Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan horse crypt.anvh


  • This topic is locked This topic is locked
44 replies to this topic

#1 Bcalvo34

Bcalvo34

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:11:50 PM

Posted 20 January 2012 - 01:37 PM

I was browsing online when AVG popped up saying I had this virus and it couldn't be removed because it was "Whitelisted" or something similar to that. Any help would be greatly appreciated.
Thanks in advance,
Bobby

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_23
Run by Bobby at 11:40:10 on 2012-01-20
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.2814.1627 [GMT -5:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {61CDFD9D-3CAC-9270-C6FC-52325ACB795B}
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\Explorer.EXE
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\dlcxcoms.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\lxcfcoms.exe
C:\Program Files\TOSHIBA\RSelect\RSelSvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\TOSHIBA\TECO\TecoService.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\TECO\TEco.exe
C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Windows\WindowsMobile\wmdcBase.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe
C:\Program Files\Dell Photo AIO Printer 926\memcard.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Cricket Broadband Connect\AvqAutorun.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Windows\System32\StikyNot.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\taskhost.exe
C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServer.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Cricket Broadband Connect\mPhonetools.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
uSearch Bar =
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2818425
uSearch Page =
mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
mStart Page = hxxp://search.foxtab.com/?s=0&chnl=dcom&cd=2XzutBtN2Y1L1QzuyB0AzztDtBtDtDtDtDtBtDtDzztCzztD0BtN0D0TzutBtDtCtCtDzztCtB&cr=1698242508
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
uURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: {3041D03E-FD4B-44E0-B742-2D9B88305F98} - No File
TB: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
uRun: [RESTART_STICKY_NOTES] c:\windows\system32\StikyNot.exe
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [Advanced SystemCare 5] "c:\program files\iobit\advanced systemcare 5\ASCTray.exe" /AutoStart
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe
mRun: [Skytel] c:\program files\realtek\audio\hda\Skytel.exe
mRun: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
mRun: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
mRun: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
mRun: [Teco] "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r
mRun: [ToshibaServiceStation] "c:\program files\toshiba\toshiba service station\ToshibaServiceStation.exe" /hide:60
mRun: [TosSENotify] c:\program files\toshiba\toshiba hdd ssd alert\TosSENotify.exe
mRun: [TPCHWMsg] %ProgramFiles%\TOSHIBA\TPHM\TPCHWMsg.exe
mRun: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
mRun: [Windows Mobile-based device management] %WINDIR%\WindowsMobile\wmdcBase.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [LXCFCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\LXCFtime.dll,RunDLLEntry
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [dlcxmon.exe] "c:\program files\dell photo aio printer 926\dlcxmon.exe"
mRun: [MemoryCardManager] "c:\program files\dell photo aio printer 926\memcard.exe"
mRun: [DLCXCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\DLCXtime.dll,_RunDLLEntry@16
mRun: [B2C_AGENT] c:\programdata\lgmobileax\b2c_client\B2CNotiAgent.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [{F9AA8FE2-E89A-E99B-E8b8-E9AE9B9ABA99}] "c:\program files\cricket broadband connect\avqautorun.exe" "c:\program files\cricket broadband connect\mPhonetools.exe" /OnPlug=%s
mRun: [InstaLAN] "c:\program files\belkin\router setup and monitor\BelkinRouterMonitor.exe" startup
mRun: [cfFncEnabler.exe] "c:\program files\toshiba\configfree\cfFncEnabler.exe"
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
dRunOnce: [AutoLaunch] c:\program files\lavasoft\ad-aware\AutoLaunch.exe monthly
StartupFolder: c:\users\bobby\appdata\roaming\micros~1\windows\startm~1\programs\startup\magicd~1.lnk - c:\program files\magicdisc\MagicDisc.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
TCP: Interfaces\{088DA8B7-60F0-4414-8B20-E0AB3E65F932} : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{088DA8B7-60F0-4414-8B20-E0AB3E65F932}\16C6B6472796F6030333 : DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{088DA8B7-60F0-4414-8B20-E0AB3E65F932}\24F6262697 : DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{088DA8B7-60F0-4414-8B20-E0AB3E65F932}\4475C416E6 : DhcpNameServer = 67.222.123.14 67.222.123.2 67.222.123.6
TCP: Interfaces\{088DA8B7-60F0-4414-8B20-E0AB3E65F932}\5593334473 : DhcpNameServer = 192.168.1.1 68.237.161.12
TCP: Interfaces\{088DA8B7-60F0-4414-8B20-E0AB3E65F932}\95F657027796C6C602265602841636B6564612 : DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{088DA8B7-60F0-4414-8B20-E0AB3E65F932}\B416C65696461675966496 : DhcpNameServer = 208.69.84.9 199.33.170.169
TCP: Interfaces\{088DA8B7-60F0-4414-8B20-E0AB3E65F932}\C696E6B6379737F5F475F56303131383 : DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{2F0080EB-642E-4C58-8EDD-FC93B424608D} : DhcpNameServer = 172.16.202.215 172.16.202.215
TCP: Interfaces\{41038CAB-9161-4C36-AAA0-5DBE858A2E67} : NameServer = 10.133.20.11 10.132.20.11
TCP: Interfaces\{55A30E48-C84D-40D1-8AEF-A0B2422CB07C} : DhcpNameServer = 192.168.50.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\bobby\appdata\roaming\mozilla\firefox\profiles\rt46dl2y.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2818425&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - vshare.tv Bar Customized Web Search
FF - prefs.js: browser.startup.homepage - Www.google.com
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2818425&SearchSource=2&q=
FF - prefs.js: network.proxy.type - 0
FF - component: c:\program files\avg\avg10\firefox4\components\avgssff4.dll
FF - component: c:\users\bobby\appdata\roaming\mozilla\firefox\profiles\rt46dl2y.default\extensions\{c2f863cd-0429-48c7-bb54-db756a951760}\components\MailUtil.dll
FF - component: c:\users\bobby\appdata\roaming\mozilla\firefox\profiles\rt46dl2y.default\extensions\piclens@cooliris.com\components\cooliris.dll
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\picasa2\npPicasa2.dll
FF - plugin: c:\program files\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\users\bobby\appdata\roaming\move networks\plugins\npqmp071503000010.dll
FF - plugin: c:\windows\system32\wat\npWatWeb.dll
.
---- FIREFOX POLICIES ----

