Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

System check virus


  • This topic is locked This topic is locked
14 replies to this topic

#1 2012

2012

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:05:10 PM

Posted 29 January 2012 - 11:49 AM

i have the system check virus, nothing i seem to do gets rid of it. would really appreciate some help. thank-you.



.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_19
Run by Melissa at 16:16:04 on 2012-01-29
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.3327.1767 [GMT 0:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\nvvsvc.exe
C:\windows\system32\svchost.exe -k RPCSS
C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\SYSTEM32\WISPTIS.EXE
C:\windows\system32\nvvsvc.exe
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files\msi\WMIHookBtnFn\WMI_Hook_Service.exe
C:\windows\system32\wbem\unsecapp.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\taskhost.exe
C:\windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\ProgramData\yEInuXEOiED.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\ProgramData\n5Rbk57zQRzLBw.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\windows\system32\svchost.exe -k SDRSVC
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\system32\DllHost.exe
C:\windows\system32\DllHost.exe
C:\windows\system32\REGSVR32.exe
C:\windows\system32\conhost.exe
C:\windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://msi.msn.com
uDefault_Page_URL = hxxp://msi.msn.com
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [Rim.DesktopHelper.exe] c:\program files\research in motion\blackberry desktop\Rim.DesktopHelper.exe
uRun: [Google Update] "c:\users\melissa\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [yEInuXEOiED.exe] c:\programdata\yEInuXEOiED.exe
uRun: [Trojan Killer] "c:\program files\gridinsoft trojan killer\trojankiller.exe" 0
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [RIMBBLaunchAgent.exe] c:\program files\common files\research in motion\usb drivers\RIMBBLaunchAgent.exe
StartupFolder: c:\users\melissa\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} - hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx
DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
DPF: {DAF7E6E6-D53A-439A-B28D-12271406B8A9} - hxxp://mobileapps.blackberry.com/devicesoftware/AxLoader.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{E9EB6C63-F592-4CFD-B267-3F16ABF4A645} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{E9EB6C63-F592-4CFD-B267-3F16ABF4A645}\244564F4E4 : DhcpNameServer = 192.168.22.22 192.168.22.23
TCP: Interfaces\{E9EB6C63-F592-4CFD-B267-3F16ABF4A645}\2445F40756E6A7F6E656 : DhcpNameServer = 192.168.22.22 192.168.22.23
TCP: Interfaces\{E9EB6C63-F592-4CFD-B267-3F16ABF4A645}\E454457454142553 : DhcpNameServer = 192.168.0.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\melissa\appdata\roaming\mozilla\firefox\profiles\6btfg32f.default\
FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: c:\program files\virtual earth 3d\npVE3D.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\melissa\appdata\local\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\windows\system32\wat\npWatWeb.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
============= SERVICES / DRIVERS ===============
.
R0 nvamacpi;NVIDIA Away Mode System;c:\windows\system32\drivers\nvamacpi.sys [2009-10-16 24608]
R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [2012-1-4 56208]
R1 RapportCerberus_34302;RapportCerberus_34302;c:\programdata\trusteer\rapport\store\exts\rapportcerberus\34302\RapportCerberus32_34302.sys [2011-12-15 228208]
R1 RapportEI;RapportEI;c:\program files\trusteer\rapport\bin\RapportEI.sys [2012-1-4 71440]
R1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2012-1-4 164112]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608]
R2 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2012-1-4 931640]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2012-1-29 1153368]
R2 WMI_Hook_Service;WMI_Hook_Service;c:\program files\msi\wmihookbtnfn\WMI_Hook_Service.exe [2009-9-25 101376]
R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\drivers\ArcSoftKsUFilter.sys [2009-10-16 17920]
R3 enecir;ENE CIR Receiver;c:\windows\system32\drivers\enecir.sys [2009-10-16 59904]
R3 RapportIaso;RapportIaso;c:\programdata\trusteer\rapport\store\exts\rapportms\28896\RapportIaso.sys [2011-8-8 21520]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-10-16 189440]
R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\drivers\rtl8192se.sys [2009-10-16 859648]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 14336]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2009-7-14 17920]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y6032.sys [2009-7-13 214016]
S3 enecirhid;ENE CIR HID Receiver;c:\windows\system32\drivers\enecirhid.sys [2009-10-16 11776]
S3 enecirhidma;ENE CIR HIDmini Filter;c:\windows\system32\drivers\enecirhidma.sys [2009-10-16 5632]
S3 netr28;Ralink 802.11n Wireless Driver for Windows Vista;c:\windows\system32\drivers\netr28.sys [2009-6-10 530944]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2009-10-16 167424]
S3 TrojanKillerDriver;GridinSoft Trojan Killer Driver;c:\windows\system32\drivers\gtkdrv.sys [2012-1-4 16128]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-6-30 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-6-29 1343400]
.
=============== Created Last 30 ================
.
2012-01-29 15:46:21 -------- d-s---w- C:\ComboFix
2012-01-29 15:31:07 367616 ---ha-w- c:\programdata\n5Rbk57zQRzLBw.exe
2012-01-29 15:20:45 -------- d--h--w- c:\users\melissa\appdata\roaming\SUPERAntiSpyware.com
2012-01-29 13:30:57 -------- d--h--w- c:\programdata\SUPERAntiSpyware.com
2012-01-29 13:30:57 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-01-29 13:29:01 -------- d--h--w- c:\programdata\Spybot - Search & Destroy
2012-01-29 13:29:01 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-01-29 13:15:57 -------- d-----w- c:\windows\system32\MpEngineStore
2012-01-29 13:03:31 -------- d-----w- c:\program files\GridinSoft Trojan Killer
2012-01-28 19:14:53 456704 ---ha-w- c:\programdata\yEInuXEOiED.exe
2012-01-26 22:48:03 -------- d-s---w- C:\Winlogon.exe
2012-01-26 22:39:50 -------- d-sh--w- C:\$RECYCLE.BIN
2012-01-26 22:09:02 54016 ----a-w- c:\windows\system32\drivers\weghjs.sys
2012-01-26 21:28:51 -------- d--h--w- c:\users\melissa\appdata\roaming\Icysdo
2012-01-26 21:28:51 -------- d--h--w- c:\users\melissa\appdata\roaming\Disob
2012-01-26 00:11:28 98816 ----a-w- c:\windows\sed.exe
2012-01-26 00:11:28 518144 ----a-w- c:\windows\SWREG.exe
2012-01-26 00:11:28 256000 ----a-w- c:\windows\PEV.exe
2012-01-26 00:11:28 208896 ----a-w- c:\windows\MBR.exe
2012-01-25 22:25:05 -------- d--h--w- c:\users\melissa\appdata\roaming\Malwarebytes
2012-01-25 22:24:45 -------- d--h--w- c:\programdata\Malwarebytes
2012-01-25 22:24:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-01-24 19:00:47 6557240 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{ac62b586-6c1b-4eb9-8ab8-d5172eebfcdf}\mpengine.dll
2012-01-17 23:15:25 124976 --sh--w- c:\users\melissa\appdata\local\dplayx.dll
2012-01-15 17:51:51 548864 ----a-w- c:\program files\mozilla firefox\msvcp80.dll
2012-01-15 17:51:51 479232 ----a-w- c:\program files\mozilla firefox\msvcm80.dll
2012-01-15 17:51:51 43992 ----a-w- c:\program files\mozilla firefox\mozutils.dll
2012-01-15 17:51:50 626688 ----a-w- c:\program files\mozilla firefox\msvcr80.dll
2012-01-14 13:23:38 1288472 ----a-w- c:\windows\system32\ntdll.dll
2012-01-14 13:23:30 67072 ----a-w- c:\windows\system32\packager.dll
2012-01-14 13:23:26 514560 ----a-w- c:\windows\system32\qdvd.dll
2012-01-14 13:23:26 1328128 ----a-w- c:\windows\system32\quartz.dll
2012-01-04 14:33:56 56208 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
2012-01-04 14:28:36 16128 ----a-w- c:\windows\system32\drivers\gtkdrv.sys
.
==================== Find3M ====================
.
2011-11-24 04:25:27 2342912 ----a-w- c:\windows\system32\win32k.sys
2011-11-15 14:29:56 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-11-05 04:35:00 981504 ----a-w- c:\windows\system32\wininet.dll
2011-11-05 04:26:03 2048 ----a-w- c:\windows\system32\tzres.dll
2011-11-05 02:48:51 1638912 ----a-w- c:\windows\system32\mshtml.tlb
.
============= FINISH: 16:22:32.08 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:10 PM

Posted 30 January 2012 - 03:18 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.
  • Do not run any other tool untill instructed to do so!


Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 2012

2012
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:05:10 PM

Posted 31 January 2012 - 05:54 AM

I was able to download and install combofix to my computer a blue screen titled administrator autoscan popped up which indicated that it was "scanning for infected files. which doesnt typically take more than 10 mins and that this time can be doubled for a badly infected pc". after 45 mins of nothing happrning i went to bed and this morning another screen had popped up stating "freeware implementation of xcalcs has stopped working" The only option given was to stop the programmme which i did. blue screen was still there but i had to close it in order for the internet to start working.

hopefully this provides some insight.

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:10 PM

Posted 31 January 2012 - 08:31 AM

Hello

I want you to run this tool for me next.

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 2012

2012
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:05:10 PM

Posted 31 January 2012 - 08:57 AM

13:48:19.0375 3636 TDSS rootkit removing tool 2.7.8.0 Jan 30 2012 16:39:36
13:48:19.0595 3636 ============================================================
13:48:19.0595 3636 Current date / time: 2012/01/31 13:48:19.0595
13:48:19.0595 3636 SystemInfo:
13:48:19.0595 3636
13:48:19.0595 3636 OS Version: 6.1.7601 ServicePack: 1.0
13:48:19.0596 3636 Product type: Workstation
13:48:19.0596 3636 ComputerName: MELISSA-MSI
13:48:19.0596 3636 UserName: Melissa
13:48:19.0596 3636 Windows directory: C:\windows
13:48:19.0596 3636 System windows directory: C:\windows
13:48:19.0596 3636 Processor architecture: Intel x86
13:48:19.0596 3636 Number of processors: 2
13:48:19.0596 3636 Page size: 0x1000
13:48:19.0596 3636 Boot type: Normal boot
13:48:19.0596 3636 ============================================================
13:48:20.0785 3636 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
13:48:20.0789 3636 \Device\Harddisk0\DR0:
13:48:20.0789 3636 MBR used
13:48:20.0789 3636 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1D7E800, BlocksNum 0x88B8000
13:48:20.0789 3636 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xA636800, BlocksNum 0x40221000
13:48:20.0829 3636 Initialize success
13:48:20.0829 3636 ============================================================
13:48:24.0580 4972 ============================================================
13:48:24.0580 4972 Scan started
13:48:24.0581 4972 Mode: Manual;
13:48:24.0581 4972 ============================================================
13:48:25.0371 4972 .cdrom - ok
13:48:25.0481 4972 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\windows\system32\drivers\1394ohci.sys
13:48:25.0485 4972 1394ohci - ok
13:48:25.0530 4972 ACPI (cea80c80bed809aa0da6febc04733349) C:\windows\system32\drivers\ACPI.sys
13:48:25.0535 4972 ACPI - ok
13:48:25.0573 4972 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\windows\system32\drivers\acpipmi.sys
13:48:25.0575 4972 AcpiPmi - ok
13:48:25.0615 4972 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\windows\system32\DRIVERS\adp94xx.sys
13:48:25.0632 4972 adp94xx - ok
13:48:25.0656 4972 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\windows\system32\DRIVERS\adpahci.sys
13:48:25.0662 4972 adpahci - ok
13:48:25.0682 4972 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\windows\system32\DRIVERS\adpu320.sys
13:48:25.0685 4972 adpu320 - ok
13:48:25.0737 4972 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\windows\system32\drivers\afd.sys
13:48:25.0754 4972 AFD - ok
13:48:25.0778 4972 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\windows\system32\drivers\agp440.sys
13:48:25.0781 4972 agp440 - ok
13:48:25.0813 4972 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\windows\system32\DRIVERS\djsvs.sys
13:48:25.0817 4972 aic78xx - ok
13:48:25.0859 4972 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\windows\system32\drivers\aliide.sys
13:48:25.0861 4972 aliide - ok
13:48:25.0886 4972 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\windows\system32\drivers\amdagp.sys
13:48:25.0889 4972 amdagp - ok
13:48:25.0913 4972 amdide (cd5914170297126b6266860198d1d4f0) C:\windows\system32\drivers\amdide.sys
13:48:25.0915 4972 amdide - ok
13:48:25.0958 4972 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\windows\system32\DRIVERS\amdk8.sys
13:48:25.0961 4972 AmdK8 - ok
13:48:25.0983 4972 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\windows\system32\DRIVERS\amdppm.sys
13:48:25.0985 4972 AmdPPM - ok
13:48:26.0006 4972 amdsata (d320bf87125326f996d4904fe24300fc) C:\windows\system32\drivers\amdsata.sys
13:48:26.0009 4972 amdsata - ok
13:48:26.0026 4972 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\windows\system32\DRIVERS\amdsbs.sys
13:48:26.0030 4972 amdsbs - ok
13:48:26.0049 4972 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\windows\system32\drivers\amdxata.sys
13:48:26.0050 4972 amdxata - ok
13:48:26.0078 4972 AppID (aea177f783e20150ace5383ee368da19) C:\windows\system32\drivers\appid.sys
13:48:26.0080 4972 AppID - ok
13:48:26.0139 4972 arc (2932004f49677bd84dbc72edb754ffb3) C:\windows\system32\DRIVERS\arc.sys
13:48:26.0141 4972 arc - ok
13:48:26.0160 4972 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\windows\system32\DRIVERS\arcsas.sys
13:48:26.0163 4972 arcsas - ok
13:48:26.0204 4972 ArcSoftKsUFilter (857b48965a0503b7ab795d4bfe7cbd8b) C:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys
13:48:26.0206 4972 ArcSoftKsUFilter - ok
13:48:26.0225 4972 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\windows\system32\DRIVERS\asyncmac.sys
13:48:26.0227 4972 AsyncMac - ok
13:48:26.0253 4972 atapi (338c86357871c167a96ab976519bf59e) C:\windows\system32\drivers\atapi.sys
13:48:26.0254 4972 atapi - ok
13:48:26.0293 4972 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\windows\system32\DRIVERS\bxvbdx.sys
13:48:26.0309 4972 b06bdrv - ok
13:48:26.0331 4972 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\windows\system32\DRIVERS\b57nd60x.sys
13:48:26.0335 4972 b57nd60x - ok
13:48:26.0366 4972 Beep (505506526a9d467307b3c393dedaf858) C:\windows\system32\drivers\Beep.sys
13:48:26.0368 4972 Beep - ok
13:48:26.0395 4972 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\windows\system32\DRIVERS\blbdrive.sys
13:48:26.0397 4972 blbdrive - ok
13:48:26.0445 4972 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\windows\system32\DRIVERS\bowser.sys
13:48:26.0448 4972 bowser - ok
13:48:26.0464 4972 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\windows\system32\DRIVERS\BrFiltLo.sys
13:48:26.0466 4972 BrFiltLo - ok
13:48:26.0486 4972 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\windows\system32\DRIVERS\BrFiltUp.sys
13:48:26.0488 4972 BrFiltUp - ok
13:48:26.0525 4972 BridgeMP (77361d72a04f18809d0efb6cceb74d4b) C:\windows\system32\DRIVERS\bridge.sys
13:48:26.0527 4972 BridgeMP - ok
13:48:26.0550 4972 Brserid (845b8ce732e67f3b4133164868c666ea) C:\windows\System32\Drivers\Brserid.sys
13:48:26.0554 4972 Brserid - ok
13:48:26.0575 4972 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\windows\System32\Drivers\BrSerWdm.sys
13:48:26.0578 4972 BrSerWdm - ok
13:48:26.0592 4972 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\windows\System32\Drivers\BrUsbMdm.sys
13:48:26.0595 4972 BrUsbMdm - ok
13:48:26.0619 4972 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\windows\System32\Drivers\BrUsbSer.sys
13:48:26.0621 4972 BrUsbSer - ok
13:48:26.0639 4972 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\windows\system32\DRIVERS\bthmodem.sys
