Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Desktop and Start menu are empty


  • This topic is locked This topic is locked
49 replies to this topic

#1 LoLo123

LoLo123

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:05:24 PM

Posted 24 January 2012 - 04:09 PM

My Desktop and start menu have nothing in them. It wants me to think everything is gone but I can see my files are still there. It also has made a lot of my files and folders hidden and keeps changing the setting so that I can’t see hidden files. Every time I make a breakthrough it eventually goes back.

Microsoft Security Essentials has found and “cleaned”
trojan: win32/alureon.fl
trojan: dos/alureon.a
exploit: java/cve-2011-3544.n
settings modifier: Win32/PossibleHostsFileHijack

I have run Malwarebytes a few times, it is no longer finding anything. TDSSKiller has yet to find anything. But everything is still very wrong. I have saved logs from what I have run.

I am running Windows Vista.

Please help!

Thank you in advance.

BC AdBot (Login to Remove)

 


#2 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,577 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:24 AM

Posted 24 January 2012 - 04:34 PM

Hello,Please follow the instructions in ==>This Guide<== starting at step 6. If you cannot complete a step, skip it and continue.Once the proper logs are created, then post them in a reply to this topic by using the Add Reply button.If you can produce at least some of the logs, then please create the post and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the reply and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.Please note that I am not a member of the Malware Removal Team and will not be assisting you in removing the infection. I'm simply helping you to post the information they need in order to assist you.If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#3 LoLo123