============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-7-11 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-9-13 32592]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-9-13 64160]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-10-7 230608]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-8-8 40016]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-7-11 295248]
R1 RtlProt;Realtke RtlProt WLAN Utility Protocol Driver;c:\windows\system32\drivers\RtlProt.sys [2009-8-24 25896]
R2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files\iobit\advanced systemcare 5\ASCService.exe [2011-12-19 494424]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-8-18 176128]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\AVGIDSAgent.exe [2011-10-12 4433248]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776]
R2 dlcx_device;dlcx_device;c:\windows\system32\dlcxcoms.exe -service --> c:\windows\system32\dlcxcoms.exe -service [?]
R2 RSELSVC;TOSHIBA Modem region select service;c:\program files\toshiba\rselect\RSelSvc.exe [2009-2-19 57344]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\toshiba\teco\TecoService.exe [2009-4-14 176128]
R2 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\toshiba\toshiba hdd ssd alert\TosSmartSrv.exe [2009-3-17 73728]
R2 TPCHSrv;TPCH Service;c:\program files\toshiba\tphm\TPCHSrv.exe [2009-4-9 656752]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\drivers\TVALZFL.sys [2009-3-20 12920]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-7-11 134736]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-7-11 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-10-4 16720]
R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [2009-5-3 7168]
R3 PTUMWBus;PANTECH USB Modem V2 Composite Device Driver;c:\windows\system32\drivers\PTUMWBus.sys [2009-10-21 54416]
R3 PTUMWFLT;PTUMWNET Filter Driver;c:\windows\system32\drivers\PTUMWFLT.sys [2009-10-21 12048]
R3 PTUMWMdm;PANTECH USB Modem V2 Modem Driver;c:\windows\system32\drivers\PTUMWMdm.sys [2009-10-21 160400]
R3 PTUMWNET;PANTECH USB Modem V2 WWAN Driver;c:\windows\system32\drivers\PTUMWNET.sys [2009-10-21 114192]
R3 PTUMWVsp;PANTECH USB Modem V2 Diagnostic Port;c:\windows\system32\drivers\PTUMWVsp.sys [2009-10-21 160400]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-11-5 230912]
R3 TMachInfo;TMachInfo;c:\program files\toshiba\toshiba service station\TMachInfo.exe [2009-9-11 54136]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 GoogleDesktopManager-092308-165331;Google Desktop Manager 5.8.809.23506;c:\program files\google\google desktop search\GoogleDesktop.exe [2009-5-3 30192]
S3 L6TPortB;Service - Line 6 TonePort UX2;c:\windows\system32\drivers\L6TPortB.sys [2009-4-29 531456]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-12-19 20464]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-1-12 40776]
S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [2011-5-10 18432]
S3 PTUMWCDF;PANTECH USB Modem V2 Installation CD;c:\windows\system32\drivers\PTUMWCDF.sys [2009-10-21 22032]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2011-6-6 15872]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-6-6 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-3-5 1343400]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
S4 ConfigFree Service;ConfigFree Service;c:\program files\toshiba\configfree\CFSvcs.exe [2009-3-10 46448]
S4 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-7-3 1036104]
S4 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-12-28 652872]
S4 Roxio UPnP Renderer 11;Roxio UPnP Renderer 11;"c:\program files\roxio creator 2009 ultimate\digital home 11\roxioupnprenderer11.exe" --> c:\program files\roxio creator 2009 ultimate\digital home 11\RoxioUPnPRenderer11.exe [?]
S4 WDDMService;WDDMService;c:\program files\western digital\wd smartware\wd drive manager\WDDMService.exe [2010-9-8 237056]
S4 WDFME;WD File Management Engine;c:\program files\western digital\wd smartware\front parlor\wdfme\WDFME.exe [2010-9-8 1034752]
S4 WDSC;WD File Management Shadow Engine;c:\program files\western digital\wd smartware\front parlor\WDSC.exe [2010-9-8 484352]
.
=============== Created Last 30 ================
.
2012-01-17 02:48:56 -------- d-----w- c:\users\bobby\appdata\roaming\Guitar Pro 6
2012-01-17 02:48:56 -------- d-----w- c:\programdata\Guitar Pro 6
2012-01-17 02:36:46 -------- d-----w- c:\program files\Guitar Pro 6
2012-01-16 16:31:48 -------- d--h--w- C:\$AVG
2012-01-13 00:32:04 -------- d-----w- c:\users\bobby\appdata\roaming\AVG2012
2012-01-12 21:45:35 -------- d-s---w- C:\ComboFix
2012-01-12 21:38:10 98816 ----a-w- c:\windows\sed.exe
2012-01-12 21:38:10 518144 ----a-w- c:\windows\SWREG.exe
2012-01-12 21:38:10 256000 ----a-w- c:\windows\PEV.exe
2012-01-12 21:38:10 208896 ----a-w- c:\windows\MBR.exe
2012-01-12 15:46:39 224768 ----a-w- c:\windows\system32\schannel.dll
2012-01-12 15:46:39 134000 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-01-12 15:46:38 67440 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-01-12 15:46:38 369352 ----a-w- c:\windows\system32\drivers\cng.sys
2012-01-12 15:46:38 314880 ----a-w- c:\windows\system32\webio.dll
2012-01-12 15:46:38 22528 ----a-w- c:\windows\system32\lsass.exe
2012-01-12 15:46:38 22016 ----a-w- c:\windows\system32\secur32.dll
2012-01-12 15:46:38 15872 ----a-w- c:\windows\system32\sspisrv.dll
2012-01-12 15:46:38 1038848 ----a-w- c:\windows\system32\lsasrv.dll
2012-01-12 15:46:38 100352 ----a-w- c:\windows\system32\sspicli.dll
2012-01-12 05:56:46 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-01-12 05:25:15 6055 ----a-w- c:\users\bobby\Far.Bat
2012-01-12 05:11:25 1288472 ----a-w- c:\windows\system32\ntdll.dll
2012-01-12 05:10:29 876 ----a-w- c:\users\bobby\exe.reg
2012-01-11 16:07:23 67072 ----a-w- c:\windows\system32\packager.dll
2012-01-11 16:07:22 514560 ----a-w- c:\windows\system32\qdvd.dll
2012-01-11 16:07:22 1328128 ----a-w- c:\windows\system32\quartz.dll
2012-01-05 14:37:57 548864 ----a-w- c:\program files\mozilla firefox\msvcp80.dll
2012-01-05 14:37:57 479232 ----a-w- c:\program files\mozilla firefox\msvcm80.dll
2012-01-05 14:37:57 43992 ----a-w- c:\program files\mozilla firefox\mozutils.dll
2012-01-05 14:37:56 626688 ----a-w- c:\program files\mozilla firefox\msvcr80.dll
2012-01-03 13:22:02 103864 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll
2012-01-03 13:22:02 103864 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
.
==================== Find3M ====================
.
2011-12-10 20:24:06 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-24 04:25:27 2342912 ----a-w- c:\windows\system32\win32k.sys
2011-11-11 16:30:35 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-05 04:35:00 981504 ----a-w- c:\windows\system32\wininet.dll
2011-11-05 04:26:03 2048 ----a-w- c:\windows\system32\tzres.dll
2011-11-05 02:48:51 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-10-26 04:47:40 3967856 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-10-26 04:47:40 3912560 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-26 04:28:12 38912 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-24 19:29:02 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-10-24 19:29:02 69632 ----a-w- c:\windows\system32\QuickTime.qts
.
============= FINISH: 11:41:17.76 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:50 AM

Posted 24 January 2012 - 01:07 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.
  • Do not run any other tool untill instructed to do so!


Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 Bcalvo34

Bcalvo34
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:11:50 PM

Posted 24 January 2012 - 01:01 PM

Gringo, first off, thank you for helping me out.
So when I tried to run Combofix it told me that AVG was running even though I followed the instructions to disable it. I started Combofix at 11:27 A.M. and at 12:15 p.m. I got the following error message: Freeware implementation of XCACLS has stopped working. I let it run for another 45 minutes or so before restarting my system as it seemed like the program stopped working. When it rebooted I received an error message saying that the Recycling Bin was corrupted.
What's next?
-Bobby

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:50 AM

Posted 25 January 2012 - 05:57 AM

Hello

I want you to run this tool for me next.

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 Bcalvo34

Bcalvo34
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:11:50 PM

Posted 25 January 2012 - 11:11 AM

I ran tdsskiller are you said, here is the report:

11:08:46.0284 5208 TDSS rootkit removing tool 2.7.7.0 Jan 24 2012 16:44:27
11:08:47.0212 5208 ============================================================
11:08:47.0212 5208 Current date / time: 2012/01/25 11:08:47.0212
11:08:47.0212 5208 SystemInfo:
11:08:47.0213 5208
11:08:47.0213 5208 OS Version: 6.1.7601 ServicePack: 1.0
11:08:47.0213 5208 Product type: Workstation
11:08:47.0213 5208 ComputerName: BOBBY-LAPTOP
11:08:47.0213 5208 UserName: Bobby
11:08:47.0214 5208 Windows directory: C:\Windows
11:08:47.0214 5208 System windows directory: C:\Windows
11:08:47.0214 5208 Processor architecture: Intel x86
11:08:47.0214 5208 Number of processors: 2
11:08:47.0214 5208 Page size: 0x1000
11:08:47.0214 5208 Boot type: Normal boot
11:08:47.0214 5208 ============================================================
11:08:48.0881 5208 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
11:08:48.0922 5208 Initialize success
11:08:56.0849 3596 ============================================================
11:08:56.0849 3596 Scan started
11:08:56.0849 3596 Mode: Manual;
11:08:56.0849 3596 ============================================================
11:09:01.0744 3596 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
11:09:01.0752 3596 1394ohci - ok
11:09:01.0785 3596 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
11:09:01.0789 3596 ACPI - ok
11:09:01.0934 3596 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
11:09:01.0938 3596 AcpiPmi - ok
11:09:01.0996 3596 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
11:09:02.0008 3596 adp94xx - ok
11:09:02.0173 3596 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
11:09:02.0182 3596 adpahci - ok
11:09:02.0208 3596 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
11:09:02.0214 3596 adpu320 - ok
11:09:02.0377 3596 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
11:09:02.0386 3596 AFD - ok
11:09:02.0482 3596 AgereSoftModem (7e10e3bb9b258ad8a9300f91214d67b9) C:\Windows\system32\DRIVERS\AGRSM.sys
11:09:02.0504 3596 AgereSoftModem - ok
11:09:02.0648 3596 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
11:09:02.0653 3596 agp440 - ok
11:09:02.0711 3596 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
11:09:02.0716 3596 aic78xx - ok
11:09:02.0864 3596 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
11:09:02.0868 3596 aliide - ok
11:09:02.0940 3596 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
11:09:02.0944 3596 amdagp - ok
11:09:02.0970 3596 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
11:09:02.0973 3596 amdide - ok
11:09:03.0130 3596 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
11:09:03.0135 3596 AmdK8 - ok
11:09:03.0167 3596 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
11:09:03.0168 3596 AmdPPM - ok
11:09:03.0307 3596 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
11:09:03.0311 3596 amdsata - ok
11:09:03.0362 3596 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
11:09:03.0368 3596 amdsbs - ok
11:09:03.0514 3596 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
11:09:03.0518 3596 amdxata - ok
11:09:03.0532 3596 Andbus - ok
11:09:03.0550 3596 AndDiag - ok
11:09:03.0563 3596 AndGps - ok
11:09:03.0576 3596 ANDModem - ok
11:09:03.0594 3596 androidusb - ok
11:09:03.0636 3596 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
11:09:03.0640 3596 AppID - ok
11:09:03.0800 3596 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
11:09:03.0804 3596 arc - ok
11:09:03.0825 3596 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
11:09:03.0829 3596 arcsas - ok
11:09:03.0986 3596 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
11:09:03.0989 3596 AsyncMac - ok
11:09:04.0032 3596 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
11:09:04.0034 3596 atapi - ok
11:09:04.0312 3596 atikmdag (04f09923a393e4e0e8453a8f78361e73) C:\Windows\system32\DRIVERS\atikmdag.sys
11:09:04.0432 3596 atikmdag - ok
11:09:04.0577 3596 AtiPcie (5a1465ad2e7c1bc39cda12a355329096) C:\Windows\system32\DRIVERS\AtiPcie.sys
11:09:04.0580 3596 AtiPcie - ok
11:09:04.0778 3596 AVGIDSDriver (f6878b90a8a9795116bce335238e65af) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
11:09:04.0784 3596 AVGIDSDriver - ok
11:09:04.0936 3596 AVGIDSEH (19a08a6728a6e02099d64268218cd799) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
11:09:04.0940 3596 AVGIDSEH - ok
11:09:04.0959 3596 AVGIDSFilter (f8927ab1dd086edeff2924a64dc89869) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
11:09:04.0964 3596 AVGIDSFilter - ok
11:09:05.0113 3596 AVGIDSShim (dadca567891033dcf2ec4a3f9da46ae4) C:\Windows\system32\DRIVERS\AVGIDSShim.Sys
11:09:05.0116 3596 AVGIDSShim - ok
11:09:05.0285 3596 Avgldx86 (bf8118cd5e2255387b715b534d64acd1) C:\Windows\system32\DRIVERS\avgldx86.sys
11:09:05.0292 3596 Avgldx86 - ok
11:09:05.0443 3596 Avgmfx86 (1c77ef67f196466adc9924cb288afe87) C:\Windows\system32\DRIVERS\avgmfx86.sys
11:09:05.0447 3596 Avgmfx86 - ok
11:09:05.0606 3596 Avgrkx86 (f2038ed7284b79dcef581468121192a9) C:\Windows\system32\DRIVERS\avgrkx86.sys
11:09:05.0610 3596 Avgrkx86 - ok
11:09:05.0638 3596 Avgtdix (a6d562b612216d8d02a35ebeb92366bd) C:\Windows\system32\DRIVERS\avgtdix.sys
11:09:05.0646 3596 Avgtdix - ok
11:09:05.0830 3596 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
11:09:05.0842 3596 b06bdrv - ok
11:09:05.0996 3596 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
11:09:06.0004 3596 b57nd60x - ok
11:09:06.0046 3596 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
11:09:06.0050 3596 Beep - ok
11:09:06.0203 3596 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
11:09:06.0207 3596 blbdrive - ok
11:09:06.0255 3596 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
11:09:06.0259 3596 bowser - ok
11:09:06.0403 3596 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
11:09:06.0407 3596 BrFiltLo - ok
11:09:06.0430 3596 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
11:09:06.0433 3596 BrFiltUp - ok
11:09:06.0590 3596 BridgeMP (77361d72a04f18809d0efb6cceb74d4b) C:\Windows\system32\DRIVERS\bridge.sys
11:09:06.0595 3596 BridgeMP - ok
11:09:06.0631 3596 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