13:48:26.0642 4972 BTHMODEM - ok
13:48:26.0696 4972 catchme - ok
13:48:26.0729 4972 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\windows\system32\DRIVERS\cdfs.sys
13:48:26.0731 4972 cdfs - ok
13:48:26.0755 4972 cdrom - ok
13:48:26.0790 4972 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\windows\system32\DRIVERS\circlass.sys
13:48:26.0792 4972 circlass - ok
13:48:26.0833 4972 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\windows\system32\CLFS.sys
13:48:26.0837 4972 CLFS - ok
13:48:26.0882 4972 CmBatt (dea805815e587dad1dd2c502220b5616) C:\windows\system32\DRIVERS\CmBatt.sys
13:48:26.0884 4972 CmBatt - ok
13:48:26.0922 4972 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\windows\system32\drivers\cmdide.sys
13:48:26.0924 4972 cmdide - ok
13:48:26.0953 4972 CNG (1b675691ed940766149c93e8f4488d68) C:\windows\system32\Drivers\cng.sys
13:48:26.0958 4972 CNG - ok
13:48:26.0977 4972 Compbatt (a6023d3823c37043986713f118a89bee) C:\windows\system32\DRIVERS\compbatt.sys
13:48:26.0979 4972 Compbatt - ok
13:48:27.0016 4972 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\windows\system32\drivers\CompositeBus.sys
13:48:27.0018 4972 CompositeBus - ok
13:48:27.0037 4972 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\windows\system32\DRIVERS\crcdisk.sys
13:48:27.0039 4972 crcdisk - ok
13:48:27.0105 4972 DfsC (f024449c97ec1e464aaffda18593db88) C:\windows\system32\Drivers\dfsc.sys
13:48:27.0108 4972 DfsC - ok
13:48:27.0132 4972 discache (1a050b0274bfb3890703d490f330c0da) C:\windows\system32\drivers\discache.sys
13:48:27.0135 4972 discache - ok
13:48:27.0166 4972 Disk (565003f326f99802e68ca78f2a68e9ff) C:\windows\system32\DRIVERS\disk.sys
13:48:27.0168 4972 Disk - ok
13:48:27.0434 4972 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\windows\system32\drivers\drmkaud.sys
13:48:27.0435 4972 drmkaud - ok
13:48:27.0481 4972 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\windows\System32\drivers\dxgkrnl.sys
13:48:27.0498 4972 DXGKrnl - ok
13:48:27.0537 4972 e1yexpress (8eef52ad831471e323ee7364a8656d35) C:\windows\system32\DRIVERS\e1y6032.sys
13:48:27.0541 4972 e1yexpress - ok
13:48:27.0633 4972 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\windows\system32\DRIVERS\evbdx.sys
13:48:27.0702 4972 ebdrv - ok
13:48:27.0743 4972 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\windows\system32\DRIVERS\elxstor.sys
13:48:27.0761 4972 elxstor - ok
13:48:27.0793 4972 enecir (f13c945115b8a8c7c4427d5925f88f23) C:\windows\system32\DRIVERS\enecir.sys
13:48:27.0796 4972 enecir - ok
13:48:27.0809 4972 enecirhid (65bf24816c2814596253f312dd35f171) C:\windows\system32\DRIVERS\enecirhid.sys
13:48:27.0811 4972 enecirhid - ok
13:48:27.0824 4972 enecirhidma (97d41e2831ac117af9bf8d0d9e9d027f) C:\windows\system32\DRIVERS\enecirhidma.sys
13:48:27.0826 4972 enecirhidma - ok
13:48:27.0855 4972 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\windows\system32\drivers\errdev.sys
13:48:27.0857 4972 ErrDev - ok
13:48:27.0900 4972 exfat (2dc9108d74081149cc8b651d3a26207f) C:\windows\system32\drivers\exfat.sys
13:48:27.0903 4972 exfat - ok
13:48:27.0929 4972 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\windows\system32\drivers\fastfat.sys
13:48:27.0932 4972 fastfat - ok
13:48:27.0962 4972 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\windows\system32\DRIVERS\fdc.sys
13:48:27.0964 4972 fdc - ok
13:48:27.0993 4972 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\windows\system32\drivers\fileinfo.sys
13:48:27.0995 4972 FileInfo - ok
13:48:28.0012 4972 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\windows\system32\drivers\filetrace.sys
13:48:28.0014 4972 Filetrace - ok
13:48:28.0055 4972 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\windows\system32\DRIVERS\flpydisk.sys
13:48:28.0057 4972 flpydisk - ok
13:48:28.0079 4972 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\windows\system32\drivers\fltmgr.sys
13:48:28.0083 4972 FltMgr - ok
13:48:28.0112 4972 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\windows\system32\drivers\FsDepends.sys
13:48:28.0115 4972 FsDepends - ok
13:48:28.0138 4972 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\windows\system32\drivers\Fs_Rec.sys
13:48:28.0140 4972 Fs_Rec - ok
13:48:28.0173 4972 fvevol (8a73e79089b282100b9393b644cb853b) C:\windows\system32\DRIVERS\fvevol.sys
13:48:28.0177 4972 fvevol - ok
13:48:28.0198 4972 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\windows\system32\DRIVERS\gagp30kx.sys
13:48:28.0201 4972 gagp30kx - ok
13:48:28.0241 4972 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\windows\system32\DRIVERS\GEARAspiWDM.sys
13:48:28.0243 4972 GEARAspiWDM - ok
13:48:28.0262 4972 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\windows\system32\drivers\hcw85cir.sys
13:48:28.0265 4972 hcw85cir - ok
13:48:28.0306 4972 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\windows\system32\drivers\HdAudio.sys
13:48:28.0312 4972 HdAudAddService - ok
13:48:28.0335 4972 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\windows\system32\drivers\HDAudBus.sys
13:48:28.0338 4972 HDAudBus - ok
13:48:28.0361 4972 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\windows\system32\DRIVERS\HidBatt.sys
13:48:28.0363 4972 HidBatt - ok
13:48:28.0382 4972 HidBth (89448f40e6df260c206a193a4683ba78) C:\windows\system32\DRIVERS\hidbth.sys
13:48:28.0385 4972 HidBth - ok
13:48:28.0408 4972 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\windows\system32\DRIVERS\hidir.sys
13:48:28.0410 4972 HidIr - ok
13:48:28.0436 4972 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\windows\system32\drivers\hidusb.sys
13:48:28.0438 4972 HidUsb - ok
13:48:28.0484 4972 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\windows\system32\drivers\HpSAMD.sys
13:48:28.0487 4972 HpSAMD - ok
13:48:28.0522 4972 HTTP (871917b07a141bff43d76d8844d48106) C:\windows\system32\drivers\HTTP.sys
13:48:28.0539 4972 HTTP - ok
13:48:28.0553 4972 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\windows\system32\drivers\hwpolicy.sys
13:48:28.0554 4972 hwpolicy - ok
13:48:28.0577 4972 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\windows\system32\drivers\i8042prt.sys
13:48:28.0580 4972 i8042prt - ok
13:48:28.0605 4972 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\windows\system32\drivers\iaStorV.sys
13:48:28.0621 4972 iaStorV - ok
13:48:28.0744 4972 igfx (ad626f6964f4d364d226c39e06872dd3) C:\windows\system32\DRIVERS\igdkmd32.sys
13:48:28.0842 4972 igfx - ok
13:48:28.0864 4972 iirsp (4173ff5708f3236cf25195fecd742915) C:\windows\system32\DRIVERS\iirsp.sys
13:48:28.0866 4972 iirsp - ok
13:48:28.0961 4972 IntcAzAudAddService (7c7b7bf720a7fd091890efeb2583ad8d) C:\windows\system32\drivers\RTKVHDA.sys
13:48:29.0023 4972 IntcAzAudAddService - ok
13:48:29.0049 4972 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\windows\system32\drivers\intelide.sys
13:48:29.0051 4972 intelide - ok
13:48:29.0070 4972 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\windows\system32\DRIVERS\intelppm.sys
13:48:29.0073 4972 intelppm - ok
13:48:29.0106 4972 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\windows\system32\DRIVERS\ipfltdrv.sys
13:48:29.0109 4972 IpFilterDriver - ok
13:48:29.0126 4972 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\windows\system32\drivers\IPMIDrv.sys
13:48:29.0129 4972 IPMIDRV - ok
13:48:29.0154 4972 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\windows\system32\drivers\ipnat.sys
13:48:29.0157 4972 IPNAT - ok
13:48:29.0189 4972 IRENUM (42996cff20a3084a56017b7902307e9f) C:\windows\system32\drivers\irenum.sys
13:48:29.0194 4972 IRENUM - ok
