Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

High memory/CPU usage - possible malware issue??


  • This topic is locked This topic is locked
13 replies to this topic

#1 foxyn

foxyn

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:06 PM

Posted 09 January 2012 - 06:28 PM

Hi everyone, I've been having problems with my laptop for sometime and would really appreciate an expert opinion!

About 18 months ago, I started to get a regular blue screen warning message, normally when using the internet, although it did occur sometimes when performing other tasks. Unfortunately, I can't remember the exact message that was displayed as it was some time ago. After a few months of running chkdisk multiple times, the bluescreen stopped appearing as often and now I haven't seen it for about 8months.

However, the computer started to become very slow, with the HDD activity light on 80-100% of the time when idling and with CPU usage showing as 60-100% and memory usage 80-100% (according to task manager).

It reached the point where Internet Explorer became unusable and eventually refused to open. I installed Google Chrome, which improved things quite a lot initially, but slowly Chrome got slower and slower too. The laptop is also slow when performing other tasks, for example when running Word/Excel, often freezing or taking minutes to open relatively small documents. Typing is also often affected with a 5 second lag between key presses and the characters appearing on screen.

I've tried monitoring task manager processes in an attempt to identify anything out of the ordinary, but all of the processes seem recognisable. I have noticed however that even with a single browser window and tab open, task manager often has 3 or 4 line entries for it. The memory assigned to these is always high and continually increases until the window is closed (often exceeding 100,000K).

I have ran all Windows system clean-up tools and those packaged with Norton, which seem to improve things for around a day, before the machine is back to square one.

A few days ago, in a final bid to fix things, I re-installed Vista (formatting the partition first). At first this seemed to have solved the issue and the machine was as responsive as it was out of the box, but now 2 days on, the machine is, if anything, in a worse condition than before reinstalling Vista. I have not reinstalled Norton, but have installed AVG 2012 Free instead.

There are other issues I have noticed which may or may not be related, such as some of my files being randomly renamed with the names of other files and occasional screeching/bleeping noises from the laptop!

The machine is a Dell Insprion 1520, Intel Core 2 Duo, T7250 2GHz, 1.0GB RAM, 32-BIT operating system, with Windows Vista, SP2 installed.

I was able to run the DDS scan without problems. When I tried to run the GMER scan the following sequence of events occurred:
1. Scan attempt 1 - blue screen appeared stating it was shutting down to prevent permanent damage(the screen disappeared too quickly to note exactly what it said). The machine restarted, then scanned through a number of files on a DOS screen. Windows then restarted.
2. Scan attempt 2 - GMER hung after about 30 seconds and I had to manually power off/on. Windows restarted.
3. Scan attempt 3 - GMER scan progressed a lot further then Windows message told me GMER had stopped responding and it closed.
4. Scan attempt 4 - received blue screen again, and windows restarted, but without performing the scan on start-up mentioned in Scan attempt 1.

Sorry for the length of post but hopefully there is enough information here for someone to help. Any advice is greatfully received.

Neil.

