Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virtumonde Caught through Outdated Flash


  • This topic is locked This topic is locked
14 replies to this topic

#1 crakkerjak

crakkerjak

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:16 PM

Posted 28 January 2012 - 06:13 PM

A couple of days ago my computer was infected with a virtumonde while watching a flash video. I had automatic updates (foolishly) disabled and no anti-virus. Dumb, I know. It crashed my video driver with a BSoD and on reboot popped up a window indicating hard drive damage requiring a scan. It also popped up a series of 15 or 20 small windows with failure messages of some sort. I immediately held down my power button to shut down and booted into safe mode.

I uninstalled Avira after it found nothing and installed AVG, which found and vaulted a virus, whose name I can't seem to find in the logs today. That was the bulk of the craziness gone, but I am still getting regular pop-ups with stack overflow errors, and one that just said "Thank You!". AVG is constantly notifying of tracking cookies from various adware-sounding names located in C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Cookies. When I delete them, the folder sometimes stays clean for a few minutes and sometimes fills back up immediately with the same stuff.

I did another stupid thing. My browsers were forwarding all over the place. There was a service running called WSearch. I deleted 3 related registry keys, one of which pointed to an executable, without noting the associated file name. WSearch is no longer running in the services list and my browsers don't seem to be forwarding anymore, but I'm still getting the stack overflow errors. Also, Firefox and Chrome both crash on half of the sites under this domain, bleepingcomputer.com.

Malwarebytes and Ad Aware (running one at a time) have yet to find anything at all. I have Flash completely uninstalled atm. ...and I'm about to reboot to safe mode to run a scan with SUPERAntiSpyware.

Many thanks for what you guys are doing here!

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514
Run by Chris at 16:29:23 on 2012-01-28
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.4030.1886 [GMT -6:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_1c0e2d1db9f5b08e\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Dwm.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Windows\SysWOW64\ezSharedSvcHost.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
C:\Windows\explorer.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\REGSVR32.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.foxtab.com/?s=0&chnl=dcom&cd=2XzutBtN2Y1L1Qzu0CyEyEyCtCzytAyBtC0Ezy0CtB0B0E0CtAtN0D0TzutBtDtCtCtDzztDyE&cr=1239554863
mStart Page = hxxp://search.foxtab.com/?s=0&chnl=dcom&cd=2XzutBtN2Y1L1Qzu0CyEyEyCtCzytAyBtC0Ezy0CtB0B0E0CtAtN0D0TzutBtDtCtCtDzztDyE&cr=1239554863
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
uRun: [Google Update] "C:\Users\Chris\AppData\Local\Google\Update\GoogleUpdate.exe" /c
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\GOOGLE~1.LNK - C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe
uPolicies-explorer: NoSMHelp = 1 (0x1)
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: EnableShellExecuteHooks = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL
TCP: DhcpNameServer = 208.180.42.68 208.180.42.100
TCP: Interfaces\{EF880BF3-2732-4730-8953-8FAA02C450F5} : DhcpNameServer = 208.180.42.68 208.180.42.100
TCP: Interfaces\{EF880BF3-2732-4730-8953-8FAA02C450F5}\27F6F6D67373 : DhcpNameServer = 192.168.178.1
TCP: Interfaces\{EF880BF3-2732-4730-8953-8FAA02C450F5}\4555D2245627C696E6 : DhcpNameServer = 130.149.7.7
TCP: Interfaces\{EF880BF3-2732-4730-8953-8FAA02C450F5}\5416379724F687D2645433541323 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{EF880BF3-2732-4730-8953-8FAA02C450F5}\6505E4F2755424 : DhcpNameServer = 130.149.7.7
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
{18DF081C-E8AD-4283-A596-FA578C2EBDC3}
{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
{DBC80044-A445-435b-BC74-9C25C1C588A9}
mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\ebe0dtqf.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\3.0.40818.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Chris\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;C:\Windows\system32\DRIVERS\AVGIDSEH.Sys --> C:\Windows\system32\DRIVERS\AVGIDSEH.Sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
R0 Lbd;Lbd;C:\Windows\system32\DRIVERS\Lbd.sys --> C:\Windows\system32\DRIVERS\Lbd.sys [?]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
R1 DVMIO;DeviceVM IO Service;C:\Windows\system32\DRIVERS\dvmio.sys --> C:\Windows\system32\DRIVERS\dvmio.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-8-2 192776]
R2 ezSharedSvc;Easybits Services for Windows;C:\Windows\System32\ezSharedSvcHost.exe [2010-3-3 514232]
R2 hpsrv;HP Service;C:\Windows\system32\Hpservice.exe --> C:\Windows\system32\Hpservice.exe [?]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-12-23 2152152]
R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.EXE [2010-6-7 2320920]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atipmdag.sys --> C:\Windows\system32\DRIVERS\atipmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys --> C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys [?]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys --> C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys [?]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;C:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys [2012-1-28 17152]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-1-25 652872]
S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\system32\DRIVERS\ssudbus.sys --> C:\Windows\system32\DRIVERS\ssudbus.sys [?]
S3 e1yexpress;Intel® Gigabit-Netzwerkverbindungstreiber;C:\Windows\system32\DRIVERS\e1y60x64.sys --> C:\Windows\system32\DRIVERS\e1y60x64.sys [?]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]
S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows-Aktivierungstechnologieservice;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
S4 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_1c0e2d1db9f5b08e\AESTSr64.exe [2010-6-7 89600]
S4 MSSQLServerADHelper100;SQL Server Hilfsdienst für Active Directory;C:\Program Files (x86)\Microsoft SQL Server\100\Shared\sqladhlp.exe [2009-3-30 47128]
S4 SQLAgent$SQLEXPRESS;SQL Server-Agent (SQLEXPRESS);C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-3-29 366936]
S4 vcsFPService;Validity VCS Fingerprint Service;C:\Windows\System32\vcsFPService.exe [2010-1-5 1791280]
.
=============== Created Last 30 ================
.
2012-01-28 21:18:12 69376 ----a-w- C:\Windows\System32\drivers\Lbd.sys
2012-01-28 17:20:44 55384 ----a-w- C:\Windows\System32\drivers\SBREDrv.sys
2012-01-28 17:18:00 -------- d-----w- C:\Program Files (x86)\Lavasoft
2012-01-27 22:01:01 -------- d--h--w- C:\$AVG
2012-01-27 21:30:46 -------- d-----w- C:\Users\Chris\AppData\Roaming\AVG
2012-01-27 21:26:03 -------- d-----w- C:\Users\Chris\AppData\Roaming\AVG2012
2012-01-27 21:25:23 -------- d-----w- C:\Windows\SysWow64\drivers\AVG
2012-01-27 21:25:10 -------- d-----w- C:\Windows\System32\drivers\AVG
2012-01-27 21:25:10 -------- d-----w- C:\ProgramData\AVG2012
2012-01-27 21:24:55 -------- d-----w- C:\Program Files (x86)\AVG
2012-01-27 21:09:57 -------- d--h--w- C:\ProgramData\Common Files
2012-01-27 21:08:18 -------- d-----w- C:\ProgramData\MFAData
2012-01-27 17:28:59 -------- d-----w- C:\SysinternalsSuite
2012-01-27 16:03:09 8602168 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{7F8F45A2-9D55-441A-ADFF-B7F6A43C1E1C}\mpengine.dll
2012-01-26 03:07:38 -------- d-----w- C:\Intel
2012-01-25 17:20:21 -------- d-----w- C:\Windows\SysWow64\Wat
2012-01-25 17:20:21 -------- d-----w- C:\Windows\System32\Wat
2012-01-25 16:42:02 -------- d-----w- C:\ATI
2012-01-25 15:42:54 96768 ----a-w- C:\Windows\System32\fsutil.exe
2012-01-25 15:42:53 74240 ----a-w- C:\Windows\SysWow64\fsutil.exe
2012-01-25 15:41:11 77312 ----a-w- C:\Windows\System32\packager.dll
2012-01-25 15:41:10 67072 ----a-w- C:\Windows\SysWow64\packager.dll
2012-01-25 14:54:29 -------- d-----w- C:\Users\Chris\AppData\Roaming\Malwarebytes
2012-01-25 14:54:19 -------- d-----w- C:\ProgramData\Malwarebytes
2012-01-25 14:54:14 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-01-16 00:20:52 177152 ----a-w- C:\Windows\System32\BrfxDA5a.dll
2012-01-16 00:19:39 53248 ----a-w- C:\Windows\SysWow64\brinsstr.dll
2012-01-16 00:19:34 55296 ----a-w- C:\Windows\SysWow64\BrNetSti.dll
2012-01-16 00:19:34 37376 ----a-w- C:\Windows\SysWow64\Brnsplg.dll
2012-01-16 00:19:34 34816 ----a-w- C:\Windows\SysWow64\BrWiaNCp.dll
2012-01-16 00:19:33 163840 ----a-w- C:\Windows\SysWow64\NSSearch.dll
2012-01-16 00:19:33 147456 ----a-w- C:\Windows\brunin03.dll
2012-01-16 00:19:33 106496 ----a-w- C:\Windows\SysWow64\BrMuSNMP.dll
2012-01-15 23:58:31 179712 ------w- C:\Windows\System32\BrfxDA5b.dll
2012-01-15 23:58:28 -------- d-----w- C:\Program Files (x86)\Brother
2012-01-15 23:55:27 -------- d-----w- C:\ProgramData\Brother
2012-01-15 23:33:03 -------- d-----w- C:\eng
2012-01-13 04:04:55 -------- d-----w- C:\Users\Chris\AppData\Local\ElevatedDiagnostics
.
==================== Find3M ====================
.
2011-12-16 15:13:12 175616 ----a-w- C:\Windows\System32\msclmd.dll
2011-12-16 15:13:12 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2011-12-07 16:39:10 279096 ------w- C:\Windows\System32\MpSigStub.exe
2011-11-24 21:23:28 98616 ----a-w- C:\Windows\System32\drivers\ssudbus.sys
2011-11-24 04:52:09 3145216 ----a-w- C:\Windows\System32\win32k.sys
2011-11-05 05:41:43 1188864 ----a-w- C:\Windows\System32\wininet.dll
2011-11-05 05:32:50 2048 ----a-w- C:\Windows\System32\tzres.dll
2011-11-05 04:35:00 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-11-05 04:26:03 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2011-11-05 03:32:47 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2011-11-05 02:48:51 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
.
============= FINISH: 16:36:58,47 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:16 PM