13:48:29.0219 4972 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\windows\system32\drivers\isapnp.sys
13:48:29.0220 4972 isapnp - ok
13:48:29.0247 4972 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\windows\system32\drivers\msiscsi.sys
13:48:29.0251 4972 iScsiPrt - ok
13:48:29.0274 4972 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\windows\system32\drivers\kbdclass.sys
13:48:29.0277 4972 kbdclass - ok
13:48:29.0295 4972 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\windows\system32\drivers\kbdhid.sys
13:48:29.0297 4972 kbdhid - ok
13:48:29.0330 4972 KSecDD (412cea1aa78cc02a447f5c9e62b32ff1) C:\windows\system32\Drivers\ksecdd.sys
13:48:29.0331 4972 KSecDD - ok
13:48:29.0357 4972 KSecPkg (26c046977e85b95036453d7b88ba1820) C:\windows\system32\Drivers\ksecpkg.sys
13:48:29.0360 4972 KSecPkg - ok
13:48:29.0417 4972 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\windows\system32\DRIVERS\lltdio.sys
13:48:29.0419 4972 lltdio - ok
13:48:29.0460 4972 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\windows\system32\DRIVERS\lsi_fc.sys
13:48:29.0464 4972 LSI_FC - ok
13:48:29.0484 4972 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\windows\system32\DRIVERS\lsi_sas.sys
13:48:29.0487 4972 LSI_SAS - ok
13:48:29.0510 4972 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\windows\system32\DRIVERS\lsi_sas2.sys
13:48:29.0513 4972 LSI_SAS2 - ok
13:48:29.0530 4972 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\windows\system32\DRIVERS\lsi_scsi.sys
13:48:29.0533 4972 LSI_SCSI - ok
13:48:29.0552 4972 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\windows\system32\drivers\luafv.sys
13:48:29.0554 4972 luafv - ok
13:48:29.0577 4972 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\windows\system32\DRIVERS\megasas.sys
13:48:29.0580 4972 megasas - ok
13:48:29.0603 4972 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\windows\system32\DRIVERS\MegaSR.sys
13:48:29.0608 4972 MegaSR - ok
13:48:29.0635 4972 Modem (f001861e5700ee84e2d4e52c712f4964) C:\windows\system32\drivers\modem.sys
13:48:29.0637 4972 Modem - ok
13:48:29.0656 4972 monitor (79d10964de86b292320e9dfe02282a23) C:\windows\system32\DRIVERS\monitor.sys
13:48:29.0658 4972 monitor - ok
13:48:29.0691 4972 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\windows\system32\drivers\mouclass.sys
13:48:29.0693 4972 mouclass - ok
13:48:29.0721 4972 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\windows\system32\DRIVERS\mouhid.sys
13:48:29.0723 4972 mouhid - ok
13:48:29.0755 4972 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\windows\system32\drivers\mountmgr.sys
13:48:29.0757 4972 mountmgr - ok
13:48:29.0790 4972 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\windows\system32\drivers\mpio.sys
13:48:29.0793 4972 mpio - ok
13:48:29.0824 4972 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\windows\system32\drivers\mpsdrv.sys
13:48:29.0826 4972 mpsdrv - ok
13:48:29.0858 4972 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\windows\system32\drivers\mrxdav.sys
13:48:29.0861 4972 MRxDAV - ok
13:48:29.0888 4972 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\windows\system32\DRIVERS\mrxsmb.sys
13:48:29.0890 4972 mrxsmb - ok
13:48:29.0923 4972 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\windows\system32\DRIVERS\mrxsmb10.sys
13:48:29.0927 4972 mrxsmb10 - ok
13:48:29.0950 4972 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\windows\system32\DRIVERS\mrxsmb20.sys
13:48:29.0953 4972 mrxsmb20 - ok
13:48:29.0975 4972 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\windows\system32\drivers\msahci.sys
13:48:29.0978 4972 msahci - ok
13:48:30.0010 4972 msdsm (55055f8ad8be27a64c831322a780a228) C:\windows\system32\drivers\msdsm.sys
13:48:30.0014 4972 msdsm - ok
13:48:30.0051 4972 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\windows\system32\drivers\Msfs.sys
13:48:30.0053 4972 Msfs - ok
13:48:30.0067 4972 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\windows\System32\drivers\mshidkmdf.sys
13:48:30.0070 4972 mshidkmdf - ok
13:48:30.0088 4972 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\windows\system32\drivers\msisadrv.sys
13:48:30.0089 4972 msisadrv - ok
13:48:30.0129 4972 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\windows\system32\drivers\MSKSSRV.sys
13:48:30.0131 4972 MSKSSRV - ok
13:48:30.0152 4972 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\windows\system32\drivers\MSPCLOCK.sys
13:48:30.0154 4972 MSPCLOCK - ok
13:48:30.0168 4972 MSPQM (f456e973590d663b1073e9c463b40932) C:\windows\system32\drivers\MSPQM.sys
13:48:30.0170 4972 MSPQM - ok
13:48:30.0197 4972 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\windows\system32\drivers\MsRPC.sys
13:48:30.0200 4972 MsRPC - ok
13:48:30.0217 4972 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\windows\system32\drivers\mssmbios.sys
13:48:30.0219 4972 mssmbios - ok
13:48:30.0234 4972 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\windows\system32\drivers\MSTEE.sys
13:48:30.0236 4972 MSTEE - ok
13:48:30.0258 4972 MTConfig (33599130f44e1f34631cea241de8ac84) C:\windows\system32\DRIVERS\MTConfig.sys
13:48:30.0260 4972 MTConfig - ok
13:48:30.0282 4972 Mup (159fad02f64e6381758c990f753bcc80) C:\windows\system32\Drivers\mup.sys
13:48:30.0284 4972 Mup - ok
13:48:30.0313 4972 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\windows\system32\DRIVERS\nwifi.sys
13:48:30.0318 4972 NativeWifiP - ok
13:48:30.0371 4972 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\windows\system32\drivers\ndis.sys
13:48:30.0388 4972 NDIS - ok
13:48:30.0408 4972 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\windows\system32\DRIVERS\ndiscap.sys
13:48:30.0411 4972 NdisCap - ok
13:48:30.0437 4972 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\windows\system32\DRIVERS\ndistapi.sys
13:48:30.0439 4972 NdisTapi - ok
13:48:30.0475 4972 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\windows\system32\DRIVERS\ndisuio.sys
13:48:30.0478 4972 Ndisuio - ok
13:48:30.0509 4972 NdisWan (38fbe267e7e6983311179230facb1017) C:\windows\system32\DRIVERS\ndiswan.sys
13:48:30.0512 4972 NdisWan - ok
13:48:30.0545 4972 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\windows\system32\drivers\NDProxy.sys
13:48:30.0548 4972 NDProxy - ok
13:48:30.0573 4972 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\windows\system32\DRIVERS\netbios.sys
13:48:30.0575 4972 NetBIOS - ok
13:48:30.0612 4972 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\windows\system32\DRIVERS\netbt.sys
13:48:30.0616 4972 NetBT - ok
13:48:30.0667 4972 netr28 (652881f65b35564575255a0e05e23c55) C:\windows\system32\DRIVERS\netr28.sys
13:48:30.0682 4972 netr28 - ok
13:48:30.0709 4972 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\windows\system32\DRIVERS\nfrd960.sys
13:48:30.0712 4972 nfrd960 - ok
13:48:30.0745 4972 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\windows\system32\drivers\Npfs.sys
13:48:30.0748 4972 Npfs - ok
13:48:30.0774 4972 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\windows\system32\drivers\nsiproxy.sys
13:48:30.0776 4972 nsiproxy - ok
13:48:30.0832 4972 Ntfs (81189c3d7763838e55c397759d49007a) C:\windows\system32\drivers\Ntfs.sys
13:48:30.0859 4972 Ntfs - ok
13:48:30.0871 4972 Null (f9756a98d69098dca8945d62858a812c) C:\windows\system32\drivers\Null.sys
13:48:30.0873 4972 Null - ok
13:48:30.0908 4972 nvamacpi (bc9795f928c1775286e207f55f4870cd) C:\windows\system32\DRIVERS\NVAMACPI.sys
13:48:30.0910 4972 nvamacpi - ok
13:48:31.0120 4972 nvlddmkm (8dfdcffabd7ab73cab9c738c3b7dccf4) C:\windows\system32\DRIVERS\nvlddmkm.sys
13:48:31.0313 4972 nvlddmkm - ok