LoLo123
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:05:24 PM

Posted 25 January 2012 - 11:03 PM

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.19170
Run by Lora at 21:07:21 on 2012-01-25
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2939.1718 [GMT -6:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\RtkAudioService.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
C:\Windows\system32\PSIService.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
C:\Program Files\ArcSoft\Magic-i Visual Effects\uCamMonitor.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Sony\VAIO Power Management\SPMService.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Windows\system32\igfxext.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\Windows\system32\igfxsrvc.exe
c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\rundll32.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Apoint\Apoint.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\LP\80A6\DBA.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\mobsync.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
\\?\C:\Windows\system32\wbem\WMIADAP.EXE
c:\Program Files\Microsoft Security Client\Antimalware\MpCmdRun.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
.
============== Pseudo HJT Report ===============
.
uDefault_Page_URL = hxxp://www.msn.com
uInternet Settings,ProxyOverride = *.local
uInternet Settings,ProxyServer = http=127.0.0.1:54040
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Canon Easy-WebPrint EX BHO: {3785d0ad-bfff-47f6-bf5b-a587c162fed9} - c:\program files\canon\easy-webprint ex\ewpexbho.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Canon Easy-WebPrint EX: {759d9886-0c6f-4498-bab6-4a5f47c6c72f} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
TB: {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} - No File
EB: Canon Easy-WebPrint EX: {21347690-ec41-4f9a-8887-1f4aee672439} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [DBA.exe] c:\users\lora\appdata\roaming\microsoft\80a6\DBA.exe
uRunOnce: [Shockwave Updater] c:\windows\system32\adobe\shockw~1\SWHELP~1.EXE -Update -1100465 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; Trident/4.0; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Zune 4.0; .NET4.0C; MSN Optimized;US)" -"http://www.thecarseatlady.com/just_for_kids/kids_booster_video.html"
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [ISBMgr.exe] "c:\program files\sony\isb utility\ISBMgr.exe"
mRun: [AML] c:\program files\sony\vaio launcher\AML.exe InitApp
mRun: [VAIOMyMemCenter] "c:\program files\sony\vaio my memory center\VAIO MyMemCenter.exe" 1
mRun: [VWLASU] "c:\program files\sony\vaio wireless wizard\AutoLaunchWLASU.exe"
mRun: [VAIORegistration] "c:\program files\sony\first experience\WelcomeLauncher.exe"
mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
mRun: [Skytel] Skytel.exe
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Zune Launcher] "c:\program files\zune\ZuneLauncher.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [DBA.exe] c:\program files\lp\80a6\DBA.exe
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
dRun: [dplaysvr] c:\windows\system32\config\systemprofile\appdata\local\dplaysvr.exe
dRun: [Smad] "c:\windows\system32\config\systemprofile\appdata\local\sanctionedmedia\smad\Smad.exe"
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
dPolicies-system: DisableTaskMgr = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
Trusted Zone: msn.com\www
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {21BB8360-F943-447E-98F3-3C22345375A7} - hxxp://zone.msn.com/bingame/choc/default/ChocolatierWeb.1.0.0.15.cab
DPF: {26B2A5DA-BFD6-422F-A89A-28A54C74B12B} - hxxp://www.costcophotocenter.com/upload/activex/v3_0_0_4/PhotoCenter_ActiveX_Control.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w3/pr01/resources/VistaMSNPUplden-us.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} - hxxp://picture.vzw.com/activex/VerizonWirelessUploadControl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} - hxxp://web1.shutterfly.com/downloads/Uploader.cab
DPF: {A1662FB6-39BE-41BB-ACDC-0448FB1B5817} - hxxp://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_5/PhotoCenter_ActiveX_Control.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://zone.msn.com/bingame/popcaploader_v10.cab
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUplden-us.cab
DPF: {E9B80D94-D8BC-43DE-9138-75605A8D9666} - hxxp://zone.msn.com/bingame/wedd/default/WeddingDash.1.0.0.50.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{AADD03BA-F80B-4674-B322-47FE82EBF1F7} : DhcpNameServer = 192.168.1.1
Handler: intu-help-qb1 - {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - c:\program files\intuit\quickbooks 2008\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Notify: igfxcui - igfxdev.dll
Notify: VESWinlogon - VESWinlogon.dll
Hosts: 94.63.240.122 www.bing.com
.
============= SERVICES / DRIVERS ===============
.
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-25 165648]
R2 FlipShareServer;FlipShare Server;c:\program files\flip video\flipshareserver\FlipShareServer.exe [2011-5-6 1085440]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-1-24 652872]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-4-17 11032]
R2 RtkHDMIService;RtkHDMIService;c:\windows\RTKAUDIOSERVICE.EXE [2008-6-18 98304]
R2 TeamViewer6;TeamViewer 6;c:\program files\teamviewer\version6\TeamViewer_Service.exe [2011-4-21 2280312]
R2 uCamMonitor;CamMonitor;c:\program files\arcsoft\magic-i visual effects\uCamMonitor.exe [2008-8-4 104960]
R2 VAIO Power Management;VAIO Power Management;c:\program files\sony\vaio power management\SPMService.exe [2008-6-18 411488]
R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\drivers\ArcSoftKsUFilter.sys [2008-8-4 17408]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-6-18 113152]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-1-24 20464]
R3 NETw5v32;Intel® Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit ;c:\windows\system32\drivers\NETw5v32.sys [2008-4-28 3658752]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2010-10-25 65024]
R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2011-4-27 208944]
R3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys [2008-6-18 9344]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2008-6-18 28464]
S3 FlyUsb;FLY Fusion;c:\windows\system32\drivers\FlyUsb.sys [2011-11-12 19456]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2010-10-25 43392]
S3 SOHCImp;VAIO Media plus Content Importer;c:\program files\sony\vaio media plus\SOHCImp.exe [2008-8-4 104288]
S3 SOHDms;VAIO Media plus Digital Media Server;c:\program files\sony\vaio media plus\SOHDms.exe [2008-8-4 350048]
S3 SOHDs;VAIO Media plus Device Searcher;c:\program files\sony\vaio media plus\SOHDs.exe [2008-8-4 63328]
S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\sony\vcm intelligent analyzing manager\VcmIAlzMgr.exe [2008-6-18 333088]
S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\common files\sony shared\vcmxml\VcmXmlIfHelper.exe [2008-6-18 87328]
S3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\zune\WMZuneComm.exe [2010-11-11 268528]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.1.121\McCHSvc.exe [2010-9-3 227232]
.
=============== Created Last 30 ================
.
2012-01-26 03:06:00 -------- d-----w- c:\users\lora\appdata\roaming\32BCE
2012-01-26 03:05:54 278016 ----a-w- c:\users\lora\appdata\roaming\wmplayer.exe
2012-01-26 03:05:39 98816 ----a-w- c:\users\lora\appdata\roaming\microsoft\80a6\5955.tmp
2012-01-26 03:05:29 -------- d-----w- c:\users\lora\appdata\roaming\60332
2012-01-26 03:05:09 278016 ----a-w- c:\users\lora\appdata\roaming\microsoft\80a6\DBA.exe
2012-01-24 20:22:30 -------- d-----w- c:\program files\32BCE
2012-01-24 20:21:58 -------- d-----w- c:\program files\LP
2012-01-24 18:46:39 724954 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2012-01-24 17:08:09 -------- d-----w- c:\users\lora\appdata\roaming\Malwarebytes
2012-01-24 17:08:05 -------- d-----w- c:\programdata\Malwarebytes
2012-01-24 17:08:04 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-01-24 17:08:04 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-01-24 00:13:24 130560 ---ha-w- c:\programdata\microsoft\windows\drm\5FF.tmp
2012-01-23 14:50:14 6557240 ---ha-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{1ecd627e-1988-49ec-a3ef-95ced4ce89d7}\mpengine.dll
2012-01-18 15:07:11 -------- d--h--w- c:\users\lora\appdata\local\isaWebvga
2012-01-11 14:04:11 23552 ----a-w- c:\windows\system32\mciseq.dll
2012-01-11 14:04:11 189952 ----a-w- c:\windows\system32\winmm.dll
2012-01-11 14:04:05 1205064 ----a-w- c:\windows\system32\ntdll.dll
2012-01-11 14:04:03 66560 ----a-w- c:\windows\system32\packager.dll
2012-01-11 14:04:01 376320 ----a-w- c:\windows\system32\winsrv.dll
2012-01-11 14:03:59 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2012-01-11 14:03:47 1314816 ----a-w- c:\windows\system32\quartz.dll
2012-01-11 14:03:45 497152 ----a-w- c:\windows\system32\qdvd.dll
.
==================== Find3M ====================
.
2011-12-24 13:25:18 414368 ---ha-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-23 13:37:27 2043904 ----a-w- c:\windows\system32\win32k.sys
2011-11-12 17:18:20 19456 ---ha-w- c:\windows\system32\drivers\FlyUsb.sys
2011-11-08 14:42:19 2048 ----a-w- c:\windows\system32\tzres.dll
2011-11-03 06:22:04 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-03 06:17:38 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-11-03 06:17:23 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-11-03 06:17:08 71680 ----a-w- c:\windows\system32\iesetup.dll
2011-11-03 06:17:08 109056 ----a-w- c:\windows\system32\iesysprep.dll
2011-11-03 05:22:43 385024 ----a-w- c:\windows\system32\html.iec
2011-11-03 04:45:39 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2011-11-03 04:43:59 1638912 ----a-w- c:\windows\system32\mshtml.tlb
.
============= FINISH: 21:09:58.30 ===============

Attached Files



#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:24 PM

Posted 27 January 2012 - 12:57 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.
  • Do not run any other tool untill instructed to do so!


Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 LoLo123

LoLo123
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:05:24 PM

Posted 27 January 2012 - 05:27 PM

I attempted to run ComboFix however, it gave me the following messages:

Freeware implementation of XCACLS has stopped working

Then

You are infected with Rootkit.Zero.Access! It has inserted itself into the tcp/ip stack. This is a particularly difficult infection.
If for any reason that you’re unable to connect to the internet after running ComboFix, reboot once and see if that fixes it.
If it’s not fixed run ComboFix one more time.