11:09:06.0638 3596 Brserid - ok
11:09:06.0787 3596 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
11:09:06.0791 3596 BrSerWdm - ok
11:09:06.0823 3596 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
11:09:06.0826 3596 BrUsbMdm - ok
11:09:06.0983 3596 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
11:09:06.0986 3596 BrUsbSer - ok
11:09:07.0021 3596 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
11:09:07.0026 3596 BTHMODEM - ok
11:09:07.0144 3596 catchme - ok
11:09:07.0267 3596 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
11:09:07.0271 3596 cdfs - ok
11:09:07.0346 3596 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\DRIVERS\cdrom.sys
11:09:07.0350 3596 cdrom - ok
11:09:07.0490 3596 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
11:09:07.0494 3596 circlass - ok
11:09:07.0567 3596 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
11:09:07.0575 3596 CLFS - ok
11:09:07.0708 3596 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
11:09:07.0711 3596 CmBatt - ok
11:09:07.0812 3596 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
11:09:07.0816 3596 cmdide - ok
11:09:07.0901 3596 CNG (6427525d76f61d0c519b008d3680e8e7) C:\Windows\system32\Drivers\cng.sys
11:09:07.0912 3596 CNG - ok
11:09:08.0020 3596 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
11:09:08.0023 3596 Compbatt - ok
11:09:08.0102 3596 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
11:09:08.0106 3596 CompositeBus - ok
11:09:08.0229 3596 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
11:09:08.0233 3596 crcdisk - ok
11:09:08.0330 3596 CSC (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys
11:09:08.0342 3596 CSC - ok
11:09:08.0476 3596 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
11:09:08.0480 3596 discache - ok
11:09:08.0527 3596 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
11:09:08.0570 3596 Disk - ok
11:09:08.0716 3596 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
11:09:08.0720 3596 drmkaud - ok
11:09:08.0847 3596 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
11:09:08.0863 3596 DXGKrnl - ok
11:09:09.0067 3596 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
11:09:09.0166 3596 ebdrv - ok
11:09:09.0345 3596 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
11:09:09.0358 3596 elxstor - ok
11:09:09.0496 3596 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
11:09:09.0500 3596 ErrDev - ok
11:09:09.0583 3596 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
11:09:09.0589 3596 exfat - ok
11:09:09.0744 3596 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
11:09:09.0750 3596 fastfat - ok
11:09:09.0788 3596 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
11:09:09.0792 3596 fdc - ok
11:09:09.0966 3596 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
11:09:09.0970 3596 FileInfo - ok
11:09:10.0001 3596 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
11:09:10.0004 3596 Filetrace - ok
11:09:10.0161 3596 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
11:09:10.0166 3596 flpydisk - ok
11:09:10.0202 3596 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
11:09:10.0208 3596 FltMgr - ok
11:09:10.0373 3596 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
11:09:10.0377 3596 FsDepends - ok
11:09:10.0414 3596 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
11:09:10.0418 3596 Fs_Rec - ok
11:09:10.0575 3596 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
11:09:10.0581 3596 fvevol - ok
11:09:10.0638 3596 FwLnk (cbc22823628544735625b280665e434e) C:\Windows\system32\DRIVERS\FwLnk.sys
11:09:10.0643 3596 FwLnk - ok
11:09:10.0808 3596 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
11:09:10.0813 3596 gagp30kx - ok
11:09:10.0850 3596 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
11:09:10.0855 3596 GEARAspiWDM - ok
11:09:11.0026 3596 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
11:09:11.0031 3596 hcw85cir - ok
11:09:11.0083 3596 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
11:09:11.0086 3596 HDAudBus - ok
11:09:11.0302 3596 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
11:09:11.0355 3596 HidBatt - ok
11:09:11.0385 3596 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
11:09:11.0391 3596 HidBth - ok
11:09:11.0554 3596 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
11:09:11.0559 3596 HidIr - ok
11:09:11.0637 3596 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys
11:09:11.0641 3596 HidUsb - ok
11:09:11.0810 3596 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
11:09:11.0815 3596 HpSAMD - ok
11:09:11.0878 3596 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
11:09:11.0893 3596 HTTP - ok
11:09:12.0045 3596 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
11:09:12.0048 3596 hwpolicy - ok
11:09:12.0105 3596 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
11:09:12.0110 3596 i8042prt - ok
11:09:12.0256 3596 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
11:09:12.0266 3596 iaStorV - ok
11:09:12.0332 3596 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
11:09:12.0334 3596 iirsp - ok
11:09:12.0566 3596 IntcAzAudAddService (3d40dd1831ed82a9ff660949506aad56) C:\Windows\system32\drivers\RTKVHDA.sys
11:09:12.0638 3596 IntcAzAudAddService - ok
11:09:12.0794 3596 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
11:09:12.0798 3596 intelide - ok
11:09:12.0853 3596 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
11:09:12.0857 3596 intelppm - ok
11:09:13.0024 3596 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
11:09:13.0047 3596 IpFilterDriver - ok
11:09:13.0116 3596 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
11:09:13.0121 3596 IPMIDRV - ok
11:09:13.0291 3596 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
11:09:13.0297 3596 IPNAT - ok
11:09:13.0490 3596 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
11:09:13.0495 3596 IRENUM - ok
11:09:13.0548 3596 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
11:09:13.0552 3596 isapnp - ok
11:09:13.0718 3596 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
11:09:13.0726 3596 iScsiPrt - ok
11:09:13.0761 3596 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys
11:09:13.0764 3596 kbdclass - ok
11:09:13.0906 3596 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys
11:09:13.0911 3596 kbdhid - ok
11:09:13.0955 3596 KSecDD (f4647bb23db9038a7536cf6b68f4207f) C:\Windows\system32\Drivers\ksecdd.sys
11:09:13.0957 3596 KSecDD - ok
11:09:14.0096 3596 KSecPkg (e73cae53bbb72ba26918492c6b4c229d) C:\Windows\system32\Drivers\ksecpkg.sys
11:09:14.0102 3596 KSecPkg - ok
11:09:14.0169 3596 L6TPortB (8b70e4e9ee5fccdab0919aa6d58be6ec) C:\Windows\system32\Drivers\L6TPortB.sys
11:09:14.0275 3596 L6TPortB - ok
11:09:14.0458 3596 Lbd (419590ebe7855215bb157ea0cf0d0531) C:\Windows\system32\DRIVERS\Lbd.sys
11:09:14.0463 3596 Lbd - ok
11:09:14.0647 3596 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
11:09:14.0651 3596 lltdio - ok
11:09:14.0829 3596 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
11:09:14.0834 3596 LSI_FC - ok
11:09:14.0864 3596 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
11:09:14.0867 3596 LSI_SAS - ok
11:09:15.0024 3596 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