13:48:31.0352 4972 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\windows\system32\drivers\nvraid.sys
13:48:31.0355 4972 nvraid - ok
13:48:31.0379 4972 nvsmu (f13618f0cb1e95232f4c2401592a59e9) C:\windows\system32\DRIVERS\nvsmu.sys
13:48:31.0381 4972 nvsmu - ok
13:48:31.0414 4972 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\windows\system32\drivers\nvstor.sys
13:48:31.0417 4972 nvstor - ok
13:48:31.0444 4972 nvstor32 (3ff57a9a657c9690ecbc8b1e3b6e3979) C:\windows\system32\DRIVERS\nvstor32.sys
13:48:31.0448 4972 nvstor32 - ok
13:48:31.0473 4972 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\windows\system32\drivers\nv_agp.sys
13:48:31.0478 4972 nv_agp - ok
13:48:31.0517 4972 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\windows\system32\drivers\ohci1394.sys
13:48:31.0520 4972 ohci1394 - ok
13:48:31.0558 4972 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\windows\system32\DRIVERS\parport.sys
13:48:31.0560 4972 Parport - ok
13:48:31.0596 4972 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\windows\system32\drivers\partmgr.sys
13:48:31.0598 4972 partmgr - ok
13:48:31.0620 4972 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\windows\system32\DRIVERS\parvdm.sys
13:48:31.0622 4972 Parvdm - ok
13:48:31.0652 4972 pci (673e55c3498eb970088e812ea820aa8f) C:\windows\system32\drivers\pci.sys
13:48:31.0655 4972 pci - ok
13:48:31.0681 4972 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\windows\system32\drivers\pciide.sys
13:48:31.0683 4972 pciide - ok
13:48:31.0706 4972 pcmcia (f396431b31693e71e8a80687ef523506) C:\windows\system32\DRIVERS\pcmcia.sys
13:48:31.0710 4972 pcmcia - ok
13:48:31.0731 4972 pcw (250f6b43d2b613172035c6747aeeb19f) C:\windows\system32\drivers\pcw.sys
13:48:31.0733 4972 pcw - ok
13:48:31.0766 4972 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\windows\system32\drivers\peauth.sys
13:48:31.0784 4972 PEAUTH - ok
13:48:31.0857 4972 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\windows\system32\DRIVERS\raspptp.sys
13:48:31.0860 4972 PptpMiniport - ok
13:48:31.0882 4972 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\windows\system32\DRIVERS\processr.sys
13:48:31.0884 4972 Processor - ok
13:48:31.0928 4972 Psched (6270ccae2a86de6d146529fe55b3246a) C:\windows\system32\DRIVERS\pacer.sys
13:48:31.0931 4972 Psched - ok
13:48:31.0977 4972 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\windows\system32\DRIVERS\ql2300.sys
13:48:32.0013 4972 ql2300 - ok
13:48:32.0032 4972 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\windows\system32\DRIVERS\ql40xx.sys
13:48:32.0035 4972 ql40xx - ok
13:48:32.0056 4972 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\windows\system32\drivers\qwavedrv.sys
13:48:32.0059 4972 QWAVEdrv - ok
13:48:32.0157 4972 RapportCerberus_34302 (6b6f0a77365667912360ff1d5e984f25) C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus32_34302.sys
13:48:32.0161 4972 RapportCerberus_34302 - ok
13:48:32.0233 4972 RapportEI (34992b59780a8a227a9eb54c97dc4608) C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys
13:48:32.0235 4972 RapportEI - ok
13:48:32.0282 4972 RapportIaso (dd3e4610de9252a957c5bd19bdf47ac4) c:\programdata\trusteer\rapport\store\exts\rapportms\28896\rapportiaso.sys
13:48:32.0283 4972 RapportIaso - ok
13:48:32.0346 4972 RapportKELL (a231b5552148ade82ed3dfba25919b75) C:\windows\system32\Drivers\RapportKELL.sys
13:48:32.0347 4972 RapportKELL - ok
13:48:32.0376 4972 RapportPG (060f8e34707d68178a564935ce4546eb) C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys
13:48:32.0380 4972 RapportPG - ok
13:48:32.0408 4972 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\windows\system32\DRIVERS\rasacd.sys
13:48:32.0410 4972 RasAcd - ok
13:48:32.0484 4972 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\windows\system32\DRIVERS\AgileVpn.sys
13:48:32.0489 4972 RasAgileVpn - ok
13:48:32.0570 4972 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\windows\system32\DRIVERS\rasl2tp.sys
13:48:32.0573 4972 Rasl2tp - ok
13:48:32.0596 4972 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\windows\system32\DRIVERS\raspppoe.sys
13:48:32.0599 4972 RasPppoe - ok
13:48:32.0625 4972 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\windows\system32\DRIVERS\rassstp.sys
13:48:32.0627 4972 RasSstp - ok
13:48:32.0664 4972 rdbss (d528bc58a489409ba40334ebf96a311b) C:\windows\system32\DRIVERS\rdbss.sys
13:48:32.0668 4972 rdbss - ok
13:48:32.0684 4972 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\windows\system32\DRIVERS\rdpbus.sys
13:48:32.0686 4972 rdpbus - ok
13:48:32.0720 4972 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\windows\system32\DRIVERS\RDPCDD.sys
13:48:32.0722 4972 RDPCDD - ok
13:48:32.0749 4972 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\windows\system32\drivers\rdpencdd.sys
13:48:32.0751 4972 RDPENCDD - ok
13:48:32.0772 4972 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\windows\system32\drivers\rdprefmp.sys
13:48:32.0774 4972 RDPREFMP - ok
13:48:32.0809 4972 RDPWD (288b06960d78428ff89e811632684e20) C:\windows\system32\drivers\RDPWD.sys
13:48:32.0813 4972 RDPWD - ok
13:48:32.0847 4972 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\windows\system32\drivers\rdyboost.sys
13:48:32.0851 4972 rdyboost - ok
13:48:32.0895 4972 RimUsb (616eac1b0e48b236a5a9b8ae07fdb81c) C:\windows\system32\Drivers\RimUsb.sys
13:48:32.0897 4972 RimUsb - ok
13:48:32.0938 4972 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\windows\system32\DRIVERS\RimSerial.sys
13:48:32.0940 4972 RimVSerPort - ok
13:48:32.0962 4972 ROOTMODEM (564297827d213f52c7a3a2ff749568ca) C:\windows\system32\Drivers\RootMdm.sys
13:48:32.0964 4972 ROOTMODEM - ok
13:48:32.0999 4972 rspndr (032b0d36ad92b582d869879f5af5b928) C:\windows\system32\DRIVERS\rspndr.sys
13:48:33.0002 4972 rspndr - ok
13:48:33.0039 4972 RSUSBSTOR (96f8dd546677aa5102150acc140377b3) C:\windows\System32\Drivers\RtsUStor.sys
13:48:33.0043 4972 RSUSBSTOR - ok
13:48:33.0069 4972 RTL8167 (05c2613f661584190c752f6184d1c8ef) C:\windows\system32\DRIVERS\Rt86win7.sys
13:48:33.0073 4972 RTL8167 - ok
13:48:33.0107 4972 rtl8192se (97574b6c7488cb463eaa28092d2dc82e) C:\windows\system32\DRIVERS\rtl8192se.sys
13:48:33.0121 4972 rtl8192se - ok
13:48:33.0137 4972 RtsUIR - ok
13:48:33.0195 4972 sbp2port (05d860da1040f111503ac416ccef2bca) C:\windows\system32\drivers\sbp2port.sys
13:48:33.0200 4972 sbp2port - ok
13:48:33.0234 4972 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\windows\system32\DRIVERS\scfilter.sys
13:48:33.0237 4972 scfilter - ok
13:48:33.0289 4972 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\windows\system32\drivers\secdrv.sys
13:48:33.0291 4972 secdrv - ok
13:48:33.0330 4972 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\windows\system32\DRIVERS\serenum.sys
13:48:33.0331 4972 Serenum - ok
13:48:33.0359 4972 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\windows\system32\DRIVERS\serial.sys
13:48:33.0364 4972 Serial - ok
13:48:33.0383 4972 sermouse (79bffb520327ff916a582dfea17aa813) C:\windows\system32\DRIVERS\sermouse.sys
13:48:33.0385 4972 sermouse - ok
13:48:33.0435 4972 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\windows\system32\drivers\sffdisk.sys
13:48:33.0437 4972 sffdisk - ok
13:48:33.0458 4972 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\windows\system32\drivers\sffp_mmc.sys
13:48:33.0461 4972 sffp_mmc - ok
13:48:33.0475 4972 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\windows\system32\drivers\sffp_sd.sys
13:48:33.0477 4972 sffp_sd - ok
13:48:33.0495 4972 sfloppy (db96666cc8312ebc45032f30b007a547) C:\windows\system32\DRIVERS\sfloppy.sys
13:48:33.0497 4972 sfloppy - ok