Posted 30 January 2012 - 02:45 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.
  • Do not run any other tool untill instructed to do so!


Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 crakkerjak

crakkerjak
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:16 PM

Posted 01 February 2012 - 10:08 PM

I disabled my virus protection per the instructions in the link, but ComboFix still said AVG was enabled. I then uninstalled everything but Malware Bytes, which wasn't running at all, and it still said AVG was enabled so I proceeded. The log is included below.

My browsers are still forwarding intermittently. Sometimes a boot will halt before the Starting Windows screen appears. Other times the boot is just slow. I get the odd bsod while attempting to watch a video, and videos are slow and jerky. I caught a filename from the last bsod: atikmpag.sys... my vid driver, I believe. This has been happening since the moment of the original infection. I haven't had a stack overflow error in a while. They may be gone, dunno.

The only cookies showing up in C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Cookies are now a handful of Microsoft cookies.

Thanks again - Chris


ComboFix 12-01-30.02 - Chris 30.01.2012 9:36.1.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.4030.2717 [GMT -6:00]
ausgeführt von:: c:\users\Chris\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-12-28 bis 2012-01-30 ))))))))))))))))))))))))))))))
.
.
2012-01-30 16:07 . 2012-01-30 16:07 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-01-29 06:23 . 2012-01-29 06:23 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-01-28 17:20 . 2012-01-28 17:20 55384 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2012-01-28 17:18 . 2012-01-30 15:14 -------- dc----w- c:\windows\system32\DRVSTORE
2012-01-28 17:18 . 2012-01-30 15:14 -------- d-----w- c:\programdata\Lavasoft
2012-01-27 21:30 . 2012-01-27 21:31 -------- d-----w- c:\users\Chris\AppData\Roaming\AVG
2012-01-27 21:24 . 2012-01-30 15:20 -------- d-----w- c:\program files (x86)\AVG
2012-01-27 21:09 . 2012-01-27 21:09 -------- d--h--w- c:\programdata\Common Files
2012-01-27 21:08 . 2012-01-30 15:21 -------- d-----w- c:\programdata\MFAData
2012-01-27 17:28 . 2012-01-27 17:29 -------- d-----w- C:\SysinternalsSuite
2012-01-27 16:03 . 2012-01-06 05:15 8602168 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7F8F45A2-9D55-441A-ADFF-B7F6A43C1E1C}\mpengine.dll
2012-01-26 03:07 . 2012-01-26 03:07 -------- d-----w- C:\Intel
2012-01-25 17:20 . 2012-01-25 17:20 -------- d-----w- c:\windows\SysWow64\Wat
2012-01-25 17:20 . 2012-01-25 17:20 -------- d-----w- c:\windows\system32\Wat
2012-01-25 16:42 . 2012-01-25 16:42 -------- d-----w- C:\ATI
2012-01-25 15:42 . 2011-03-11 06:15 96768 ----a-w- c:\windows\system32\fsutil.exe
2012-01-25 15:42 . 2011-03-11 05:37 74240 ----a-w- c:\windows\SysWow64\fsutil.exe
2012-01-25 15:41 . 2011-11-19 15:07 77312 ----a-w- c:\windows\system32\packager.dll
2012-01-25 15:41 . 2011-11-19 14:06 67072 ----a-w- c:\windows\SysWow64\packager.dll
2012-01-25 14:54 . 2012-01-25 14:54 -------- d-----w- c:\users\Chris\AppData\Roaming\Malwarebytes
2012-01-25 14:54 . 2012-01-25 14:54 -------- d-----w- c:\programdata\Malwarebytes
2012-01-25 14:54 . 2012-01-25 14:56 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-01-16 00:20 . 2006-01-17 07:03 177152 ----a-w- c:\windows\system32\BrfxDA5a.dll
2012-01-16 00:19 . 2006-11-01 02:42 53248 ----a-w- c:\windows\SysWow64\brinsstr.dll
2012-01-16 00:19 . 2006-10-10 22:19 37376 ----a-w- c:\windows\SysWow64\Brnsplg.dll
2012-01-16 00:19 . 2006-08-09 20:08 55296 ----a-w- c:\windows\SysWow64\BrNetSti.dll
2012-01-16 00:19 . 2006-07-05 20:22 34816 ----a-w- c:\windows\SysWow64\BrWiaNCp.dll
2012-01-16 00:19 . 2006-04-13 23:12 163840 ----a-w- c:\windows\SysWow64\NSSearch.dll
2012-01-16 00:19 . 2004-12-10 22:35 147456 ----a-w- c:\windows\brunin03.dll
2012-01-16 00:19 . 2002-11-26 19:43 106496 ----a-w- c:\windows\SysWow64\BrMuSNMP.dll
2012-01-15 23:58 . 2008-10-18 02:04 179712 ------w- c:\windows\system32\BrfxDA5b.dll
2012-01-15 23:58 . 2012-01-16 00:32 -------- d-----w- c:\program files (x86)\Brother
2012-01-15 23:55 . 2012-01-15 23:55 -------- d-----w- c:\programdata\Brother
2012-01-15 23:33 . 2012-01-15 23:33 -------- d-----w- C:\eng
2012-01-13 04:04 . 2012-01-15 23:31 -------- d-----w- c:\users\Chris\AppData\Local\ElevatedDiagnostics
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-16 15:13 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2011-12-16 15:13 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2011-12-07 16:39 . 2011-01-03 15:56 279096 ------w- c:\windows\system32\MpSigStub.exe
2011-11-24 21:23 . 2011-11-24 21:23 98616 ----a-w- c:\windows\system32\drivers\ssudbus.sys
2011-11-24 04:52 . 2011-12-16 14:47 3145216 ----a-w- c:\windows\system32\win32k.sys
2011-11-05 05:41 . 2011-12-16 14:48 1188864 ----a-w- c:\windows\system32\wininet.dll
2011-11-05 05:32 . 2011-12-16 14:47 2048 ----a-w- c:\windows\system32\tzres.dll
2011-11-05 04:35 . 2011-12-16 14:48 981504 ----a-w- c:\windows\SysWow64\wininet.dll
2011-11-05 04:26 . 2011-12-16 14:47 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2011-11-05 03:32 . 2011-12-16 14:48 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-11-05 02:48 . 2011-12-16 14:48 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Google Calendar Sync.lnk - c:\program files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe [2011-4-8 542264]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)
.
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-12-24 652872]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [x]
R3 e1yexpress;Intel® Gigabit-Netzwerkverbindungstreiber;c:\windows\system32\DRIVERS\e1y60x64.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
R4 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_1c0e2d1db9f5b08e\AESTSr64.exe [2009-03-03 89600]
R4 MSSQLServerADHelper100;SQL Server Hilfsdienst für Active Directory;c:\program files (x86)\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-03-31 47128]
R4 SQLAgent$SQLEXPRESS;SQL Server-Agent (SQLEXPRESS);c:\program files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 366936]
R4 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [2010-01-05 2184496]
S1 DVMIO;DeviceVM IO Service;c:\windows\system32\DRIVERS\dvmio.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-03-18 2320920]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-01-22 09:06 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Inhalt des "geplante Tasks" Ordners
.
2012-01-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-630589229-1837631642-936809029-1000Core.job
- c:\users\Chris\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-28 04:20]
.
2012-01-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-630589229-1837631642-936809029-1000UA.job
- c:\users\Chris\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-28 04:20]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-01-14 487424]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://search.foxtab.com/?s=0&chnl=dcom&cd=2XzutBtN2Y1L1Qzu0CyEyEyCtCzytAyBtC0Ezy0CtB0B0E0CtAtN0D0TzutBtDtCtCtDzztDyE&cr=1239554863
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://search.foxtab.com/?s=0&chnl=dcom&cd=2XzutBtN2Y1L1Qzu0CyEyEyCtCzytAyBtC0Ezy0CtB0B0E0CtAtN0D0TzutBtDtCtCtDzztDyE&cr=1239554863
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 208.180.42.68 208.180.42.100
FF - ProfilePath - c:\users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\ebe0dtqf.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-01-30 10:27:25
ComboFix-quarantined-files.txt 2012-01-30 16:27
.
Vor Suchlauf: 16 Verzeichnis(se), 412.907.544.576 Bytes frei
Nach Suchlauf: 20 Verzeichnis(se), 412.889.452.544 Bytes frei
.
- - End Of File - - 8168C0E95AD460BACC1401382760AB8B

