Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

TDSS infection


  • This topic is locked This topic is locked
24 replies to this topic

#1 ArKain

ArKain

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:09:08 AM

Posted 09 January 2012 - 10:04 PM

Late last night my computer was infected by the rogue win 7 antivirus 2012 program, it took me a while to get rid of it, but I'm still having trouble with my computer, namely that google links are being redirected, and I apparently have over 5000 connections to different hosts at once. The website I used to remove the win 7 virus stated that it was often found with the TDSS rootkit. I've tried running TDSSkiller but it can't seem to find the problem. RU botted by Trend Micro is constantly detecting the TDSS virus but it can't remove it. Help to eliminate this would be much appreciated

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514
Run by ArKain at 18:51:42 on 2012-01-09
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4077.1207 [GMT -8:00]
.
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\BOINC\boinc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
c:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files (x86)\MagicDisc\MagicDisc.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\BOINC\boincmgr.exe
C:\Program Files (x86)\BOINC\boinctray.exe
C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files (x86)\Ask.com\Updater\Updater.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10w_ActiveX.exe
C:\Windows\SysWOW64\RunDll32.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Sony\VAIO Update 5\VAIOUpdt.exe
C:\Program Files (x86)\DDNi\Oasis\VAIO Messenger.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\DDNi\Oasis2Service\Oasis2Service.exe
C:\Program Files\Sony\VAIO Care\VCPerfService.exe
C:\Program Files\Sony\VAIO Care\listener.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
C:\Program Files\Sony\VAIO Power Management\SPMService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files\Sony\VAIO Care\VCsystray.exe
C:\Program Files\Sony\VAIO Care\VCService.exe
C:\Program Files\Sony\VAIO Care\VCAgent.exe
C:\Windows\System32\vds.exe
C:\Program Files\Sony\VAIO Update 5\VUAgent.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Program Files (x86)\Trend Micro\RUBotted\RUBotSrv.exe
C:\Program Files (x86)\Trend Micro\RUBotted\RUBottedGUI.exe
C:\ProgramData\BOINC\projects\www.worldcommunitygrid.org\wcg_hcmd2_maxdo_6.40_windows_intelx86
C:\ProgramData\BOINC\projects\www.worldcommunitygrid.org\wcg_hcmd2_maxdo_6.40_windows_intelx86
C:\ProgramData\BOINC\projects\www.worldcommunitygrid.org\wcg_hcmd2_maxdo_6.40_windows_intelx86
C:\Windows\system32\conhost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Sony\VAIO Care\Admload.exe
C:\ProgramData\BOINC\projects\www.worldcommunitygrid.org\wcg_c4cw_lmps_6.41_windows_x86_64
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\SysWOW64\ping.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbengine.exe
C:\Windows\system32\vssvc.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uDefault_Page_URL = hxxp://sony.msn.com
uSearch Bar = hxxp://www.google.com/ie
uSearch Page = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7018.1622\swg.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO: Dictionary.com Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Dictionary.com Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [boincmgr] "C:\Program Files (x86)\BOINC\boincmgr.exe" /a /s
mRun: [boinctray] "C:\Program Files (x86)\BOINC\boinctray.exe"
mRun: [ISBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"
mRun: [PMBVolumeWatcher] c:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [<NO NAME>]
mRun: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
mRun: [Trend Micro RUBotted V2.0 Beta] C:\Program Files (x86)\Trend Micro\RUBotted\RUBottedGUI.exe
mRunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript
StartupFolder: C:\Users\ArKain\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MAGICD~1.LNK - C:\Program Files (x86)\MagicDisc\MagicDisc.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ADOBEG~1.LNK - C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MICROS~1.LNK - C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Free YouTube Download - C:\Users\ArKain\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to MP3 Converter - C:\Users\ArKain\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
TCP: DhcpNameServer = 142.103.1.42 137.82.1.2
TCP: Interfaces\{57152692-C5E9-4DB1-B808-48F5EFEB5FC7} : DhcpNameServer = 142.103.1.42 137.82.1.2
TCP: Interfaces\{606BC0B2-3B26-4403-A094-C9A012714B67}\4554C4553503335353 : DhcpNameServer = 192.168.1.254 75.153.176.9
TCP: Interfaces\{606BC0B2-3B26-4403-A094-C9A012714B67}\572636 : DhcpNameServer = 137.82.1.2 142.103.1.42
TCP: Interfaces\{606BC0B2-3B26-4403-A094-C9A012714B67}\A657C696160277962756C6563737 : DhcpNameServer = 192.168.1.254 192.168.1.254
TCP: Interfaces\{606BC0B2-3B26-4403-A094-C9A012714B67}\D6164727968733 : DhcpNameServer = 8.8.8.8 8.8.4.4 4.2.2.1
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files (x86)\Common Files\microsoft shared\Web Folders\PKMCDO.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 consrv:ConServerDllInitialization,2 sxssrv,4
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7018.1622\swg.dll
BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO-X64: Dictionary.com Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO-X64: Ask Toolbar BHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB-X64: Dictionary.com Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun-x64: [boincmgr] "C:\Program Files (x86)\BOINC\boincmgr.exe" /a /s
mRun-x64: [boinctray] "C:\Program Files (x86)\BOINC\boinctray.exe"
mRun-x64: [ISBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"
mRun-x64: [PMBVolumeWatcher] c:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [(Default)]
mRun-x64: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
mRun-x64: [Trend Micro RUBotted V2.0 Beta] C:\Program Files (x86)\Trend Micro\RUBotted\RUBottedGUI.exe
mRunOnce-x64: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\ArKain\AppData\Roaming\Mozilla\Firefox\Profiles\ngrd77qb.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.ask.com/?l=dir&o=13739
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=DIC3V5&o=13736&locale=en_US&apn_uid=28127395-5D37-494C-98A2-4E38B225C72B&apn_ptnrs=D6&apn_sauid=E6BA674F-DF91-4C33-812C-BCCBF8EA5C99&apn_dtid=YYYYYYYYCA&&q=
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 BOINC;WORLDC~1|World Community Grid;C:\Program Files (x86)\BOINC\boinc.exe [2010-5-27 529152]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2010-2-28 821664]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-8-1 13336]
R2 Oasis2Service;Oasis2Service;C:\Program Files (x86)\DDNi\Oasis2Service\Oasis2Service.exe [2011-8-13 49152]