13:48:33.0527 4972 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\windows\system32\drivers\sisagp.sys
13:48:33.0530 4972 sisagp - ok
13:48:33.0552 4972 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\windows\system32\DRIVERS\SiSRaid2.sys
13:48:33.0554 4972 SiSRaid2 - ok
13:48:33.0577 4972 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\windows\system32\DRIVERS\sisraid4.sys
13:48:33.0581 4972 SiSRaid4 - ok
13:48:33.0605 4972 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\windows\system32\DRIVERS\smb.sys
13:48:33.0607 4972 Smb - ok
13:48:33.0646 4972 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\windows\system32\drivers\spldr.sys
13:48:33.0647 4972 spldr - ok
13:48:33.0700 4972 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\windows\system32\DRIVERS\srv.sys
13:48:33.0706 4972 srv - ok
13:48:33.0729 4972 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\windows\system32\DRIVERS\srv2.sys
13:48:33.0735 4972 srv2 - ok
13:48:33.0757 4972 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\windows\system32\DRIVERS\srvnet.sys
13:48:33.0760 4972 srvnet - ok
13:48:33.0791 4972 stexstor (db32d325c192b801df274bfd12a7e72b) C:\windows\system32\DRIVERS\stexstor.sys
13:48:33.0794 4972 stexstor - ok
13:48:33.0817 4972 swenum (e58c78a848add9610a4db6d214af5224) C:\windows\system32\drivers\swenum.sys
13:48:33.0819 4972 swenum - ok
13:48:33.0908 4972 Tcpip (65d10b191c59c5501a1263fc33f6894b) C:\windows\system32\drivers\tcpip.sys
13:48:33.0937 4972 Tcpip - ok
13:48:33.0973 4972 TCPIP6 (65d10b191c59c5501a1263fc33f6894b) C:\windows\system32\DRIVERS\tcpip.sys
13:48:33.0986 4972 TCPIP6 - ok
13:48:34.0023 4972 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\windows\system32\drivers\tcpipreg.sys
13:48:34.0025 4972 tcpipreg - ok
13:48:34.0064 4972 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\windows\system32\drivers\tdpipe.sys
13:48:34.0066 4972 TDPIPE - ok
13:48:34.0080 4972 TDTCP (2c10395baa4847f83042813c515cc289) C:\windows\system32\drivers\tdtcp.sys
13:48:34.0082 4972 TDTCP - ok
13:48:34.0116 4972 tdx (b459575348c20e8121d6039da063c704) C:\windows\system32\DRIVERS\tdx.sys
13:48:34.0119 4972 tdx - ok
13:48:34.0135 4972 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\windows\system32\drivers\termdd.sys
13:48:34.0137 4972 TermDD - ok
13:48:34.0209 4972 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\windows\system32\DRIVERS\tssecsrv.sys
13:48:34.0211 4972 tssecsrv - ok
13:48:34.0251 4972 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\windows\system32\drivers\tsusbflt.sys
13:48:34.0253 4972 TsUsbFlt - ok
13:48:34.0287 4972 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\windows\system32\DRIVERS\tunnel.sys
13:48:34.0291 4972 tunnel - ok
13:48:34.0317 4972 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\windows\system32\DRIVERS\uagp35.sys
13:48:34.0320 4972 uagp35 - ok
13:48:34.0358 4972 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\windows\system32\DRIVERS\udfs.sys
13:48:34.0363 4972 udfs - ok
13:48:34.0404 4972 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\windows\system32\drivers\uliagpkx.sys
13:48:34.0407 4972 uliagpkx - ok
13:48:34.0450 4972 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\windows\system32\drivers\umbus.sys
13:48:34.0452 4972 umbus - ok
13:48:34.0472 4972 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\windows\system32\DRIVERS\umpass.sys
13:48:34.0479 4972 UmPass - ok
13:48:34.0507 4972 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\windows\system32\Drivers\usbaapl.sys
13:48:34.0509 4972 USBAAPL - ok
13:48:34.0536 4972 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\windows\system32\DRIVERS\usbccgp.sys
13:48:34.0538 4972 usbccgp - ok
13:48:34.0551 4972 USBCCID - ok
13:48:34.0599 4972 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\windows\system32\drivers\usbcir.sys
13:48:34.0601 4972 usbcir - ok
13:48:34.0619 4972 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\windows\system32\DRIVERS\usbehci.sys
13:48:34.0622 4972 usbehci - ok
13:48:34.0645 4972 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\windows\system32\DRIVERS\usbhub.sys
13:48:34.0650 4972 usbhub - ok
13:48:34.0672 4972 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\windows\system32\DRIVERS\usbohci.sys
13:48:34.0673 4972 usbohci - ok
13:48:34.0691 4972 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\windows\system32\DRIVERS\usbprint.sys
13:48:34.0694 4972 usbprint - ok
13:48:34.0712 4972 USBSTOR (f991ab9cc6b908db552166768176896a) C:\windows\system32\drivers\USBSTOR.SYS
13:48:34.0714 4972 USBSTOR - ok
13:48:34.0733 4972 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\windows\system32\drivers\usbuhci.sys
13:48:34.0735 4972 usbuhci - ok
13:48:34.0763 4972 usbvideo (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\windows\System32\Drivers\usbvideo.sys
13:48:34.0767 4972 usbvideo - ok
13:48:34.0791 4972 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\windows\system32\drivers\vdrvroot.sys
13:48:34.0793 4972 vdrvroot - ok
13:48:34.0816 4972 vga (17c408214ea61696cec9c66e388b14f3) C:\windows\system32\DRIVERS\vgapnp.sys
13:48:34.0818 4972 vga - ok
13:48:34.0834 4972 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\windows\System32\drivers\vga.sys
13:48:34.0836 4972 VgaSave - ok
13:48:34.0860 4972 vhdmp (5461686cca2fda57b024547733ab42e3) C:\windows\system32\drivers\vhdmp.sys
13:48:34.0864 4972 vhdmp - ok
13:48:34.0897 4972 viaagp (c829317a37b4bea8f39735d4b076e923) C:\windows\system32\drivers\viaagp.sys
13:48:34.0900 4972 viaagp - ok
13:48:34.0922 4972 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\windows\system32\DRIVERS\viac7.sys
13:48:34.0924 4972 ViaC7 - ok
13:48:34.0945 4972 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\windows\system32\drivers\viaide.sys
13:48:34.0947 4972 viaide - ok
13:48:34.0964 4972 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\windows\system32\drivers\volmgr.sys
13:48:34.0966 4972 volmgr - ok
13:48:34.0993 4972 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\windows\system32\drivers\volmgrx.sys
13:48:34.0999 4972 volmgrx - ok
13:48:35.0027 4972 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\windows\system32\drivers\volsnap.sys
13:48:35.0032 4972 volsnap - ok
13:48:35.0062 4972 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\windows\system32\DRIVERS\vsmraid.sys
13:48:35.0066 4972 vsmraid - ok
13:48:35.0090 4972 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\windows\system32\DRIVERS\vwifibus.sys
13:48:35.0092 4972 vwifibus - ok
13:48:35.0130 4972 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\windows\system32\DRIVERS\vwififlt.sys
13:48:35.0132 4972 vwififlt - ok
13:48:35.0158 4972 vwifimp (a3f04cbea6c2a10e6cb01f8b47611882) C:\windows\system32\DRIVERS\vwifimp.sys
13:48:35.0161 4972 vwifimp - ok
13:48:35.0173 4972 vwltdhca - ok
13:48:35.0225 4972 WacomPen (de3721e89c653aa281428c8a69745d90) C:\windows\system32\DRIVERS\wacompen.sys
13:48:35.0227 4972 WacomPen - ok
13:48:35.0273 4972 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\windows\system32\DRIVERS\wanarp.sys
13:48:35.0276 4972 WANARP - ok
13:48:35.0285 4972 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\windows\system32\DRIVERS\wanarp.sys
13:48:35.0287 4972 Wanarpv6 - ok
13:48:35.0362 4972 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\windows\system32\DRIVERS\wd.sys
13:48:35.0365 4972 Wd - ok
13:48:35.0393 4972 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\windows\system32\drivers\Wdf01000.sys
13:48:35.0410 4972 Wdf01000 - ok
13:48:35.0487 4972 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\windows\system32\DRIVERS\wfplwf.sys