DDS.txt below:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by Neil at 21:16:16 on 2012-01-09
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.1021.127 [GMT 0:00]
.
AV: AVG Anti-Virus 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\STacSV.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\AVG\AVG2012\avgemcx.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\AVG\AVG PC Tuneup\BoostSpeed.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\OEM02Mon.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\Taskmgr.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\System32\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.co.uk/
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office14\GROOVEEX.DLL
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\9.0.0.23\AVG Secure Search_toolbar.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7018.1622\swg.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\9.0.0.23\AVG Secure Search_toolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [OEM02Mon.exe] c:\windows\OEM02Mon.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
mRun: [NvSvc] RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NVHotkey] rundll32.exe c:\windows\system32\nvHotkey.dll,Start
mRun: [SigmatelSysTrayApp] c:\program files\sigmatel\c-major audio\wdm\sttray.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{689DFAB8-6AEC-4197-877D-8B35A3273469} : DhcpNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\9.0.1\ViProtocol.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office14\GROOVEEX.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-7-11 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-9-13 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-10-7 230608]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-8-8 40016]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-7-11 295248]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-7-11 134736]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-7-11 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-10-4 16720]
.
=============== Created Last 30 ================
.
2012-01-09 19:38:25 2048 ----a-w- c:\windows\system32\winrsmgr.dll
2012-01-08 22:47:37 161792 ----a-w- c:\windows\system32\msls31.dll
2012-01-08 22:43:19 979456 ----a-w- c:\windows\system32\MFH264Dec.dll
2012-01-08 22:43:17 357376 ----a-w- c:\windows\system32\MFHEAACdec.dll
2012-01-08 22:43:16 302592 ----a-w- c:\windows\system32\mfmp4src.dll
2012-01-08 22:43:15 261632 ----a-w- c:\windows\system32\mfreadwrite.dll
2012-01-08 22:43:13 2873344 ----a-w- c:\windows\system32\mf.dll
2012-01-08 22:43:12 98816 ----a-w- c:\windows\system32\mfps.dll
2012-01-08 22:43:06 209920 ----a-w- c:\windows\system32\mfplat.dll
2012-01-08 22:43:03 586240 ----a-w- c:\windows\system32\stobject.dll
2012-01-08 22:38:02 369664 ----a-w- c:\windows\system32\WMPhoto.dll
2012-01-08 22:38:00 195584 ----a-w- c:\windows\system32\dxdiagn.dll
2012-01-08 22:37:58 252928 ----a-w- c:\windows\system32\dxdiag.exe
2012-01-08 22:37:47 519680 ----a-w- c:\windows\system32\d3d11.dll
2012-01-08 22:37:37 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2012-01-08 22:37:33 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2012-01-08 22:37:31 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
2012-01-08 22:27:51 -------- d-----w- c:\users\neil\appdata\local\Adobe
2012-01-08 21:56:26 -------- d-----w- c:\users\neil\appdata\local\Google
2012-01-08 19:10:44 -------- d-----w- c:\windows\PCHEALTH
2012-01-08 18:53:01 -------- d-----w- c:\program files\Microsoft Analysis Services
2012-01-08 18:50:22 -------- d-----w- c:\users\neil\appdata\local\Microsoft Help
2012-01-08 15:04:50 293376 ----a-w- c:\windows\system32\browserchoice.exe
2012-01-08 14:53:00 24064 ----a-w- c:\windows\system32\nshhttp.dll
2012-01-08 14:52:51 411648 ----a-w- c:\windows\system32\drivers\http.sys
2012-01-08 14:52:49 30720 ----a-w- c:\windows\system32\httpapi.dll
2012-01-08 11:43:22 -------- d-----w- c:\windows\system32\eu-ES
2012-01-08 11:43:22 -------- d-----w- c:\windows\system32\ca-ES
2012-01-08 11:43:16 -------- d-----w- c:\windows\system32\vi-VN
2012-01-08 11:28:32 -------- d-----w- c:\windows\system32\SPReview
2012-01-08 10:06:46 928768 ----a-w- c:\windows\system32\scavenge.dll
2012-01-08 10:06:05 57856 ----a-w- c:\windows\system32\compcln.exe
2012-01-08 09:45:59 69632 ----a-w- c:\windows\system32\sendmail.dll
2012-01-08 09:44:58 860160 ----a-w- c:\windows\system32\WerFaultSecure.exe
2012-01-08 09:43:56 1305600 ----a-w- c:\program files\common files\microsoft shared\ink\tipskins.dll
2012-01-07 23:31:13 289792 ----a-w- c:\windows\system32\atmfd.dll
2012-01-07 23:31:12 156672 ----a-w- c:\windows\system32\t2embed.dll
2012-01-07 23:31:11 72704 ----a-w- c:\windows\system32\fontsub.dll
2012-01-07 23:31:11 23552 ----a-w- c:\windows\system32\lpk.dll
2012-01-07 23:31:10 10240 ----a-w- c:\windows\system32\dciman32.dll
2012-01-07 22:53:32 -------- d-----w- C:\PerfLogs
2012-01-07 21:49:11 193024 ----a-w- c:\windows\system32\recdisc.exe
2012-01-07 21:49:09 6656 ----a-w- c:\windows\system32\sdspres.dll
2012-01-07 21:48:33 28160 ----a-w- c:\windows\system32\sxproxy.dll
2012-01-07 21:46:59 17408 ----a-w- c:\windows\system32\drivers\smclib.sys
2012-01-07 21:45:58 27136 ----a-w- c:\windows\system32\icacls.exe
2012-01-07 21:41:15 6656 ----a-w- c:\windows\system32\kbd106n.dll
2012-01-07 21:33:15 526336 ----a-w- c:\windows\system32\RMActivate_isv.exe
2012-01-07 21:33:12 518144 ----a-w- c:\windows\system32\RMActivate.exe
2012-01-07 21:32:57 471552 ----a-w- c:\windows\system32\secproc_isv.dll
2012-01-07 21:32:57 471552 ----a-w- c:\windows\system32\secproc.dll
2012-01-07 21:32:53 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2012-01-07 21:32:53 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2012-01-07 21:32:51 332288 ----a-w- c:\windows\system32\msdrm.dll
2012-01-07 21:32:50 152576 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2012-01-07 21:32:50 152064 ----a-w- c:\windows\system32\secproc_ssp.dll
2012-01-07 21:32:22 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2012-01-07 21:32:08 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2012-01-07 21:31:36 1418752 ----a-w- c:\program files\windows media player\setup_wm.exe
2012-01-07 21:31:34 310784 ----a-w- c:\windows\system32\unregmp2.exe
2012-01-07 21:31:34 168960 ----a-w- c:\program files\windows media player\wmplayer.exe
2012-01-07 21:31:33 107520 ----a-w- c:\program files\windows media player\wmpshare.exe
2012-01-07 21:31:33 107520 ----a-w- c:\program files\windows media player\wmpconfig.exe
2012-01-07 21:31:32 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2012-01-07 21:31:29 7680 ----a-w- c:\windows\system32\spwmp.dll
2012-01-07 21:31:29 4096 ----a-w- c:\windows\system32\msdxm.ocx
2012-01-07 21:31:29 4096 ----a-w- c:\windows\system32\dxmasf.dll
2012-01-07 21:24:42 714240 ----a-w- c:\windows\system32\timedate.cpl
2012-01-07 20:51:26 -------- d-----w- c:\windows\system32\EventProviders
2012-01-07 20:09:16 -------- d-----w- c:\users\neil\appdata\local\WindowsUpdate
2012-01-07 00:22:04 -------- d--h--w- C:\$AVG
2012-01-06 23:34:12 -------- d-----w- c:\users\neil\appdata\roaming\AVG
2012-01-06 23:23:27 -------- d-----w- c:\users\neil\appdata\roaming\AVG2012
2012-01-06 23:21:08 -------- d-----w- c:\programdata\AVG Secure Search
2012-01-06 23:21:05 -------- d-----w- c:\program files\common files\AVG Secure Search
2012-01-06 23:21:05 -------- d-----w- c:\program files\AVG Secure Search
2012-01-06 23:21:03 -------- d--h--w- c:\programdata\Common Files
2012-01-06 23:19:44 -------- d-----w- c:\windows\system32\drivers\AVG
2012-01-06 23:19:44 -------- d-----w- c:\programdata\AVG2012
2012-01-06 23:17:46 -------- d-----w- c:\program files\AVG
2012-01-06 23:09:48 -------- d-----w- c:\programdata\MFAData
2012-01-06 20:29:28 65024 ----a-w- c:\windows\system32\wlanapi.dll
2012-01-06 20:29:28 513536 ----a-w- c:\windows\system32\wlansvc.dll
2012-01-06 20:29:28 302592 ----a-w- c:\windows\system32\wlansec.dll
2012-01-06 20:29:28 293376 ----a-w- c:\windows\system32\wlanmsm.dll
2012-01-06 20:29:24 127488 ----a-w- c:\windows\system32\L2SecHC.dll
2012-01-06 20:26:58 -------- d-----w- c:\program files\Synaptics