R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2010-11-26 398176]
R2 regi;regi;\??\C:\Windows\system32\drivers\regi.sys --> C:\Windows\system32\drivers\regi.sys [?]
R2 rimspci;rimspci;C:\Windows\system32\DRIVERS\rimssne64.sys --> C:\Windows\system32\DRIVERS\rimssne64.sys [?]
R2 risdsnpe;risdsnpe;C:\Windows\system32\DRIVERS\risdsnxc64.sys --> C:\Windows\system32\DRIVERS\risdsnxc64.sys [?]
R2 RUBotSrv;Trend Micro RUBotted Service;C:\Program Files (x86)\Trend Micro\RUBotted\RUBotSrv.exe [2012-1-9 439632]
R2 SampleCollector;VAIO Care Performance Service;C:\Program Files\Sony\VAIO Care\VCPerfService.exe [2011-8-1 259192]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2009-12-2 483688]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-3-20 378472]
R2 uCamMonitor;CamMonitor;C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2011-8-1 105024]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-8-1 2656280]
R2 VAIO Power Management;VAIO Power Management;C:\Program Files\Sony\VAIO Power Management\SPMService.exe [2011-8-1 550080]
R2 VSNService;VSNService;C:\Program Files\Sony\VAIO Smart Network\VSNService.exe [2011-8-1 852160]
R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys --> C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys [?]
R3 MEIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 SFEP;Sony Firmware Extension Parser;C:\Windows\system32\DRIVERS\SFEP.sys --> C:\Windows\system32\DRIVERS\SFEP.sys [?]
R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]
R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]
R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]
R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2009-12-2 209768]
R3 VCService;VCService;C:\Program Files\Sony\VAIO Care\VCService.exe [2011-8-1 44736]
R3 VUAgent;VUAgent;C:\Program Files\Sony\VAIO Update 5\VUAgent.exe [2011-8-1 1021112]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-8-31 136176]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-3-1 183560]
S3 BTWAMPFL;BTWAMPFL;C:\Windows\system32\DRIVERS\btwampfl.sys --> C:\Windows\system32\DRIVERS\btwampfl.sys [?]
S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]
S3 e1yexpress;Intel® Gigabit Network Connections Driver;C:\Windows\system32\DRIVERS\e1y60x64.sys --> C:\Windows\system32\DRIVERS\e1y60x64.sys [?]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-8-31 136176]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 SOHCImp;VAIO Content Importer;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2011-2-21 113824]
S3 SOHDs;VAIO Device Searcher;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2011-2-21 67232]
S3 SpfService;VAIO Entertainment Common Service;C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [2011-1-20 286936]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 VCFw;VAIO Content Folder Watcher;C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2011-1-20 887000]
S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2011-2-18 546608]
S3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2011-2-18 385336]
S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2011-2-18 99104]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-01-10 01:11:53 -------- d-----w- C:\ProgramData\Trend Micro
2012-01-10 01:07:07 157712 ----a-w- C:\Windows\SysWow64\drivers\tmcomm.sys
2012-01-10 01:01:46 -------- d-----w- C:\Program Files (x86)\WinPcap
2012-01-10 00:59:42 388096 ----a-r- C:\Users\ArKain\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-01-10 00:59:40 -------- d-----w- C:\Program Files (x86)\Trend Micro
2012-01-10 00:30:38 -------- d-----w- C:\Users\ArKain\AppData\Local\{196E4429-48F5-480C-96E4-7D8ABA82210C}
2012-01-10 00:27:41 -------- d-----w- C:\Users\ArKain\AppData\Local\{287D1145-DADD-431F-8EF5-6D22B60FDA15}
2012-01-09 23:55:43 -------- d-----w- C:\Users\ArKain\AppData\Local\{3FD40A06-7247-4D0A-81F0-973A146C26DD}
2012-01-09 23:15:24 -------- d-----w- C:\Users\ArKain\AppData\Local\{F7445E50-1232-49EC-A87C-26827142C344}
2012-01-09 18:02:00 -------- d-----w- C:\Users\ArKain\AppData\Local\{0A9FB048-3460-486A-B529-76CE387B2C8E}
2012-01-09 08:48:26 -------- d-----w- C:\Users\ArKain\AppData\Local\{FE9133AD-551F-469F-B8DA-B8560B4C8A49}
2012-01-09 08:18:19 -------- d-----we C:\Windows\system64
2012-01-07 06:32:54 -------- d-----w- C:\Users\ArKain\AppData\Local\{A63DE663-C465-46FA-8EA3-55927AB41BA0}
2012-01-05 17:34:07 -------- d-----w- C:\Users\ArKain\AppData\Local\{16B17A12-CD6B-4F00-AB01-A0F838232DB2}
2012-01-04 17:57:51 -------- d-----w- C:\Users\ArKain\AppData\Local\{87C4D5ED-37B1-4FF0-907A-33E53D2A40FE}
2012-01-04 08:39:24 -------- d-----w- C:\Users\ArKain\AppData\Roaming\MP3 Quality Modifier
2012-01-04 03:38:34 -------- d-----w- C:\Users\ArKain\AppData\Roaming\AccurateRip
2012-01-04 03:38:31 850152 ----a-w- C:\Windows\SysWow64\SpoonUninstall.exe
2012-01-04 03:38:28 -------- d-----w- C:\Program Files (x86)\Illustrate
2011-12-25 22:39:01 -------- d-----w- C:\Users\ArKain\AppData\Local\{8FFFA4A1-8C1C-4E69-B70D-29D103276396}
2011-12-24 07:54:24 -------- d-----w- C:\Program Files (x86)\Ask.com
2011-12-24 00:52:41 -------- d-----w- C:\Users\ArKain\AppData\Local\{36046FE4-186E-4695-908D-EDCA019A5BD2}
2011-12-22 22:29:54 -------- d-----w- C:\Users\ArKain\AppData\Local\{F8660C10-BBC8-4352-9782-B68B238DF362}
2011-12-20 22:09:59 -------- d-----w- C:\Users\ArKain\AppData\Local\{58F490F8-1872-4878-955B-8FCF1B001159}
2011-12-19 01:26:27 -------- d-----w- C:\Users\ArKain\AppData\Local\{FDEE80AC-97B1-4F1D-A7CC-46EFE6463A62}
2011-12-18 03:25:47 -------- d-----w- C:\Users\ArKain\AppData\Local\{83FC0B3B-06AF-49B2-A836-F5FAD4A4D6CE}
2011-12-16 18:40:45 -------- d-----w- C:\Users\ArKain\AppData\Local\{F4F6B3E0-E1A2-4E6E-B48C-1670D0E55A24}
2011-12-16 07:43:25 -------- d-----w- C:\Users\ArKain\AppData\Local\{79061690-3528-41B8-89FC-0CE3748213E0}
2011-12-15 00:29:43 -------- d-----w- C:\Users\ArKain\AppData\Local\{0B621360-55C6-4833-B5D5-ECDF42A28DD5}
2011-12-14 01:52:35 -------- d-----w- C:\Program Files\iPod
2011-12-14 01:52:34 -------- d-----w- C:\Program Files\iTunes
2011-12-14 01:52:34 -------- d-----w- C:\Program Files (x86)\iTunes
2011-12-12 22:11:18 -------- d-----w- C:\Users\ArKain\AppData\Local\{07407955-1858-4D79-9E95-D559FBA86AA1}
2011-12-12 09:20:51 -------- d-----w- C:\Users\ArKain\AppData\Local\{35967534-D21E-44E8-876F-42A433B5144C}
2011-12-12 06:39:09 -------- d-----w- C:\Users\ArKain\AppData\Local\{066DD899-3FF1-4EAE-BD9E-B5D8D2B4237D}
.
==================== Find3M ====================
.
2011-12-10 23:24:08 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-10-24 22:29:02 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2011-10-24 22:29:02 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
.
============= FINISH: 18:52:29.33 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:08 PM

Posted 12 January 2012 - 03:11 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.
  • Do not run any other tool untill instructed to do so!


Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 ArKain

ArKain
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:09:08 AM

Posted 12 January 2012 - 06:14 PM

ComboFix 12-01-12.04 - ArKain 01/12/2012 14:56:34.3.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4077.2764 [GMT -8:00]
Running from: c:\users\ArKain\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2011-12-12 to 2012-01-12 )))))))))))))))))))))))))))))))
.
.
2012-01-12 23:05 . 2012-01-12 23:05 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-01-12 23:05 . 2012-01-12 23:05 -------- d-----w- c:\users\boinc_master\AppData\Local\temp
2012-01-12 22:53 . 2012-01-12 22:53 -------- d-----w- c:\users\TEMP
2012-01-11 03:22 . 2012-01-11 03:22 15712 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\4b6b253d1ccd01001\MeshBetaRemover.exe
2012-01-10 01:11 . 2012-01-10 01:11 -------- d-----w- c:\programdata\Trend Micro
2012-01-10 01:07 . 2009-05-07 23:04 157712 ----a-w- c:\windows\SysWow64\drivers\tmcomm.sys
2012-01-10 01:01 . 2012-01-10 01:01 -------- d-----w- c:\program files (x86)\WinPcap
2012-01-10 00:59 . 2012-01-10 00:59 388096 ----a-r- c:\users\ArKain\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-01-10 00:59 . 2012-01-10 01:01 -------- d-----w- c:\program files (x86)\Trend Micro
2012-01-04 08:39 . 2012-01-04 08:42 -------- d-----w- c:\users\ArKain\AppData\Roaming\MP3 Quality Modifier
2012-01-04 03:38 . 2012-01-04 03:38 -------- d-----w- c:\users\ArKain\AppData\Roaming\AccurateRip
2012-01-04 03:38 . 2012-01-04 03:41 850152 ----a-w- c:\windows\SysWow64\SpoonUninstall.exe
2012-01-04 03:38 . 2012-01-04 03:38 -------- d-----w- c:\program files (x86)\Illustrate
2011-12-24 07:54 . 2011-12-24 07:54 -------- d-----w- c:\program files (x86)\Ask.com
2011-12-14 01:52 . 2011-12-14 01:52 -------- d-----w- c:\program files\iPod
2011-12-14 01:52 . 2011-12-14 01:52 -------- d-----w- c:\program files\iTunes
2011-12-14 01:52 . 2011-12-14 01:52 -------- d-----w- c:\program files (x86)\iTunes
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-10 23:24 . 2011-08-24 06:35 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-10-24 22:29 . 2011-10-24 22:29 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2011-10-24 22:29 . 2011-10-24 22:29 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
.
.
((((((((((((((((((((((((((((( SnapShot@2012-01-12_22.47.25 )))))))))))))))))))))))))))))))))))))))))
.
- 2012-01-12 22:45 . 2012-01-12 22:45 13585 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
+ 2012-01-12 22:52 . 2012-01-12 22:52 13585 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
+ 2010-11-21 03:09 . 2012-01-12 22:55 56722 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-01-12 22:55 34094 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-08-23 01:24 . 2012-01-12 22:56 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-08-23 01:24 . 2012-01-12 22:47 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-08-23 01:24 . 2012-01-12 22:47 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-08-23 01:24 . 2012-01-12 22:56 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-01-12 22:47 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-01-12 22:56 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-08-24 02:33 . 2012-01-12 22:56 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-08-24 02:33 . 2012-01-12 17:28 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-08-24 02:33 . 2012-01-12 22:56 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-08-24 02:33 . 2012-01-12 17:28 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-08-24 02:33 . 2012-01-12 17:28 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-08-24 02:33 . 2012-01-12 22:56 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-08-23 01:37 . 2012-01-12 22:56 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-08-23 01:37 . 2012-01-12 22:00 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-08-23 01:37 . 2012-01-12 22:00 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-08-23 01:37 . 2012-01-12 22:56 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-08-01 20:33 . 2012-01-12 22:52 7878 c:\windows\system32\wdi\ERCQueuedResolutions.dat
+ 2011-08-23 17:01 . 2012-01-12 22:55 9372 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1207031487-2560531184-2246663981-1005_UserData.bin
- 2011-08-01 19:58 . 2012-01-12 22:45 2634 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Bluetooth\bthservsdp.dat
+ 2011-08-01 19:58 . 2012-01-12 22:52 2634 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Bluetooth\bthservsdp.dat
+ 2012-01-12 22:53 . 2012-01-12 22:53 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-01-12 22:46 . 2012-01-12 22:46 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-01-12 22:46 . 2012-01-12 22:46 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-01-12 22:53 . 2012-01-12 22:53 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 04:54 . 2012-01-12 22:46 196608 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-01-12 22:53 196608 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 02:36 . 2012-01-12 17:31 660928 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-01-12 23:00 660928 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-01-12 23:00 121566 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-01-12 17:31 121566 c:\windows\system32\perfc009.dat
+ 2009-07-14 05:01 . 2012-01-12 22:52 284540 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-01-12 22:45 284540 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 04:54 . 2012-01-12 22:53 2605056 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-01-12 22:46 2605056 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-01-12 22:46 1376256 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-01-12 22:53 1376256 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-08-23 07:28 . 2012-01-12 22:45 5022183 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1207031487-2560531184-2246663981-1005-8192.dat
+ 2011-08-23 07:28 . 2012-01-12 22:52 5022183 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1207031487-2560531184-2246663981-1005-8192.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2011-11-18 1515688]
.


I forgot to save the combofix log after running it the first time so I ran it again, after running combofix I had issues connecting to the internet and had to use ipconfig /release and ipconfig /renew to get it running again. The problems from the virus did not show constantly, it would come and go, but right now my computer seems relatively normal. I will post again if anything comes up.

Edit: My internet shows that I once again have an abnormally high number of connections (currently 7800).

Edited by ArKain, 12 January 2012 - 06:27 PM.


#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:08 PM

Posted 12 January 2012 - 07:59 PM

Hello

I want you to run this tool for me next.