Edited by crakkerjak, 01 February 2012 - 10:10 PM.


#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:16 PM

Posted 01 February 2012 - 10:11 PM

Hello

I want you to run this tool for me next.

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 crakkerjak

crakkerjak
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:16 PM

Posted 01 February 2012 - 10:55 PM

Thanks for the prompt reply. As you can see below, Rootkit.Boot.SST.b was found and cured. A reboot was required. Too early to report on the health of the computer, but the results are very encouraging. I'll be putting the word out about the help you guys are offering here. Love your methods!

21:50:22.0632 2788 TDSS rootkit removing tool 2.7.9.0 Feb 1 2012 09:28:49
21:50:23.0085 2788 ============================================================
21:50:23.0085 2788 Current date / time: 2012/02/01 21:50:23.0085
21:50:23.0085 2788 SystemInfo:
21:50:23.0085 2788
21:50:23.0085 2788 OS Version: 6.1.7601 ServicePack: 1.0
21:50:23.0085 2788 Product type: Workstation
21:50:23.0085 2788 ComputerName: CHRIS-PC
21:50:23.0085 2788 UserName: Chris
21:50:23.0085 2788 Windows directory: C:\Windows
21:50:23.0085 2788 System windows directory: C:\Windows
21:50:23.0085 2788 Running under WOW64
21:50:23.0085 2788 Processor architecture: Intel x64
21:50:23.0085 2788 Number of processors: 8
21:50:23.0085 2788 Page size: 0x1000
21:50:23.0085 2788 Boot type: Normal boot
21:50:23.0085 2788 ============================================================
21:50:24.0411 2788 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
21:50:24.0411 2788 Drive \Device\Harddisk1\DR1 - Size: 0xEE680000 (3.73 Gb), SectorSize: 0x200, Cylinders: 0x1E6, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
21:50:24.0426 2788 \Device\Harddisk0\DR0:
21:50:24.0426 2788 MBR used
21:50:24.0426 2788 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
21:50:24.0426 2788 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x3A321000
21:50:24.0426 2788 \Device\Harddisk1\DR1:
21:50:24.0426 2788 MBR used
21:50:24.0426 2788 \Device\Harddisk1\DR1\Partition0: MBR, Type 0xB, StartLBA 0x2000, BlocksNum 0x771400
21:50:24.0442 2788 Initialize success
21:50:24.0442 2788 ============================================================
21:50:25.0986 2020 ============================================================
21:50:25.0986 2020 Scan started
21:50:25.0986 2020 Mode: Manual;
21:50:25.0986 2020 ============================================================
21:50:26.0688 2020 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
21:50:26.0688 2020 1394ohci - ok
21:50:26.0751 2020 Accelerometer (5c368f4b04ed2a923e6afca2d37baff5) C:\Windows\system32\DRIVERS\Accelerometer.sys
21:50:26.0751 2020 Accelerometer - ok
21:50:26.0798 2020 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
21:50:26.0798 2020 ACPI - ok
21:50:26.0813 2020 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
21:50:26.0813 2020 AcpiPmi - ok
21:50:26.0876 2020 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
21:50:26.0891 2020 adp94xx - ok
21:50:26.0969 2020 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
21:50:26.0985 2020 adpahci - ok
21:50:27.0016 2020 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
21:50:27.0032 2020 adpu320 - ok
21:50:27.0110 2020 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
21:50:27.0110 2020 AFD - ok
21:50:27.0219 2020 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
21:50:27.0219 2020 agp440 - ok
21:50:27.0281 2020 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
21:50:27.0281 2020 aliide - ok
21:50:27.0312 2020 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
21:50:27.0312 2020 amdide - ok
21:50:27.0344 2020 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
21:50:27.0344 2020 AmdK8 - ok
21:50:27.0531 2020 amdkmdag (52679612d742bf74ca1ba6ab86ddf431) C:\Windows\system32\DRIVERS\atipmdag.sys
21:50:27.0609 2020 amdkmdag - ok
21:50:27.0687 2020 amdkmdap (414e0788920a8c856032be2cbf29f984) C:\Windows\system32\DRIVERS\atikmpag.sys
21:50:27.0702 2020 amdkmdap - ok
21:50:27.0749 2020 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
21:50:27.0749 2020 AmdPPM - ok
21:50:27.0780 2020 amdsata (6ec6d772eae38dc17c14aed9b178d24b) C:\Windows\system32\drivers\amdsata.sys
21:50:27.0796 2020 amdsata - ok
21:50:27.0812 2020 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
21:50:27.0827 2020 amdsbs - ok
21:50:27.0843 2020 amdxata (1142a21db581a84ea5597b03a26ebaa0) C:\Windows\system32\drivers\amdxata.sys
21:50:27.0843 2020 amdxata - ok
21:50:27.0905 2020 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
21:50:27.0905 2020 AppID - ok
21:50:28.0030 2020 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
21:50:28.0030 2020 arc - ok
21:50:28.0061 2020 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
21:50:28.0077 2020 arcsas - ok
21:50:28.0092 2020 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
21:50:28.0092 2020 AsyncMac - ok
21:50:28.0155 2020 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
21:50:28.0155 2020 atapi - ok
21:50:28.0248 2020 athr (40734f3a5eec4c4ac6a1faf10b293714) C:\Windows\system32\DRIVERS\athrx.sys
21:50:28.0280 2020 athr - ok
21:50:28.0389 2020 AtiHdmiService (fb7602c5c508be281368aae0b61b51c6) C:\Windows\system32\drivers\AtiHdmi.sys
21:50:28.0389 2020 AtiHdmiService - ok
21:50:28.0467 2020 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
21:50:28.0467 2020 b06bdrv - ok
21:50:28.0560 2020 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
21:50:28.0560 2020 b57nd60a - ok
21:50:28.0592 2020 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
21:50:28.0592 2020 Beep - ok
21:50:28.0670 2020 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
21:50:28.0670 2020 blbdrive - ok
21:50:28.0701 2020 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
21:50:28.0701 2020 bowser - ok
21:50:28.0779 2020 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
21:50:28.0779 2020 BrFiltLo - ok
21:50:28.0794 2020 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
21:50:28.0794 2020 BrFiltUp - ok
21:50:28.0857 2020 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
21:50:28.0857 2020 BridgeMP - ok
21:50:28.0919 2020 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
21:50:28.0919 2020 Brserid - ok
21:50:28.0997 2020 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
21:50:28.0997 2020 BrSerWdm - ok
21:50:29.0028 2020 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
21:50:29.0028 2020 BrUsbMdm - ok
21:50:29.0028 2020 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
21:50:29.0028 2020 BrUsbSer - ok
21:50:29.0091 2020 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
21:50:29.0091 2020 BthEnum - ok
21:50:29.0106 2020 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
21:50:29.0122 2020 BTHMODEM - ok
21:50:29.0153 2020 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
21:50:29.0153 2020 BthPan - ok
21:50:29.0184 2020 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys
21:50:29.0184 2020 BTHPORT - ok
21:50:29.0294 2020 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys
21:50:29.0294 2020 BTHUSB - ok
21:50:29.0325 2020 btwaudio (af838d8029ae7c27470862d63fa54d24) C:\Windows\system32\drivers\btwaudio.sys
21:50:29.0325 2020 btwaudio - ok
21:50:29.0340 2020 btwavdt (5c849bd7c78791c5cee9f4651d7fe38d) C:\Windows\system32\drivers\btwavdt.sys
21:50:29.0340 2020 btwavdt - ok
21:50:29.0387 2020 btwl2cap (6149301dc3f81d6f9667a3fbac410975) C:\Windows\system32\DRIVERS\btwl2cap.sys
21:50:29.0387 2020 btwl2cap - ok
21:50:29.0403 2020 btwrchid (3e1991afa851a36dc978b0a1b0535c8b) C:\Windows\system32\DRIVERS\btwrchid.sys
21:50:29.0403 2020 btwrchid - ok
21:50:29.0450 2020 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
21:50:29.0450 2020 cdfs - ok
21:50:29.0559 2020 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
21:50:29.0559 2020 cdrom - ok
21:50:29.0606 2020 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
21:50:29.0606 2020 circlass - ok
21:50:29.0637 2020 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
21:50:29.0637 2020 CLFS - ok
21:50:29.0684 2020 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
21:50:29.0684 2020 CmBatt - ok
21:50:29.0699 2020 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
21:50:29.0699 2020 cmdide - ok
