0643 3788 UserName: Steve
00:57:21.0643 3788 Windows directory: C:\Windows
00:57:21.0643 3788 System windows directory: C:\Windows
00:57:21.0643 3788 Processor architecture: Intel x86
00:57:21.0643 3788 Number of processors: 2
00:57:21.0643 3788 Page size: 0x1000
00:57:21.0643 3788 Boot type: Normal boot
00:57:21.0643 3788 ============================================================
00:57:22.0105 3788 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000, SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K', Flags 0x00000050
00:57:22.0418 3788 Initialize success
00:57:37.0599 5964 ============================================================
00:57:37.0599 5964 Scan started
00:57:37.0599 5964 Mode: Manual;
00:57:37.0599 5964 ============================================================
00:57:40.0692 5964 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
00:57:40.0715 5964 ACPI - ok
00:57:41.0092 5964 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
00:57:41.0120 5964 adp94xx - ok
00:57:41.0425 5964 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
00:57:41.0448 5964 adpahci - ok
00:57:41.0646 5964 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
00:57:41.0656 5964 adpu160m - ok
00:57:41.0850 5964 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
00:57:41.0880 5964 adpu320 - ok
00:57:42.0270 5964 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
00:57:42.0296 5964 AFD - ok
00:57:42.0620 5964 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
00:57:42.0648 5964 agp440 - ok
00:57:42.0871 5964 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
00:57:42.0875 5964 aic78xx - ok
00:57:43.0031 5964 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
00:57:43.0039 5964 aliide - ok
00:57:43.0298 5964 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
00:57:43.0316 5964 amdagp - ok
00:57:43.0532 5964 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
00:57:43.0550 5964 amdide - ok
00:57:43.0823 5964 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
00:57:43.0836 5964 AmdK7 - ok
00:57:44.0046 5964 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
00:57:44.0062 5964 AmdK8 - ok
00:57:44.0360 5964 ApfiltrService (a80230bd04f0b8bf05185b369bb1cbb8) C:\Windows\system32\DRIVERS\Apfiltr.sys
00:57:44.0363 5964 ApfiltrService - ok
00:57:44.0650 5964 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
00:57:44.0667 5964 arc - ok
00:57:44.0861 5964 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
00:57:44.0873 5964 arcsas - ok
00:57:45.0116 5964 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
00:57:45.0125 5964 AsyncMac - ok
00:57:45.0383 5964 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
00:57:45.0384 5964 atapi - ok
00:57:45.0647 5964 BCM42RLY (7bd70aeed0d975285a1b20bd012ebf4e) C:\Windows\system32\drivers\BCM42RLY.sys
00:57:45.0648 5964 BCM42RLY - ok
00:57:45.0994 5964 BCM43XX (fa6707a346cd122407f3b0bad1c47639) C:\Windows\system32\DRIVERS\bcmwl6.sys
00:57:46.0008 5964 BCM43XX - ok
00:57:46.0297 5964 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
00:57:46.0316 5964 Beep - ok
00:57:46.0580 5964 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
00:57:46.0582 5964 blbdrive - ok
00:57:46.0803 5964 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
00:57:46.0831 5964 bowser - ok
00:57:47.0102 5964 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
00:57:47.0133 5964 BrFiltLo - ok
00:57:47.0435 5964 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
00:57:47.0458 5964 BrFiltUp - ok
00:57:47.0726 5964 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
00:57:47.0753 5964 Brserid - ok
00:57:47.0971 5964 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
00:57:47.0986 5964 BrSerWdm - ok
00:57:48.0160 5964 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
00:57:48.0175 5964 BrUsbMdm - ok
00:57:48.0404 5964 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
00:57:48.0412 5964 BrUsbSer - ok
00:57:48.0616 5964 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
00:57:48.0626 5964 BTHMODEM - ok
00:57:48.0975 5964 BTHPORT (611ff3f2f095c8d4a6d4cfd9dcc09793) C:\Windows\system32\Drivers\BTHport.sys