11:09:15.0029 3596 LSI_SAS2 - ok
11:09:15.0085 3596 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
11:09:15.0090 3596 LSI_SCSI - ok
11:09:15.0241 3596 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
11:09:15.0246 3596 luafv - ok
11:09:15.0401 3596 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\Windows\system32\drivers\mbam.sys
11:09:15.0405 3596 MBAMProtector - ok
11:09:15.0456 3596 MBAMSwissArmy (0db7527db188c7d967a37bb51bbf3963) C:\Windows\system32\drivers\mbamswissarmy.sys
11:09:15.0458 3596 MBAMSwissArmy - ok
11:09:15.0595 3596 mcdbus (8fd868e32459ece2a1bb0169f513d31e) C:\Windows\system32\DRIVERS\mcdbus.sys
11:09:15.0621 3596 mcdbus - ok
11:09:15.0679 3596 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
11:09:15.0682 3596 megasas - ok
11:09:15.0828 3596 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
11:09:15.0836 3596 MegaSR - ok
11:09:15.0875 3596 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
11:09:15.0876 3596 Modem - ok
11:09:16.0026 3596 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
11:09:16.0029 3596 monitor - ok
11:09:16.0073 3596 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
11:09:16.0077 3596 mouclass - ok
11:09:16.0225 3596 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
11:09:16.0229 3596 mouhid - ok
11:09:16.0283 3596 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
11:09:16.0287 3596 mountmgr - ok
11:09:16.0439 3596 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
11:09:16.0445 3596 mpio - ok
11:09:16.0493 3596 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
11:09:16.0498 3596 mpsdrv - ok
11:09:16.0643 3596 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
11:09:16.0649 3596 MRxDAV - ok
11:09:16.0719 3596 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
11:09:16.0724 3596 mrxsmb - ok
11:09:16.0875 3596 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
11:09:16.0884 3596 mrxsmb10 - ok
11:09:16.0954 3596 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
11:09:16.0959 3596 mrxsmb20 - ok
11:09:17.0122 3596 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
11:09:17.0126 3596 msahci - ok
11:09:17.0196 3596 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
11:09:17.0202 3596 msdsm - ok
11:09:17.0379 3596 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
11:09:17.0383 3596 Msfs - ok
11:09:17.0408 3596 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
11:09:17.0411 3596 mshidkmdf - ok
11:09:17.0560 3596 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
11:09:17.0564 3596 msisadrv - ok
11:09:17.0625 3596 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
11:09:17.0627 3596 MSKSSRV - ok
11:09:17.0782 3596 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
11:09:17.0786 3596 MSPCLOCK - ok
11:09:17.0813 3596 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
11:09:17.0817 3596 MSPQM - ok
11:09:17.0980 3596 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
11:09:17.0986 3596 MsRPC - ok
11:09:18.0043 3596 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
11:09:18.0046 3596 mssmbios - ok
11:09:18.0204 3596 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
11:09:18.0208 3596 MSTEE - ok
11:09:18.0232 3596 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
11:09:18.0236 3596 MTConfig - ok
11:09:18.0395 3596 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
11:09:18.0399 3596 Mup - ok
11:09:18.0448 3596 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
11:09:18.0454 3596 NativeWifiP - ok
11:09:18.0618 3596 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
11:09:18.0633 3596 NDIS - ok
11:09:18.0768 3596 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
11:09:18.0773 3596 NdisCap - ok
11:09:18.0804 3596 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
11:09:18.0808 3596 NdisTapi - ok
11:09:18.0864 3596 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
11:09:18.0868 3596 Ndisuio - ok
11:09:19.0035 3596 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
11:09:19.0042 3596 NdisWan - ok
11:09:19.0233 3596 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
11:09:19.0237 3596 NDProxy - ok
11:09:19.0416 3596 Netaapl (1352e1648213551923a0a822e441553c) C:\Windows\system32\DRIVERS\netaapl.sys
11:09:19.0421 3596 Netaapl - ok
11:09:19.0481 3596 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
11:09:19.0486 3596 NetBIOS - ok
11:09:19.0660 3596 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
11:09:19.0667 3596 NetBT - ok
11:09:19.0862 3596 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
11:09:19.0867 3596 nfrd960 - ok
11:09:19.0932 3596 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
11:09:19.0936 3596 Npfs - ok
11:09:20.0106 3596 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
11:09:20.0109 3596 nsiproxy - ok
11:09:20.0203 3596 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
11:09:20.0226 3596 Ntfs - ok
11:09:20.0382 3596 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
11:09:20.0386 3596 Null - ok
11:09:20.0454 3596 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
11:09:20.0460 3596 nvraid - ok
11:09:20.0610 3596 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
11:09:20.0616 3596 nvstor - ok
11:09:20.0649 3596 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
11:09:20.0654 3596 nv_agp - ok
11:09:20.0814 3596 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
11:09:20.0819 3596 ohci1394 - ok
11:09:20.0912 3596 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
11:09:20.0914 3596 Parport - ok
11:09:21.0077 3596 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys
11:09:21.0081 3596 partmgr - ok
11:09:21.0139 3596 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
11:09:21.0144 3596 Parvdm - ok
11:09:21.0308 3596 PCASp50 (1961590aa191b6b7dcf18a6a693af7b8) C:\Windows\system32\Drivers\PCASp50.sys
11:09:21.0313 3596 PCASp50 - ok
11:09:21.0383 3596 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
11:09:21.0388 3596 pci - ok
11:09:21.0534 3596 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
11:09:21.0538 3596 pciide - ok
11:09:21.0601 3596 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
11:09:21.0607 3596 pcmcia - ok
11:09:21.0753 3596 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\Windows\system32\Drivers\pcouffin.sys
11:09:21.0759 3596 pcouffin - ok
11:09:21.0834 3596 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
11:09:21.0839 3596 pcw - ok
11:09:22.0014 3596 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
11:09:22.0028 3596 PEAUTH - ok
11:09:22.0278 3596 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
11:09:22.0283 3596 PptpMiniport - ok
11:09:22.0317 3596 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
11:09:22.0322 3596 Processor - ok
11:09:22.0495 3596 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
11:09:22.0500 3596 Psched - ok
11:09:22.0557 3596 PTUMWBus (31152d655189703dec05d7d585281ab3) C:\Windows\system32\DRIVERS\PTUMWBus.sys
11:09:22.0560 3596 PTUMWBus - ok
11:09:22.0703 3596 PTUMWCDF (a6db8c48a70db6dbe730ac4c93e28f7d) C:\Windows\system32\DRIVERS\PTUMWCDF.sys
11:09:22.0706 3596 PTUMWCDF - ok
11:09:22.0761 3596 PTUMWFLT (154abe6f191c1a235ffb8dcc305f7955) C:\Windows\system32\DRIVERS\PTUMWFLT.sys