It did nothing for over an hour so I eventually closed it, rebooted, and tried again.
Upon second attempt, it actually started the scan and got a little more than halfway through when I got the blue screen of death :(

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:24 PM

Posted 27 January 2012 - 09:20 PM

restat the computer see if combofix starts by itself if it does not start by itself come here and let me know


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 LoLo123

LoLo123
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:05:24 PM

Posted 28 January 2012 - 08:28 AM

ComboFix did not start by itself.

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:24 PM

Posted 28 January 2012 - 01:26 PM

Hello

Ok lets try this, I want you to run combofix in safe mode but it is very important that when combofix reboots the computer for you to direct it back into safe mode so it can finish the scan.

Boot into Safe Mode

Reboot your computer in Safe Mode.
  • If the computer is running, shut down Windows, and then turn off the power.
  • Wait 30 seconds, and then turn the computer on.
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe Mode option is selected.
  • Press Enter. The computer then begins to start in Safe mode.
  • Login on your usual account.

after combofix has finished its scan please post the report back here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 LoLo123

LoLo123
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:05:24 PM

Posted 28 January 2012 - 04:03 PM

More bad news…

I attempted to run ComboFix in safe mode 3 times. It didn’t work once.

Every time I run it, it tells me Microsoft Security Essentials is still running. It isn’t, so I hit OK.

It gave me the same rootkit.zero.acess warning as before – OK

Then
Rootkit is detected
Be patient as this may take some moments – OK

Then
Combofix has detected the presence of rootkit activity and needs to reboot the machine – OK

At this point, it reboots, I direct it back to safe mode and once we get there nothing happens. I have given it time to sit and think about what it’s done, rebooted a few times, cried a little. What’s next?

Thanks for all your help!

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:24 PM

Posted 28 January 2012 - 04:30 PM

Hello

We will get it sooner or later

I want you to run this tool for me next.

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 LoLo123

LoLo123
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:05:24 PM

Posted 28 January 2012 - 05:18 PM

Woohoo!! It found something! I had been using an older version... doh! Here is the log:

16:08:32.0639 2064 TDSS rootkit removing tool 2.7.7.0 Jan 24 2012 16:44:27
16:08:32.0655 2064 ============================================================
16:08:32.0655 2064 Current date / time: 2012/01/28 16:08:32.0655
16:08:32.0655 2064 SystemInfo:
16:08:32.0655 2064
16:08:32.0655 2064 OS Version: 6.0.6002 ServicePack: 2.0
16:08:32.0655 2064 Product type: Workstation
16:08:32.0655 2064 ComputerName: LORA-VAIO
16:08:32.0655 2064 UserName: Lora
16:08:32.0655 2064 Windows directory: C:\Windows
16:08:32.0655 2064 System windows directory: C:\Windows
16:08:32.0655 2064 Processor architecture: Intel x86
16:08:32.0655 2064 Number of processors: 2
16:08:32.0655 2064 Page size: 0x1000
16:08:32.0655 2064 Boot type: Normal boot
16:08:32.0655 2064 ============================================================
16:08:33.0513 2064 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
16:08:33.0529 2064 Drive \Device\Harddisk3\DR3 - Size: 0x79000000 (1.89 Gb), SectorSize: 0x200, Cylinders: 0xF6, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
16:08:33.0607 2064 Initialize success
16:08:45.0119 0160 ============================================================
16:08:45.0119 0160 Scan started
16:08:45.0119 0160 Mode: Manual;
16:08:45.0119 0160 ============================================================
16:08:45.0369 0160 .netbt - ok
16:08:45.0962 0160 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
16:08:45.0977 0160 ACPI - ok
16:08:46.0133 0160 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
16:08:46.0165 0160 adp94xx - ok
16:08:46.0352 0160 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
16:08:46.0383 0160 adpahci - ok
16:08:46.0523 0160 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
16:08:46.0555 0160 adpu160m - ok
16:08:46.0773 0160 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
16:08:46.0773 0160 adpu320 - ok
16:08:46.0929 0160 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
16:08:46.0945 0160 AFD - ok
16:08:47.0038 0160 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
16:08:47.0038 0160 agp440 - ok
16:08:47.0257 0160 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
16:08:47.0257 0160 aic78xx - ok
16:08:47.0444 0160 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
16:08:47.0475 0160 aliide - ok
16:08:47.0678 0160 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
16:08:47.0693 0160 amdagp - ok
16:08:47.0740 0160 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
16:08:47.0740 0160 amdide - ok
16:08:47.0849 0160 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
16:08:47.0896 0160 AmdK7 - ok
16:08:48.0037 0160 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
16:08:48.0052 0160 AmdK8 - ok
16:08:48.0380 0160 ApfiltrService (9325e49d555d8f12ce1735227dbb3d80) C:\Windows\system32\DRIVERS\Apfiltr.sys
16:08:48.0380 0160 ApfiltrService - ok
16:08:48.0598 0160 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
16:08:48.0598 0160 arc - ok
16:08:48.0692 0160 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
16:08:48.0692 0160 arcsas - ok
16:08:48.0754 0160 ArcSoftKsUFilter (6b3ab8f67b37402a4174caa45002903e) C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys
16:08:48.0754 0160 ArcSoftKsUFilter - ok
16:08:48.0863 0160 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
16:08:48.0879 0160 AsyncMac - ok
16:08:48.0910 0160 atapi (2d9c903dc76a66813d350a562de40ed9) C:\Windows\system32\drivers\atapi.sys
16:08:48.0910 0160 atapi - ok
16:08:49.0082 0160 atikmdag (eb4652a6571ef66c6c778e1007623f1f) C:\Windows\system32\DRIVERS\atikmdag.sys
16:08:49.0207 0160 atikmdag - ok
16:08:49.0316 0160 AVGIDSShim - ok
16:08:49.0378 0160 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
16:08:49.0378 0160 Beep - ok
16:08:49.0441 0160 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
16:08:49.0456 0160 blbdrive - ok
16:08:49.0534 0160 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
16:08:49.0534 0160 bowser - ok
16:08:49.0706 0160 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
16:08:49.0768 0160 BrFiltLo - ok
16:08:49.0815 0160 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
16:08:49.0846 0160 BrFiltUp - ok
16:08:49.0924 0160 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
16:08:49.0955 0160 Brserid - ok
16:08:50.0127 0160 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
16:08:50.0143 0160 BrSerWdm - ok
16:08:50.0221 0160 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
16:08:50.0236 0160 BrUsbMdm - ok
16:08:50.0267 0160 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
16:08:50.0283 0160 BrUsbSer - ok
16:08:50.0455 0160 BthEnum (6d39c954799b63ba866910234cf7d726) C:\Windows\system32\DRIVERS\BthEnum.sys
16:08:50.0486 0160 BthEnum - ok
16:08:50.0626 0160 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
16:08:50.0657 0160 BTHMODEM - ok
16:08:50.0751 0160 BthPan (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys
16:08:50.0829 0160 BthPan - ok
16:08:51.0047 0160 BTHPORT (611ff3f2f095c8d4a6d4cfd9dcc09793) C:\Windows\system32\Drivers\BTHport.sys
16:08:51.0110 0160 BTHPORT - ok
16:08:51.0266 0160 BTHUSB (d330803eab2a15caec7f011f1d4cb30e) C:\Windows\system32\Drivers\BTHUSB.sys
16:08:51.0266 0160 BTHUSB - ok
16:08:51.0500 0160 btwaudio (7f256d9fff384faa40df5db1cb8531d9) C:\Windows\system32\drivers\btwaudio.sys
16:08:51.0500 0160 btwaudio - ok
16:08:51.0718 0160 btwavdt (d87d990131aaabb27d4046790292366d) C:\Windows\system32\drivers\btwavdt.sys
16:08:51.0718 0160 btwavdt - ok
16:08:51.0843 0160 btwl2cap (d02f4d18aa4a38f781beefeb1892e144) C:\Windows\system32\DRIVERS\btwl2cap.sys
16:08:51.0843 0160 btwl2cap - ok
16:08:51.0905 0160 btwrchid (e1771c0fb49e747ab2b2d29da50510f9) C:\Windows\system32\DRIVERS\btwrchid.sys
16:08:51.0905 0160 btwrchid - ok
16:08:52.0030 0160 catchme - ok
16:08:52.0171 0160 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
16:08:52.0186 0160 cdfs - ok
16:08:52.0311 0160 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
16:08:52.0358 0160 cdrom - ok
16:08:52.0607 0160 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
16:08:52.0623 0160 circlass - ok
16:08:52.0795 0160 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
16:08:52.0795 0160 CLFS - ok
16:08:52.0888 0160 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
16:08:52.0904 0160 CmBatt - ok
16:08:52.0966 0160 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
16:08:52.0982 0160 cmdide - ok
16:08:53.0185 0160 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
16:08:53.0200 0160 Compbatt - ok
16:08:53.0247 0160 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
16:08:53.0247 0160 crcdisk - ok
16:08:53.0325 0160 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
16:08:53.0356 0160 Crusoe - ok
16:08:53.0450 0160 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
16:08:53.0465 0160 DfsC - ok
16:08:53.0559 0160 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
16:08:53.0559 0160 disk - ok
16:08:53.0777 0160 DMICall (f206e28ed74c491fd5d7c0a1119ce37f) C:\Windows\system32\DRIVERS\DMICall.sys
16:08:53.0777 0160 DMICall - ok
16:08:53.0840 0160 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
16:08:53.0840 0160 drmkaud - ok
16:08:54.0199 0160 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
16:08:54.0199 0160 DXGKrnl - ok
16:08:54.0339 0160 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
16:08:54.0370 0160 E1G60 - ok
16:08:54.0511 0160 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
16:08:54.0526 0160 Ecache - ok
16:08:54.0651 0160 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
16:08:54.0667 0160 elxstor - ok
16:08:54.0776 0160 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
16:08:54.0776 0160 ErrDev - ok
16:08:54.0854 0160 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