00:57:49.0026 5964 BTHPORT - ok
00:57:49.0225 5964 BTHUSB (d330803eab2a15caec7f011f1d4cb30e) C:\Windows\system32\Drivers\BTHUSB.sys
00:57:49.0244 5964 BTHUSB - ok
00:57:49.0423 5964 catchme - ok
00:57:49.0632 5964 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
00:57:49.0640 5964 cdfs - ok
00:57:49.0938 5964 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
00:57:49.0949 5964 cdrom - ok
00:57:50.0138 5964 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
00:57:50.0140 5964 circlass - ok
00:57:50.0342 5964 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
00:57:50.0356 5964 CLFS - ok
00:57:50.0582 5964 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
00:57:50.0600 5964 CmBatt - ok
00:57:50.0927 5964 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
00:57:50.0929 5964 cmdide - ok
00:57:51.0083 5964 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
00:57:51.0084 5964 Compbatt - ok
00:57:51.0239 5964 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
00:57:51.0240 5964 crcdisk - ok
00:57:51.0429 5964 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
00:57:51.0444 5964 Crusoe - ok
00:57:51.0699 5964 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
00:57:51.0715 5964 DfsC - ok
00:57:52.0179 5964 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
00:57:52.0191 5964 disk - ok
00:57:52.0461 5964 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
00:57:52.0465 5964 Dot4 - ok
00:57:52.0602 5964 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
00:57:52.0604 5964 Dot4Print - ok
00:57:52.0620 5964 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
00:57:52.0622 5964 dot4usb - ok
00:57:52.0751 5964 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
00:57:52.0752 5964 drmkaud - ok
00:57:52.0886 5964 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
00:57:52.0894 5964 DXGKrnl - ok
00:57:53.0153 5964 e1express (908ed85b7806e8af3af5e9b74f7809d4) C:\Windows\system32\DRIVERS\e1e6032.sys
00:57:53.0159 5964 e1express - ok
00:57:53.0244 5964 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
00:57:53.0261 5964 E1G60 - ok
00:57:53.0424 5964 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
00:57:53.0427 5964 Ecache - ok
00:57:53.0531 5964 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
00:57:53.0539 5964 elxstor - ok
00:57:53.0639 5964 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
00:57:53.0641 5964 ErrDev - ok
00:57:53.0761 5964 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
00:57:53.0765 5964 exfat - ok
00:57:53.0872 5964 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
00:57:53.0875 5964 fastfat - ok
00:57:53.0940 5964 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
00:57:53.0955 5964 fdc - ok
00:57:54.0102 5964 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
00:57:54.0104 5964 FileInfo - ok
00:57:54.0175 5964 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
00:57:54.0193 5964 Filetrace - ok
00:57:54.0340 5964 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
00:57:54.0355 5964 flpydisk - ok
00:57:54.0522 5964 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
00:57:54.0526 5964 FltMgr - ok
00:57:54.0723 5964 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
00:57:54.0724 5964 Fs_Rec - ok
00:57:54.0797 5964 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
00:57:54.0811 5964 gagp30kx - ok
00:57:55.0057 5964 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
00:57:55.0068 5964 HDAudBus - ok
00:57:55.0196 5964 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
00:57:55.0198 5964 HidBth - ok
00:57:55.0229 5964 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
00:57:55.0231 5964 HidIr - ok
00:57:55.0280 5964 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
00:57:55.0281 5964 HidUsb - ok
00:57:55.0297 5964 hitmanpro35 (72472b9ce5d02e443cff49a40355455d) C:\Windows\system32\drivers\hitmanpro35.sys
00:57:55.0299 5964 hitmanpro35 - ok
00:57:55.0321 5964 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
00:57:55.0323 5964 HpCISSs - ok