2012-01-06 20:25:43 105984 ----a-w- c:\windows\system32\netiohlp.dll
2012-01-06 20:25:42 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2012-01-06 20:25:42 17920 ----a-w- c:\windows\system32\netevent.dll
2012-01-06 20:25:41 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2012-01-06 20:25:41 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2012-01-06 20:25:41 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2012-01-06 20:25:41 19968 ----a-w- c:\windows\system32\ARP.EXE
2012-01-06 20:25:41 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2012-01-06 20:25:41 10240 ----a-w- c:\windows\system32\finger.exe
2012-01-06 20:22:59 3600776 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-01-06 20:22:59 3548040 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-01-06 20:22:01 71680 ----a-w- c:\windows\system32\atl.dll
2012-01-06 20:21:49 160256 ----a-w- c:\windows\system32\wkssvc.dll
2012-01-06 20:21:44 2066432 ----a-w- c:\windows\system32\mstscax.dll
2012-01-06 20:21:23 10926592 ----a-w- c:\program files\movie maker\MOVIEMK.dll
2012-01-06 20:20:35 2048 ----a-w- c:\windows\system32\tzres.dll
2012-01-06 20:20:02 623616 ----a-w- c:\windows\system32\localspl.dll
2012-01-06 20:19:57 1259008 ----a-w- c:\windows\system32\lsasrv.dll
2012-01-06 20:19:56 499712 ----a-w- c:\windows\system32\kerberos.dll
2012-01-06 20:19:55 439864 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-01-06 20:19:55 270848 ----a-w- c:\windows\system32\schannel.dll
2012-01-06 20:19:54 175104 ----a-w- c:\windows\system32\wdigest.dll
2012-01-06 20:19:53 9728 ----a-w- c:\windows\system32\lsass.exe
2012-01-06 20:19:53 72704 ----a-w- c:\windows\system32\secur32.dll
2012-01-06 20:17:53 62464 ----a-w- c:\windows\system32\l3codeca.acm
2012-01-06 20:17:53 220672 ----a-w- c:\windows\system32\l3codecp.acm
2012-01-06 20:17:45 904576 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-01-06 20:17:43 200704 ----a-w- c:\windows\system32\iphlpsvc.dll
2012-01-06 20:17:42 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2012-01-06 20:17:42 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys
2012-01-06 20:17:23 2036736 ----a-w- c:\windows\system32\win32k.sys
2012-01-06 20:17:06 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2012-01-06 20:17:00 43520 ----a-w- c:\windows\system32\msdxm.tlb
2012-01-06 20:17:00 18432 ----a-w- c:\windows\system32\amcompat.tlb
2012-01-06 20:16:17 60928 ----a-w- c:\windows\system32\msasn1.dll
2012-01-06 20:16:11 784896 ----a-w- c:\windows\system32\rpcrt4.dll
2012-01-06 20:16:05 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2012-01-06 20:15:58 355328 ----a-w- c:\windows\system32\WSDApi.dll
2012-01-06 20:15:54 243712 ----a-w- c:\windows\system32\rastls.dll
2012-01-06 19:36:19 1314816 ----a-w- c:\windows\system32\quartz.dll
2012-01-06 19:36:18 91136 ----a-w- c:\windows\system32\avifil32.dll
2012-01-06 19:36:17 12288 ----a-w- c:\windows\system32\tsbyuv.dll
2012-01-06 19:36:16 50176 ----a-w- c:\windows\system32\iyuv_32.dll
2012-01-06 19:36:16 31744 ----a-w- c:\windows\system32\msvidc32.dll
2012-01-06 19:36:16 22528 ----a-w- c:\windows\system32\msyuv.dll
2012-01-06 19:36:16 13312 ----a-w- c:\windows\system32\msrle32.dll
2012-01-06 19:36:15 82944 ----a-w- c:\windows\system32\mciavi32.dll
2012-01-06 19:36:15 123904 ----a-w- c:\windows\system32\msvfw32.dll
2012-01-06 19:34:02 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL
2012-01-06 19:30:27 2565432 ----a-w- c:\programdata\microsoft\windows defender\definition updates\backup\mpengine.dll
2012-01-06 19:29:25 6823496 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{88fa91d3-ab48-410d-8fd7-e7d0ba219175}\mpengine.dll
2012-01-06 19:29:21 222080 ------w- c:\windows\system32\MpSigStub.exe
2012-01-06 19:28:30 172032 ----a-w- c:\windows\system32\wintrust.dll
2012-01-06 19:28:24 98304 ----a-w- c:\windows\system32\cabview.dll
2012-01-06 19:09:26 2421760 ----a-w- c:\windows\system32\wucltux.dll
2012-01-06 19:09:01 87552 ----a-w- c:\windows\system32\wudriver.dll
2012-01-06 19:08:41 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-01-06 19:08:41 171608 ----a-w- c:\windows\system32\wuwebv.dll
2012-01-06 06:00:00 -------- d-----w- c:\windows\Panther
2012-01-06 05:59:37 -------- d-sh--w- C:\Boot
2012-01-06 05:56:42 -------- d-----w- c:\windows\system32\OEM
2012-01-05 23:20:55 94208 ----a-w- c:\windows\system32\stacsv.exe
2012-01-05 23:20:55 1601536 ----a-w- c:\windows\system32\stlang.dll
2012-01-05 23:20:54 4952064 ----a-w- c:\windows\system32\stacgui.cpl
2012-01-05 23:11:24 356352 ----a-w- c:\windows\system32\NVUNINST.EXE
2012-01-05 23:10:59 815104 ----a-w- c:\windows\system32\nvcplui.exe
2012-01-05 23:08:14 -------- d-----w- c:\windows\system32\ENU
2012-01-05 23:08:12 936728 ----a-w- c:\windows\system32\imsmudlg.exe
2012-01-05 23:08:12 319456 ----a-w- c:\windows\system32\difxapi.dll
2012-01-05 23:08:12 -------- d-----w- c:\windows\system32\Lang
2012-01-05 23:07:33 277784 ----a-w- c:\windows\system32\drivers\iaStor.sys
2012-01-05 23:03:40 45568 ----a-w- c:\windows\system32\drivers\bcm4sbxp.sys
2012-01-05 23:03:35 -------- d-----w- c:\program files\Broadcom
2012-01-05 22:59:11 32768 ----a-w- c:\program files\common files\installshield\professional\runtime\Objectps.dll
2012-01-05 22:59:10 69715 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\ctor.dll
2012-01-05 22:59:10 266240 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\iscript.dll
2012-01-05 22:59:10 192512 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\iuser.dll
2012-01-05 22:59:09 729088 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\iKernel.dll
2012-01-05 22:59:09 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\DotNetInstaller.exe
2012-01-05 22:59:02 188548 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\iGdi.dll
2012-01-05 22:59:01 311428 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\setup.dll
2012-01-05 22:54:17 -------- d-----w- c:\program files\CONEXANT
2012-01-05 22:52:58 94208 ----a-w- c:\windows\system32\mdmxsdk.dll
2012-01-05 22:52:58 8192 ----a-w- c:\windows\system32\drivers\XAudio.sys
2012-01-05 22:52:58 386560 ----a-w- c:\windows\system32\drivers\XAudio.exe
2012-01-05 22:52:58 172032 ----a-w- c:\windows\system32\Uci32114.dll
2012-01-05 22:52:58 12672 ----a-w- c:\windows\system32\drivers\mdmxsdk.sys
2012-01-05 22:52:57 986624 ----a-w- c:\windows\system32\drivers\HSX_DPV.sys
2012-01-05 22:52:57 659968 ----a-w- c:\windows\system32\drivers\HSX_CNXT.sys
2012-01-05 22:52:57 206848 ----a-w- c:\windows\system32\drivers\HSXHWAZL.sys
2012-01-05 22:41:45 90112 ----a-w- c:\windows\system32\snymsico.dll
2012-01-05 22:41:45 43520 ----a-w- c:\windows\system32\drivers\rimsptsk.sys
2012-01-05 22:41:45 37376 ----a-w- c:\windows\system32\drivers\rixdptsk.sys
2012-01-05 22:41:45 32256 ----a-w- c:\windows\system32\drivers\rimmptsk.sys
2012-01-05 22:41:45 16480 ----a-w- c:\windows\system32\rixdicon.dll
2012-01-05 22:41:16 -------- d-----w- C:\Intel
2012-01-05 22:41:09 -------- d-----w- C:\dell
2012-01-05 22:33:05 45056 ----a-r- c:\users\neil\appdata\roaming\microsoft\installer\{42929f0f-ce14-47af-9fc7-ff297a603021}\NewShortcut1_42929F0FCE1447AF9FC7FF297A603021_1.exe
2012-01-05 22:32:46 -------- d-----w- c:\windows\system32\vmm32
2012-01-05 22:32:46 -------- d-----w- c:\program files\Dell
2012-01-05 22:30:45 -------- d-sh--w- c:\windows\Installer
2012-01-05 22:27:15 -------- d-----w- c:\users\neil\appdata\local\VirtualStore
.
==================== Find3M ====================
.
2012-01-08 22:46:57 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-01-08 22:46:56 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-01-08 22:46:53 11776 ----a-w- c:\windows\system32\mshta.exe
2012-01-08 22:46:53 101888 ----a-w- c:\windows\system32\admparse.dll
2012-01-08 22:46:50 1798144 ----a-w- c:\windows\system32\jscript9.dll
2012-01-08 22:46:48 35840 ----a-w- c:\windows\system32\imgutil.dll
2012-01-08 22:46:42 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-01-08 22:38:12 4096 ----a-w- c:\windows\system32\drivers\en-us\dxgkrnl.sys.mui
2012-01-07 22:36:55 101888 ----a-w- c:\windows\system32\ifxcardm.dll
2012-01-07 22:36:43 82432 ----a-w- c:\windows\system32\axaltocm.dll
.
============= FINISH: 21:26:12.40 ===============

BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,770 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:06 PM

Posted 15 January 2012 - 10:22 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Please Download
TDSSKiller.zip

>>> Double-click on TDSSKiller.exe to run the application.
  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue
    Posted Image
  • If a suspicious file is detected, the default action will be Skip, click on Continue
    Posted Image
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) ( 511KB ) to your desktop. Double click the aswMBR.exe to run it

  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
  • Please post the contents of that log in your next reply.
There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.

===

Please post the logs for my review.

#3 foxyn

foxyn
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:06 PM

Posted 19 January 2012 - 04:47 PM

Hi nasdaq,thank you very much for your offer of help. I think I have followed all your steps below. Let me know if I have missed anything. The first time I ran the aswMBR scan I got a blue screen. But the second time it completed the scan ok.

Thanks again,

Neil.

TDSSKiller Report(scan didn't report any issues):

19:55:47.0295 1528 TDSS rootkit removing tool 2.7.5.0 Jan 18 2012 09:26:24
19:55:47.0654 1528 ============================================================
19:55:47.0654 1528 Current date / time: 2012/01/18 19:55:47.0654
19:55:47.0654 1528 SystemInfo:
19:55:47.0654 1528
19:55:47.0654 1528 OS Version: 6.0.6002 ServicePack: 2.0
19:55:47.0654 1528 Product type: Workstation
19:55:47.0654 1528 ComputerName: NEIL-PC
19:55:47.0654 1528 UserName: Neil
19:55:47.0654 1528 Windows directory: C:\Windows
19:55:47.0654 1528 System windows directory: C:\Windows
19:55:47.0654 1528 Processor architecture: Intel x86
19:55:47.0654 1528 Number of processors: 2
19:55:47.0654 1528 Page size: 0x1000
19:55:47.0654 1528 Boot type: Normal boot
19:55:47.0654 1528 ============================================================
19:55:49.0542 1528 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
19:55:49.0635 1528 Initialize success
20:11:18.0319 3996 ============================================================
20:11:18.0319 3996 Scan started
20:11:18.0319 3996 Mode: Manual;
20:11:18.0319 3996 ============================================================
20:11:20.0191 3996 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
20:11:20.0206 3996 ACPI - ok
20:11:20.0503 3996 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
20:11:20.0503 3996 adp94xx - ok
20:11:20.0815 3996 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
20:11:20.0815 3996 adpahci - ok
20:11:20.0940 3996 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
20:11:20.0955 3996 adpu160m - ok
20:11:21.0080 3996 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
20:11:21.0080 3996 adpu320 - ok
20:11:21.0423 3996 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
20:11:22.0000 3996 AFD - ok
20:11:22.0141 3996 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
20:11:22.0156 3996 agp440 - ok
20:11:22.0219 3996 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
20:11:22.0219 3996 aic78xx - ok
20:11:22.0266 3996 aliide (3a99cb23a2d326fd532618705d6e3048) C:\Windows\system32\drivers\aliide.sys
20:11:22.0266 3996 aliide - ok
20:11:22.0515 3996 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
20:11:22.0515 3996 amdagp - ok
20:11:22.0671 3996 amdide (4333c133dbd71c7d7fe4fb1b83f9ee3e) C:\Windows\system32\drivers\amdide.sys
20:11:22.0671 3996 amdide - ok
20:11:22.0765 3996 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
20:11:22.0765 3996 AmdK7 - ok
20:11:22.0780 3996 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
20:11:22.0780 3996 AmdK8 - ok
20:11:22.0952 3996 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
20:11:22.0968 3996 arc - ok
20:11:23.0030 3996 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
20:11:23.0046 3996 arcsas - ok
20:11:23.0280 3996 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
20:11:23.0280 3996 AsyncMac - ok
20:11:23.0623 3996 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
20:11:23.0623 3996 atapi - ok
20:11:23.0935 3996 AVGIDSDriver (4cbb56fbc9c0cbc517e6e3a6889ebddc) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
20:11:23.0950 3996 AVGIDSDriver - ok
20:11:24.0060 3996 AVGIDSEH (459bce188232e2fe6152423efef65d76) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
20:11:24.0060 3996 AVGIDSEH - ok
20:11:24.0278 3996 AVGIDSFilter (91d9abe7e88eac7c167cba4ed4d983bf) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
20:11:24.0278 3996 AVGIDSFilter - ok
20:11:24.0465 3996 AVGIDSShim (3fc2714e185c04308215d46730d41a94) C:\Windows\system32\DRIVERS\AVGIDSShim.Sys
20:11:24.0465 3996 AVGIDSShim - ok
20:11:24.0559 3996 Avgldx86 (bf8118cd5e2255387b715b534d64acd1) C:\Windows\system32\DRIVERS\avgldx86.sys
20:11:24.0574 3996 Avgldx86 - ok
20:11:24.0824 3996 Avgmfx86 (1c77ef67f196466adc9924cb288afe87) C:\Windows\system32\DRIVERS\avgmfx86.sys
20:11:24.0824 3996 Avgmfx86 - ok
20:11:25.0183 3996 Avgrkx86 (f2038ed7284b79dcef581468121192a9) C:\Windows\system32\DRIVERS\avgrkx86.sys
20:11:25.0183 3996 Avgrkx86 - ok
20:11:25.0276 3996 Avgtdix (a6d562b612216d8d02a35ebeb92366bd) C:\Windows\system32\DRIVERS\avgtdix.sys
20:11:25.0292 3996 Avgtdix - ok
20:11:25.0432 3996 bcm4sbxp (cd4646067cc7dcba1907fa0acf7e3966) C:\Windows\system32\DRIVERS\bcm4sbxp.sys
20:11:25.0432 3996 bcm4sbxp - ok
20:11:25.0588 3996 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
20:11:25.0588 3996 Beep - ok
20:11:25.0838 3996 blbdrive - ok
20:11:25.0869 3996 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
20:11:25.0885 3996 bowser - ok
20:11:25.0994 3996 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
20:11:25.0994 3996 BrFiltLo - ok
20:11:26.0072 3996 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
20:11:26.0072 3996 BrFiltUp - ok
20:11:26.0353 3996 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
20:11:26.0353 3996 Brserid - ok
20:11:26.0509 3996 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
20:11:26.0509 3996 BrSerWdm - ok
20:11:26.0602 3996 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
20:11:26.0602 3996 BrUsbMdm - ok
20:11:26.0649 3996 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
20:11:26.0649 3996 BrUsbSer - ok
20:11:26.0852 3996 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
20:11:26.0852 3996 BTHMODEM - ok
20:11:27.0024 3996 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
20:11:27.0024 3996 cdfs - ok
20:11:27.0336 3996 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
20:11:27.0382 3996 cdrom - ok
20:11:27.0507 3996 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
20:11:27.0523 3996 circlass - ok
20:11:27.0788 3996 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
20:11:27.0804 3996 CLFS - ok
20:11:28.0162 3996 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
20:11:28.0162 3996 CmBatt - ok
20:11:28.0303 3996 cmdide (dfb94a6fc3a26972b0461ab5f1d8272b) C:\Windows\system32\drivers\cmdide.sys
20:11:28.0303 3996 cmdide - ok
20:11:28.0365 3996 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
20:11:28.0365 3996 Compbatt - ok
20:11:28.0396 3996 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
20:11:28.0396 3996 crcdisk - ok
20:11:28.0568 3996 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
20:11:28.0584 3996 Crusoe - ok
20:11:28.0740 3996 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
20:11:28.0755 3996 DfsC - ok
20:11:28.0989 3996 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
20:11:28.0989 3996 disk - ok
20:11:29.0052 3996 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
20:11:29.0052 3996 drmkaud - ok
20:11:29.0098 3996 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
20:11:29.0114 3996 DXGKrnl - ok
20:11:29.0317 3996 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
20:11:29.0317 3996 E1G60 - ok
20:11:29.0660 3996 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
20:11:29.0660 3996 Ecache - ok
20:11:30.0003 3996 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
20:11:30.0034 3996 elxstor - ok
20:11:30.0144 3996 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
20:11:30.0144 3996 exfat - ok
20:11:30.0424 3996 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
20:11:30.0440 3996 fastfat - ok
20:11:30.0612 3996 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
20:11:30.0612 3996 fdc - ok
20:11:30.0768 3996 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
20:11:30.0768 3996 FileInfo - ok
20:11:30.0830 3996 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
20:11:30.0830 3996 Filetrace - ok
20:11:30.0892 3996 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
20:11:30.0892 3996 flpydisk - ok
20:11:31.0267 3996 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
20:11:31.0267 3996 FltMgr - ok
20:11:31.0579 3996 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
20:11:31.0579 3996 Fs_Rec - ok
20:11:32.0047 3996 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
20:11:32.0047 3996 gagp30kx - ok
20:11:32.0328 3996 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
20:11:32.0343 3996 HdAudAddService - ok
20:11:32.0671 3996 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
20:11:32.0686 3996 HDAudBus - ok
20:11:32.0905 3996 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
20:11:32.0936 3996 HidBth - ok
20:11:32.0967 3996 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
20:11:32.0967 3996 HidIr - ok
20:11:33.0045 3996 HidUsb (3c64042b95e583b366ba4e5d2450235e) C:\Windows\system32\drivers\hidusb.sys
20:11:33.0061 3996 HidUsb - ok
20:11:33.0139 3996 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
20:11:33.0139 3996 HpCISSs - ok
20:11:33.0201 3996 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
20:11:33.0201 3996 HSFHWAZL - ok
20:11:33.0279 3996 HSF_DPV (e9e589c9ab799f52e18f057635a2b362) C:\Windows\system32\DRIVERS\HSX_DPV.sys
20:11:33.0295 3996 HSF_DPV - ok
20:11:33.0404 3996 HSXHWAZL (7845d2385f4dc7dfb3ccaf0c2fa4948e) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
20:11:33.0404 3996 HSXHWAZL - ok
20:11:33.0451 3996 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
20:11:33.0466 3996 HTTP - ok
20:11:33.0638 3996 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
20:11:33.0638 3996 i2omp - ok
20:11:33.0794 3996 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
20:11:33.0794 3996 i8042prt - ok
20:11:33.0888 3996 iaStor (fd7f9d74c2b35dbda400804a3f5ed5d8) C:\Windows\system32\DRIVERS\iaStor.sys
20:11:33.0888 3996 iaStor - ok
20:11:33.0997 3996 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
20:11:34.0012 3996 iaStorV - ok
20:11:34.0090 3996 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
20:11:34.0106 3996 iirsp - ok
20:11:34.0200 3996 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
20:11:34.0200 3996 intelide - ok
20:11:34.0231 3996 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
20:11:34.0231 3996 intelppm - ok
20:11:34.0309 3996 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:11:34.0309 3996 IpFilterDriver - ok
20:11:34.0387 3996 IpInIp - ok
20:11:34.0434 3996 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
20:11:34.0449 3996 IPMIDRV - ok
20:11:34.0465 3996 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
20:11:34.0480 3996 IPNAT - ok
20:11:34.0558 3996 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
20:11:34.0558 3996 IRENUM - ok
20:11:34.0683 3996 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
20:11:34.0683 3996 isapnp - ok
20:11:34.0746 3996 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
20:11:34.0761 3996 iScsiPrt - ok
20:11:34.0855 3996 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
20:11:34.0855 3996 iteatapi - ok
20:11:34.0948 3996 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
20:11:34.0948 3996 iteraid - ok
20:11:35.0026 3996 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
20:11:35.0026 3996 kbdclass - ok
20:11:35.0136 3996 kbdhid (d2600cb17b7408b4a83f231dc9a11ac3) C:\Windows\system32\drivers\kbdhid.sys
20:11:35.0136 3996 kbdhid - ok
20:11:35.0214 3996 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
20:11:35.0229 3996 KSecDD - ok
20:11:35.0323 3996 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
20:11:35.0323 3996 lltdio - ok
20:11:35.0432 3996 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
20:11:35.0432 3996 LSI_FC - ok
20:11:35.0494 3996 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
20:11:35.0494 3996 LSI_SAS - ok
20:11:35.0604 3996 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
20:11:35.0604 3996 LSI_SCSI - ok
20:11:35.0697 3996 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
20:11:35.0697 3996 luafv - ok
20:11:35.0760 3996 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
20:11:35.0760 3996 mdmxsdk - ok
20:11:35.0900 3996 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
20:11:35.0916 3996 megasas - ok
20:11:36.0009 3996 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
20:11:36.0009 3996 Modem - ok
20:11:36.0118 3996 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
20:11:36.0134 3996 monitor - ok
20:11:36.0196 3996 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
20:11:36.0196 3996 mouclass - ok
20:11:36.0290 3996 mouhid (a3a6dff7e9e757db3df51a833bc28885) C:\Windows\system32\drivers\mouhid.sys
20:11:36.0290 3996 mouhid - ok
20:11:36.0384 3996 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
20:11:36.0384 3996 MountMgr - ok
20:11:36.0462 3996 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
20:11:36.0477 3996 mpio - ok
20:11:36.0540 3996 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
20:11:36.0540 3996 mpsdrv - ok
20:11:36.0602 3996 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
20:11:36.0602 3996 Mraid35x - ok
20:11:36.0664 3996 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
20:11:36.0664 3996 MRxDAV - ok
20:11:36.0711 3996 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
20:11:36.0711 3996 mrxsmb - ok
20:11:36.0758 3996 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:11:36.0758 3996 mrxsmb10 - ok
20:11:36.0789 3996 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:11:36.0805 3996 mrxsmb20 - ok
20:11:36.0883 3996 msahci (f0ec3a4e0693a34b148723b4da31668c) C:\Windows\system32\drivers\msahci.sys
20:11:36.0883 3996 msahci - ok
20:11:37.0054 3996 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