21:50:29.0746 2020 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
21:50:29.0762 2020 CNG - ok
21:50:29.0824 2020 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
21:50:29.0824 2020 Compbatt - ok
21:50:29.0871 2020 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
21:50:29.0871 2020 CompositeBus - ok
21:50:29.0902 2020 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
21:50:29.0918 2020 crcdisk - ok
21:50:29.0964 2020 dc3d (7af9dac504fbd047cbc3e64ae52c92bf) C:\Windows\system32\DRIVERS\dc3d.sys
21:50:29.0964 2020 dc3d - ok
21:50:30.0074 2020 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
21:50:30.0074 2020 DfsC - ok
21:50:30.0120 2020 dg_ssudbus (388039f99ce8769024ee0438352aca99) C:\Windows\system32\DRIVERS\ssudbus.sys
21:50:30.0120 2020 dg_ssudbus - ok
21:50:30.0183 2020 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
21:50:30.0183 2020 discache - ok
21:50:30.0230 2020 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
21:50:30.0230 2020 Disk - ok
21:50:30.0276 2020 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
21:50:30.0276 2020 drmkaud - ok
21:50:30.0354 2020 DVMIO (a298aea9fca253e7eff040a08c7c6376) C:\Windows\system32\DRIVERS\dvmio.sys
21:50:30.0354 2020 DVMIO - ok
21:50:30.0417 2020 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
21:50:30.0417 2020 DXGKrnl - ok
21:50:30.0479 2020 e1yexpress (50ad8fc1dc800ff36087994c8f7fdff2) C:\Windows\system32\DRIVERS\e1y60x64.sys
21:50:30.0495 2020 e1yexpress - ok
21:50:30.0620 2020 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
21:50:30.0651 2020 ebdrv - ok
21:50:30.0776 2020 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
21:50:30.0776 2020 elxstor - ok
21:50:30.0807 2020 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
21:50:30.0807 2020 ErrDev - ok
21:50:30.0854 2020 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
21:50:30.0854 2020 exfat - ok
21:50:30.0916 2020 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
21:50:30.0916 2020 fastfat - ok
21:50:30.0978 2020 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
21:50:30.0994 2020 fdc - ok
21:50:31.0025 2020 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
21:50:31.0025 2020 FileInfo - ok
21:50:31.0041 2020 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
21:50:31.0041 2020 Filetrace - ok
21:50:31.0072 2020 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
21:50:31.0072 2020 flpydisk - ok
21:50:31.0119 2020 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
21:50:31.0119 2020 FltMgr - ok
21:50:31.0166 2020 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
21:50:31.0181 2020 FsDepends - ok
21:50:31.0197 2020 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
21:50:31.0197 2020 Fs_Rec - ok
21:50:31.0259 2020 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
21:50:31.0275 2020 fvevol - ok
21:50:31.0306 2020 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
21:50:31.0306 2020 gagp30kx - ok
21:50:31.0337 2020 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
21:50:31.0337 2020 hcw85cir - ok
21:50:31.0415 2020 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
21:50:31.0431 2020 HdAudAddService - ok
21:50:31.0478 2020 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
21:50:31.0493 2020 HDAudBus - ok
21:50:31.0524 2020 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
21:50:31.0524 2020 HECIx64 - ok
21:50:31.0556 2020 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
21:50:31.0556 2020 HidBatt - ok
21:50:31.0571 2020 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
21:50:31.0571 2020 HidBth - ok
21:50:31.0634 2020 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
21:50:31.0634 2020 HidIr - ok
21:50:31.0712 2020 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
21:50:31.0712 2020 HidUsb - ok
21:50:31.0758 2020 hpdskflt (4e0bec0f78096ffd6d3314b497fc49d3) C:\Windows\system32\DRIVERS\hpdskflt.sys
21:50:31.0758 2020 hpdskflt - ok
21:50:31.0774 2020 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
21:50:31.0774 2020 HpSAMD - ok
21:50:31.0836 2020 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
21:50:31.0852 2020 HTTP - ok
21:50:31.0930 2020 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
21:50:31.0946 2020 hwpolicy - ok
21:50:31.0992 2020 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
21:50:32.0008 2020 i8042prt - ok
21:50:32.0039 2020 iaStor (073a606333b6f7bbf20aa856df7f0997) C:\Windows\system32\DRIVERS\iaStor.sys
21:50:32.0055 2020 iaStor - ok
21:50:32.0102 2020 iaStorV (3df4395a7cf8b7a72a5f4606366b8c2d) C:\Windows\system32\drivers\iaStorV.sys
21:50:32.0117 2020 iaStorV - ok
21:50:32.0289 2020 igfx (a87261ef1546325b559374f5689cf5bc) C:\Windows\system32\DRIVERS\igdkmd64.sys
21:50:32.0336 2020 igfx - ok
21:50:32.0414 2020 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
21:50:32.0414 2020 iirsp - ok
21:50:32.0460 2020 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
21:50:32.0460 2020 intelide - ok
21:50:32.0492 2020 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
21:50:32.0492 2020 intelppm - ok
21:50:32.0538 2020 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:50:32.0538 2020 IpFilterDriver - ok
21:50:32.0570 2020 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
21:50:32.0570 2020 IPMIDRV - ok
21:50:32.0585 2020 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
21:50:32.0601 2020 IPNAT - ok
21:50:32.0679 2020 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
21:50:32.0679 2020 IRENUM - ok
21:50:32.0726 2020 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
21:50:32.0726 2020 isapnp - ok
21:50:32.0757 2020 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
21:50:32.0757 2020 iScsiPrt - ok
21:50:32.0788 2020 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
21:50:32.0788 2020 kbdclass - ok
21:50:32.0819 2020 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
21:50:32.0819 2020 kbdhid - ok
21:50:32.0866 2020 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
21:50:32.0866 2020 KSecDD - ok
21:50:32.0944 2020 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
21:50:32.0960 2020 KSecPkg - ok
21:50:32.0975 2020 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
21:50:32.0975 2020 ksthunk - ok
21:50:33.0038 2020 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
21:50:33.0053 2020 lltdio - ok
21:50:33.0147 2020 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
21:50:33.0147 2020 LSI_FC - ok
21:50:33.0178 2020 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
21:50:33.0178 2020 LSI_SAS - ok
21:50:33.0209 2020 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
21:50:33.0209 2020 LSI_SAS2 - ok
21:50:33.0225 2020 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
21:50:33.0225 2020 LSI_SCSI - ok
21:50:33.0256 2020 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
21:50:33.0256 2020 luafv - ok
21:50:33.0272 2020 MBAMProtector - ok
21:50:33.0303 2020 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
21:50:33.0303 2020 megasas - ok
21:50:33.0334 2020 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
21:50:33.0334 2020 MegaSR - ok
21:50:33.0412 2020 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
21:50:33.0412 2020 Modem - ok
21:50:33.0428 2020 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
21:50:33.0428 2020 monitor - ok
21:50:33.0459 2020 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
21:50:33.0459 2020 mouclass - ok
21:50:33.0506 2020 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
21:50:33.0506 2020 mouhid - ok
21:50:33.0552 2020 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
21:50:33.0552 2020 mountmgr - ok
21:50:33.0584 2020 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
21:50:33.0584 2020 mpio - ok
21:50:33.0662 2020 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
21:50:33.0662 2020 mpsdrv - ok
21:50:33.0708 2020 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
21:50:33.0708 2020 MRxDAV - ok
21:50:33.0755 2020 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
21:50:33.0755 2020 mrxsmb - ok
21:50:33.0786 2020 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:50:33.0786 2020 mrxsmb10 - ok
21:50:33.0802 2020 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:50:33.0802 2020 mrxsmb20 - ok
21:50:33.0849 2020 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
21:50:33.0849 2020 msahci - ok