00:57:55.0468 5964 HSF_DPV (99f85640054ba65190b860d878a7c9ae) C:\Windows\system32\DRIVERS\HSX_DPV.sys
00:57:55.0490 5964 HSF_DPV - ok
00:57:55.0654 5964 HSXHWAZL (cfbc2b81972e298f0e19ee68fa9e73da) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
00:57:55.0660 5964 HSXHWAZL - ok
00:57:55.0761 5964 HTTP (0eeeca26c8d4bde2a4664db058a81937) C:\Windows\system32\drivers\HTTP.sys
00:57:55.0770 5964 HTTP - ok
00:57:55.0843 5964 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
00:57:55.0845 5964 i2omp - ok
00:57:55.0930 5964 i8042prt (1060f1377f395a242e27719440ece602) C:\Windows\system32\DRIVERS\i8042prt.sys
00:57:55.0932 5964 i8042prt - ok
00:57:56.0039 5964 iaStor (997e8f5939f2d12cd9f2e6b395724c16) C:\Windows\system32\drivers\iastor.sys
00:57:56.0043 5964 iaStor - ok
00:57:56.0118 5964 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
00:57:56.0124 5964 iaStorV - ok
00:57:56.0316 5964 igfx (c134e69ce901422d1f2d7ea8d69098fe) C:\Windows\system32\DRIVERS\igdkmd32.sys
00:57:56.0372 5964 igfx - ok
00:57:56.0475 5964 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
00:57:56.0477 5964 iirsp - ok
00:57:56.0555 5964 IntcHdmiAddService (98d303ccb3415e9202e82043b37d66dc) C:\Windows\system32\drivers\IntcHdmi.sys
00:57:56.0558 5964 IntcHdmiAddService - ok
00:57:56.0633 5964 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\DRIVERS\intelide.sys
00:57:56.0634 5964 intelide - ok
00:57:56.0722 5964 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
00:57:56.0723 5964 intelppm - ok
00:57:56.0861 5964 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
00:57:56.0864 5964 IpFilterDriver - ok
00:57:56.0915 5964 IpInIp - ok
00:57:56.0967 5964 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
00:57:56.0970 5964 IPMIDRV - ok
00:57:57.0055 5964 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
00:57:57.0058 5964 IPNAT - ok
00:57:57.0120 5964 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
00:57:57.0121 5964 IRENUM - ok
00:57:57.0167 5964 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
00:57:57.0169 5964 isapnp - ok
00:57:57.0270 5964 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
00:57:57.0273 5964 iScsiPrt - ok
00:57:57.0318 5964 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
00:57:57.0320 5964 iteatapi - ok
00:57:57.0335 5964 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
00:57:57.0337 5964 iteraid - ok
00:57:57.0353 5964 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
00:57:57.0355 5964 kbdclass - ok
00:57:57.0400 5964 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\DRIVERS\kbdhid.sys
00:57:57.0401 5964 kbdhid - ok
00:57:57.0457 5964 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
00:57:57.0467 5964 KSecDD - ok
00:57:57.0527 5964 Lavasoft Kernexplorer - ok
00:57:57.0741 5964 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
00:57:57.0743 5964 lltdio - ok
00:57:57.0873 5964 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
00:57:57.0876 5964 LSI_FC - ok
00:57:57.0907 5964 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
00:57:57.0910 5964 LSI_SAS - ok
00:57:57.0973 5964 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
00:57:57.0976 5964 LSI_SCSI - ok
00:57:58.0063 5964 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
00:57:58.0066 5964 luafv - ok
00:57:58.0209 5964 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
00:57:58.0210 5964 mdmxsdk - ok
00:57:58.0271 5964 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
00:57:58.0273 5964 megasas - ok
00:57:58.0307 5964 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
00:57:58.0314 5964 MegaSR - ok
00:57:58.0433 5964 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
00:57:58.0434 5964 Modem - ok
00:57:58.0528 5964 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
00:57:58.0529 5964 monitor - ok
00:57:58.0542 5964 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
00:57:58.0543 5964 mouclass - ok
00:57:58.0557 5964 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
00:57:58.0558 5964 mouhid - ok
00:57:58.0595 5964 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
00:57:58.0596 5964 MountMgr - ok