11:09:22.0762 3596 PTUMWFLT - ok
11:09:22.0925 3596 PTUMWMdm (3f3f7a22242d179146237cdda5023b31) C:\Windows\system32\DRIVERS\PTUMWMdm.sys
11:09:22.0929 3596 PTUMWMdm - ok
11:09:23.0098 3596 PTUMWNET (caed59c03a6eaf40d9a8bfeed537800c) C:\Windows\system32\DRIVERS\PTUMWNET.sys
11:09:23.0102 3596 PTUMWNET - ok
11:09:23.0258 3596 PTUMWVsp (9236328954fcaa0a1c895297bd1efe3a) C:\Windows\system32\DRIVERS\PTUMWVsp.sys
11:09:23.0262 3596 PTUMWVsp - ok
11:09:23.0340 3596 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\Windows\system32\Drivers\PxHelp20.sys
11:09:23.0344 3596 PxHelp20 - ok
11:09:23.0535 3596 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
11:09:23.0564 3596 ql2300 - ok
11:09:23.0727 3596 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
11:09:23.0733 3596 ql40xx - ok
11:09:23.0777 3596 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
11:09:23.0779 3596 QWAVEdrv - ok
11:09:23.0951 3596 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
11:09:23.0955 3596 RasAcd - ok
11:09:24.0019 3596 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
11:09:24.0023 3596 RasAgileVpn - ok
11:09:24.0198 3596 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
11:09:24.0205 3596 Rasl2tp - ok
11:09:24.0382 3596 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
11:09:24.0387 3596 RasPppoe - ok
11:09:24.0421 3596 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
11:09:24.0426 3596 RasSstp - ok
11:09:24.0599 3596 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
11:09:24.0608 3596 rdbss - ok
11:09:24.0665 3596 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
11:09:24.0669 3596 rdpbus - ok
11:09:24.0822 3596 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
11:09:24.0825 3596 RDPCDD - ok
11:09:24.0904 3596 RDPDR (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys
11:09:24.0911 3596 RDPDR - ok
11:09:25.0089 3596 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
11:09:25.0092 3596 RDPENCDD - ok
11:09:25.0127 3596 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
11:09:25.0128 3596 RDPREFMP - ok
11:09:25.0184 3596 RdpVideoMiniport (68a0387f58e226deee23d9715955572a) C:\Windows\system32\drivers\rdpvideominiport.sys
11:09:25.0189 3596 RdpVideoMiniport - ok
11:09:25.0351 3596 RDPWD (288b06960d78428ff89e811632684e20) C:\Windows\system32\drivers\RDPWD.sys
11:09:25.0358 3596 RDPWD - ok
11:09:25.0419 3596 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
11:09:25.0427 3596 rdyboost - ok
11:09:25.0608 3596 RimVSerPort (d9b34325ee5df78b8f28a3de9f577c7d) C:\Windows\system32\DRIVERS\RimSerial.sys
11:09:25.0613 3596 RimVSerPort - ok
11:09:25.0822 3596 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
11:09:25.0826 3596 rspndr - ok
11:09:25.0876 3596 RTL8167 (bcebd5d1aabce4efb7597635e347c44b) C:\Windows\system32\DRIVERS\Rt86win7.sys
11:09:25.0916 3596 RTL8167 - ok
11:09:26.0108 3596 RTL8169 (470253597930e765dd08b30e723c1fa2) C:\Windows\system32\DRIVERS\Rtlh86.sys
11:09:26.0115 3596 RTL8169 - ok
11:09:26.0176 3596 RTL8187Se (e48daf453d773a89a44134ce4ba9af44) C:\Windows\system32\DRIVERS\RTL8187Se.sys
11:09:26.0187 3596 RTL8187Se - ok
11:09:26.0340 3596 RtlProt (0d60b8c10a2c5e8dd620b3fdeb1cda64) C:\Windows\system32\DRIVERS\rtlprot.sys
11:09:26.0344 3596 RtlProt - ok
11:09:26.0393 3596 RTSTOR (f5825e41286556ddb8cc83a91d88f3c6) C:\Windows\system32\drivers\RTSTOR.SYS
11:09:26.0398 3596 RTSTOR - ok
11:09:26.0553 3596 s3cap (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys
11:09:26.0558 3596 s3cap - ok
11:09:26.0617 3596 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
11:09:26.0620 3596 sbp2port - ok
11:09:26.0766 3596 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
11:09:26.0771 3596 scfilter - ok
11:09:26.0835 3596 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
11:09:26.0838 3596 secdrv - ok
11:09:26.0947 3596 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
11:09:26.0949 3596 Serenum - ok
11:09:27.0053 3596 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
11:09:27.0058 3596 Serial - ok
11:09:27.0191 3596 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
11:09:27.0195 3596 sermouse - ok
11:09:27.0273 3596 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
11:09:27.0276 3596 sffdisk - ok
11:09:27.0367 3596 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
11:09:27.0371 3596 sffp_mmc - ok
11:09:27.0486 3596 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
11:09:27.0490 3596 sffp_sd - ok
11:09:27.0572 3596 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
11:09:27.0576 3596 sfloppy - ok
11:09:27.0712 3596 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
11:09:27.0717 3596 sisagp - ok
11:09:27.0822 3596 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
11:09:27.0827 3596 SiSRaid2 - ok
11:09:27.0930 3596 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
11:09:27.0935 3596 SiSRaid4 - ok
11:09:28.0030 3596 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
11:09:28.0035 3596 Smb - ok
11:09:28.0096 3596 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
11:09:28.0099 3596 spldr - ok
11:09:28.0246 3596 sptd (c4bb8a12843d9cbb65f5ff617f389bbd) C:\Windows\system32\Drivers\sptd.sys
11:09:28.0248 3596 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: c4bb8a12843d9cbb65f5ff617f389bbd
11:09:28.0262 3596 sptd ( LockedFile.Multi.Generic ) - warning
11:09:28.0262 3596 sptd - detected LockedFile.Multi.Generic (1)
11:09:28.0372 3596 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
11:09:28.0382 3596 srv - ok
11:09:28.0494 3596 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
11:09:28.0504 3596 srv2 - ok
11:09:28.0597 3596 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
11:09:28.0604 3596 srvnet - ok
11:09:28.0728 3596 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
11:09:28.0731 3596 stexstor - ok
11:09:28.0815 3596 storflt (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys
11:09:28.0819 3596 storflt - ok
11:09:28.0929 3596 storvsc (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys
11:09:28.0935 3596 storvsc - ok
11:09:29.0001 3596 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
11:09:29.0004 3596 swenum - ok
11:09:29.0109 3596 swmsflt (eda7336cd2e334b4db321bc60b7da11e) C:\Windows\System32\drivers\swmsflt.sys
11:09:29.0113 3596 swmsflt - ok
11:09:29.0204 3596 Synth3dVsc - ok
11:09:29.0299 3596 SynTP (8fe2c9649ffe62143965f8d16b08be28) C:\Windows\system32\DRIVERS\SynTP.sys
11:09:29.0307 3596 SynTP - ok
11:09:29.0422 3596 Tcpip (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\drivers\tcpip.sys
11:09:29.0445 3596 Tcpip - ok
11:09:29.0615 3596 TCPIP6 (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\DRIVERS\tcpip.sys
11:09:29.0625 3596 TCPIP6 - ok
11:09:29.0778 3596 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
11:09:29.0782 3596 tcpipreg - ok
11:09:29.0828 3596 tdcmdpst (6fdfba25002ce4bac463ac866ae71405) C:\Windows\system32\DRIVERS\tdcmdpst.sys
11:09:29.0830 3596 tdcmdpst - ok
11:09:29.0986 3596 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
11:09:29.0990 3596 TDPIPE - ok
11:09:30.0030 3596 TDTCP (2c10395baa4847f83042813c515cc289) C:\Windows\system32\drivers\tdtcp.sys