21:50:33.0911 2020 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
21:50:33.0911 2020 msdsm - ok
21:50:33.0958 2020 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
21:50:33.0958 2020 Msfs - ok
21:50:33.0974 2020 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
21:50:33.0974 2020 mshidkmdf - ok
21:50:33.0989 2020 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
21:50:33.0989 2020 msisadrv - ok
21:50:34.0036 2020 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
21:50:34.0036 2020 MSKSSRV - ok
21:50:34.0052 2020 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
21:50:34.0052 2020 MSPCLOCK - ok
21:50:34.0067 2020 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
21:50:34.0067 2020 MSPQM - ok
21:50:34.0130 2020 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
21:50:34.0130 2020 MsRPC - ok
21:50:34.0208 2020 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
21:50:34.0208 2020 mssmbios - ok
21:50:34.0286 2020 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
21:50:34.0286 2020 MSTEE - ok
21:50:34.0317 2020 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
21:50:34.0317 2020 MTConfig - ok
21:50:34.0332 2020 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
21:50:34.0332 2020 Mup - ok
21:50:34.0426 2020 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
21:50:34.0426 2020 NativeWifiP - ok
21:50:34.0504 2020 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
21:50:34.0520 2020 NDIS - ok
21:50:34.0598 2020 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
21:50:34.0598 2020 NdisCap - ok
21:50:34.0629 2020 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
21:50:34.0629 2020 NdisTapi - ok
21:50:34.0691 2020 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
21:50:34.0691 2020 Ndisuio - ok
21:50:34.0722 2020 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
21:50:34.0738 2020 NdisWan - ok
21:50:34.0785 2020 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
21:50:34.0785 2020 NDProxy - ok
21:50:34.0878 2020 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
21:50:34.0878 2020 NetBIOS - ok
21:50:34.0910 2020 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
21:50:34.0910 2020 NetBT - ok
21:50:35.0066 2020 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys
21:50:35.0112 2020 netw5v64 - ok
21:50:35.0190 2020 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
21:50:35.0190 2020 nfrd960 - ok
21:50:35.0222 2020 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
21:50:35.0222 2020 Npfs - ok
21:50:35.0237 2020 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
21:50:35.0237 2020 nsiproxy - ok
21:50:35.0331 2020 Ntfs (05d78aa5cb5f3f5c31160bdb955d0b7c) C:\Windows\system32\drivers\Ntfs.sys
21:50:35.0346 2020 Ntfs - ok
21:50:35.0409 2020 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
21:50:35.0409 2020 Null - ok
21:50:35.0456 2020 nvraid (5d9fd91f3d38dc9da01e3cb5fa89cd48) C:\Windows\system32\drivers\nvraid.sys
21:50:35.0456 2020 nvraid - ok
21:50:35.0487 2020 nvstor (f7cd50fe7139f07e77da8ac8033d1832) C:\Windows\system32\drivers\nvstor.sys
21:50:35.0487 2020 nvstor - ok
21:50:35.0518 2020 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
21:50:35.0518 2020 nv_agp - ok
21:50:35.0549 2020 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
21:50:35.0549 2020 ohci1394 - ok
21:50:35.0580 2020 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
21:50:35.0580 2020 Parport - ok
21:50:35.0643 2020 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
21:50:35.0658 2020 partmgr - ok
21:50:35.0721 2020 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
21:50:35.0721 2020 pci - ok
21:50:35.0736 2020 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
21:50:35.0736 2020 pciide - ok
21:50:35.0768 2020 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
21:50:35.0768 2020 pcmcia - ok
21:50:35.0799 2020 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
21:50:35.0799 2020 pcw - ok
21:50:35.0830 2020 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
21:50:35.0830 2020 PEAUTH - ok
21:50:35.0970 2020 Point64 (4f0878fd62d5f7444c5f1c4c66d9d293) C:\Windows\system32\DRIVERS\point64.sys
21:50:35.0986 2020 Point64 - ok
21:50:36.0017 2020 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
21:50:36.0033 2020 PptpMiniport - ok
21:50:36.0048 2020 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
21:50:36.0064 2020 Processor - ok
21:50:36.0111 2020 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
21:50:36.0111 2020 Psched - ok
21:50:36.0173 2020 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
21:50:36.0189 2020 ql2300 - ok
21:50:36.0267 2020 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
21:50:36.0267 2020 ql40xx - ok
21:50:36.0298 2020 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
21:50:36.0298 2020 QWAVEdrv - ok
21:50:36.0329 2020 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
21:50:36.0329 2020 RasAcd - ok
21:50:36.0360 2020 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
21:50:36.0360 2020 RasAgileVpn - ok
21:50:36.0407 2020 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
21:50:36.0407 2020 Rasl2tp - ok
21:50:36.0438 2020 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
21:50:36.0438 2020 RasPppoe - ok
21:50:36.0516 2020 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
21:50:36.0516 2020 RasSstp - ok
21:50:36.0563 2020 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
21:50:36.0579 2020 rdbss - ok
21:50:36.0594 2020 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
21:50:36.0594 2020 rdpbus - ok
21:50:36.0626 2020 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
21:50:36.0626 2020 RDPCDD - ok
21:50:36.0657 2020 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
21:50:36.0657 2020 RDPENCDD - ok
21:50:36.0672 2020 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
21:50:36.0672 2020 RDPREFMP - ok
21:50:36.0688 2020 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
21:50:36.0704 2020 RDPWD - ok
21:50:36.0813 2020 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
21:50:36.0813 2020 rdyboost - ok
21:50:36.0875 2020 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
21:50:36.0875 2020 RFCOMM - ok
21:50:36.0922 2020 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
21:50:36.0922 2020 rspndr - ok
21:50:36.0953 2020 RSUSBSTOR (907c4464381b5ebdfdc60f6c7d0dedfc) C:\Windows\system32\Drivers\RtsUStor.sys
21:50:36.0969 2020 RSUSBSTOR - ok
21:50:37.0062 2020 RTL8167 (4b42bc58294e83a6a92ec8b88c14c4a3) C:\Windows\system32\DRIVERS\Rt64win7.sys
21:50:37.0062 2020 RTL8167 - ok
21:50:37.0109 2020 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
21:50:37.0125 2020 sbp2port - ok
21:50:37.0156 2020 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
21:50:37.0156 2020 scfilter - ok
21:50:37.0203 2020 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\drivers\sdbus.sys
21:50:37.0203 2020 sdbus - ok
21:50:37.0250 2020 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
21:50:37.0265 2020 secdrv - ok
21:50:37.0343 2020 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
21:50:37.0343 2020 Serenum - ok
21:50:37.0374 2020 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
21:50:37.0374 2020 Serial - ok
21:50:37.0421 2020 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
21:50:37.0421 2020 sermouse - ok
21:50:37.0468 2020 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
21:50:37.0468 2020 sffdisk - ok
21:50:37.0515 2020 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
21:50:37.0515 2020 sffp_mmc - ok
21:50:37.0530 2020 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
21:50:37.0530 2020 sffp_sd - ok
21:50:37.0608 2020 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
21:50:37.0608 2020 sfloppy - ok
21:50:37.0655 2020 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
21:50:37.0655 2020 SiSRaid2 - ok
21:50:37.0671 2020 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
21:50:37.0671 2020 SiSRaid4 - ok
21:50:37.0702 2020 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
21:50:37.0702 2020 Smb - ok
21:50:37.0733 2020 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
21:50:37.0733 2020 spldr - ok
21:50:37.0842 2020 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
21:50:37.0842 2020 srv - ok
21:50:37.0920 2020 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
21:50:37.0920 2020 srv2 - ok