20:11:37.0054 3996 msdsm - ok
20:11:37.0320 3996 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
20:11:37.0335 3996 Msfs - ok
20:11:37.0366 3996 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
20:11:37.0366 3996 msisadrv - ok
20:11:37.0460 3996 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
20:11:37.0476 3996 MSKSSRV - ok
20:11:37.0569 3996 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
20:11:37.0569 3996 MSPCLOCK - ok
20:11:37.0600 3996 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
20:11:37.0616 3996 MSPQM - ok
20:11:37.0663 3996 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
20:11:37.0663 3996 MsRPC - ok
20:11:37.0741 3996 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
20:11:37.0741 3996 mssmbios - ok
20:11:37.0834 3996 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
20:11:37.0834 3996 MSTEE - ok
20:11:37.0897 3996 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
20:11:37.0897 3996 Mup - ok
20:11:38.0022 3996 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
20:11:38.0022 3996 NativeWifiP - ok
20:11:38.0115 3996 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
20:11:38.0131 3996 NDIS - ok
20:11:38.0240 3996 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
20:11:38.0240 3996 NdisTapi - ok
20:11:38.0271 3996 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
20:11:38.0271 3996 Ndisuio - ok
20:11:38.0318 3996 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
20:11:38.0318 3996 NdisWan - ok
20:11:38.0412 3996 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
20:11:38.0427 3996 NDProxy - ok
20:11:38.0474 3996 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
20:11:38.0474 3996 NetBIOS - ok
20:11:38.0490 3996 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
20:11:38.0505 3996 netbt - ok
20:11:38.0692 3996 NETw3v32 (35d5458d9a1b26b2005abffbf4c1c5e7) C:\Windows\system32\DRIVERS\NETw3v32.sys
20:11:38.0755 3996 NETw3v32 - ok
20:11:38.0895 3996 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
20:11:38.0895 3996 nfrd960 - ok
20:11:38.0942 3996 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
20:11:38.0942 3996 Npfs - ok
20:11:38.0973 3996 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
20:11:38.0973 3996 nsiproxy - ok
20:11:39.0036 3996 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
20:11:39.0051 3996 Ntfs - ok
20:11:39.0160 3996 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
20:11:39.0160 3996 ntrigdigi - ok
20:11:39.0192 3996 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
20:11:39.0192 3996 Null - ok
20:11:39.0566 3996 nvlddmkm (1e4292406ebb5224cb1124fbd272ade3) C:\Windows\system32\DRIVERS\nvlddmkm.sys
20:11:40.0611 3996 nvlddmkm - ok
20:11:41.0126 3996 nvraid (6f785db62a6d8f3fafd3e5695277e849) C:\Windows\system32\drivers\nvraid.sys
20:11:41.0422 3996 nvraid - ok
20:11:41.0578 3996 nvstor (4a5fcab82d9bf6af8a023a66802fe9e9) C:\Windows\system32\drivers\nvstor.sys
20:11:41.0937 3996 nvstor - ok
20:11:42.0062 3996 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
20:11:42.0078 3996 nv_agp - ok
20:11:42.0078 3996 NwlnkFlt - ok
20:11:42.0093 3996 NwlnkFwd - ok
20:11:42.0140 3996 OEM02Dev (4db21d44fe49614e3a85e5c07ef09397) C:\Windows\system32\DRIVERS\OEM02Dev.sys
20:11:42.0156 3996 OEM02Dev - ok
20:11:42.0171 3996 OEM02Vfx (86326062a90494bdd79ce383511d7d69) C:\Windows\system32\DRIVERS\OEM02Vfx.sys
20:11:42.0171 3996 OEM02Vfx - ok
20:11:42.0202 3996 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
20:11:42.0202 3996 ohci1394 - ok
20:11:42.0327 3996 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
20:11:42.0327 3996 Parport - ok
20:11:42.0343 3996 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
20:11:42.0358 3996 partmgr - ok
20:11:42.0374 3996 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
20:11:42.0374 3996 Parvdm - ok
20:11:42.0405 3996 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
20:11:42.0405 3996 pci - ok
20:11:42.0452 3996 pciide (20b869152448f80ac49cf10264e91f5e) C:\Windows\system32\drivers\pciide.sys
20:11:42.0452 3996 pciide - ok
20:11:42.0561 3996 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
20:11:42.0577 3996 pcmcia - ok
20:11:42.0717 3996 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
20:11:42.0748 3996 PEAUTH - ok
20:11:42.0889 3996 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
20:11:42.0889 3996 PptpMiniport - ok
20:11:42.0936 3996 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
20:11:42.0936 3996 Processor - ok
20:11:42.0998 3996 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
20:11:42.0998 3996 PSched - ok
20:11:43.0123 3996 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
20:11:43.0154 3996 ql2300 - ok
20:11:43.0170 3996 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
20:11:43.0170 3996 ql40xx - ok
20:11:43.0216 3996 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
20:11:43.0216 3996 QWAVEdrv - ok
20:11:43.0310 3996 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
20:11:43.0310 3996 RasAcd - ok
20:11:43.0341 3996 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
20:11:43.0341 3996 Rasl2tp - ok
20:11:43.0388 3996 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
20:11:43.0388 3996 RasPppoe - ok
20:11:43.0404 3996 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
20:11:43.0404 3996 RasSstp - ok
20:11:43.0497 3996 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
20:11:43.0513 3996 rdbss - ok
20:11:43.0544 3996 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
20:11:43.0544 3996 RDPCDD - ok
20:11:43.0653 3996 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
20:11:43.0669 3996 rdpdr - ok
20:11:43.0825 3996 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
20:11:43.0825 3996 RDPENCDD - ok
20:11:43.0903 3996 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
20:11:43.0918 3996 RDPWD - ok
20:11:43.0965 3996 rimmptsk (d85e3fa9f5b1f29bb4ed185c450d1470) C:\Windows\system32\DRIVERS\rimmptsk.sys
20:11:43.0965 3996 rimmptsk - ok
20:11:44.0043 3996 rimsptsk (db8eb01c58c9fada00c70b1775278ae0) C:\Windows\system32\DRIVERS\rimsptsk.sys
20:11:44.0043 3996 rimsptsk - ok
20:11:44.0074 3996 rismxdp (6c1f93c0760c9f79a1869d07233df39d) C:\Windows\system32\DRIVERS\rixdptsk.sys
20:11:44.0074 3996 rismxdp - ok
20:11:44.0106 3996 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
20:11:44.0106 3996 rspndr - ok
20:11:44.0199 3996 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
20:11:44.0199 3996 sbp2port - ok
20:11:44.0324 3996 sdbus (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys
20:11:44.0324 3996 sdbus - ok
20:11:44.0355 3996 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
20:11:44.0355 3996 secdrv - ok
20:11:44.0402 3996 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
20:11:44.0402 3996 Serenum - ok
20:11:44.0449 3996 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
20:11:44.0449 3996 Serial - ok
20:11:44.0574 3996 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
20:11:44.0574 3996 sermouse - ok
20:11:44.0605 3996 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
20:11:44.0620 3996 sffdisk - ok
20:11:44.0667 3996 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
20:11:44.0667 3996 sffp_mmc - ok
20:11:44.0698 3996 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
20:11:44.0698 3996 sffp_sd - ok
20:11:44.0823 3996 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
20:11:44.0823 3996 sfloppy - ok
20:11:44.0870 3996 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
20:11:44.0870 3996 sisagp - ok
20:11:44.0948 3996 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
20:11:44.0948 3996 SiSRaid2 - ok
20:11:44.0979 3996 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
20:11:44.0979 3996 SiSRaid4 - ok
20:11:45.0088 3996 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
20:11:45.0104 3996 Smb - ok
20:11:45.0151 3996 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
20:11:45.0151 3996 spldr - ok
20:11:45.0198 3996 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
20:11:45.0198 3996 srv - ok
20:11:45.0307 3996 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
20:11:45.0322 3996 srv2 - ok
20:11:45.0338 3996 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
20:11:45.0354 3996 srvnet - ok
20:11:45.0432 3996 STHDA (167909a1c36aa3e8f2582962f0ccc748) C:\Windows\system32\drivers\stwrt.sys
20:11:45.0432 3996 STHDA - ok
20:11:45.0556 3996 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
20:11:45.0556 3996 swenum - ok
20:11:45.0603 3996 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
20:11:45.0603 3996 Symc8xx - ok
20:11:45.0634 3996 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
20:11:45.0634 3996 Sym_hi - ok
20:11:45.0681 3996 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
20:11:45.0681 3996 Sym_u3 - ok
20:11:45.0806 3996 SynTP (dd17b63f26430e179ef6bdef5ac735bd) C:\Windows\system32\DRIVERS\SynTP.sys
20:11:45.0822 3996 SynTP - ok
20:11:45.0900 3996 Tcpip (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
20:11:45.0915 3996 Tcpip - ok
20:11:46.0087 3996 Tcpip6 (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
20:11:46.0087 3996 Tcpip6 - ok
20:11:46.0134 3996 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
20:11:46.0134 3996 tcpipreg - ok
20:11:46.0180 3996 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
20:11:46.0180 3996 TDPIPE - ok
20:11:46.0212 3996 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
20:11:46.0212 3996 TDTCP - ok
20:11:46.0305 3996 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
20:11:46.0305 3996 tdx - ok
20:11:46.0383 3996 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
20:11:46.0399 3996 TermDD - ok
20:11:46.0508 3996 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
20:11:46.0508 3996 tssecsrv - ok
20:11:46.0617 3996 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
20:11:46.0617 3996 tunmp - ok
20:11:46.0680 3996 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
20:11:46.0680 3996 tunnel - ok
20:11:46.0742 3996 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
20:11:46.0742 3996 uagp35 - ok
20:11:46.0851 3996 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
20:11:46.0867 3996 udfs - ok
20:11:46.0976 3996 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
20:11:46.0976 3996 uliagpkx - ok
20:11:47.0101 3996 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
20:11:47.0101 3996 uliahci - ok
20:11:47.0210 3996 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
20:11:47.0226 3996 UlSata - ok
20:11:47.0288 3996 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
20:11:47.0288 3996 ulsata2 - ok
20:11:47.0366 3996 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
20:11:47.0366 3996 umbus - ok
20:11:47.0444 3996 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
20:11:47.0444 3996 usbccgp - ok
20:11:47.0506 3996 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
20:11:47.0522 3996 usbcir - ok
20:11:47.0584 3996 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
20:11:47.0584 3996 usbehci - ok
20:11:47.0662 3996 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
20:11:47.0662 3996 usbhub - ok
20:11:47.0709 3996 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
20:11:47.0725 3996 usbohci - ok
20:11:47.0756 3996 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
20:11:47.0756 3996 usbprint - ok
20:11:47.0818 3996 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:11:47.0818 3996 USBSTOR - ok
20:11:47.0896 3996 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
20:11:47.0912 3996 usbuhci - ok
20:11:47.0974 3996 usbvideo (0a6b81f01bc86399482e27e6fda7b33b) C:\Windows\system32\Drivers\usbvideo.sys
20:11:47.0990 3996 usbvideo - ok
20:11:48.0068 3996 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
20:11:48.0068 3996 vga - ok
20:11:48.0162 3996 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
20:11:48.0177 3996 VgaSave - ok
20:11:48.0224 3996 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
20:11:48.0224 3996 viaagp - ok
20:11:48.0302 3996 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
20:11:48.0302 3996 ViaC7 - ok
20:11:48.0411 3996 viaide (58c8d5ac5c3eef40e7e704a5ced7987d) C:\Windows\system32\drivers\viaide.sys
20:11:48.0427 3996 viaide - ok
20:11:48.0474 3996 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
20:11:48.0489 3996 volmgr - ok
20:11:48.0520 3996 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
20:11:48.0536 3996 volmgrx - ok
20:11:48.0614 3996 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
20:11:48.0614 3996 volsnap - ok
20:11:48.0676 3996 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
20:11:48.0676 3996 vsmraid - ok
20:11:48.0786 3996 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
20:11:48.0786 3996 WacomPen - ok
20:11:48.0832 3996 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
20:11:48.0832 3996 Wanarp - ok
20:11:48.0848 3996 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
20:11:48.0848 3996 Wanarpv6 - ok
20:11:48.0910 3996 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
20:11:48.0910 3996 Wd - ok
20:11:49.0082 3996 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
20:11:49.0098 3996 Wdf01000 - ok
20:11:49.0176 3996 winachsf (4daca8f07537d4d7e3534bb99294aa26) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
20:11:49.0191 3996 winachsf - ok
20:11:49.0316 3996 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
20:11:49.0316 3996 WmiAcpi - ok
20:11:49.0410 3996 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
20:11:49.0410 3996 ws2ifsl - ok
20:11:49.0550 3996 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
20:11:49.0566 3996 WUDFRd - ok
20:11:49.0612 3996 XAudio (5a7ff9a18ff6d7e0527fe3abf9204ef8) C:\Windows\system32\DRIVERS\xaudio.sys
20:11:49.0612 3996 XAudio - ok
20:11:49.0659 3996 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
20:11:49.0722 3996 \Device\Harddisk0\DR0 - ok
20:11:49.0737 3996 Boot (0x1200) (b6bc6bc67a79b1205b1c335dd9c593b8) \Device\Harddisk0\DR0\Partition0
20:11:49.0737 3996 \Device\Harddisk0\DR0\Partition0 - ok
20:11:49.0737 3996 Boot (0x1200) (ebb2bbd498579728a299ac66b5bac81f) \Device\Harddisk0\DR0\Partition1
20:11:49.0737 3996 \Device\Harddisk0\DR0\Partition1 - ok
20:11:49.0737 3996 ============================================================
20:11:49.0737 3996 Scan finished
20:11:49.0737 3996 ============================================================
20:11:49.0753 0736 Detected object count: 0
20:11:49.0753 0736 Actual detected object count: 0