16:08:54.0854 0160 exfat - ok
16:08:54.0932 0160 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
16:08:54.0932 0160 fastfat - ok
16:08:55.0025 0160 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
16:08:55.0041 0160 fdc - ok
16:08:55.0103 0160 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
16:08:55.0103 0160 FileInfo - ok
16:08:55.0150 0160 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
16:08:55.0150 0160 Filetrace - ok
16:08:55.0244 0160 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
16:08:55.0259 0160 flpydisk - ok
16:08:55.0337 0160 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
16:08:55.0353 0160 FltMgr - ok
16:08:55.0431 0160 FlyUsb (85e5ad3a9d56fd6f92db5fc9ca62e2e4) C:\Windows\system32\DRIVERS\FlyUsb.sys
16:08:55.0431 0160 FlyUsb - ok
16:08:55.0509 0160 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
16:08:55.0509 0160 Fs_Rec - ok
16:08:55.0571 0160 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
16:08:55.0571 0160 gagp30kx - ok
16:08:55.0696 0160 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
16:08:55.0696 0160 GEARAspiWDM - ok
16:08:55.0774 0160 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
16:08:55.0790 0160 HdAudAddService - ok
16:08:55.0915 0160 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
16:08:55.0930 0160 HDAudBus - ok
16:08:56.0024 0160 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
16:08:56.0039 0160 HidBth - ok
16:08:56.0086 0160 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
16:08:56.0102 0160 HidIr - ok
16:08:56.0149 0160 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
16:08:56.0164 0160 HidUsb - ok
16:08:56.0242 0160 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
16:08:56.0242 0160 HpCISSs - ok
16:08:56.0336 0160 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
16:08:56.0367 0160 HSFHWAZL - ok
16:08:56.0554 0160 HSF_DPV (7bc42c65b5c6281777c1a7605b253ba8) C:\Windows\system32\DRIVERS\HSX_DPV.sys
16:08:56.0617 0160 HSF_DPV - ok
16:08:56.0679 0160 HSXHWAZL (9ebf2d102ccbb6bcdfbf1b7922f8ba2e) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
16:08:56.0710 0160 HSXHWAZL - ok
16:08:56.0897 0160 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
16:08:56.0929 0160 HTTP - ok
16:08:57.0038 0160 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
16:08:57.0038 0160 i2omp - ok
16:08:57.0163 0160 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
16:08:57.0209 0160 i8042prt - ok
16:08:57.0334 0160 iaStor (db0cc620b27a928d968c1a1e9cd9cb87) C:\Windows\system32\DRIVERS\iaStor.sys
16:08:57.0334 0160 iaStor - ok
16:08:57.0475 0160 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
16:08:57.0521 0160 iaStorV - ok
16:08:57.0849 0160 igfx (3ad2602f927b7220fc9ccd23cbb4282c) C:\Windows\system32\DRIVERS\igdkmd32.sys
16:08:57.0989 0160 igfx - ok
16:08:58.0114 0160 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
16:08:58.0145 0160 iirsp - ok
16:08:58.0395 0160 IntcAzAudAddService (2deb2538c9372568bb67b5fdf2359790) C:\Windows\system32\drivers\RTKVHDA.sys
16:08:58.0395 0160 IntcAzAudAddService - ok
16:08:58.0551 0160 IntcHdmiAddService (b358c8578d206e1cdd3e81e3b54a1f54) C:\Windows\system32\drivers\IntcHdmi.sys
16:08:58.0582 0160 IntcHdmiAddService - ok
16:08:58.0645 0160 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
16:08:58.0660 0160 intelide - ok
16:08:58.0738 0160 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
16:08:58.0738 0160 intelppm - ok
16:08:58.0801 0160 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:08:58.0801 0160 IpFilterDriver - ok
16:08:58.0832 0160 IpInIp - ok
16:08:58.0894 0160 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
16:08:58.0925 0160 IPMIDRV - ok
16:08:59.0035 0160 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
16:08:59.0035 0160 IPNAT - ok
16:08:59.0206 0160 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
16:08:59.0237 0160 IRENUM - ok
16:08:59.0331 0160 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
16:08:59.0347 0160 isapnp - ok
16:08:59.0581 0160 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
16:08:59.0581 0160 iScsiPrt - ok
16:08:59.0705 0160 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
16:08:59.0705 0160 iteatapi - ok
16:08:59.0877 0160 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
16:08:59.0877 0160 iteraid - ok
16:08:59.0924 0160 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
16:08:59.0924 0160 kbdclass - ok
16:08:59.0955 0160 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\drivers\kbdhid.sys
16:08:59.0971 0160 kbdhid - ok
16:09:00.0049 0160 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
16:09:00.0064 0160 KSecDD - ok
16:09:00.0251 0160 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
16:09:00.0267 0160 lltdio - ok
16:09:00.0407 0160 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
16:09:00.0439 0160 LSI_FC - ok
16:09:00.0704 0160 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
16:09:00.0719 0160 LSI_SAS - ok
16:09:00.0922 0160 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
16:09:00.0922 0160 LSI_SCSI - ok
16:09:01.0125 0160 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
16:09:01.0141 0160 luafv - ok
16:09:01.0297 0160 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\Windows\system32\drivers\mbam.sys
16:09:01.0297 0160 MBAMProtector - ok
16:09:01.0421 0160 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
16:09:01.0468 0160 mdmxsdk - ok
16:09:01.0562 0160 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
16:09:01.0562 0160 megasas - ok
16:09:01.0655 0160 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
16:09:01.0671 0160 MegaSR - ok
16:09:01.0718 0160 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
16:09:01.0718 0160 Modem - ok
16:09:01.0796 0160 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
16:09:01.0796 0160 monitor - ok
16:09:01.0827 0160 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
16:09:01.0827 0160 mouclass - ok
16:09:01.0874 0160 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
16:09:01.0889 0160 mouhid - ok
16:09:01.0936 0160 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
16:09:01.0936 0160 MountMgr - ok
16:09:02.0014 0160 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\Windows\system32\DRIVERS\MpFilter.sys
16:09:02.0014 0160 MpFilter - ok
16:09:02.0108 0160 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
16:09:02.0108 0160 mpio - ok
16:09:02.0186 0160 MpNWMon (2c3489660d4a8d514c123c3f0d67df46) C:\Windows\system32\DRIVERS\MpNWMon.sys
16:09:02.0186 0160 MpNWMon - ok
16:09:02.0233 0160 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
16:09:02.0233 0160 mpsdrv - ok
16:09:02.0279 0160 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
16:09:02.0279 0160 Mraid35x - ok
16:09:02.0357 0160 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
16:09:02.0357 0160 MRxDAV - ok
16:09:02.0451 0160 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
16:09:02.0451 0160 mrxsmb - ok
16:09:02.0545 0160 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:09:02.0545 0160 mrxsmb10 - ok
16:09:02.0607 0160 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:09:02.0607 0160 mrxsmb20 - ok
16:09:02.0685 0160 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
16:09:02.0685 0160 msahci - ok
16:09:02.0794 0160 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
16:09:02.0794 0160 msdsm - ok
16:09:02.0872 0160 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
16:09:02.0872 0160 Msfs - ok
16:09:02.0919 0160 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
16:09:02.0919 0160 msisadrv - ok
16:09:02.0981 0160 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
16:09:02.0981 0160 MSKSSRV - ok