21:50:37.0952 2020 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
21:50:37.0952 2020 SrvHsfHDA - ok
21:50:38.0014 2020 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
21:50:38.0030 2020 SrvHsfV92 - ok
21:50:38.0123 2020 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
21:50:38.0139 2020 SrvHsfWinac - ok
21:50:38.0248 2020 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
21:50:38.0248 2020 srvnet - ok
21:50:38.0373 2020 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
21:50:38.0373 2020 stexstor - ok
21:50:38.0420 2020 STHDA (936a4d05f7a790b8aab3b6be61651e0e) C:\Windows\system32\DRIVERS\stwrt64.sys
21:50:38.0420 2020 STHDA - ok
21:50:38.0482 2020 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
21:50:38.0482 2020 swenum - ok
21:50:38.0607 2020 SynTP (33e6a285daa5134d8ea2247914c86c09) C:\Windows\system32\DRIVERS\SynTP.sys
21:50:38.0622 2020 SynTP - ok
21:50:38.0732 2020 Tcpip (f0e98c00a09fdf791525829a1d14240f) C:\Windows\system32\drivers\tcpip.sys
21:50:38.0763 2020 Tcpip - ok
21:50:38.0794 2020 TCPIP6 (f0e98c00a09fdf791525829a1d14240f) C:\Windows\system32\DRIVERS\tcpip.sys
21:50:38.0810 2020 TCPIP6 - ok
21:50:38.0841 2020 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
21:50:38.0841 2020 tcpipreg - ok
21:50:38.0872 2020 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
21:50:38.0872 2020 TDPIPE - ok
21:50:38.0919 2020 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
21:50:38.0919 2020 TDTCP - ok
21:50:38.0981 2020 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
21:50:38.0981 2020 tdx - ok
21:50:39.0028 2020 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
21:50:39.0028 2020 TermDD - ok
21:50:39.0122 2020 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
21:50:39.0122 2020 tssecsrv - ok
21:50:39.0215 2020 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
21:50:39.0215 2020 TsUsbFlt - ok
21:50:39.0278 2020 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
21:50:39.0278 2020 tunnel - ok
21:50:39.0309 2020 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
21:50:39.0309 2020 uagp35 - ok
21:50:39.0387 2020 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
21:50:39.0387 2020 udfs - ok
21:50:39.0480 2020 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
21:50:39.0480 2020 uliagpkx - ok
21:50:39.0512 2020 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
21:50:39.0512 2020 umbus - ok
21:50:39.0543 2020 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
21:50:39.0543 2020 UmPass - ok
21:50:39.0574 2020 usbccgp (481dff26b4dca8f4cbac1f7dce1d6829) C:\Windows\system32\DRIVERS\usbccgp.sys
21:50:39.0590 2020 usbccgp - ok
21:50:39.0605 2020 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
21:50:39.0605 2020 usbcir - ok
21:50:39.0652 2020 usbehci (74ee782b1d9c241efe425565854c661c) C:\Windows\system32\drivers\usbehci.sys
21:50:39.0652 2020 usbehci - ok
21:50:39.0699 2020 usbhub (dc96bd9ccb8403251bcf25047573558e) C:\Windows\system32\drivers\usbhub.sys
21:50:39.0714 2020 usbhub - ok
21:50:39.0730 2020 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\drivers\usbohci.sys
21:50:39.0730 2020 usbohci - ok
21:50:39.0777 2020 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
21:50:39.0777 2020 usbprint - ok
21:50:39.0824 2020 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
21:50:39.0824 2020 usbscan - ok
21:50:39.0870 2020 USBSTOR (d76510cfa0fc09023077f22c2f979d86) C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:50:39.0870 2020 USBSTOR - ok
21:50:39.0917 2020 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\drivers\usbuhci.sys
21:50:39.0933 2020 usbuhci - ok
21:50:39.0980 2020 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
21:50:39.0995 2020 usbvideo - ok
21:50:40.0026 2020 usb_rndisx (70d05ee263568a742d14e1876df80532) C:\Windows\system32\DRIVERS\usb8023x.sys
21:50:40.0026 2020 usb_rndisx - ok
21:50:40.0089 2020 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
21:50:40.0089 2020 vdrvroot - ok
21:50:40.0120 2020 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
21:50:40.0120 2020 vga - ok
21:50:40.0167 2020 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
21:50:40.0182 2020 VgaSave - ok
21:50:40.0229 2020 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
21:50:40.0229 2020 vhdmp - ok
21:50:40.0245 2020 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
21:50:40.0260 2020 viaide - ok
21:50:40.0292 2020 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
21:50:40.0292 2020 volmgr - ok
21:50:40.0338 2020 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
21:50:40.0338 2020 volmgrx - ok
21:50:40.0385 2020 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
21:50:40.0385 2020 volsnap - ok
21:50:40.0448 2020 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
21:50:40.0448 2020 vsmraid - ok
21:50:40.0494 2020 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
21:50:40.0494 2020 vwifibus - ok
21:50:40.0526 2020 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
21:50:40.0526 2020 vwififlt - ok
21:50:40.0541 2020 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
21:50:40.0541 2020 vwifimp - ok
21:50:40.0572 2020 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
21:50:40.0572 2020 WacomPen - ok
21:50:40.0635 2020 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
21:50:40.0635 2020 WANARP - ok
21:50:40.0650 2020 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
21:50:40.0650 2020 Wanarpv6 - ok
21:50:40.0728 2020 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
21:50:40.0728 2020 Wd - ok
21:50:40.0791 2020 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
21:50:40.0806 2020 Wdf01000 - ok
21:50:40.0869 2020 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
21:50:40.0869 2020 WfpLwf - ok
21:50:40.0900 2020 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
21:50:40.0900 2020 WIMMount - ok
21:50:40.0994 2020 WinUSB (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUSB.sys
21:50:40.0994 2020 WinUSB - ok
21:50:41.0025 2020 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
21:50:41.0025 2020 WmiAcpi - ok
21:50:41.0072 2020 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
21:50:41.0072 2020 ws2ifsl - ok
21:50:41.0118 2020 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
21:50:41.0134 2020 WudfPf - ok
21:50:41.0181 2020 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
21:50:41.0181 2020 WUDFRd - ok
21:50:41.0243 2020 yukonw7 (b3eeacf62445e24fbb2cd4b0fb4db026) C:\Windows\system32\DRIVERS\yk62x64.sys
21:50:41.0259 2020 yukonw7 - ok
21:50:41.0306 2020 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
21:50:41.0337 2020 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - infected
21:50:41.0337 2020 \Device\Harddisk0\DR0 - detected Rootkit.Boot.SST.b (0)
21:50:41.0352 2020 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR1
21:50:41.0399 2020 \Device\Harddisk1\DR1 - ok
21:50:41.0415 2020 Boot (0x1200) (09a8c884c35337a6f7e7226011df039c) \Device\Harddisk0\DR0\Partition0
21:50:41.0430 2020 \Device\Harddisk0\DR0\Partition0 - ok
21:50:41.0430 2020 Boot (0x1200) (8e7214eb252c9ca02ee6564e44a55e3b) \Device\Harddisk0\DR0\Partition1
21:50:41.0430 2020 \Device\Harddisk0\DR0\Partition1 - ok
21:50:41.0430 2020 Boot (0x1200) (8c003b311e7e2d39716f9c4ed926e742) \Device\Harddisk1\DR1\Partition0
21:50:41.0446 2020 \Device\Harddisk1\DR1\Partition0 - ok
21:50:41.0446 2020 ============================================================
21:50:41.0446 2020 Scan finished
21:50:41.0446 2020 ============================================================
21:50:41.0462 2876 Detected object count: 1
21:50:41.0462 2876 Actual detected object count: 1
21:50:54.0191 2876 \Device\Harddisk0\DR0\# - copied to quarantine
21:50:54.0191 2876 \Device\Harddisk0\DR0 - copied to quarantine
21:50:54.0191 2876 \Device\Harddisk0\DR0\TDLFS\cfg.ini - copied to quarantine
21:50:54.0191 2876 \Device\Harddisk0\DR0\TDLFS\mbr - copied to quarantine
21:50:54.0191 2876 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
21:50:54.0191 2876 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
21:50:54.0207 2876 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - will be cured on reboot
21:50:54.0207 2876 \Device\Harddisk0\DR0 - ok
21:50:54.0207 2876 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - User select action: Cure
21:51:04.0908 3128 Deinitialize success