11:09:30.0032 3596 TDTCP - ok
11:09:30.0194 3596 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
11:09:30.0197 3596 tdx - ok
11:09:30.0219 3596 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
11:09:30.0223 3596 TermDD - ok
11:09:30.0491 3596 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
11:09:30.0497 3596 tssecsrv - ok
11:09:30.0557 3596 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
11:09:30.0561 3596 TsUsbFlt - ok
11:09:30.0678 3596 tsusbhub - ok
11:09:30.0747 3596 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
11:09:30.0754 3596 tunnel - ok
11:09:30.0812 3596 TVALZ (792a8b80f8188aba4b2be271583f3e46) C:\Windows\system32\DRIVERS\TVALZ_O.SYS
11:09:30.0814 3596 TVALZ - ok
11:09:30.0968 3596 TVALZFL (009aecd4c19209b09669a6615ea1e889) C:\Windows\system32\DRIVERS\TVALZFL.sys
11:09:30.0973 3596 TVALZFL - ok
11:09:31.0043 3596 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
11:09:31.0048 3596 uagp35 - ok
11:09:31.0220 3596 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
11:09:31.0229 3596 udfs - ok
11:09:31.0314 3596 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
11:09:31.0317 3596 uliagpkx - ok
11:09:31.0448 3596 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys
11:09:31.0453 3596 umbus - ok
11:09:31.0510 3596 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
11:09:31.0514 3596 UmPass - ok
11:09:31.0601 3596 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
11:09:31.0605 3596 USBAAPL - ok
11:09:31.0752 3596 usbaudio (1d9f2bd026e8e2d45033a4df3f16b78c) C:\Windows\system32\drivers\usbaudio.sys
11:09:31.0758 3596 usbaudio - ok
11:09:31.0782 3596 usbbus - ok
11:09:31.0824 3596 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
11:09:31.0828 3596 usbccgp - ok
11:09:32.0012 3596 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
11:09:32.0018 3596 usbcir - ok
11:09:32.0041 3596 UsbDiag - ok
11:09:32.0076 3596 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys
11:09:32.0078 3596 usbehci - ok
11:09:32.0194 3596 UsbGps - ok
11:09:32.0258 3596 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
11:09:32.0262 3596 usbhub - ok
11:09:32.0285 3596 USBModem - ok
11:09:32.0326 3596 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\DRIVERS\usbohci.sys
11:09:32.0329 3596 usbohci - ok
11:09:32.0477 3596 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
11:09:32.0482 3596 usbprint - ok
11:09:32.0543 3596 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
11:09:32.0546 3596 usbscan - ok
11:09:32.0705 3596 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
11:09:32.0709 3596 USBSTOR - ok
11:09:32.0746 3596 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\drivers\usbuhci.sys
11:09:32.0749 3596 usbuhci - ok
11:09:32.0895 3596 usb_rndisx (d82f43d15fdaa666856c0190cb73e7c9) C:\Windows\system32\DRIVERS\usb8023x.sys
11:09:32.0900 3596 usb_rndisx - ok
11:09:32.0998 3596 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
11:09:33.0002 3596 vdrvroot - ok
11:09:33.0181 3596 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
11:09:33.0185 3596 vga - ok
11:09:33.0229 3596 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
11:09:33.0232 3596 VgaSave - ok
11:09:33.0344 3596 VGPU - ok
11:09:33.0418 3596 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
11:09:33.0423 3596 vhdmp - ok
11:09:33.0459 3596 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
11:09:33.0463 3596 viaagp - ok
11:09:33.0612 3596 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
11:09:33.0617 3596 ViaC7 - ok
11:09:33.0677 3596 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
11:09:33.0681 3596 viaide - ok
11:09:33.0838 3596 vmbus (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys
11:09:33.0845 3596 vmbus - ok
11:09:33.0885 3596 VMBusHID (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys
11:09:33.0888 3596 VMBusHID - ok
11:09:34.0033 3596 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
11:09:34.0038 3596 volmgr - ok
11:09:34.0110 3596 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
11:09:34.0119 3596 volmgrx - ok
11:09:34.0287 3596 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
11:09:34.0295 3596 volsnap - ok
11:09:34.0362 3596 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
11:09:34.0370 3596 vsmraid - ok
11:09:34.0530 3596 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
11:09:34.0535 3596 vwifibus - ok
11:09:34.0600 3596 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
11:09:34.0603 3596 WacomPen - ok
11:09:34.0658 3596 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
11:09:34.0670 3596 WANARP - ok
11:09:34.0683 3596 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
11:09:34.0686 3596 Wanarpv6 - ok
11:09:34.0923 3596 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
11:09:34.0927 3596 Wd - ok
11:09:35.0011 3596 WDC_SAM (d6efaf429fd30c5df613d220e344cce7) C:\Windows\system32\DRIVERS\wdcsam.sys
11:09:35.0015 3596 WDC_SAM - ok
11:09:35.0243 3596 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
11:09:35.0276 3596 Wdf01000 - ok
11:09:35.0436 3596 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
11:09:35.0440 3596 WfpLwf - ok
11:09:35.0569 3596 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
11:09:35.0575 3596 WIMMount - ok
11:09:35.0721 3596 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys
11:09:35.0723 3596 WinUsb - ok
11:09:35.0852 3596 WmBEnum (5d410936831f7fb58eff941eac3f6d3d) C:\Windows\system32\drivers\WmBEnum.sys
11:09:35.0856 3596 WmBEnum - ok
11:09:35.0922 3596 WmFilter (7a13cfde92956ca61a0927d766c5ad4f) C:\Windows\system32\drivers\WmFilter.sys
11:09:35.0925 3596 WmFilter - ok
11:09:35.0979 3596 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
11:09:35.0982 3596 WmiAcpi - ok
11:09:36.0148 3596 WmVirHid (6f04646bc690f8bbfc344be32a60796d) C:\Windows\system32\drivers\WmVirHid.sys
11:09:36.0152 3596 WmVirHid - ok
11:09:36.0222 3596 WmXlCore (1d6ca43d562333f4dfb40bcef2453f3a) C:\Windows\system32\drivers\WmXlCore.sys
11:09:36.0226 3596 WmXlCore - ok
11:09:36.0374 3596 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
11:09:36.0376 3596 ws2ifsl - ok
11:09:36.0494 3596 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
11:09:36.0499 3596 WudfPf - ok
11:09:36.0610 3596 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
11:09:36.0615 3596 WUDFRd - ok
11:09:36.0721 3596 xusb21 (a640c90b007762939507c28a021be3b3) C:\Windows\system32\DRIVERS\xusb21.sys
11:09:36.0724 3596 xusb21 - ok
11:09:36.0837 3596 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
11:09:36.0900 3596 \Device\Harddisk0\DR0 - ok
11:09:36.0909 3596 Boot (0x1200) (b73803a06e65d40eccbe3117e877e3ba) \Device\Harddisk0\DR0\Partition0
11:09:36.0910 3596 \Device\Harddisk0\DR0\Partition0 - ok
11:09:36.0916 3596 ============================================================
11:09:36.0916 3596 Scan finished
11:09:36.0916 3596 ============================================================
11:09:36.0942 1204 Detected object count: 1
11:09:36.0942 1204 Actual detected object count: 1
11:09:49.0528 1204 sptd ( LockedFile.Multi.Generic ) - skipped by user
11:09:49.0528 1204 sptd ( LockedFile.Multi.Generic ) - User select action: Skip