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 ArKain

ArKain
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:09:08 AM

Posted 12 January 2012 - 08:06 PM

17:04:56.0212 3148 TDSS rootkit removing tool 2.7.0.0 Jan 10 2012 09:14:26
17:04:56.0612 3148 ============================================================
17:04:56.0612 3148 Current date / time: 2012/01/12 17:04:56.0612
17:04:56.0612 3148 SystemInfo:
17:04:56.0612 3148
17:04:56.0612 3148 OS Version: 6.1.7601 ServicePack: 1.0
17:04:56.0612 3148 Product type: Workstation
17:04:56.0612 3148 ComputerName: 282819
17:04:56.0612 3148 UserName: ArKain
17:04:56.0612 3148 Windows directory: C:\Windows
17:04:56.0612 3148 System windows directory: C:\Windows
17:04:56.0612 3148 Running under WOW64
17:04:56.0612 3148 Processor architecture: Intel x64
17:04:56.0612 3148 Number of processors: 8
17:04:56.0612 3148 Page size: 0x1000
17:04:56.0612 3148 Boot type: Normal boot
17:04:56.0612 3148 ============================================================
17:04:56.0842 3148 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000, SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K', Flags 0x00000040
17:04:56.0892 3148 Initialize success
17:04:58.0202 5864 ============================================================
17:04:58.0202 5864 Scan started
17:04:58.0202 5864 Mode: Manual;
17:04:58.0202 5864 ============================================================
17:04:59.0752 5864 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\DRIVERS\1394ohci.sys
17:04:59.0752 5864 1394ohci - ok
17:04:59.0902 5864 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
17:04:59.0902 5864 ACPI - ok
17:05:00.0022 5864 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
17:05:00.0022 5864 AcpiPmi - ok
17:05:00.0162 5864 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
17:05:00.0172 5864 adp94xx - ok
17:05:00.0302 5864 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
17:05:00.0312 5864 adpahci - ok
17:05:00.0452 5864 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
17:05:00.0452 5864 adpu320 - ok
17:05:00.0582 5864 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
17:05:00.0582 5864 AFD - ok
17:05:00.0702 5864 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
17:05:00.0702 5864 agp440 - ok
17:05:00.0822 5864 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
17:05:00.0822 5864 aliide - ok
17:05:00.0942 5864 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
17:05:00.0942 5864 amdide - ok
17:05:01.0072 5864 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
17:05:01.0072 5864 AmdK8 - ok
17:05:01.0162 5864 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
17:05:01.0162 5864 AmdPPM - ok
17:05:01.0202 5864 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
17:05:01.0202 5864 amdsata - ok
17:05:01.0312 5864 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
17:05:01.0312 5864 amdsbs - ok
17:05:01.0412 5864 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
17:05:01.0412 5864 amdxata - ok
17:05:01.0472 5864 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
17:05:01.0472 5864 AppID - ok
17:05:01.0613 5864 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
17:05:01.0623 5864 arc - ok
17:05:01.0643 5864 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
17:05:01.0643 5864 arcsas - ok
17:05:01.0763 5864 ArcSoftKsUFilter (c130bc4a51b1382b2be8e44579ec4c0a) C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys
17:05:01.0763 5864 ArcSoftKsUFilter - ok
17:05:01.0893 5864 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
17:05:01.0893 5864 AsyncMac - ok
17:05:02.0023 5864 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
17:05:02.0023 5864 atapi - ok
17:05:02.0203 5864 athr (e8e1ae3caa4c7286d40715336d8a11d4) C:\Windows\system32\DRIVERS\athrx.sys
17:05:02.0223 5864 athr - ok
17:05:02.0373 5864 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
17:05:02.0373 5864 b06bdrv - ok
17:05:02.0493 5864 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
17:05:02.0503 5864 b57nd60a - ok
17:05:02.0643 5864 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
17:05:02.0643 5864 Beep - ok
17:05:02.0813 5864 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
17:05:02.0813 5864 blbdrive - ok
17:05:02.0943 5864 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
17:05:02.0943 5864 bowser - ok
17:05:03.0053 5864 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
17:05:03.0053 5864 BrFiltLo - ok
17:05:03.0113 5864 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
17:05:03.0113 5864 BrFiltUp - ok
17:05:03.0183 5864 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
17:05:03.0183 5864 BridgeMP - ok
17:05:03.0313 5864 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
17:05:03.0313 5864 Brserid - ok
17:05:03.0343 5864 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
17:05:03.0343 5864 BrSerWdm - ok
17:05:03.0453 5864 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
17:05:03.0453 5864 BrUsbMdm - ok
17:05:03.0573 5864 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
17:05:03.0573 5864 BrUsbSer - ok
17:05:03.0703 5864 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
17:05:03.0703 5864 BthEnum - ok
17:05:03.0813 5864 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
17:05:03.0813 5864 BTHMODEM - ok
17:05:03.0933 5864 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
17:05:03.0943 5864 BthPan - ok
17:05:04.0073 5864 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys
17:05:04.0073 5864 BTHPORT - ok
17:05:04.0183 5864 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys
17:05:04.0183 5864 BTHUSB - ok
17:05:04.0323 5864 BTWAMPFL (8767c8b416b6d583881f0fd7a0555135) C:\Windows\system32\DRIVERS\btwampfl.sys
17:05:04.0323 5864 BTWAMPFL - ok
17:05:04.0443 5864 btwaudio (ab95865207e68fe9245ba942ae20d09a) C:\Windows\system32\drivers\btwaudio.sys
17:05:04.0453 5864 btwaudio - ok
17:05:04.0583 5864 btwavdt (3cf91081b85241b624876cee7c1f5bbd) C:\Windows\system32\DRIVERS\btwavdt.sys
17:05:04.0583 5864 btwavdt - ok
17:05:04.0733 5864 btwl2cap (b9354f9f111c64f2495b60f1e24cb453) C:\Windows\system32\DRIVERS\btwl2cap.sys
17:05:04.0733 5864 btwl2cap - ok
17:05:04.0803 5864 btwrchid (d08ea90b392c173dce0fdc0370d6bc9c) C:\Windows\system32\DRIVERS\btwrchid.sys
17:05:04.0803 5864 btwrchid - ok
17:05:04.0823 5864 catchme - ok
17:05:04.0893 5864 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
17:05:04.0893 5864 cdfs - ok
17:05:05.0023 5864 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
17:05:05.0023 5864 cdrom - ok
17:05:05.0063 5864 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
17:05:05.0063 5864 circlass - ok
17:05:05.0163 5864 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
17:05:05.0163 5864 CLFS - ok
17:05:05.0303 5864 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
17:05:05.0303 5864 CmBatt - ok
17:05:05.0323 5864 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
17:05:05.0333 5864 cmdide - ok
17:05:05.0443 5864 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
17:05:05.0453 5864 CNG - ok
17:05:05.0573 5864 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
17:05:05.0573 5864 Compbatt - ok
17:05:05.0703 5864 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys
17:05:05.0703 5864 CompositeBus - ok
17:05:05.0833 5864 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
17:05:05.0833 5864 crcdisk - ok
17:05:06.0003 5864 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
17:05:06.0003 5864 DfsC - ok
17:05:06.0123 5864 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
17:05:06.0123 5864 discache - ok
17:05:06.0243 5864 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
17:05:06.0243 5864 Disk - ok
17:05:06.0383 5864 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