aswMBR log file:
aswMBR version 0.9.9.1297 Copyright© 2011 AVAST Software
Run date: 2012-01-19 17:02:27
-----------------------------
17:02:27.834 OS Version: Windows 6.0.6002 Service Pack 2
17:02:27.834 Number of processors: 2 586 0xF0D
17:02:27.834 ComputerName: NEIL-PC UserName: Neil
17:02:31.204 Initialize success
17:02:52.763 AVAST engine defs: 12011801
17:57:09.700 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
17:57:09.715 Disk 0 Vendor: TOSHIBA_ DL04 Size: 152627MB BusType: 3
17:57:09.731 Disk 0 MBR read successfully
17:57:09.747 Disk 0 MBR scan
17:57:09.793 Disk 0 Windows VISTA default MBR code
17:57:09.809 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 109 MB offset 63
17:57:09.840 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 10240 MB offset 225280
17:57:09.871 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 139716 MB offset 21196800
17:57:09.903 Disk 0 Partition - 00 0F Extended LBA 2560 MB offset 307335168
17:57:09.949 Disk 0 Partition 4 00 DD MSDOS5.0 2559 MB offset 307337216
17:57:09.965 Disk 0 scanning sectors +312578048
17:57:10.090 Disk 0 scanning C:\Windows\system32\drivers
17:57:28.420 Service scanning
17:57:35.331 Modules scanning
17:57:46.095 Disk 0 trace - called modules:
17:57:46.141 ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
17:57:46.157 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85647ac8]
17:57:46.188 3 CLASSPNP.SYS[867a08b3] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x84708030]
17:57:47.795 AVAST engine scan C:\Windows
17:57:51.258 AVAST engine scan C:\Windows\system32
18:01:36.397 AVAST engine scan C:\Windows\system32\drivers
18:01:53.901 AVAST engine scan C:\Users\Neil
18:13:31.704 AVAST engine scan C:\ProgramData
18:14:49.735 Scan finished successfully
20:21:26.610 Disk 0 MBR has been saved successfully to "C:\Users\Neil\Desktop\MBR.dat"
20:21:26.626 The log file has been saved successfully to "C:\Users\Neil\Desktop\aswMBR.txt"