Thank you,
Bobby

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:50 AM

Posted 25 January 2012 - 11:26 AM

Hello

This is the tool I would like you to try and run next.

Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 Bcalvo34

Bcalvo34
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:11:50 PM

Posted 25 January 2012 - 01:19 PM

Gringo,
While running this I got a warning from AVG saying that C:\Windows\system32\drivers\dfsc.sys was infected. I didn't have that before. Did I catch something new?
-Bobby

aswMBR version 0.9.9.1509 Copyright© 2011 AVAST Software
Run date: 2012-01-25 12:33:15
-----------------------------
12:33:15.885 OS Version: Windows 6.1.7601 Service Pack 1
12:33:15.885 Number of processors: 2 586 0x301
12:33:15.888 ComputerName: BOBBY-LAPTOP UserName: Bobby
12:33:17.240 Initialize success
12:51:32.656 AVAST engine defs: 12012500
13:07:38.112 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1
13:07:38.118 Disk 0 Vendor: Hitachi_HTS545025B9A300 PB2OC64G Size: 238475MB BusType: 3
13:07:38.137 Disk 0 MBR read successfully
13:07:38.144 Disk 0 MBR scan
13:07:38.157 Disk 0 Windows 7 default MBR code
13:07:38.169 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
13:07:38.186 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 228018 MB offset 3074048
13:07:38.225 Disk 0 Partition 3 00 17 Hidd HPFS/NTFS NTFS 8956 MB offset 470054912
13:07:38.243 Disk 0 scanning sectors +488396800
13:07:38.324 Disk 0 scanning C:\Windows\system32\drivers
13:07:44.189 File: C:\Windows\system32\drivers\dfsc.sys **INFECTED** Win32:Aluroot-B [Rtk]
13:07:58.543 Disk 0 trace - called modules:
13:07:58.626 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll >>UNKNOWN [0x853c41f8]<<
13:07:58.996 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x861f6460]
13:07:59.013 3 CLASSPNP.SYS[8b1a259e] -> nt!IofCallDriver -> [0x85376918]
13:07:59.029 5 ACPI.sys[8ab483d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-1[0x861ef030]
13:07:59.043 \Driver\atapi[0x860cacc8] -> IRP_MJ_CREATE -> 0x853c41f8
13:08:00.474 AVAST engine scan C:\Windows
13:08:03.851 File: C:\Windows\PEV.exe **INFECTED** Win32:Rootkit-gen [Rtk]
13:08:08.696 AVAST engine scan C:\Windows\system32
13:11:23.391 AVAST engine scan C:\Windows\system32\drivers
13:11:26.556 File: C:\Windows\system32\drivers\dfsc.sys **INFECTED** Win32:Aluroot-B [Rtk]
13:11:43.338 AVAST engine scan C:\Users\Bobby
13:17:21.951 Disk 0 MBR has been saved successfully to "C:\Users\Bobby\Desktop\MBR.dat"
13:17:21.966 The log file has been saved successfully to "C:\Users\Bobby\Desktop\aswMBR.txt"

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:50 AM

Posted 25 January 2012 - 04:07 PM

Hello

AVG is reporting it now because ASWMbr scanned it

SystemLook:

Please download SystemLook from one of the links below and save it to your Desktop.

Download Mirror #1
Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
:filefind
dfsc.sys
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 Bcalvo34

Bcalvo34
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:11:50 PM

Posted 25 January 2012 - 04:25 PM

Gringo,
The original virus popped up again in AVG, the one I originally had posted about.
SystemLook 30.07.11 by jpshortstuff
Log created at 16:22 on 25/01/2012 by Bobby
Administrator - Elevation successful

========== filefind ==========

Searching for "dfsc.sys"
C:\Windows\System32\drivers\dfsc.sys --a---- 78336 bytes [23:48 06/06/2011] [08:42 20/11/2010] 1BA7C1909F8374302DC422A4C4D3BC2A

-= EOF =-
Thank You,
Bobby

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:50 AM

Posted 25 January 2012 - 07:04 PM

Hello


do you have access to another windows 7 32BIT computer



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 Bcalvo34

Bcalvo34
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:11:50 PM

Posted 26 January 2012 - 11:09 AM

Gringo,
I may have access, let me check.
Thanks again for your help,
-Bobby

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:50 AM

Posted 26 January 2012 - 11:15 AM

:thumbup2:
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 Bcalvo34

Bcalvo34
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:11:50 PM

Posted 26 January 2012 - 12:24 PM

I will have access to a Windows7 32 bit system later tonight, what should I do?
-Bobby

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:50 AM

Posted 26 January 2012 - 12:41 PM

Hello


I want you to copy this file C:\Windows\System32\drivers\dfsc.sys to a pen drive and move it to the infected computer

and then open my computer
open the C drive
copy the file over to the c drive

C:\dfsc.sys


after this is complete run system look like you did before


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 Bcalvo34

Bcalvo34
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:11:50 PM

Posted 26 January 2012 - 10:56 PM

I don't have access to a Windows7 32 bit system. I can get a 64bit system though, is that ok?
-Bobby




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users