00:57:58.0775 5964 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
00:57:58.0778 5964 mpio - ok
00:57:58.0837 5964 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
00:57:58.0839 5964 mpsdrv - ok
00:57:58.0953 5964 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
00:57:58.0955 5964 Mraid35x - ok
00:57:59.0023 5964 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
00:57:59.0026 5964 MRxDAV - ok
00:57:59.0095 5964 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
00:57:59.0105 5964 mrxsmb - ok
00:57:59.0208 5964 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
00:57:59.0221 5964 mrxsmb10 - ok
00:57:59.0395 5964 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
00:57:59.0407 5964 mrxsmb20 - ok
00:57:59.0509 5964 msahci (f70590424eefbf5c27a40c67afdb8383) C:\Windows\system32\drivers\msahci.sys
00:57:59.0520 5964 msahci - ok
00:57:59.0589 5964 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
00:57:59.0591 5964 msdsm - ok
00:57:59.0771 5964 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
00:57:59.0772 5964 Msfs - ok
00:57:59.0966 5964 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
00:57:59.0967 5964 msisadrv - ok
00:58:00.0145 5964 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
00:58:00.0147 5964 MSKSSRV - ok
00:58:00.0333 5964 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
00:58:00.0334 5964 MSPCLOCK - ok
00:58:00.0465 5964 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
00:58:00.0475 5964 MSPQM - ok
00:58:00.0577 5964 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
00:58:00.0583 5964 MsRPC - ok
00:58:00.0680 5964 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
00:58:00.0682 5964 mssmbios - ok
00:58:00.0788 5964 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
00:58:00.0789 5964 MSTEE - ok
00:58:00.0842 5964 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
00:58:00.0857 5964 Mup - ok
00:58:00.0964 5964 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
00:58:00.0969 5964 NativeWifiP - ok
00:58:01.0155 5964 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
00:58:01.0169 5964 NDIS - ok
00:58:01.0285 5964 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
00:58:01.0286 5964 NdisTapi - ok
00:58:01.0385 5964 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
00:58:01.0392 5964 Ndisuio - ok
00:58:01.0472 5964 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
00:58:01.0475 5964 NdisWan - ok
00:58:01.0559 5964 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
00:58:01.0562 5964 NDProxy - ok
00:58:01.0681 5964 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
00:58:01.0703 5964 NetBIOS - ok
00:58:01.0765 5964 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
00:58:01.0770 5964 netbt - ok
00:58:01.0876 5964 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
00:58:01.0878 5964 nfrd960 - ok
00:58:02.0053 5964 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
00:58:02.0069 5964 Npfs - ok
00:58:02.0213 5964 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
00:58:02.0214 5964 nsiproxy - ok
00:58:02.0388 5964 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
00:58:02.0414 5964 Ntfs - ok
00:58:02.0554 5964 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
00:58:02.0555 5964 ntrigdigi - ok
00:58:02.0648 5964 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
00:58:02.0650 5964 Null - ok
00:58:02.0702 5964 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
00:58:02.0731 5964 nvraid - ok
00:58:02.0835 5964 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
00:58:02.0852 5964 nvstor - ok
00:58:02.0889 5964 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
00:58:02.0892 5964 nv_agp - ok
00:58:02.0905 5964 NwlnkFlt - ok
00:58:02.0922 5964 NwlnkFwd - ok
00:58:03.0111 5964 OEM02Dev (19cac780b858822055f46c58a111723c) C:\Windows\system32\DRIVERS\OEM02Dev.sys
00:58:03.0117 5964 OEM02Dev - ok
00:58:03.0150 5964 OEM02Vfx (86326062a90494bdd79ce383511d7d69) C:\Windows\system32\DRIVERS\OEM02Vfx.sys
00:58:03.0152 5964 OEM02Vfx - ok
00:58:03.0241 5964 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
00:58:03.0243 5964 ohci1394 - ok