17:05:06.0383 5864 drmkaud - ok
17:05:06.0513 5864 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
17:05:06.0523 5864 DXGKrnl - ok
17:05:06.0653 5864 e1yexpress (50ad8fc1dc800ff36087994c8f7fdff2) C:\Windows\system32\DRIVERS\e1y60x64.sys
17:05:06.0653 5864 e1yexpress - ok
17:05:06.0823 5864 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
17:05:06.0853 5864 ebdrv - ok
17:05:06.0983 5864 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
17:05:06.0983 5864 elxstor - ok
17:05:07.0033 5864 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
17:05:07.0033 5864 ErrDev - ok
17:05:07.0133 5864 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
17:05:07.0133 5864 exfat - ok
17:05:07.0243 5864 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
17:05:07.0243 5864 fastfat - ok
17:05:07.0383 5864 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
17:05:07.0383 5864 fdc - ok
17:05:07.0483 5864 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
17:05:07.0483 5864 FileInfo - ok
17:05:07.0543 5864 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
17:05:07.0543 5864 Filetrace - ok
17:05:07.0673 5864 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
17:05:07.0673 5864 flpydisk - ok
17:05:07.0783 5864 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
17:05:07.0783 5864 FltMgr - ok
17:05:07.0903 5864 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
17:05:07.0903 5864 FsDepends - ok
17:05:08.0003 5864 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
17:05:08.0003 5864 Fs_Rec - ok
17:05:08.0133 5864 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
17:05:08.0133 5864 fvevol - ok
17:05:08.0253 5864 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
17:05:08.0253 5864 gagp30kx - ok
17:05:08.0373 5864 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
17:05:08.0373 5864 GEARAspiWDM - ok
17:05:08.0493 5864 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
17:05:08.0503 5864 hcw85cir - ok
17:05:08.0623 5864 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
17:05:08.0623 5864 HdAudAddService - ok
17:05:08.0743 5864 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
17:05:08.0743 5864 HDAudBus - ok
17:05:08.0793 5864 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
17:05:08.0793 5864 HidBatt - ok
17:05:08.0873 5864 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
17:05:08.0873 5864 HidBth - ok
17:05:08.0903 5864 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
17:05:08.0903 5864 HidIr - ok
17:05:09.0023 5864 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
17:05:09.0023 5864 HidUsb - ok
17:05:09.0043 5864 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
17:05:09.0043 5864 HpSAMD - ok
17:05:09.0163 5864 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
17:05:09.0163 5864 HTTP - ok
17:05:09.0293 5864 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
17:05:09.0293 5864 hwpolicy - ok
17:05:09.0423 5864 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
17:05:09.0423 5864 i8042prt - ok
17:05:09.0463 5864 iaStor (d469b77687e12fe43e344806740b624d) C:\Windows\system32\drivers\iaStor.sys
17:05:09.0473 5864 iaStor - ok
17:05:09.0613 5864 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
17:05:09.0613 5864 iaStorV - ok
17:05:09.0663 5864 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
17:05:09.0663 5864 iirsp - ok
17:05:09.0853 5864 IntcAzAudAddService (2cc2f7c5990bb76767038f4b16d17a56) C:\Windows\system32\drivers\RTKVHD64.sys
17:05:09.0873 5864 IntcAzAudAddService - ok
17:05:10.0003 5864 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
17:05:10.0003 5864 intelide - ok
17:05:10.0123 5864 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
17:05:10.0123 5864 intelppm - ok
17:05:10.0243 5864 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:05:10.0243 5864 IpFilterDriver - ok
17:05:10.0253 5864 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
17:05:10.0253 5864 IPMIDRV - ok
17:05:10.0363 5864 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
17:05:10.0373 5864 IPNAT - ok
17:05:10.0513 5864 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
17:05:10.0513 5864 IRENUM - ok
17:05:10.0643 5864 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
17:05:10.0643 5864 isapnp - ok
17:05:10.0663 5864 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
17:05:10.0673 5864 iScsiPrt - ok
17:05:10.0783 5864 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
17:05:10.0783 5864 kbdclass - ok
17:05:10.0813 5864 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
17:05:10.0813 5864 kbdhid - ok
17:05:10.0923 5864 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
17:05:10.0933 5864 KSecDD - ok
17:05:11.0033 5864 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
17:05:11.0043 5864 KSecPkg - ok
17:05:11.0143 5864 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
17:05:11.0143 5864 ksthunk - ok
17:05:11.0293 5864 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
17:05:11.0293 5864 lltdio - ok
17:05:11.0413 5864 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
17:05:11.0413 5864 LSI_FC - ok
17:05:11.0443 5864 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
17:05:11.0443 5864 LSI_SAS - ok
17:05:11.0553 5864 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
17:05:11.0553 5864 LSI_SAS2 - ok
17:05:11.0673 5864 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
17:05:11.0673 5864 LSI_SCSI - ok
17:05:11.0803 5864 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
17:05:11.0803 5864 luafv - ok
17:05:11.0913 5864 mcdbus (79d51e7f5926e8ce1b3ebecebae28cff) C:\Windows\system32\DRIVERS\mcdbus.sys
17:05:11.0923 5864 mcdbus - ok
17:05:11.0953 5864 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
17:05:11.0953 5864 megasas - ok
17:05:12.0093 5864 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
17:05:12.0093 5864 MegaSR - ok
17:05:12.0223 5864 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys
17:05:12.0223 5864 MEIx64 - ok
17:05:12.0403 5864 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
17:05:12.0403 5864 Modem - ok
17:05:12.0433 5864 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
17:05:12.0433 5864 monitor - ok
17:05:12.0483 5864 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
17:05:12.0483 5864 mouclass - ok
17:05:12.0574 5864 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
17:05:12.0574 5864 mouhid - ok
17:05:12.0684 5864 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
17:05:12.0684 5864 mountmgr - ok
17:05:12.0704 5864 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
17:05:12.0704 5864 mpio - ok
17:05:12.0734 5864 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
17:05:12.0744 5864 mpsdrv - ok
17:05:12.0834 5864 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
17:05:12.0834 5864 MRxDAV - ok
17:05:12.0864 5864 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
17:05:12.0874 5864 mrxsmb - ok
17:05:12.0954 5864 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:05:12.0964 5864 mrxsmb10 - ok
17:05:12.0994 5864 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:05:12.0994 5864 mrxsmb20 - ok
17:05:13.0094 5864 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
17:05:13.0094 5864 msahci - ok
17:05:13.0124 5864 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
17:05:13.0134 5864 msdsm - ok
17:05:13.0234 5864 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
17:05:13.0234 5864 Msfs - ok
17:05:13.0274 5864 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
17:05:13.0274 5864 mshidkmdf - ok
17:05:13.0304 5864 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
17:05:13.0304 5864 msisadrv - ok
17:05:13.0384 5864 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
17:05:13.0384 5864 MSKSSRV - ok