13:48:35.0489 4972 WfpLwf - ok
13:48:35.0504 4972 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\windows\system32\drivers\wimmount.sys
13:48:35.0506 4972 WIMMount - ok
13:48:35.0594 4972 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\windows\system32\DRIVERS\WinUsb.sys
13:48:35.0596 4972 WinUsb - ok
13:48:35.0616 4972 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\windows\system32\drivers\wmiacpi.sys
13:48:35.0619 4972 WmiAcpi - ok
13:48:35.0679 4972 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\windows\system32\drivers\ws2ifsl.sys
13:48:35.0682 4972 ws2ifsl - ok
13:48:35.0718 4972 WSDPrintDevice (553f6ccd7c58eb98d4a8fbdaf283d7a9) C:\windows\system32\DRIVERS\WSDPrint.sys
13:48:35.0720 4972 WSDPrintDevice - ok
13:48:35.0774 4972 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\windows\system32\drivers\WudfPf.sys
13:48:35.0777 4972 WudfPf - ok
13:48:35.0794 4972 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\windows\system32\DRIVERS\WUDFRd.sys
13:48:35.0798 4972 WUDFRd - ok
13:48:35.0845 4972 MBR (0x1B8) (9d77962af9dda2c93541779df4e970cf) \Device\Harddisk0\DR0
13:48:35.0865 4972 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.a ) - infected
13:48:35.0865 4972 \Device\Harddisk0\DR0 - detected Rootkit.Boot.SST.a (0)
13:48:35.0896 4972 Boot (0x1200) (207772a5439521512faaa0869451df98) \Device\Harddisk0\DR0\Partition0
13:48:35.0897 4972 \Device\Harddisk0\DR0\Partition0 - ok
13:48:35.0914 4972 Boot (0x1200) (5bb4c7ea96bd907e635b72fa06a4e43e) \Device\Harddisk0\DR0\Partition1
13:48:35.0915 4972 \Device\Harddisk0\DR0\Partition1 - ok
13:48:35.0916 4972 ============================================================
13:48:35.0916 4972 Scan finished
13:48:35.0916 4972 ============================================================
13:48:35.0941 2628 Detected object count: 1
13:48:35.0941 2628 Actual detected object count: 1
13:48:58.0532 2628 \Device\Harddisk0\DR0\# - copied to quarantine
13:48:58.0532 2628 \Device\Harddisk0\DR0 - copied to quarantine
13:48:58.0574 2628 \Device\Harddisk0\DR0\TDLFS\mbr - copied to quarantine
13:48:58.0581 2628 \Device\Harddisk0\DR0\TDLFS\vbr - copied to quarantine
13:48:58.0592 2628 \Device\Harddisk0\DR0\TDLFS\bid - copied to quarantine
13:48:58.0604 2628 \Device\Harddisk0\DR0\TDLFS\affid - copied to quarantine
13:48:58.0616 2628 \Device\Harddisk0\DR0\TDLFS\boot - copied to quarantine
13:48:58.0632 2628 \Device\Harddisk0\DR0\TDLFS\cmd32 - copied to quarantine
13:48:58.0650 2628 \Device\Harddisk0\DR0\TDLFS\cmd64 - copied to quarantine
13:48:58.0670 2628 \Device\Harddisk0\DR0\TDLFS\dbg32 - copied to quarantine
13:48:58.0690 2628 \Device\Harddisk0\DR0\TDLFS\dbg64 - copied to quarantine
13:48:58.0736 2628 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
13:48:58.0769 2628 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
13:48:58.0796 2628 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
13:48:58.0825 2628 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
13:48:58.0855 2628 \Device\Harddisk0\DR0\TDLFS\main - copied to quarantine
13:48:58.0887 2628 \Device\Harddisk0\DR0\TDLFS\subid - copied to quarantine
13:48:58.0921 2628 \Device\Harddisk0\DR0\TDLFS\info - copied to quarantine
13:48:58.0958 2628 \Device\Harddisk0\DR0\TDLFS\mainfb.script - copied to quarantine
13:48:59.0041 2628 \Device\Harddisk0\DR0\TDLFS\com32 - copied to quarantine
13:48:59.0090 2628 \Device\Harddisk0\DR0\TDLFS\bbr232 - copied to quarantine
13:48:59.0138 2628 \Device\Harddisk0\DR0\TDLFS\serf332 - copied to quarantine
13:48:59.0396 2628 \Device\Harddisk0\DR0\TDLFS\sant32 - copied to quarantine
13:48:59.0443 2628 \Device\Harddisk0\DR0\TDLFS\serf_conf - copied to quarantine
13:48:59.0489 2628 \Device\Harddisk0\DR0\TDLFS\time.txt - copied to quarantine
13:48:59.0540 2628 \Device\Harddisk0\DR0\TDLFS\bbr_conf - copied to quarantine
13:48:59.0543 2628 \Device\Harddisk0\DR0 - processing error
13:49:26.0471 2628 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.a ) - User select action: Cure
13:49:29.0444 3972 ============================================================
13:49:29.0444 3972 Scan started
13:49:29.0444 3972 Mode: Manual;
13:49:29.0444 3972 ============================================================
13:49:29.0862 3972 .cdrom - ok
13:49:29.0959 3972 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\windows\system32\drivers\1394ohci.sys
13:49:29.0961 3972 1394ohci - ok
13:49:30.0000 3972 ACPI (cea80c80bed809aa0da6febc04733349) C:\windows\system32\drivers\ACPI.sys
13:49:30.0004 3972 ACPI - ok
13:49:30.0034 3972 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\windows\system32\drivers\acpipmi.sys
13:49:30.0035 3972 AcpiPmi - ok
13:49:30.0067 3972 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\windows\system32\DRIVERS\adp94xx.sys
13:49:30.0072 3972 adp94xx - ok
13:49:30.0092 3972 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\windows\system32\DRIVERS\adpahci.sys
13:49:30.0096 3972 adpahci - ok
13:49:30.0118 3972 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\windows\system32\DRIVERS\adpu320.sys
13:49:30.0120 3972 adpu320 - ok
13:49:30.0165 3972 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\windows\system32\drivers\afd.sys
13:49:30.0169 3972 AFD - ok
13:49:30.0189 3972 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\windows\system32\drivers\agp440.sys
13:49:30.0191 3972 agp440 - ok
13:49:30.0216 3972 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\windows\system32\DRIVERS\djsvs.sys
13:49:30.0218 3972 aic78xx - ok
13:49:30.0237 3972 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\windows\system32\drivers\aliide.sys
13:49:30.0238 3972 aliide - ok
13:49:30.0255 3972 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\windows\system32\drivers\amdagp.sys
13:49:30.0257 3972 amdagp - ok
13:49:30.0274 3972 amdide (cd5914170297126b6266860198d1d4f0) C:\windows\system32\drivers\amdide.sys
13:49:30.0275 3972 amdide - ok
13:49:30.0295 3972 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\windows\system32\DRIVERS\amdk8.sys
13:49:30.0296 3972 AmdK8 - ok
13:49:30.0312 3972 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\windows\system32\DRIVERS\amdppm.sys
13:49:30.0314 3972 AmdPPM - ok
13:49:30.0335 3972 amdsata (d320bf87125326f996d4904fe24300fc) C:\windows\system32\drivers\amdsata.sys
13:49:30.0336 3972 amdsata - ok
13:49:30.0355 3972 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\windows\system32\DRIVERS\amdsbs.sys
13:49:30.0357 3972 amdsbs - ok
13:49:30.0378 3972 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\windows\system32\drivers\amdxata.sys
13:49:30.0379 3972 amdxata - ok
13:49:30.0406 3972 AppID (aea177f783e20150ace5383ee368da19) C:\windows\system32\drivers\appid.sys
13:49:30.0407 3972 AppID - ok
13:49:30.0442 3972 arc (2932004f49677bd84dbc72edb754ffb3) C:\windows\system32\DRIVERS\arc.sys
13:49:30.0444 3972 arc - ok
13:49:30.0463 3972 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\windows\system32\DRIVERS\arcsas.sys
13:49:30.0465 3972 arcsas - ok
13:49:30.0491 3972 ArcSoftKsUFilter (857b48965a0503b7ab795d4bfe7cbd8b) C:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys
13:49:30.0492 3972 ArcSoftKsUFilter - ok
13:49:30.0512 3972 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\windows\system32\DRIVERS\asyncmac.sys
13:49:30.0513 3972 AsyncMac - ok
13:49:30.0531 3972 atapi (338c86357871c167a96ab976519bf59e) C:\windows\system32\drivers\atapi.sys
13:49:30.0532 3972 atapi - ok
13:49:30.0572 3972 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\windows\system32\DRIVERS\bxvbdx.sys
13:49:30.0577 3972 b06bdrv - ok