#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,770 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:06 PM

Posted 20 January 2012 - 09:09 AM

The logs are clean. Let see what we can find.

Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop

IMPORTANT....

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Do not install any other programs until this if fixed.


How to : Disable Anti-virus and Firewall...
http://www.bleepingcomputer.com/forums/topic114351.html

Double click on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt
Note:
Do not mouse click ComboFix's window while it's running. That may cause it to stall


Note: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html
===

Third party programs if not up to date can be the cause infiltration of an infection.

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.

Please post the logs for my review.

#5 foxyn

foxyn
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:06 PM

Posted 21 January 2012 - 10:30 AM

Combofix log:

ComboFix 12-01-19.02 - Neil 21/01/2012 14:53:37.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.1021.429 [GMT 0:00]
Running from: c:\users\Neil\Desktop\ComboFix.exe
AV: AVG Anti-Virus 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
.
.
((((((((((((((((((((((((( Files Created from 2011-12-21 to 2012-01-21 )))))))))))))))))))))))))))))))
.
.
2012-01-21 15:04 . 2012-01-21 15:04 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-01-13 14:17 . 2012-01-13 14:17 -------- d-----w- c:\programdata\Yahoo!
2012-01-13 14:11 . 2012-01-13 14:17 -------- d-----w- c:\program files\Yahoo!
2012-01-12 20:32 . 2012-01-12 20:32 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-01-12 20:32 . 2012-01-12 20:32 -------- d-----w- c:\windows\system32\Macromed
2012-01-11 20:04 . 2011-03-03 15:40 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2012-01-11 20:04 . 2011-03-03 13:35 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2012-01-10 22:06 . 2011-10-14 16:03 189952 ----a-w- c:\windows\system32\winmm.dll
2012-01-10 22:06 . 2011-10-14 16:00 23552 ----a-w- c:\windows\system32\mciseq.dll
2012-01-10 22:06 . 2011-11-18 20:23 1205064 ----a-w- c:\windows\system32\ntdll.dll
2012-01-10 22:05 . 2011-11-18 17:47 66560 ----a-w- c:\windows\system32\packager.dll
2012-01-10 22:05 . 2011-11-25 15:59 376320 ----a-w- c:\windows\system32\winsrv.dll
2012-01-10 22:01 . 2011-12-01 15:21 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2012-01-10 22:01 . 2011-10-25 15:58 1314816 ----a-w- c:\windows\system32\quartz.dll
2012-01-10 22:01 . 2011-10-25 15:58 497152 ----a-w- c:\windows\system32\qdvd.dll
2012-01-10 19:36 . 2012-01-10 19:36 -------- d-----w- c:\program files\Windows Portable Devices
2012-01-10 19:06 . 2009-09-10 02:00 92672 ----a-w- c:\windows\system32\UIAnimation.dll
2012-01-10 19:06 . 2009-09-10 02:01 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
2012-01-10 19:06 . 2009-09-10 02:00 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2012-01-10 19:04 . 2009-10-01 01:02 30208 ----a-w- c:\windows\system32\WPDShextAutoplay.exe
2012-01-10 19:04 . 2009-10-01 01:02 31232 ----a-w- c:\windows\system32\BthMtpContextHandler.dll
2012-01-10 19:04 . 2009-10-01 01:01 81920 ----a-w- c:\windows\system32\wpdbusenum.dll
2012-01-10 19:03 . 2009-10-01 01:01 60928 ----a-w- c:\windows\system32\PortableDeviceConnectApi.dll
2012-01-10 19:03 . 2009-10-01 01:02 2537472 ----a-w- c:\windows\system32\wpdshext.dll
2012-01-10 19:03 . 2009-10-01 01:02 334848 ----a-w- c:\windows\system32\PortableDeviceApi.dll
2012-01-10 19:03 . 2009-10-01 01:02 87552 ----a-w- c:\windows\system32\WPDShServiceObj.dll
2012-01-10 19:03 . 2009-10-01 01:01 546816 ----a-w- c:\windows\system32\wpd_ci.dll
2012-01-10 19:03 . 2009-10-01 01:01 160256 ----a-w- c:\windows\system32\PortableDeviceTypes.dll
2012-01-10 19:03 . 2009-10-01 01:01 100864 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll
2012-01-10 19:03 . 2009-10-01 01:01 350208 ----a-w- c:\windows\system32\WPDSp.dll
2012-01-10 19:03 . 2009-10-01 01:01 196608 ----a-w- c:\windows\system32\PortableDeviceWMDRM.dll
2012-01-10 19:03 . 2009-10-01 01:01 227840 ----a-w- c:\windows\system32\drivers\UMDF\WpdFs.dll
2012-01-09 23:13 . 2010-08-31 15:44 531968 ----a-w- c:\windows\system32\comctl32.dll
2012-01-09 21:09 . 2011-02-16 14:02 292864 ----a-w- c:\windows\system32\atmfd.dll
2012-01-09 21:09 . 2011-02-16 16:16 34304 ----a-w- c:\windows\system32\atmlib.dll
2012-01-09 21:09 . 2010-12-14 14:49 1169408 ----a-w- c:\windows\system32\sdclt.exe
2012-01-09 21:09 . 2011-03-12 21:55 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2012-01-09 20:59 . 2009-11-08 10:55 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2012-01-09 20:59 . 2009-11-08 10:55 297808 ----a-w- c:\windows\system32\mscoree.dll
2012-01-09 20:59 . 2009-11-08 10:55 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2012-01-09 20:59 . 2009-11-08 10:55 49472 ----a-w- c:\windows\system32\netfxperf.dll
2012-01-09 20:59 . 2009-11-08 10:55 1130824 ----a-w- c:\windows\system32\dfshim.dll
2012-01-09 19:38 . 2009-10-09 21:56 2048 ----a-w- c:\windows\system32\winrsmgr.dll
2012-01-08 22:47 . 2012-01-08 22:47 161792 ----a-w- c:\windows\system32\msls31.dll
2012-01-08 22:43 . 2012-01-08 22:43 979456 ----a-w- c:\windows\system32\MFH264Dec.dll
2012-01-08 22:43 . 2012-01-08 22:43 357376 ----a-w- c:\windows\system32\MFHEAACdec.dll
2012-01-08 22:43 . 2012-01-08 22:43 302592 ----a-w- c:\windows\system32\mfmp4src.dll
2012-01-08 22:43 . 2012-01-08 22:43 261632 ----a-w- c:\windows\system32\mfreadwrite.dll
2012-01-08 22:43 . 2012-01-08 22:43 2873344 ----a-w- c:\windows\system32\mf.dll
2012-01-08 22:43 . 2012-01-08 22:43 98816 ----a-w- c:\windows\system32\mfps.dll
2012-01-08 22:43 . 2012-01-08 22:43 209920 ----a-w- c:\windows\system32\mfplat.dll
2012-01-08 22:43 . 2012-01-08 22:43 586240 ----a-w- c:\windows\system32\stobject.dll
2012-01-08 22:38 . 2012-01-08 22:38 369664 ----a-w- c:\windows\system32\WMPhoto.dll
2012-01-08 22:38 . 2012-01-08 22:38 195584 ----a-w- c:\windows\system32\dxdiagn.dll
2012-01-08 22:37 . 2012-01-08 22:37 252928 ----a-w- c:\windows\system32\dxdiag.exe
2012-01-08 22:37 . 2012-01-08 22:37 519680 ----a-w- c:\windows\system32\d3d11.dll
2012-01-08 22:37 . 2012-01-08 22:37 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2012-01-08 22:37 . 2012-01-08 22:37 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2012-01-08 22:37 . 2012-01-08 22:37 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
2012-01-08 22:28 . 2012-01-08 22:28 -------- d-----w- c:\program files\Common Files\Adobe AIR
2012-01-08 22:19 . 2012-01-08 22:21 -------- d-----w- c:\program files\Common Files\Adobe
2012-01-08 21:55 . 2012-01-08 21:58 -------- d-----w- c:\program files\Google
2012-01-08 20:03 . 2010-10-12 13:41 515584 ----a-w- c:\program files\Windows Mail\wab.exe
2012-01-08 20:03 . 2010-10-12 15:53 33280 ----a-w- c:\program files\Windows Mail\wabfind.dll
2012-01-08 20:03 . 2010-10-12 13:41 66048 ----a-w- c:\program files\Windows Mail\wabmig.exe
2012-01-08 20:02 . 2011-09-20 21:02 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-01-08 20:01 . 2010-09-13 13:56 168960 ----a-w- c:\program files\Windows Media Player\wmplayer.exe
2012-01-08 20:01 . 2010-09-13 13:56 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2012-01-08 20:00 . 2010-09-06 16:20 125952 ----a-w- c:\windows\system32\srvsvc.dll
2012-01-08 20:00 . 2010-09-06 16:19 17920 ----a-w- c:\windows\system32\netevent.dll
2012-01-08 19:59 . 2010-04-16 16:46 502272 ----a-w- c:\windows\system32\usp10.dll
2012-01-08 19:59 . 2011-10-27 08:01 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-01-08 19:59 . 2011-10-27 08:01 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-01-08 19:59 . 2010-05-27 20:08 81920 ----a-w- c:\windows\system32\iccvid.dll
2012-01-08 19:59 . 2011-07-06 15:31 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2012-01-08 19:59 . 2011-04-29 13:24 79872 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2012-01-08 19:59 . 2011-04-29 13:24 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2012-01-08 19:58 . 2011-07-29 16:01 293376 ----a-w- c:\windows\system32\psisdecd.dll
2012-01-08 19:58 . 2011-07-29 16:01 217088 ----a-w- c:\windows\system32\psisrndr.ax
2012-01-08 19:58 . 2011-07-29 16:00 69632 ----a-w- c:\windows\system32\Mpeg2Data.ax
2012-01-08 19:58 . 2011-07-29 16:00 57856 ----a-w- c:\windows\system32\MSDvbNP.ax
2012-01-08 19:58 . 2010-12-28 15:55 413696 ----a-w- c:\windows\system32\odbc32.dll
2012-01-08 19:58 . 2010-12-28 15:53 708608 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2012-01-08 19:58 . 2010-12-28 15:53 253952 ----a-w- c:\program files\Common Files\System\ado\msadox.dll
2012-01-08 19:58 . 2010-12-28 15:53 241664 ----a-w- c:\program files\Common Files\System\ado\msadomd.dll
2012-01-08 19:58 . 2010-12-28 15:53 180224 ----a-w- c:\program files\Common Files\System\msadc\msadco.dll
2012-01-08 19:58 . 2010-12-28 15:53 57344 ----a-w- c:\program files\Common Files\System\msadc\msadcs.dll
2012-01-08 19:58 . 2011-04-14 14:59 75264 ----a-w- c:\windows\system32\drivers\dfsc.sys
2012-01-08 19:57 . 2011-02-22 13:23 69632 ----a-w- c:\windows\system32\drivers\bowser.sys
2012-01-08 19:56 . 2011-03-10 17:03 1162240 ----a-w- c:\windows\system32\mfc42u.dll
2012-01-08 19:56 . 2011-03-10 17:03 1136640 ----a-w- c:\windows\system32\mfc42.dll
2012-01-08 19:56 . 2010-01-29 15:40 1616384 ----a-w- c:\program files\Windows Mail\msoe.dll
2012-01-08 19:53 . 2009-08-24 11:36 377344 ----a-w- c:\windows\system32\winhttp.dll
2012-01-08 19:52 . 2011-02-18 14:03 305152 ----a-w- c:\windows\system32\drivers\srv.sys
2012-01-08 19:52 . 2011-03-02 15:44 86528 ----a-w- c:\windows\system32\dnsrslvr.dll
2012-01-08 19:52 . 2009-05-04 09:59 25088 ----a-w- c:\windows\system32\dnscacheugc.exe
2012-01-08 19:52 . 2010-04-05 17:01 67072 ----a-w- c:\windows\system32\asycfilt.dll
2012-01-08 19:52 . 2010-06-28 17:00 1316864 ----a-w- c:\windows\system32\ole32.dll
2012-01-08 19:52 . 2010-06-28 14:54 339968 ----a-w- c:\program files\Windows NT\Accessories\wordpad.exe
2012-01-08 19:52 . 2011-10-14 16:02 429056 ----a-w- c:\windows\system32\EncDec.dll
2012-01-08 19:52 . 2010-08-17 14:11 128000 ----a-w- c:\windows\system32\spoolsv.exe
2012-01-08 19:51 . 2010-08-26 16:37 157184 ----a-w- c:\windows\system32\t2embed.dll
2012-01-08 19:51 . 2011-04-21 13:58 273408 ----a-w- c:\windows\system32\drivers\afd.sys
2012-01-08 19:50 . 2010-06-17 18:08 10926592 ----a-w- c:\program files\Movie Maker\MOVIEMK.dll
2012-01-08 19:50 . 2010-06-17 16:16 150016 ----a-w- c:\program files\Movie Maker\MOVIEMK.exe
2012-01-08 19:50 . 2011-04-29 13:25 146432 ----a-w- c:\windows\system32\drivers\srv2.sys
2012-01-08 19:50 . 2011-04-29 13:25 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
2012-01-08 19:49 . 2010-08-26 16:34 1696256 ----a-w- c:\windows\system32\gameux.dll
2012-01-08 19:49 . 2010-04-05 17:02 317952 ----a-w- c:\windows\system32\MP4SDECD.DLL
2012-01-08 19:48 . 2011-02-22 13:33 1068544 ----a-w- c:\windows\system32\DWrite.dll
2012-01-08 19:48 . 2011-02-22 13:33 797696 ----a-w- c:\windows\system32\FntCache.dll
2012-01-08 19:48 . 2011-02-22 14:13 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2012-01-08 19:48 . 2010-08-31 15:46 954752 ----a-w- c:\windows\system32\mfc40.dll
2012-01-08 19:48 . 2010-08-31 15:46 954288 ----a-w- c:\windows\system32\mfc40u.dll
2012-01-08 19:47 . 2010-06-18 17:31 36864 ----a-w- c:\windows\system32\rtutils.dll
2012-01-08 19:46 . 2010-08-20 16:05 867328 ----a-w- c:\windows\system32\wmpmde.dll
2012-01-08 19:46 . 2010-12-29 18:28 322560 ----a-w- c:\windows\system32\sbe.dll
2012-01-08 19:46 . 2010-12-29 18:28 153088 ----a-w- c:\windows\system32\sbeio.dll
2012-01-08 19:46 . 2010-12-29 18:26 177664 ----a-w- c:\windows\system32\mpg2splt.ax
2012-01-08 19:15 . 2010-11-04 18:55 601600 ----a-w- c:\windows\system32\schedsvc.dll
2012-01-08 19:15 . 2010-11-04 18:55 352768 ----a-w- c:\windows\system32\taskschd.dll
2012-01-08 19:15 . 2010-11-04 18:56 345600 ----a-w- c:\windows\system32\wmicmiplugin.dll
2012-01-08 19:15 . 2010-11-04 16:34 171520 ----a-w- c:\windows\system32\taskeng.exe
2012-01-08 19:15 . 2010-11-04 18:55 270336 ----a-w- c:\windows\system32\taskcomp.dll
2012-01-08 19:10 . 2012-01-12 19:34 -------- d-----w- c:\program files\Microsoft.NET
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-08 22:38 . 2012-01-08 22:38 4096 ----a-w- c:\windows\system32\drivers\en-US\dxgkrnl.sys.mui
2012-01-07 22:36 . 2006-11-02 10:32 101888 ----a-w- c:\windows\system32\ifxcardm.dll
2012-01-07 22:36 . 2006-11-02 10:32 82432 ----a-w- c:\windows\system32\axaltocm.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-01-16 18:29 1811296 ----a-w- c:\program files\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll" [2012-01-16 1811296]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-01-08 39408]
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe" [2012-01-04 6497592]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-18 125952]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2007-02-02 36864]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-02-12 174872]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-04-27 857648]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2011-12-03 2415456]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-01-16 939872]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-06-14 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-06-14 8433664]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-06-14 81920]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2007-06-14 67584]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-05-06 405504]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"ROC_roc_dec12"="c:\program files\AVG Secure Search\ROC_roc_dec12.exe" [2012-01-16 928096]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-01-08 21:56]
.
2012-01-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-01-08 21:56]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\10.0.6\ViProtocol.dll
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-21 15:04
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
.
c:\users\Neil\AppData\Local\Temp\catchme.dll 53248 bytes executable
.
scan completed successfully
hidden files: 1
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2012-01-21 15:11:29
ComboFix-quarantined-files.txt 2012-01-21 15:11
.
Pre-Run: 56,100,151,296 bytes free
Post-Run: 56,247,209,984 bytes free
.
- - End Of File - - 9B84240DCD5C349397F017D2A7504DE8