16:09:03.0075 0160 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
16:09:03.0075 0160 MSPCLOCK - ok
16:09:03.0137 0160 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
16:09:03.0169 0160 MSPQM - ok
16:09:03.0278 0160 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
16:09:03.0278 0160 MsRPC - ok
16:09:03.0403 0160 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
16:09:03.0403 0160 mssmbios - ok
16:09:03.0574 0160 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
16:09:03.0590 0160 MSTEE - ok
16:09:03.0699 0160 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
16:09:03.0699 0160 Mup - ok
16:09:03.0886 0160 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
16:09:03.0886 0160 NativeWifiP - ok
16:09:04.0058 0160 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
16:09:04.0073 0160 NDIS - ok
16:09:04.0214 0160 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
16:09:04.0214 0160 NdisTapi - ok
16:09:04.0370 0160 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
16:09:04.0370 0160 Ndisuio - ok
16:09:04.0604 0160 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
16:09:04.0604 0160 NdisWan - ok
16:09:04.0744 0160 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
16:09:04.0760 0160 NDProxy - ok
16:09:04.0916 0160 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
16:09:04.0947 0160 NetBIOS - ok
16:09:05.0290 0160 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
16:09:05.0353 0160 netbt - ok
16:09:05.0867 0160 NETw5v32 (e559ea9138c77b5d1fda8c558764a25f) C:\Windows\system32\DRIVERS\NETw5v32.sys
16:09:06.0008 0160 NETw5v32 - ok
16:09:06.0179 0160 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
16:09:06.0195 0160 nfrd960 - ok
16:09:06.0257 0160 NisDrv (7b01c6172cfd0b10116175e09200d4b4) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
16:09:06.0257 0160 NisDrv - ok
16:09:06.0367 0160 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
16:09:06.0382 0160 Npfs - ok
16:09:06.0413 0160 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
16:09:06.0413 0160 nsiproxy - ok
16:09:06.0491 0160 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
16:09:06.0538 0160 Ntfs - ok
16:09:06.0585 0160 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
16:09:06.0616 0160 ntrigdigi - ok
16:09:06.0710 0160 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
16:09:06.0710 0160 Null - ok
16:09:06.0741 0160 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
16:09:06.0741 0160 nvraid - ok
16:09:06.0835 0160 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
16:09:06.0835 0160 nvstor - ok
16:09:06.0897 0160 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
16:09:06.0913 0160 nv_agp - ok
16:09:06.0991 0160 NwlnkFlt - ok
16:09:07.0022 0160 NwlnkFwd - ok
16:09:07.0069 0160 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
16:09:07.0084 0160 ohci1394 - ok
16:09:07.0162 0160 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
16:09:07.0193 0160 Parport - ok
16:09:07.0287 0160 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
16:09:07.0287 0160 partmgr - ok
16:09:07.0334 0160 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
16:09:07.0334 0160 Parvdm - ok
16:09:07.0412 0160 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
16:09:07.0412 0160 pci - ok
16:09:07.0599 0160 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
16:09:07.0599 0160 pciide - ok
16:09:07.0646 0160 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
16:09:07.0646 0160 pcmcia - ok
16:09:07.0755 0160 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\Windows\system32\Drivers\pcouffin.sys
16:09:07.0771 0160 pcouffin - ok
16:09:07.0989 0160 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
16:09:08.0005 0160 PEAUTH - ok
16:09:08.0192 0160 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
16:09:08.0192 0160 PptpMiniport - ok
16:09:08.0254 0160 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
16:09:08.0270 0160 Processor - ok
16:09:08.0363 0160 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
16:09:08.0379 0160 PSched - ok
16:09:08.0613 0160 PxHelp20 (d970470f8f39470bdae94d313a1ccdce) C:\Windows\system32\Drivers\PxHelp20.sys
16:09:08.0629 0160 PxHelp20 - ok
16:09:08.0816 0160 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
16:09:08.0878 0160 ql2300 - ok
16:09:09.0065 0160 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
16:09:09.0081 0160 ql40xx - ok
16:09:09.0175 0160 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
16:09:09.0190 0160 QWAVEdrv - ok
16:09:09.0315 0160 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
16:09:09.0331 0160 RasAcd - ok
16:09:09.0409 0160 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
16:09:09.0409 0160 Rasl2tp - ok
16:09:09.0502 0160 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
16:09:09.0518 0160 RasPppoe - ok
16:09:09.0580 0160 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
16:09:09.0611 0160 RasSstp - ok
16:09:09.0752 0160 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
16:09:09.0783 0160 rdbss - ok
16:09:09.0845 0160 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
16:09:09.0845 0160 RDPCDD - ok
16:09:09.0955 0160 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
16:09:09.0955 0160 rdpdr - ok
16:09:10.0001 0160 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
16:09:10.0001 0160 RDPENCDD - ok
16:09:10.0126 0160 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
16:09:10.0142 0160 RDPWD - ok
16:09:10.0251 0160 regi (001b4278407f4303efc902a2b16f2453) C:\Windows\system32\drivers\regi.sys
16:09:10.0251 0160 regi - ok
16:09:10.0469 0160 RFCOMM (6482707f9f4da0ecbab43b2e0398a101) C:\Windows\system32\DRIVERS\rfcomm.sys
16:09:10.0485 0160 RFCOMM - ok
16:09:10.0547 0160 rimsptsk (f2993908be03181c781228daadc55230) C:\Windows\system32\DRIVERS\rimsptsk.sys
16:09:10.0594 0160 rimsptsk - ok
16:09:10.0735 0160 risdptsk (cd6e3947724b337f9bc1524b710231eb) C:\Windows\system32\DRIVERS\risdptsk.sys
16:09:10.0766 0160 risdptsk - ok
16:09:10.0937 0160 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
16:09:10.0937 0160 rspndr - ok
16:09:11.0093 0160 RTHDMIAzAudService (f175b21f20b60958295f9221f11fed9f) C:\Windows\system32\drivers\RtHDMIV.sys
16:09:11.0093 0160 RTHDMIAzAudService - ok
16:09:11.0249 0160 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
16:09:11.0265 0160 sbp2port - ok
16:09:11.0374 0160 sdbus (126ea89bcc413ee45e3004fb0764888f) C:\Windows\system32\DRIVERS\sdbus.sys
16:09:11.0421 0160 sdbus - ok
16:09:11.0483 0160 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
16:09:11.0499 0160 secdrv - ok
16:09:11.0655 0160 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
16:09:11.0686 0160 Serenum - ok
16:09:11.0764 0160 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
16:09:11.0764 0160 Serial - ok
16:09:11.0842 0160 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
16:09:11.0873 0160 sermouse - ok
16:09:11.0967 0160 SFEP (8b7c1768d2cde2e02e09a66563ddfd16) C:\Windows\system32\DRIVERS\SFEP.sys
16:09:11.0983 0160 SFEP - ok
16:09:12.0201 0160 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
16:09:12.0217 0160 sffdisk - ok
16:09:12.0295 0160 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
16:09:12.0310 0160 sffp_mmc - ok
16:09:12.0373 0160 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
16:09:12.0373 0160 sffp_sd - ok
16:09:12.0466 0160 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
16:09:12.0497 0160 sfloppy - ok
16:09:12.0591 0160 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
16:09:12.0622 0160 sisagp - ok
16:09:12.0763 0160 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
16:09:12.0763 0160 SiSRaid2 - ok
16:09:12.0965 0160 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
16:09:12.0981 0160 SiSRaid4 - ok