00:58:03.0379 5964 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
00:58:03.0382 5964 Parport - ok
00:58:03.0468 5964 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
00:58:03.0486 5964 partmgr - ok
00:58:03.0498 5964 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
00:58:03.0499 5964 Parvdm - ok
00:58:03.0517 5964 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
00:58:03.0521 5964 pci - ok
00:58:03.0648 5964 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
00:58:03.0649 5964 pciide - ok
00:58:03.0808 5964 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
00:58:03.0811 5964 pcmcia - ok
00:58:03.0971 5964 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
00:58:03.0986 5964 PEAUTH - ok
00:58:04.0134 5964 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
00:58:04.0136 5964 PptpMiniport - ok
00:58:04.0211 5964 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
00:58:04.0213 5964 Processor - ok
00:58:04.0369 5964 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
00:58:04.0370 5964 PSched - ok
00:58:04.0457 5964 PxHelp20 (03e0fe281823ba64b3782f5b38950e73) C:\Windows\system32\Drivers\PxHelp20.sys
00:58:04.0458 5964 PxHelp20 - ok
00:58:04.0569 5964 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
00:58:04.0602 5964 ql2300 - ok
00:58:04.0719 5964 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
00:58:04.0740 5964 ql40xx - ok
00:58:04.0812 5964 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
00:58:04.0814 5964 QWAVEdrv - ok
00:58:04.0989 5964 R300 (e642b131fb74caf4bb8a014f31113142) C:\Windows\system32\DRIVERS\atikmdag.sys
00:58:05.0033 5964 R300 - ok
00:58:05.0143 5964 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
00:58:05.0145 5964 RasAcd - ok
00:58:05.0229 5964 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
00:58:05.0232 5964 Rasl2tp - ok
00:58:05.0380 5964 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
00:58:05.0382 5964 RasPppoe - ok
00:58:05.0437 5964 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
00:58:05.0441 5964 RasSstp - ok
00:58:05.0479 5964 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
00:58:05.0485 5964 rdbss - ok
00:58:05.0570 5964 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
00:58:05.0571 5964 RDPCDD - ok
00:58:05.0663 5964 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
00:58:05.0670 5964 rdpdr - ok
00:58:05.0782 5964 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
00:58:05.0783 5964 RDPENCDD - ok
00:58:05.0881 5964 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
00:58:05.0886 5964 RDPWD - ok
00:58:06.0039 5964 rimmptsk (355aac141b214bef1dbc1483afd9bd50) C:\Windows\system32\DRIVERS\rimmptsk.sys
00:58:06.0041 5964 rimmptsk - ok
00:58:06.0072 5964 rimsptsk (a4216c71dd4f60b26418ccfd99cd0815) C:\Windows\system32\DRIVERS\rimsptsk.sys
00:58:06.0074 5964 rimsptsk - ok
00:58:06.0089 5964 rismxdp (d231b577024aa324af13a42f3a807d10) C:\Windows\system32\DRIVERS\rixdptsk.sys
00:58:06.0091 5964 rismxdp - ok
00:58:06.0156 5964 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
00:58:06.0158 5964 rspndr - ok
00:58:06.0177 5964 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
00:58:06.0180 5964 sbp2port - ok
00:58:06.0378 5964 sdbus (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys
00:58:06.0381 5964 sdbus - ok
00:58:06.0427 5964 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
00:58:06.0428 5964 secdrv - ok
00:58:06.0459 5964 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
00:58:06.0461 5964 Serenum - ok
00:58:06.0479 5964 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
00:58:06.0483 5964 Serial - ok
00:58:06.0504 5964 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
00:58:06.0506 5964 sermouse - ok
00:58:06.0554 5964 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\DRIVERS\sffdisk.sys
00:58:06.0556 5964 sffdisk - ok
00:58:06.0573 5964 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
00:58:06.0575 5964 sffp_mmc - ok
00:58:06.0587 5964 sffp_sd (9f66a46c55d6f1ccabc79bb7afccc545) C:\Windows\system32\DRIVERS\sffp_sd.sys
00:58:06.0588 5964 sffp_sd - ok