Security Check log:

Results of screen317's Security Check version 0.99.30
Windows Vista Service Pack 2 x86 (UAC is enabled)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Disabled!
AVG 2012
AVG PC Tuneup
AVG 2012
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

AVG PC Tuneup
Adobe Reader X (10.1.1)
````````````````````````````````
Process Check:
objlist.exe by Laurent

AVG avgwdsvc.exe
AVG avgtray.exe
``````````End of Log````````````

#6 nasdaq

nasdaq

  • Malware Response Team
  • 38,770 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:06 PM

Posted 22 January 2012 - 08:07 AM

Nothing suspicious was found.

Open your Task Manager (CTRL+ALT+DEL) UNDER Process is there any one that it using a lot of CPU?
Let me know.

Please Download
TDSSKiller.zip

>>> Double-click on TDSSKiller.exe to run the application.
  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue
    Posted Image
  • If a suspicious file is detected, the default action will be Skip, click on Continue
    Posted Image
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) ( 511KB ) to your desktop. Double click the aswMBR.exe to run it

  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
  • Please post the contents of that log in your next reply.
There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.

===

Please post the logs for my review.

#7 nasdaq

nasdaq

  • Malware Response Team
  • 38,770 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:06 PM

Posted 28 January 2012 - 10:08 AM

Are you still with me.

#8 nasdaq

nasdaq

  • Malware Response Team
  • 38,770 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:06 PM

Posted 04 February 2012 - 07:45 AM

Topic reopened.

#9 foxyn

foxyn
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:06 PM

Posted 15 February 2012 - 02:32 PM

Hi, thanks for reopening.

Looking through the task manager, the processes which are consuming most account for most of the memory allocation are the Internet exlorer windows I have open. The memory usage just keeps increasing until the laptop becomes unusable. Closing and restarting explorer usually temporarily speeds things up, but the memory usage just starts ramping up again.

Also, sometimes when I have a single IE window open, task manager shows two or three line entries for IE processes.

Neil.

#10 nasdaq

nasdaq

  • Malware Response Team
  • 38,770 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:06 PM

Posted 20 February 2012 - 11:12 AM

I apologize I missed your post of the 15.

Are you still with me?

#11 foxyn

foxyn
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:06 PM

Posted 25 February 2012 - 04:16 AM

Hi, yes still here.

The problems seem intermittent at the minute. Some days I will switch on and it doesn't seem too bad, other days the laptop is unusable.
Do you have any more ideas about what could be wrong with it?

Beginning to think I should just buy a new one!

Neil.

#12 nasdaq

nasdaq

  • Malware Response Team
  • 38,770 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:06 PM

Posted 25 February 2012 - 09:48 AM

Intermittent problems are hard to diagnose and fix.

Next time it happens note what programs are working at the time.
Some conflict may exist.

These topics may help.

How to troubleshoot a problem by performing a clean boot in Windows Vista
http://support.microsoft.com/?kbid=929135&SD=tech

Optimize Windows Vista for better performance
http://windowshelp.microsoft.com/Windows/en-US/help/83EC0FFE-EE04-4D53-8B87-25D1F05C954E1033.mspx
*/*

Get maximum performance from Windows Vista
http://windowshelp.microsoft.com/windows/en-us/Help/596FB57F-CC9D-4AC5-A813-5C0830E9156A1033.mspx

Good luck.

Time for some housekeeping

The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following bold text into the Run box and click OK:

ComboFix /Uninstall
===

Delete the other tools we used.

#13 foxyn

foxyn
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:06 PM

Posted 26 February 2012 - 02:46 PM

Ok, thanks for your help.

Neil.

#14 nasdaq

nasdaq

  • Malware Response Team
  • 38,770 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:06 PM

Posted 03 March 2012 - 08:40 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users