17:05:13.0414 5864 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
17:05:13.0414 5864 MSPCLOCK - ok
17:05:13.0464 5864 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
17:05:13.0474 5864 MSPQM - ok
17:05:13.0504 5864 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
17:05:13.0504 5864 MsRPC - ok
17:05:13.0604 5864 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
17:05:13.0604 5864 mssmbios - ok
17:05:13.0644 5864 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
17:05:13.0644 5864 MSTEE - ok
17:05:13.0674 5864 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
17:05:13.0674 5864 MTConfig - ok
17:05:13.0724 5864 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
17:05:13.0724 5864 Mup - ok
17:05:13.0834 5864 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
17:05:13.0834 5864 NativeWifiP - ok
17:05:13.0894 5864 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
17:05:13.0894 5864 NDIS - ok
17:05:13.0994 5864 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
17:05:13.0994 5864 NdisCap - ok
17:05:14.0044 5864 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
17:05:14.0044 5864 NdisTapi - ok
17:05:14.0084 5864 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
17:05:14.0084 5864 Ndisuio - ok
17:05:14.0144 5864 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
17:05:14.0144 5864 NdisWan - ok
17:05:14.0264 5864 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
17:05:14.0264 5864 NDProxy - ok
17:05:14.0304 5864 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
17:05:14.0304 5864 NetBIOS - ok
17:05:14.0354 5864 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
17:05:14.0364 5864 NetBT - ok
17:05:14.0484 5864 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
17:05:14.0484 5864 nfrd960 - ok
17:05:14.0624 5864 NPF (c31fa031335eff434b2d94278e74bcce) C:\Windows\system32\drivers\npf.sys
17:05:14.0624 5864 NPF - ok
17:05:14.0664 5864 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
17:05:14.0664 5864 Npfs - ok
17:05:14.0744 5864 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
17:05:14.0744 5864 nsiproxy - ok
17:05:14.0804 5864 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
17:05:14.0824 5864 Ntfs - ok
17:05:14.0894 5864 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
17:05:14.0894 5864 Null - ok
17:05:14.0934 5864 nusb3hub (158ad24745bd85ba9be3c51c38f48c32) C:\Windows\system32\DRIVERS\nusb3hub.sys
17:05:14.0934 5864 nusb3hub - ok
17:05:15.0014 5864 nusb3xhc (d40a13b2c0891e218f9523b376955db6) C:\Windows\system32\DRIVERS\nusb3xhc.sys
17:05:15.0014 5864 nusb3xhc - ok
17:05:15.0054 5864 NVHDA (f2662fdc20518ee8a8eed4f61ba42349) C:\Windows\system32\drivers\nvhda64v.sys
17:05:15.0054 5864 NVHDA - ok
17:05:15.0364 5864 nvlddmkm (7ab357fadc2046424d7168d12375f7ee) C:\Windows\system32\DRIVERS\nvlddmkm.sys
17:05:15.0614 5864 nvlddmkm - ok
17:05:15.0704 5864 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
17:05:15.0714 5864 nvraid - ok
17:05:15.0824 5864 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
17:05:15.0824 5864 nvstor - ok
17:05:15.0914 5864 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
17:05:15.0914 5864 nv_agp - ok
17:05:15.0954 5864 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
17:05:15.0954 5864 ohci1394 - ok
17:05:16.0074 5864 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
17:05:16.0074 5864 Parport - ok
17:05:16.0104 5864 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
17:05:16.0104 5864 partmgr - ok
17:05:16.0224 5864 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
17:05:16.0234 5864 pci - ok
17:05:16.0274 5864 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
17:05:16.0274 5864 pciide - ok
17:05:16.0374 5864 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
17:05:16.0374 5864 pcmcia - ok
17:05:16.0434 5864 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
17:05:16.0434 5864 pcw - ok
17:05:16.0504 5864 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
17:05:16.0514 5864 PEAUTH - ok
17:05:16.0624 5864 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
17:05:16.0624 5864 PptpMiniport - ok
17:05:16.0644 5864 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
17:05:16.0644 5864 Processor - ok
17:05:16.0754 5864 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
17:05:16.0754 5864 Psched - ok
17:05:16.0894 5864 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
17:05:16.0904 5864 ql2300 - ok
17:05:17.0014 5864 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
17:05:17.0014 5864 ql40xx - ok
17:05:17.0034 5864 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
17:05:17.0034 5864 QWAVEdrv - ok
17:05:17.0144 5864 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
17:05:17.0144 5864 RasAcd - ok
17:05:17.0174 5864 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
17:05:17.0174 5864 RasAgileVpn - ok
17:05:17.0274 5864 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
17:05:17.0274 5864 Rasl2tp - ok
17:05:17.0344 5864 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
17:05:17.0344 5864 RasPppoe - ok
17:05:17.0394 5864 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
17:05:17.0394 5864 RasSstp - ok
17:05:17.0464 5864 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
17:05:17.0464 5864 rdbss - ok
17:05:17.0514 5864 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
17:05:17.0514 5864 rdpbus - ok
17:05:17.0594 5864 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
17:05:17.0594 5864 RDPCDD - ok
17:05:17.0644 5864 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
17:05:17.0644 5864 RDPENCDD - ok
17:05:17.0704 5864 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
17:05:17.0704 5864 RDPREFMP - ok
17:05:17.0744 5864 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
17:05:17.0744 5864 RDPWD - ok
17:05:17.0824 5864 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
17:05:17.0824 5864 rdyboost - ok
17:05:17.0884 5864 regi (4d9afddda0efe97cdbfd3b5fa48b05f6) C:\Windows\system32\drivers\regi.sys
17:05:17.0884 5864 regi - ok
17:05:17.0994 5864 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
17:05:18.0004 5864 RFCOMM - ok
17:05:18.0104 5864 rimspci (ff71ecb1b121c6273ec4c45eddbc4fe4) C:\Windows\system32\DRIVERS\rimssne64.sys
17:05:18.0114 5864 rimspci - ok
17:05:18.0224 5864 risdsnpe (e33075c22c14c57095f037253f936bb8) C:\Windows\system32\DRIVERS\risdsnxc64.sys
17:05:18.0224 5864 risdsnpe - ok
17:05:18.0384 5864 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
17:05:18.0384 5864 rspndr - ok
17:05:18.0434 5864 RTL8167 (4fe1cef69d36e913738234303986fbb3) C:\Windows\system32\DRIVERS\Rt64win7.sys
17:05:18.0434 5864 RTL8167 - ok
17:05:18.0564 5864 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
17:05:18.0574 5864 sbp2port - ok
17:05:18.0594 5864 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
17:05:18.0594 5864 scfilter - ok
17:05:18.0694 5864 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\DRIVERS\sdbus.sys
17:05:18.0694 5864 sdbus - ok
17:05:18.0814 5864 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
17:05:18.0824 5864 secdrv - ok
17:05:18.0954 5864 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
17:05:18.0954 5864 Serenum - ok
17:05:19.0054 5864 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
17:05:19.0054 5864 Serial - ok
17:05:19.0094 5864 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
17:05:19.0094 5864 sermouse - ok
17:05:19.0224 5864 SFEP (286d3889e6ab5589646ff8a63cb928ae) C:\Windows\system32\DRIVERS\SFEP.sys
17:05:19.0234 5864 SFEP - ok
17:05:19.0254 5864 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
17:05:19.0254 5864 sffdisk - ok
17:05:19.0344 5864 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
17:05:19.0344 5864 sffp_mmc - ok
17:05:19.0364 5864 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