00:58:06.0601 5964 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
00:58:06.0602 5964 sfloppy - ok
00:58:06.0628 5964 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
00:58:06.0630 5964 sisagp - ok
00:58:06.0642 5964 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
00:58:06.0644 5964 SiSRaid2 - ok
00:58:06.0657 5964 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
00:58:06.0659 5964 SiSRaid4 - ok
00:58:06.0678 5964 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
00:58:06.0680 5964 Smb - ok
00:58:06.0773 5964 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
00:58:06.0773 5964 spldr - ok
00:58:07.0060 5964 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
00:58:07.0066 5964 srv - ok
00:58:07.0173 5964 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
00:58:07.0176 5964 srv2 - ok
00:58:07.0204 5964 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
00:58:07.0207 5964 srvnet - ok
00:58:07.0325 5964 STHDA (6a2a5e809c2c0178326d92b19ee4aad3) C:\Windows\system32\drivers\stwrt.sys
00:58:07.0332 5964 STHDA - ok
00:58:07.0435 5964 StillCam (ef70b3d22b4bffda6ea851ecb063efaa) C:\Windows\system32\DRIVERS\serscan.sys
00:58:07.0436 5964 StillCam - ok
00:58:07.0568 5964 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
00:58:07.0569 5964 swenum - ok
00:58:07.0669 5964 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
00:58:07.0690 5964 Symc8xx - ok
00:58:07.0746 5964 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
00:58:07.0747 5964 Sym_hi - ok
00:58:07.0760 5964 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
00:58:07.0761 5964 Sym_u3 - ok
00:58:07.0879 5964 Tcpip (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
00:58:07.0912 5964 Tcpip - ok
00:58:08.0139 5964 Tcpip6 (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
00:58:08.0147 5964 Tcpip6 - ok
00:58:08.0250 5964 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
00:58:08.0256 5964 tcpipreg - ok
00:58:08.0395 5964 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
00:58:08.0412 5964 TDPIPE - ok
00:58:08.0654 5964 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
00:58:08.0667 5964 TDTCP - ok
00:58:08.0806 5964 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
00:58:08.0848 5964 tdx - ok
00:58:08.0940 5964 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
00:58:08.0941 5964 TermDD - ok
00:58:09.0048 5964 toshidpt - ok
00:58:09.0162 5964 tosporte - ok
00:58:09.0276 5964 tosrfbd (eaeddb6c8bbe3e1b753753c2e847fecb) C:\Windows\system32\DRIVERS\tosrfbd.sys
00:58:09.0281 5964 tosrfbd - ok
00:58:09.0387 5964 tosrfbnp - ok
00:58:09.0474 5964 Tosrfcom - ok
00:58:09.0488 5964 Tosrfhid - ok
00:58:09.0534 5964 tosrfnds - ok
00:58:09.0547 5964 TosRfSnd - ok
00:58:09.0609 5964 tosrfusb (18dfe8b766af237119537a12e8401ebf) C:\Windows\system32\DRIVERS\tosrfusb.sys
00:58:09.0622 5964 tosrfusb - ok
00:58:09.0716 5964 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
00:58:09.0731 5964 tssecsrv - ok
00:58:09.0791 5964 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
00:58:09.0793 5964 tunmp - ok
00:58:09.0861 5964 tunnel (119b8184e106baedc83fce5ddf3950da) C:\Windows\system32\DRIVERS\tunnel.sys
00:58:09.0863 5964 tunnel - ok
00:58:09.0955 5964 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
00:58:09.0957 5964 uagp35 - ok
00:58:10.0038 5964 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
00:58:10.0052 5964 udfs - ok
00:58:10.0233 5964 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
00:58:10.0246 5964 uliagpkx - ok
00:58:10.0404 5964 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
00:58:10.0426 5964 uliahci - ok
00:58:10.0594 5964 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
00:58:10.0615 5964 UlSata - ok
00:58:10.0775 5964 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
00:58:10.0778 5964 ulsata2 - ok
00:58:10.0868 5964 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
00:58:10.0870 5964 umbus - ok
00:58:11.0014 5964 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
00:58:11.0017 5964 usbccgp - ok
00:58:11.0158 5964 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
00:58:11.0170 5964 usbcir - ok