16:09:13.0106 0160 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
16:09:13.0153 0160 Smb - ok
16:09:13.0246 0160 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
16:09:13.0262 0160 spldr - ok
16:09:13.0433 0160 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
16:09:13.0433 0160 srv - ok
16:09:13.0527 0160 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
16:09:13.0543 0160 srv2 - ok
16:09:13.0652 0160 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
16:09:13.0667 0160 srvnet - ok
16:09:13.0792 0160 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
16:09:13.0792 0160 swenum - ok
16:09:13.0964 0160 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
16:09:13.0964 0160 Symc8xx - ok
16:09:14.0042 0160 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
16:09:14.0042 0160 Sym_hi - ok
16:09:14.0135 0160 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
16:09:14.0135 0160 Sym_u3 - ok
16:09:14.0401 0160 Tcpip (16731b631f28f63cd9f4cb60940e7ddd) C:\Windows\system32\drivers\tcpip.sys
16:09:14.0432 0160 Tcpip - ok
16:09:14.0681 0160 Tcpip6 (16731b631f28f63cd9f4cb60940e7ddd) C:\Windows\system32\DRIVERS\tcpip.sys
16:09:14.0697 0160 Tcpip6 - ok
16:09:14.0759 0160 tcpipreg (3fc13f09af9be487c7b4fac4070a036c) C:\Windows\system32\drivers\tcpipreg.sys
16:09:14.0759 0160 tcpipreg - ok
16:09:14.0869 0160 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
16:09:14.0869 0160 TDPIPE - ok
16:09:14.0978 0160 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
16:09:14.0993 0160 TDTCP - ok
16:09:15.0056 0160 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
16:09:15.0071 0160 tdx - ok
16:09:15.0134 0160 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
16:09:15.0134 0160 TermDD - ok
16:09:15.0259 0160 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
16:09:15.0259 0160 tssecsrv - ok
16:09:15.0321 0160 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
16:09:15.0321 0160 tunmp - ok
16:09:15.0368 0160 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
16:09:15.0368 0160 tunnel - ok
16:09:15.0446 0160 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
16:09:15.0446 0160 uagp35 - ok
16:09:15.0508 0160 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
16:09:15.0524 0160 udfs - ok
16:09:15.0586 0160 UIUSys - ok
16:09:15.0633 0160 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
16:09:15.0633 0160 uliagpkx - ok
16:09:15.0711 0160 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
16:09:15.0727 0160 uliahci - ok
16:09:15.0789 0160 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
16:09:15.0789 0160 UlSata - ok
16:09:15.0898 0160 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
16:09:15.0929 0160 ulsata2 - ok
16:09:15.0992 0160 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
16:09:16.0007 0160 umbus - ok
16:09:16.0085 0160 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
16:09:16.0101 0160 USBAAPL - ok
16:09:16.0304 0160 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
16:09:16.0335 0160 usbccgp - ok
16:09:16.0413 0160 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
16:09:16.0460 0160 usbcir - ok
16:09:16.0507 0160 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
16:09:16.0522 0160 usbehci - ok
16:09:16.0569 0160 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
16:09:16.0585 0160 usbhub - ok
16:09:16.0647 0160 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
16:09:16.0647 0160 usbohci - ok
16:09:16.0741 0160 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
16:09:16.0756 0160 usbprint - ok
16:09:16.0819 0160 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:09:16.0850 0160 USBSTOR - ok
16:09:16.0897 0160 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
16:09:16.0897 0160 usbuhci - ok
16:09:17.0006 0160 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
16:09:17.0037 0160 usbvideo - ok
16:09:17.0177 0160 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
16:09:17.0193 0160 vga - ok
16:09:17.0240 0160 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
16:09:17.0240 0160 VgaSave - ok
16:09:17.0302 0160 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
16:09:17.0302 0160 viaagp - ok
16:09:17.0411 0160 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
16:09:17.0443 0160 ViaC7 - ok
16:09:17.0489 0160 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
16:09:17.0489 0160 viaide - ok
16:09:17.0536 0160 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
16:09:17.0536 0160 volmgr - ok
16:09:17.0614 0160 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
16:09:17.0614 0160 volmgrx - ok
16:09:17.0692 0160 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
16:09:17.0708 0160 volsnap - ok
16:09:17.0770 0160 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
16:09:17.0770 0160 vsmraid - ok
16:09:17.0848 0160 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
16:09:17.0864 0160 WacomPen - ok
16:09:17.0957 0160 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
16:09:17.0957 0160 Wanarp - ok
16:09:17.0989 0160 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
16:09:17.0989 0160 Wanarpv6 - ok
16:09:18.0035 0160 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
16:09:18.0035 0160 Wd - ok
16:09:18.0129 0160 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
16:09:18.0129 0160 Wdf01000 - ok
16:09:18.0441 0160 WimFltr (f9ad3a5e3fd7e0bdb18b8202b0fdd4e4) C:\Windows\system32\DRIVERS\wimfltr.sys
16:09:18.0441 0160 WimFltr - ok
16:09:18.0535 0160 winachsf (5a77ac34a0ffb70ce8b35b524fede9ba) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
16:09:18.0566 0160 winachsf - ok
16:09:18.0706 0160 WinUSB (676f4b665bdd8053eaa53ac1695b8074) C:\Windows\system32\DRIVERS\WinUSB.sys
16:09:18.0737 0160 WinUSB - ok
16:09:18.0800 0160 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys
16:09:18.0831 0160 WmiAcpi - ok
16:09:19.0081 0160 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
16:09:19.0127 0160 WpdUsb - ok
16:09:19.0252 0160 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
16:09:19.0252 0160 ws2ifsl - ok
16:09:19.0408 0160 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
16:09:19.0424 0160 WudfPf - ok
16:09:19.0533 0160 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
16:09:19.0533 0160 WUDFRd - ok
16:09:19.0673 0160 XAudio (88af537264f2b818da15479ceeaf5d7c) C:\Windows\system32\DRIVERS\xaudio.sys
16:09:19.0673 0160 XAudio - ok
16:09:19.0798 0160 yukonwlh (67e3d2af24c3873e6a0cac89de78d63b) C:\Windows\system32\DRIVERS\yk60x86.sys
16:09:19.0814 0160 yukonwlh - ok
16:09:19.0861 0160 MBR (0x1B8) (4bf077b4df3f4f5483a79d4ce511c7f3) \Device\Harddisk0\DR0
16:09:19.0907 0160 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
16:09:19.0907 0160 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
16:09:19.0907 0160 MBR (0x1B8) (ddae9d649db12f6aff24483f2c298989) \Device\Harddisk3\DR3
16:09:19.0907 0160 \Device\Harddisk3\DR3 - ok
16:09:19.0939 0160 Boot (0x1200) (bd26a5805f3f3766c81cb3bdfec49938) \Device\Harddisk0\DR0\Partition0
16:09:19.0970 0160 \Device\Harddisk0\DR0\Partition0 - ok
16:09:19.0970 0160 Boot (0x1200) (b5ebc35c03eec3ed268ed83f15edf3fa) \Device\Harddisk3\DR3\Partition0
16:09:19.0970 0160 \Device\Harddisk3\DR3\Partition0 - ok
16:09:19.0970 0160 ============================================================
16:09:19.0970 0160 Scan finished
16:09:19.0970 0160 ============================================================
16:09:19.0985 2768 Detected object count: 1
16:09:19.0985 2768 Actual detected object count: 1
16:09:30.0609 2768 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
16:09:30.0625 2768 \Device\Harddisk0\DR0 - ok
16:09:30.0625 2768 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure
16:09:38.0534 1148 Deinitialize success