17:05:19.0364 5864 sffp_sd - ok
17:05:19.0474 5864 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
17:05:19.0474 5864 sfloppy - ok
17:05:19.0604 5864 Sftfs (d5183ed285d2795491dc15bddcbee5ad) C:\Windows\system32\DRIVERS\Sftfslh.sys
17:05:19.0614 5864 Sftfs - ok
17:05:19.0734 5864 Sftplay (00f118b68c50d2206dd51634f9142b83) C:\Windows\system32\DRIVERS\Sftplaylh.sys
17:05:19.0734 5864 Sftplay - ok
17:05:19.0824 5864 Sftredir (76a827df5640bfe16a0cdbb4108adeca) C:\Windows\system32\DRIVERS\Sftredirlh.sys
17:05:19.0824 5864 Sftredir - ok
17:05:19.0934 5864 Sftvol (1b4c9701645086bab8cafffce30ed284) C:\Windows\system32\DRIVERS\Sftvollh.sys
17:05:19.0934 5864 Sftvol - ok
17:05:20.0054 5864 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
17:05:20.0054 5864 SiSRaid2 - ok
17:05:20.0084 5864 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
17:05:20.0084 5864 SiSRaid4 - ok
17:05:20.0184 5864 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
17:05:20.0184 5864 Smb - ok
17:05:20.0304 5864 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
17:05:20.0304 5864 spldr - ok
17:05:20.0354 5864 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
17:05:20.0354 5864 srv - ok
17:05:20.0434 5864 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
17:05:20.0434 5864 srv2 - ok
17:05:20.0484 5864 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
17:05:20.0494 5864 srvnet - ok
17:05:20.0664 5864 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
17:05:20.0664 5864 stexstor - ok
17:05:20.0694 5864 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
17:05:20.0694 5864 swenum - ok
17:05:20.0844 5864 SynTP (b0c7d4dcf4800df2f2145b500d0161e8) C:\Windows\system32\DRIVERS\SynTP.sys
17:05:20.0854 5864 SynTP - ok
17:05:20.0984 5864 Tcpip (f0e98c00a09fdf791525829a1d14240f) C:\Windows\system32\drivers\tcpip.sys
17:05:21.0004 5864 Tcpip - ok
17:05:21.0134 5864 TCPIP6 (f0e98c00a09fdf791525829a1d14240f) C:\Windows\system32\DRIVERS\tcpip.sys
17:05:21.0144 5864 TCPIP6 - ok
17:05:21.0234 5864 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
17:05:21.0234 5864 tcpipreg - ok
17:05:21.0274 5864 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
17:05:21.0274 5864 TDPIPE - ok
17:05:21.0314 5864 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
17:05:21.0324 5864 TDTCP - ok
17:05:21.0344 5864 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
17:05:21.0344 5864 tdx - ok
17:05:21.0374 5864 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys
17:05:21.0374 5864 TermDD - ok
17:05:21.0464 5864 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
17:05:21.0464 5864 tssecsrv - ok
17:05:21.0474 5864 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
17:05:21.0474 5864 TsUsbFlt - ok
17:05:21.0554 5864 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
17:05:21.0554 5864 TsUsbGD - ok
17:05:21.0584 5864 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
17:05:21.0584 5864 tunnel - ok
17:05:21.0674 5864 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
17:05:21.0674 5864 uagp35 - ok
17:05:21.0694 5864 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
17:05:21.0694 5864 udfs - ok
17:05:21.0794 5864 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
17:05:21.0794 5864 uliagpkx - ok
17:05:21.0814 5864 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
17:05:21.0814 5864 umbus - ok
17:05:21.0924 5864 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
17:05:21.0924 5864 UmPass - ok
17:05:22.0034 5864 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
17:05:22.0034 5864 USBAAPL64 - ok
17:05:22.0084 5864 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
17:05:22.0094 5864 usbccgp - ok
17:05:22.0194 5864 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
17:05:22.0194 5864 usbcir - ok
17:05:22.0254 5864 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
17:05:22.0254 5864 usbehci - ok
17:05:22.0344 5864 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
17:05:22.0354 5864 usbhub - ok
17:05:22.0454 5864 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
17:05:22.0454 5864 usbohci - ok
17:05:22.0494 5864 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\drivers\usbprint.sys
17:05:22.0494 5864 usbprint - ok
17:05:22.0595 5864 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:05:22.0595 5864 USBSTOR - ok
17:05:22.0715 5864 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
17:05:22.0715 5864 usbuhci - ok
17:05:22.0835 5864 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
17:05:22.0835 5864 usbvideo - ok
17:05:22.0985 5864 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
17:05:22.0995 5864 vdrvroot - ok
17:05:23.0105 5864 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
17:05:23.0105 5864 vga - ok
17:05:23.0135 5864 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
17:05:23.0135 5864 VgaSave - ok
17:05:23.0235 5864 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
17:05:23.0245 5864 vhdmp - ok
17:05:23.0345 5864 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
17:05:23.0345 5864 viaide - ok
17:05:23.0395 5864 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
17:05:23.0395 5864 volmgr - ok
17:05:23.0415 5864 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
17:05:23.0415 5864 volmgrx - ok
17:05:23.0525 5864 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
17:05:23.0525 5864 volsnap - ok
17:05:23.0645 5864 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
17:05:23.0645 5864 vsmraid - ok
17:05:23.0705 5864 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
17:05:23.0715 5864 vwifibus - ok
17:05:23.0785 5864 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
17:05:23.0785 5864 vwififlt - ok
17:05:23.0895 5864 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
17:05:23.0895 5864 vwifimp - ok
17:05:23.0925 5864 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
17:05:23.0925 5864 WacomPen - ok
17:05:24.0025 5864 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
17:05:24.0025 5864 WANARP - ok
17:05:24.0025 5864 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
17:05:24.0025 5864 Wanarpv6 - ok
17:05:24.0145 5864 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
17:05:24.0145 5864 Wd - ok
17:05:24.0215 5864 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
17:05:24.0225 5864 Wdf01000 - ok
17:05:24.0445 5864 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
17:05:24.0445 5864 WfpLwf - ok
17:05:24.0505 5864 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
17:05:24.0505 5864 WIMMount - ok
17:05:24.0595 5864 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
17:05:24.0595 5864 WinUsb - ok
17:05:24.0715 5864 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
17:05:24.0715 5864 WmiAcpi - ok
17:05:24.0745 5864 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
17:05:24.0745 5864 ws2ifsl - ok
17:05:24.0845 5864 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
17:05:24.0845 5864 WudfPf - ok
17:05:24.0945 5864 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
17:05:24.0955 5864 WUDFRd - ok
17:05:24.0985 5864 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
17:05:25.0035 5864 \Device\Harddisk0\DR0 - ok
17:05:25.0045 5864 Boot (0x1200) (c1261acf5f5cd2c11a94a48c216cf0d0) \Device\Harddisk0\DR0\Partition0
17:05:25.0045 5864 \Device\Harddisk0\DR0\Partition0 - ok
17:05:25.0055 5864 Boot (0x1200) (5e021f24cdbc0b1bc8d25a19fe6dccee) \Device\Harddisk0\DR0\Partition1
17:05:25.0055 5864 \Device\Harddisk0\DR0\Partition1 - ok
17:05:25.0055 5864 ============================================================
17:05:25.0055 5864 Scan finished
17:05:25.0055 5864 ============================================================
17:05:25.0065 5136 Detected object count: 0
17:05:25.0065 5136 Actual detected object count: 0