00:58:11.0238 5964 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
00:58:11.0240 5964 usbehci - ok
00:58:11.0296 5964 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
00:58:11.0306 5964 usbhub - ok
00:58:11.0461 5964 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
00:58:11.0464 5964 usbohci - ok
00:58:11.0634 5964 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
00:58:11.0636 5964 usbprint - ok
00:58:11.0709 5964 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
00:58:11.0711 5964 usbscan - ok
00:58:11.0769 5964 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
00:58:11.0772 5964 USBSTOR - ok
00:58:11.0787 5964 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
00:58:11.0789 5964 usbuhci - ok
00:58:11.0880 5964 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
00:58:11.0882 5964 vga - ok
00:58:11.0978 5964 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
00:58:11.0980 5964 VgaSave - ok
00:58:12.0037 5964 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
00:58:12.0039 5964 viaagp - ok
00:58:12.0054 5964 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
00:58:12.0057 5964 ViaC7 - ok
00:58:12.0072 5964 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
00:58:12.0074 5964 viaide - ok
00:58:12.0090 5964 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
00:58:12.0092 5964 volmgr - ok
00:58:12.0188 5964 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
00:58:12.0203 5964 volmgrx - ok
00:58:12.0465 5964 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
00:58:12.0471 5964 volsnap - ok
00:58:12.0779 5964 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
00:58:12.0784 5964 vsmraid - ok
00:58:13.0023 5964 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
00:58:13.0025 5964 WacomPen - ok
00:58:13.0160 5964 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
00:58:13.0177 5964 Wanarp - ok
00:58:13.0187 5964 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
00:58:13.0189 5964 Wanarpv6 - ok
00:58:13.0445 5964 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
00:58:13.0464 5964 Wd - ok
00:58:13.0713 5964 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
00:58:13.0891 5964 Wdf01000 - ok
00:58:14.0192 5964 WimFltr (f9ad3a5e3fd7e0bdb18b8202b0fdd4e4) C:\Windows\system32\DRIVERS\wimfltr.sys
00:58:14.0195 5964 WimFltr - ok
00:58:14.0536 5964 winachsf (72cc6a8ca7891031d6380db5025c773c) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
00:58:14.0544 5964 winachsf - ok
00:58:14.0847 5964 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
00:58:14.0848 5964 WmiAcpi - ok
00:58:15.0377 5964 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
00:58:15.0391 5964 ws2ifsl - ok
00:58:15.0781 5964 WSDPrintDevice (4422ac5ed8d4c2f0db63e71d4c069dd7) C:\Windows\system32\DRIVERS\WSDPrint.sys
00:58:15.0782 5964 WSDPrintDevice - ok
00:58:16.0169 5964 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
00:58:16.0189 5964 WUDFRd - ok
00:58:16.0720 5964 XAudio (dab33cfa9dd24251aaa389ff36b64d4b) C:\Windows\system32\DRIVERS\xaudio.sys
00:58:16.0746 5964 XAudio - ok
00:58:17.0347 5964 yukonwlh (a4822191c7cea271903c2a4fb6d9809d) C:\Windows\system32\DRIVERS\yk60x86.sys
00:58:17.0361 5964 yukonwlh - ok
00:58:17.0451 5964 MBR (0x1B8) (ae8fa489bdbabb7f15572f885c9ff9ae) \Device\Harddisk0\DR0
00:58:17.0509 5964 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
00:58:17.0509 5964 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
00:58:17.0542 5964 Boot (0x1200) (41488218de59d9551de29da6a783e93c) \Device\Harddisk0\DR0\Partition0
00:58:17.0563 5964 \Device\Harddisk0\DR0\Partition0 - ok
00:58:17.0583 5964 Boot (0x1200) (890c52fefce2cf0985cf638d00003830) \Device\Harddisk0\DR0\Partition1
00:58:17.0584 5964 \Device\Harddisk0\DR0\Partition1 - ok
00:58:17.0593 5964 ============================================================
00:58:17.0593 5964 Scan finished
00:58:17.0593 5964 ============================================================
00:58:17.0618 4620 Detected object count: 1
00:58:17.0618 4620 Actual detected object count: 1




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users