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:24 PM

Posted 28 January 2012 - 08:10 PM

Hello

Ok lets try this, I want you to run combofix in safe mode but it is very important that when combofix reboots the computer for you to direct it back into safe mode so it can finish the scan.

Boot into Safe Mode

Reboot your computer in Safe Mode.
  • If the computer is running, shut down Windows, and then turn off the power.
  • Wait 30 seconds, and then turn the computer on.
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe Mode option is selected.
  • Press Enter. The computer then begins to start in Safe mode.
  • Login on your usual account.

after combofix has finished its scan please post the report back here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 LoLo123

LoLo123
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:05:24 PM

Posted 28 January 2012 - 08:30 PM

It did the same thing. It gave the same messages, then after reboot into safe mode, it didn't do anything.

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:24 PM

Posted 28 January 2012 - 09:19 PM

Hello

This is the tool I would like you to try and run next.

Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 LoLo123

LoLo123
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:05:24 PM

Posted 28 January 2012 - 09:42 PM

Here is the log:

aswMBR version 0.9.9.1532 Copyright© 2011 AVAST Software
Run date: 2012-01-28 20:36:03
-----------------------------
20:36:03.128 OS Version: Windows 6.0.6002 Service Pack 2
20:36:03.128 Number of processors: 2 586 0x1706
20:36:03.128 ComputerName: LORA-VAIO UserName: Lora
20:36:04.829 Initialize success
20:36:28.248 AVAST engine download error: 0
20:37:18.979 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
20:37:18.995 Disk 0 Vendor: FUJITSU_ 0000 Size: 238475MB BusType: 3
20:37:18.995 Disk 1 \Device\Harddisk1\DR1 -> \Device\00000068
20:37:18.995 Disk 1 Vendor: RICOH 01 Size: 238475MB BusType: 0
20:37:18.995 Disk 2 \Device\Harddisk2\DR2 -> \Device\00000069
20:37:18.995 Disk 2 Vendor: RICOH 02 Size: 238475MB BusType: 0
20:37:19.010 Disk 0 MBR read successfully
20:37:19.026 Disk 0 MBR scan
20:37:19.026 Disk 0 Windows VISTA default MBR code
20:37:19.041 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 8401 MB offset 2048
20:37:19.057 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 230072 MB offset 17207296
20:37:19.057 Disk 0 scanning sectors +488395120
20:37:19.135 Disk 0 scanning C:\Windows\system32\drivers
20:37:29.696 Service scanning
20:37:30.258 Service .netbt \? **LOCKED** 123
20:37:30.320 Service MpNWMon C:\Windows\system32\DRIVERS\MpNWMon.sys **LOCKED** 32
20:37:31.053 Modules scanning
20:37:40.335 Disk 0 trace - called modules:
20:37:40.367 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll iaStor.sys
20:37:40.367 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85fbd2c0]
20:37:40.367 3 CLASSPNP.SYS[8a3ab8b3] -> nt!IofCallDriver -> [0x859ce510]
20:37:40.382 5 acpi.sys[8068c6bc] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x85a09028]
20:37:40.382 Scan finished successfully
20:38:18.899 Disk 0 MBR has been saved successfully to "C:\Users\Lora\Desktop\MBR.dat"
20:38:18.899 The log file has been saved successfully to "C:\Users\Lora\Desktop\aswMBR.txt"




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users