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:08 PM

Posted 12 January 2012 - 08:50 PM

Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure "Include All Files" option remains checked.
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 ArKain

ArKain
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:09:08 AM

Posted 12 January 2012 - 09:02 PM

I couldn't find the "include all files" option

Farbar Service Scanner
Ran by ArKain (administrator) on 12-01-2012 at 18:00:34
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.


Windows Firewall:
=============
MpsSvc Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open MpsSvc registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open MpsSvc registry key. The service key does not exist.
Checking ServiceDll: Attention! Unable to open MpsSvc registry key. The service key does not exist.

mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.


Firewall Disabled Policy:
==================


System Restore:
============
SDRSVC Service is not running. Checking service configuration:
The start type of SDRSVC service is OK.
The ImagePath of SDRSVC service is OK.
The ServiceDll of SDRSVC service is OK.

VSS Service is not running. Checking service configuration:
The start type of VSS service is OK.
The ImagePath of VSS service is OK.


System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
===========

File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:08 PM

Posted 12 January 2012 - 09:18 PM

Download both the registry files

http://www.mediafire.com/?317ea53a883288d

http://www.mediafire.com/?z6aw8j7997qa7j9

Launch and import them to registry

Restart your PC

Now,open RUN and type

regedit and click ok

go to

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE

Right click on it-permissions

Click on ADD and type

Everyone and click ok

Now Click on Everyone

Below you have permission for users

Select full control and click ok

Now,open RUN and type

services.msc and click ok

start base filtering engine service and then windows firewall service
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 ArKain

ArKain
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:09:08 AM

Posted 12 January 2012 - 09:53 PM

Done, however both windows firewall and BFE were already started when I opened up services. I restarted both of them, but I recieved an error message from BFE the first time, the next time I tried it, the error did not come up again.

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:08 PM

Posted 12 January 2012 - 10:11 PM

How is the computer running at this time?

gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 ArKain

ArKain
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:09:08 AM

Posted 12 January 2012 - 10:13 PM

It seems to be fine so far, I'll post again if the issues come up again.

#12 ArKain

ArKain
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:09:08 AM

Posted 12 January 2012 - 10:36 PM

Everything looks good, thanks for all the help!

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:08 PM

Posted 12 January 2012 - 11:39 PM

Hello

:P2P Warning!:

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
Once upon a time, P2P file sharing was fairly safe. That is no longer true. P2P programs form a direct conduit on to your computer, their security measures are easily circumvented and malware writers are increasingly exploiting them to spread their wares on to your computer. Further to that, if your P2P program is not configured correctly, your computer may be sharing more files than you realise. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.

FBI Cyber Education Letter
File sharing infects 500,000 computers
USAToday
infoworld


These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

1. click on start
2. then go to settings
3. after that you need control panel
4. look for the icon add/remove programs
click on the following programs

Ask Toolbar
BitTorrent
Java™ 6 Update 22


and click on remove



Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

TFC(Temp File Cleaner):

  • Please download TFC to your desktop,
  • Save any unsaved work. TFC will close all open application windows.
  • Double-click TFC.exe to run the program.
  • If prompted, click "Yes" to reboot.
Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. Only if needed will you be prompted to reboot.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 ArKain

ArKain
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:09:08 AM

Posted 13 January 2012 - 03:02 AM

MBAM

Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.11.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
ArKain :: 282819 [administrator]

1/12/2012 11:08:05 PM
mbam-log-2012-01-12 (23-08-05).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 391140
Time elapsed: 36 minute(s), 47 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 3
C:\Qoobox\Quarantine\C\WINDOWS\assembly\temp\kwrd.dll.vir (PUP.BitMiner) -> Quarantined and deleted successfully.
C:\Users\ArKain\Documents\75816WMTf.exe (Trojan.FakeMS) -> Quarantined and deleted successfully.
C:\Users\ArKain\Documents\P7Ur7.exe (Trojan.FakeMS) -> Quarantined and deleted successfully.

(end)

------------------------------------------------------------------
hijack this

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:55:17 PM, on 1/12/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\BOINC\boincmgr.exe
C:\Program Files (x86)\BOINC\boinctray.exe
C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\MagicDisc\MagicDisc.exe
C:\Program Files (x86)\Ask.com\Updater\Updater.exe
C:\Program Files (x86)\Trend Micro\RUBotted\RUBottedGUI.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Windows\SysWOW64\RunDll32.exe
C:\Program Files\Sony\VAIO Care\listener.exe
C:\Program Files (x86)\DDNi\Oasis\VAIO Messenger.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ca.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
O3 - Toolbar: Dictionary.com Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [boincmgr] "C:\Program Files (x86)\BOINC\boincmgr.exe" /a /s
O4 - HKLM\..\Run: [boinctray] "C:\Program Files (x86)\BOINC\boinctray.exe"
O4 - HKLM\..\Run: [ISBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"
O4 - HKLM\..\Run: [PMBVolumeWatcher] c:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
O4 - HKLM\..\Run: [Trend Micro RUBotted V2.0 Beta] C:\Program Files (x86)\Trend Micro\RUBotted\RUBottedGUI.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-21-1207031487-2560531184-2246663981-1000\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'boinc_master')
O4 - HKUS\S-1-5-21-1207031487-2560531184-2246663981-1000\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'boinc_master')
O4 - Startup: MagicDisc.lnk = C:\Program Files (x86)\MagicDisc\MagicDisc.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Free YouTube Download - C:\Users\ArKain\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\ArKain\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: WORLDC~1|World Community Grid (BOINC) - World Community Grid - C:\Program Files (x86)\BOINC\boinc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: Oasis2Service - Unknown owner - C:\Program Files (x86)\DDNi\Oasis2Service\Oasis2Service.exe
O23 - Service: PMBDeviceInfoProvider - Sony Corporation - c:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files (x86)\WinPcap\rpcapd.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: Trend Micro RUBotted Service (RUBotSrv) - Trend Micro Inc. - C:\Program Files (x86)\Trend Micro\RUBotted\RUBotSrv.exe
O23 - Service: VAIO Care Performance Service (SampleCollector) - Sony Corporation - C:\Program Files\Sony\VAIO Care\VCPerfService.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: VAIO Content Importer (SOHCImp) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe
O23 - Service: VAIO Device Searcher (SOHDs) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe
O23 - Service: VAIO Entertainment Common Service (SpfService) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: CamMonitor (uCamMonitor) - ArcSoft, Inc. - C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Power Management - Sony Corporation - C:\Program Files\Sony\VAIO Power Management\SPMService.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: VAIO Content Folder Watcher (VCFw) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
O23 - Service: VAIO Content Metadata Intelligent Analyzing Manager (VcmIAlzMgr) - Sony Corporation - C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
O23 - Service: VAIO Content Metadata Intelligent Network Service Manager (VcmINSMgr) - Sony Corporation - C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe
O23 - Service: VAIO Content Metadata XML Interface (VcmXmlIfHelper) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe
O23 - Service: VCService - Sony Corporation - C:\Program Files\Sony\VAIO Care\VCService.exe
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: VSNService - Sony Corporation - C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: VUAgent - Sony Corporation - C:\Program Files\Sony\VAIO Update 5\VUAgent.exe
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 14324 bytes


Hi, sorry for the late reply, those scans took a while.
The computer seems to be running fine, however I still need to ipconfig /release and ipconfig /renew every time on start up to get internet access

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:08 PM

Posted 13 January 2012 - 03:18 AM

Hello

Lets check your internet connection

Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure "Include All Files" option remains checked.
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users