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:16 PM

Posted 01 February 2012 - 11:10 PM

Hello


Do some checking and let me know if things are running better



:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 crakkerjak

crakkerjak
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:16 PM

Posted 02 February 2012 - 12:34 AM

No problems running it. Video plays clean. No forwarding since before cure... For the moment, it seems this house is clean.

ComboFix 12-02-01.01 - Chris 01.02.2012 22:50:27.2.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.4030.3021 [GMT -6:00]
ausgeführt von:: c:\users\Chris\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\Chris\Desktop\CFScript.txt
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-01-02 bis 2012-02-02 ))))))))))))))))))))))))))))))
.
.
2012-02-02 04:54 . 2012-02-02 04:54 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-02-02 03:50 . 2012-02-02 03:50 -------- d-----w- C:\TDSSKiller_Quarantine
2012-02-02 03:50 . 2012-02-02 03:50 116016 ----a-w- c:\windows\system32\drivers\71130205.sys
2012-01-31 11:13 . 2012-01-06 05:15 8602168 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{36CC8D6F-E667-4A7A-AACC-A99EC3E52DE8}\mpengine.dll
2012-01-29 06:23 . 2012-01-29 06:23 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-01-28 17:20 . 2012-01-28 17:20 55384 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2012-01-28 17:18 . 2012-01-30 15:14 -------- dc----w- c:\windows\system32\DRVSTORE
2012-01-28 17:18 . 2012-01-30 15:14 -------- d-----w- c:\programdata\Lavasoft
2012-01-27 21:30 . 2012-01-27 21:31 -------- d-----w- c:\users\Chris\AppData\Roaming\AVG
2012-01-27 21:24 . 2012-01-30 15:20 -------- d-----w- c:\program files (x86)\AVG
2012-01-27 21:09 . 2012-01-27 21:09 -------- d--h--w- c:\programdata\Common Files
2012-01-27 21:08 . 2012-01-30 15:21 -------- d-----w- c:\programdata\MFAData
2012-01-27 17:28 . 2012-01-27 17:29 -------- d-----w- C:\SysinternalsSuite
2012-01-26 03:07 . 2012-01-26 03:07 -------- d-----w- C:\Intel
2012-01-25 17:20 . 2012-01-25 17:20 -------- d-----w- c:\windows\SysWow64\Wat
2012-01-25 17:20 . 2012-01-25 17:20 -------- d-----w- c:\windows\system32\Wat
2012-01-25 16:42 . 2012-01-25 16:42 -------- d-----w- C:\ATI
2012-01-25 15:42 . 2011-03-11 06:15 96768 ----a-w- c:\windows\system32\fsutil.exe
2012-01-25 15:42 . 2011-03-11 05:37 74240 ----a-w- c:\windows\SysWow64\fsutil.exe
2012-01-25 15:41 . 2011-11-19 15:07 77312 ----a-w- c:\windows\system32\packager.dll
2012-01-25 15:41 . 2011-11-19 14:06 67072 ----a-w- c:\windows\SysWow64\packager.dll
2012-01-25 14:54 . 2012-01-25 14:54 -------- d-----w- c:\users\Chris\AppData\Roaming\Malwarebytes
2012-01-25 14:54 . 2012-01-25 14:54 -------- d-----w- c:\programdata\Malwarebytes
2012-01-25 14:54 . 2012-01-25 14:56 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-01-16 00:20 . 2006-01-17 07:03 177152 ----a-w- c:\windows\system32\BrfxDA5a.dll
2012-01-16 00:19 . 2006-11-01 02:42 53248 ----a-w- c:\windows\SysWow64\brinsstr.dll
2012-01-16 00:19 . 2006-10-10 22:19 37376 ----a-w- c:\windows\SysWow64\Brnsplg.dll
2012-01-16 00:19 . 2006-08-09 20:08 55296 ----a-w- c:\windows\SysWow64\BrNetSti.dll
2012-01-16 00:19 . 2006-07-05 20:22 34816 ----a-w- c:\windows\SysWow64\BrWiaNCp.dll
2012-01-16 00:19 . 2006-04-13 23:12 163840 ----a-w- c:\windows\SysWow64\NSSearch.dll
2012-01-16 00:19 . 2004-12-10 22:35 147456 ----a-w- c:\windows\brunin03.dll
2012-01-16 00:19 . 2002-11-26 19:43 106496 ----a-w- c:\windows\SysWow64\BrMuSNMP.dll
2012-01-15 23:58 . 2008-10-18 02:04 179712 ------w- c:\windows\system32\BrfxDA5b.dll
2012-01-15 23:58 . 2012-01-16 00:32 -------- d-----w- c:\program files (x86)\Brother
2012-01-15 23:55 . 2012-01-15 23:55 -------- d-----w- c:\programdata\Brother
2012-01-15 23:33 . 2012-01-15 23:33 -------- d-----w- C:\eng
2012-01-13 04:04 . 2012-01-15 23:31 -------- d-----w- c:\users\Chris\AppData\Local\ElevatedDiagnostics
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-16 15:13 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2011-12-16 15:13 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2011-12-07 16:39 . 2011-01-03 15:56 279096 ------w- c:\windows\system32\MpSigStub.exe
2011-11-24 21:23 . 2011-11-24 21:23 98616 ----a-w- c:\windows\system32\drivers\ssudbus.sys
2011-11-24 04:52 . 2011-12-16 14:47 3145216 ----a-w- c:\windows\system32\win32k.sys
2011-11-05 05:41 . 2011-12-16 14:48 1188864 ----a-w- c:\windows\system32\wininet.dll
2011-11-05 05:32 . 2011-12-16 14:47 2048 ----a-w- c:\windows\system32\tzres.dll
2011-11-05 04:35 . 2011-12-16 14:48 981504 ----a-w- c:\windows\SysWow64\wininet.dll
2011-11-05 04:26 . 2011-12-16 14:47 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2011-11-05 03:32 . 2011-12-16 14:48 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-11-05 02:48 . 2011-12-16 14:48 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
.
.
((((((((((((((((((((((((((((( SnapShot@2012-01-30_16.10.23 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-14 04:54 . 2012-02-02 03:51 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-01-30 15:23 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-01-30 15:23 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-02-02 03:51 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-01-30 15:23 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-02-02 03:51 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-03-03 18:45 . 2012-02-02 03:53 48144 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-02-02 03:53 43928 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
- 2011-05-07 12:04 . 2012-01-30 15:22 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-05-07 12:04 . 2012-02-02 03:51 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-05-07 12:04 . 2012-01-30 15:22 49152 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-05-07 12:04 . 2012-02-02 03:51 49152 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-05-07 12:04 . 2012-01-30 15:22 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-05-07 12:04 . 2012-02-02 03:51 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-01-03 16:51 . 2012-02-02 02:39 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-01-03 16:51 . 2012-01-30 15:22 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:46 . 2012-01-31 11:13 93832 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2011-01-03 16:51 . 2012-02-02 02:39 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-01-03 16:51 . 2012-01-30 15:22 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-01-03 16:51 . 2012-01-30 15:22 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-01-03 16:51 . 2012-02-02 02:39 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-01-03 14:39 . 2012-02-02 04:00 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-01-03 14:39 . 2012-01-30 15:04 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-01-03 14:39 . 2012-01-30 15:04 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-01-03 14:39 . 2012-02-02 04:00 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-01-03 16:15 . 2012-02-02 03:53 9136 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-630589229-1837631642-936809029-1000_UserData.bin
+ 2012-02-02 03:51 . 2012-02-02 03:51 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-01-30 15:22 . 2012-01-30 15:22 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-02-02 03:51 . 2012-02-02 03:51 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-01-30 15:22 . 2012-01-30 15:22 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-05-08 05:54 . 2012-02-02 02:31 409642 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2009-07-14 02:36 . 2012-02-02 03:56 675406 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-01-30 15:27 675406 c:\windows\system32\perfh009.dat
- 2010-03-04 03:21 . 2012-01-30 15:27 712082 c:\windows\system32\perfh007.dat
+ 2010-03-04 03:21 . 2012-02-02 03:56 712082 c:\windows\system32\perfh007.dat
+ 2009-07-14 02:36 . 2012-02-02 03:56 128814 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-01-30 15:27 128814 c:\windows\system32\perfc009.dat
+ 2010-03-04 03:21 . 2012-02-02 03:56 151640 c:\windows\system32\perfc007.dat
- 2010-03-04 03:21 . 2012-01-30 15:27 151640 c:\windows\system32\perfc007.dat
+ 2009-07-14 05:01 . 2012-02-02 03:51 426180 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-01-30 15:22 426180 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-01-03 16:12 . 2012-02-02 03:51 1686348 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-630589229-1837631642-936809029-1000-8192.dat
- 2011-01-03 16:12 . 2012-01-30 15:22 1686348 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-630589229-1837631642-936809029-1000-8192.dat
- 2011-01-03 19:25 . 2012-01-30 15:22 3286956 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-630589229-1837631642-936809029-1000-12288.dat
+ 2011-01-03 19:25 . 2012-01-31 12:04 3286956 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-630589229-1837631642-936809029-1000-12288.dat
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Google Calendar Sync.lnk - c:\program files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe [2011-4-8 542264]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)
.
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-12-24 652872]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [x]
R3 e1yexpress;Intel® Gigabit-Netzwerkverbindungstreiber;c:\windows\system32\DRIVERS\e1y60x64.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
R4 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_1c0e2d1db9f5b08e\AESTSr64.exe [2009-03-03 89600]
R4 MSSQLServerADHelper100;SQL Server Hilfsdienst für Active Directory;c:\program files (x86)\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-03-31 47128]
R4 SQLAgent$SQLEXPRESS;SQL Server-Agent (SQLEXPRESS);c:\program files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 366936]
R4 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [2010-01-05 2184496]
S1 DVMIO;DeviceVM IO Service;c:\windows\system32\DRIVERS\dvmio.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-03-18 2320920]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-01-22 09:06 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Inhalt des "geplante Tasks" Ordners
.
2012-01-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-630589229-1837631642-936809029-1000Core.job
- c:\users\Chris\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-28 04:20]
.
2012-02-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-630589229-1837631642-936809029-1000UA.job
- c:\users\Chris\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-28 04:20]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-01-14 487424]
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://search.foxtab.com/?s=0&chnl=dcom&cd=2XzutBtN2Y1L1Qzu0CyEyEyCtCzytAyBtC0Ezy0CtB0B0E0CtAtN0D0TzutBtDtCtCtDzztDyE&cr=1239554863
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://search.foxtab.com/?s=0&chnl=dcom&cd=2XzutBtN2Y1L1Qzu0CyEyEyCtCzytAyBtC0Ezy0CtB0B0E0CtAtN0D0TzutBtDtCtCtDzztDyE&cr=1239554863
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 208.180.42.68 208.180.42.100
FF - ProfilePath - c:\users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\ebe0dtqf.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-02-01 22:56:06
ComboFix-quarantined-files.txt 2012-02-02 04:56
ComboFix2.txt 2012-01-30 16:27
.
Vor Suchlauf: 20 Verzeichnis(se), 413.106.520.064 Bytes frei
Nach Suchlauf: 21 Verzeichnis(se), 413.056.569.344 Bytes frei
.
- - End Of File - - E2072725FF0A74B5748F22BEDBC3FDC6

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:16 PM

Posted 02 February 2012 - 07:55 AM

Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

TFC(Temp File Cleaner):

  • Please download TFC to your desktop,
  • Save any unsaved work. TFC will close all open application windows.
  • Double-click TFC.exe to run the program.
  • If prompted, click "Yes" to reboot.
Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. Only if needed will you be prompted to reboot.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 crakkerjak

crakkerjak
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:16 PM

Posted 02 February 2012 - 09:43 PM

All seems well. Log files below:

Malwarebytes Anti-Malware (Trial) 1.60.1.1000
www.malwarebytes.org

Database version: v2012.02.03.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Chris :: CHRIS-PC [administrator]

Protection: Disabled

02.02.2012 20:32:52
mbam-log-2012-02-02 (20-32-52).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 182122
Time elapsed: 2 minute(s), 17 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)



*************************************************************************************


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:41:29, on 02.02.2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.foxtab.com/?s=0&chnl=dcom&cd=2XzutBtN2Y1L1Qzu0CyEyEyCtCzytAyBtC0Ezy0CtB0B0E0CtAtN0D0TzutBtDtCtCtDzztDyE&cr=1239554863
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.foxtab.com/?s=0&chnl=dcom&cd=2XzutBtN2Y1L1Qzu0CyEyEyCtCzytAyBtC0Ezy0CtB0B0E0CtAtN0D0TzutBtDtCtCtDzztDyE&cr=1239554863
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - Global Startup: Google Calendar Sync.lnk = C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Easybits Services for Windows (ezSharedSvc) - EasyBits Software AS - C:\Windows\System32\ezSharedSvcHost.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: HP Health Check Service - Unknown owner - C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe (file missing)
O23 - Service: HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_1c0e2d1db9f5b08e\STacSV64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel® Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 7072 bytes

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:16 PM

Posted 02 February 2012 - 10:00 PM

Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - Global Startup: Google Calendar Sync.lnk = C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brackets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the ActiveX control to install
    • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • Click on copy to clipboard and paste the results here in this topic
  • you may also find here C:\Program Files\Eset\Eset Online Scanner\log.txt
Copy and paste that log as a reply to this topic

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 crakkerjak

crakkerjak
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:16 PM

Posted 02 February 2012 - 11:44 PM

Here is the list. I am a little disappointed in AVG for not removing their files on uninstallation.

C:\TDSSKiller_Quarantine\01.02.2012_21.50.23\mbr0000\tdlfs0000\tsk0003.dta Win32/Olmarik.AFK trojan
C:\Users\Chris\AppData\Roaming\AVG\Rescue\PC Tuneup 2011\120127153116433.rsc multiple threats
C:\Windows\Installer\48570e.msi a variant of Win32/HiddenStart.A application

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:16 PM

Posted 02 February 2012 - 11:54 PM

Hello

There are some minor things in your online scan that should be removed.


delete files

  • Copy all text in the quote box (below)...to Notepad.

    @echo off
    rd /s /q "C:\TDSSKiller_Quarantine\"
    del /f /s /q "C:\Users\Chris\AppData\Roaming\AVG\Rescue\PC Tuneup 2011\120127153116433.rsc"
    del /f /s /q "C:\Windows\Installer\48570e.msi"
    del %0

  • Save the Notepad file on your desktop...as delfile.bat... save type as "All Files"
    It should look like this: Posted Image<--XPPosted Image<--vista
  • Double click on delfile.bat to execute it.
    A black CMD window will flash, then disappear...this is normal.
  • The files and folders, if found...will have been deleted and the "delfile.bat" file will also be deleted.


The rest of the Online scan is only reporting backups created during the course of this fix C:\Qoobox\Quarantine\, and/or items located in System Restore's cache C:\System Volume Information\, Whatever is in these folders can't harm you unless you choose to perform a manual restore. the following steps will remove these backups.


Very well done!! This is my general post for when your logs show no more signs of malware - Please let me know if you still are having problems with your computer and what these problems are.


The following procedure will implement some cleanup procedures. It will also reset your System Restore by flushing out previous restore points and create a new restore point. It will also remove all the backups our tools may have made.

Any programs and logs that are left over you can just be deleted from the desktop. TFC is a free temp file cleaner that is very easy to use, I would keep this and use before you do any scans or when you want to free up some space.

:DeFogger:

  • To re-enable your Emulation drivers, double click DeFogger to run the tool.
  • The application window will appear
  • Click the Re-enable button to re-enable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK
Your Emulation drivers are now re-enabled.


:Uninstall ComboFix:

  • turn off all active protection software
  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box ComboFix /Uninstall and click OK.
  • Note the space between the X and the /Uninstall, it needs to be there.
  • Posted Image


:remove tools:

Please download OTCleanIt and save it to desktop. This tool will remove all the tools we used to clean your pc.
  • Double-click OTCleanIt.exe.
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes, if not delete it by yourself.
  • If asked to restart the computer, please do so
Note: If you receive a warning from your firewall or other security programs regarding OTCleanIt attempting to contact the internet, please allow it to do so.


:Make your Internet Explorer more secure:

  • From within Internet Explorer click on the Tools menu and then click on Options.
  • Click once on the Security tab
  • Click once on the Internet icon so it becomes highlighted.
  • Click once on the Custom Level button.
  • Change the Download signed ActiveX controls to Prompt
  • Change the Download unsigned ActiveX controls to Disable
  • Change the Initialise and script ActiveX controls not marked as safe to Disable
  • Change the Installation of desktop items to Prompt
  • Change the Launching programs and files in an IFRAME to Prompt
  • When all these settings have been made, click on the OK button.
  • If it prompts you as to whether or not you want to save the settings, press the Yes button.
    Next press the Apply button and then the OK to exit the Internet Properties page.


:Make Firefox more secure:

please visit this page to explain how to make Firefox more secure - How to Secure Firefox


Make sure your applications have all of their updates

It is also possible for other programs on your computer to have security vulnerability that can allow malware to infect you. Therefore, it is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities. You can check these by visiting Secunia Software Inspector


:Turn On Automatic Updates:

Turn On Automatic Updates
1. Click Start, click Run, type sysdm.cpl, and then press ENTER.
2. Click the Automatic Updates tab, and then click to select one of the following options. We recommend that you select the Automatic (recommended) Automatically download recommended updates for my computer and install them

If you click this setting, click to select the day and time for scheduled updates to occur. You can schedule Automatic Updates for any time of day. Remember, your computer must be on at the scheduled time for updates to be installed. After you set this option, Windows recognizes when you are online and uses your Internet connection to find updates on the Windows Update Web site or on the Microsoft Update Web site that apply to your computer. Updates are downloaded automatically in the background, and you are not notified or interrupted during this process. An icon appears in the notification area of your taskbar when the updates are being downloaded. You can point to the icon to view the download status. To pause or to resume the download, right-click the icon, and then click Pause or Resume. When the download is completed, another message appears in the notification area so that you can review the updates that are scheduled for installation. If you choose not to install at that time, Windows starts the installation on your set schedule.

or visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

:antispyware programs:

I would reccomend the download and installation of some or all of the following programs (all free), and the updating of them regularly:

  • WinPatrol As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.
  • Spyware Blaster - By altering your registry, this program stops harmful sites from installing things like ActiveX Controls on your machines.
  • Malwarebytes' Anti-Malware Malwarebytes' Anti-Malware is a new and powerful anti-malware tool. It is
    totally free but for real-time protection you will have to pay a small one-time fee. We used this to help clean your computer and recomend keeping it and using often.

Here is some great reading about how to be safer online:

PC Safety and Security - What Do I Need? from my friends at Tech Support Forum
and
COMPUTER SECURITY - a short guide to staying safer online from my friends at Malware Removal

I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can then be closed.

I Will Keep This Open For About Three Days, If Anything Comes Up - Just Come Back And Let Me Know, after that time you will have to send me a PM

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 crakkerjak

crakkerjak
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:16 PM

Posted 03 February 2012 - 12:31 AM

I have read it. You're awesome.

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:16 PM

Posted 03 February 2012 - 12:48 AM

you are more than welcome and glad I was able to help



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:16 PM

Posted 05 February 2012 - 11:10 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users