13:49:30.0601 3972 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\windows\system32\DRIVERS\b57nd60x.sys
13:49:30.0604 3972 b57nd60x - ok
13:49:30.0628 3972 Beep (505506526a9d467307b3c393dedaf858) C:\windows\system32\drivers\Beep.sys
13:49:30.0629 3972 Beep - ok
13:49:30.0656 3972 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\windows\system32\DRIVERS\blbdrive.sys
13:49:30.0658 3972 blbdrive - ok
13:49:30.0690 3972 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\windows\system32\DRIVERS\bowser.sys
13:49:30.0692 3972 bowser - ok
13:49:30.0709 3972 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\windows\system32\DRIVERS\BrFiltLo.sys
13:49:30.0710 3972 BrFiltLo - ok
13:49:30.0731 3972 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\windows\system32\DRIVERS\BrFiltUp.sys
13:49:30.0732 3972 BrFiltUp - ok
13:49:30.0753 3972 BridgeMP (77361d72a04f18809d0efb6cceb74d4b) C:\windows\system32\DRIVERS\bridge.sys
13:49:30.0754 3972 BridgeMP - ok
13:49:30.0787 3972 Brserid (845b8ce732e67f3b4133164868c666ea) C:\windows\System32\Drivers\Brserid.sys
13:49:30.0790 3972 Brserid - ok
13:49:30.0812 3972 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\windows\System32\Drivers\BrSerWdm.sys
13:49:30.0813 3972 BrSerWdm - ok
13:49:30.0837 3972 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\windows\System32\Drivers\BrUsbMdm.sys
13:49:30.0838 3972 BrUsbMdm - ok
13:49:30.0864 3972 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\windows\System32\Drivers\BrUsbSer.sys
13:49:30.0865 3972 BrUsbSer - ok
13:49:30.0884 3972 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\windows\system32\DRIVERS\bthmodem.sys
13:49:30.0886 3972 BTHMODEM - ok
13:49:30.0938 3972 catchme - ok
13:49:30.0961 3972 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\windows\system32\DRIVERS\cdfs.sys
13:49:30.0963 3972 cdfs - ok
13:49:30.0975 3972 cdrom - ok
13:49:31.0002 3972 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\windows\system32\DRIVERS\circlass.sys
13:49:31.0003 3972 circlass - ok
13:49:31.0028 3972 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\windows\system32\CLFS.sys
13:49:31.0032 3972 CLFS - ok
13:49:31.0060 3972 CmBatt (dea805815e587dad1dd2c502220b5616) C:\windows\system32\DRIVERS\CmBatt.sys
13:49:31.0061 3972 CmBatt - ok
13:49:31.0092 3972 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\windows\system32\drivers\cmdide.sys
13:49:31.0093 3972 cmdide - ok
13:49:31.0115 3972 CNG (1b675691ed940766149c93e8f4488d68) C:\windows\system32\Drivers\cng.sys
13:49:31.0119 3972 CNG - ok
13:49:31.0138 3972 Compbatt (a6023d3823c37043986713f118a89bee) C:\windows\system32\DRIVERS\compbatt.sys
13:49:31.0139 3972 Compbatt - ok
13:49:31.0169 3972 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\windows\system32\drivers\CompositeBus.sys
13:49:31.0170 3972 CompositeBus - ok
13:49:31.0198 3972 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\windows\system32\DRIVERS\crcdisk.sys
13:49:31.0199 3972 crcdisk - ok
13:49:31.0258 3972 DfsC (f024449c97ec1e464aaffda18593db88) C:\windows\system32\Drivers\dfsc.sys
13:49:31.0260 3972 DfsC - ok
13:49:31.0285 3972 discache (1a050b0274bfb3890703d490f330c0da) C:\windows\system32\drivers\discache.sys
13:49:31.0286 3972 discache - ok
13:49:31.0302 3972 Disk (565003f326f99802e68ca78f2a68e9ff) C:\windows\system32\DRIVERS\disk.sys
13:49:31.0304 3972 Disk - ok
13:49:31.0337 3972 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\windows\system32\drivers\drmkaud.sys
13:49:31.0338 3972 drmkaud - ok
13:49:31.0384 3972 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\windows\System32\drivers\dxgkrnl.sys
13:49:31.0392 3972 DXGKrnl - ok
13:49:31.0415 3972 e1yexpress (8eef52ad831471e323ee7364a8656d35) C:\windows\system32\DRIVERS\e1y6032.sys
13:49:31.0418 3972 e1yexpress - ok
13:49:31.0502 3972 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\windows\system32\DRIVERS\evbdx.sys
13:49:31.0533 3972 ebdrv - ok
13:49:31.0571 3972 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\windows\system32\DRIVERS\elxstor.sys
13:49:31.0577 3972 elxstor - ok
13:49:31.0597 3972 enecir (f13c945115b8a8c7c4427d5925f88f23) C:\windows\system32\DRIVERS\enecir.sys
13:49:31.0598 3972 enecir - ok
13:49:31.0612 3972 enecirhid (65bf24816c2814596253f312dd35f171) C:\windows\system32\DRIVERS\enecirhid.sys
13:49:31.0614 3972 enecirhid - ok
13:49:31.0625 3972 enecirhidma (97d41e2831ac117af9bf8d0d9e9d027f) C:\windows\system32\DRIVERS\enecirhidma.sys
13:49:31.0626 3972 enecirhidma - ok
13:49:31.0650 3972 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\windows\system32\drivers\errdev.sys
13:49:31.0651 3972 ErrDev - ok
13:49:31.0687 3972 exfat (2dc9108d74081149cc8b651d3a26207f) C:\windows\system32\drivers\exfat.sys
13:49:31.0689 3972 exfat - ok
13:49:31.0707 3972 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\windows\system32\drivers\fastfat.sys
13:49:31.0709 3972 fastfat - ok
13:49:31.0731 3972 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\windows\system32\DRIVERS\fdc.sys
13:49:31.0733 3972 fdc - ok
13:49:31.0763 3972 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\windows\system32\drivers\fileinfo.sys
13:49:31.0764 3972 FileInfo - ok
13:49:31.0781 3972 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\windows\system32\drivers\filetrace.sys
13:49:31.0782 3972 Filetrace - ok
13:49:31.0809 3972 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\windows\system32\DRIVERS\flpydisk.sys
13:49:31.0810 3972 flpydisk - ok
13:49:31.0832 3972 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\windows\system32\drivers\fltmgr.sys
13:49:31.0835 3972 FltMgr - ok
13:49:31.0863 3972 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\windows\system32\drivers\FsDepends.sys
13:49:31.0865 3972 FsDepends - ok
13:49:31.0883 3972 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\windows\system32\drivers\Fs_Rec.sys
13:49:31.0884 3972 Fs_Rec - ok
13:49:31.0918 3972 fvevol (8a73e79089b282100b9393b644cb853b) C:\windows\system32\DRIVERS\fvevol.sys
13:49:31.0921 3972 fvevol - ok
13:49:31.0943 3972 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\windows\system32\DRIVERS\gagp30kx.sys
13:49:31.0945 3972 gagp30kx - ok
13:49:31.0969 3972 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\windows\system32\DRIVERS\GEARAspiWDM.sys
13:49:31.0970 3972 GEARAspiWDM - ok
13:49:31.0990 3972 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\windows\system32\drivers\hcw85cir.sys
13:49:31.0992 3972 hcw85cir - ok
13:49:32.0026 3972 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\windows\system32\drivers\HdAudio.sys
13:49:32.0030 3972 HdAudAddService - ok
13:49:32.0046 3972 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\windows\system32\drivers\HDAudBus.sys
13:49:32.0048 3972 HDAudBus - ok
13:49:32.0064 3972 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\windows\system32\DRIVERS\HidBatt.sys
13:49:32.0065 3972 HidBatt - ok
13:49:32.0085 3972 HidBth (89448f40e6df260c206a193a4683ba78) C:\windows\system32\DRIVERS\hidbth.sys
13:49:32.0086 3972 HidBth - ok
13:49:32.0103 3972 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\windows\system32\DRIVERS\hidir.sys
13:49:32.0104 3972 HidIr - ok
13:49:32.0131 3972 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\windows\system32\drivers\hidusb.sys
13:49:32.0132 3972 HidUsb - ok
13:49:32.0163 3972 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\windows\system32\drivers\HpSAMD.sys
13:49:32.0164 3972 HpSAMD - ok
13:49:32.0192 3972 HTTP (871917b07a141bff43d76d8844d48106) C:\windows\system32\drivers\HTTP.sys
13:49:32.0199 3972 HTTP - ok
13:49:32.0231 3972 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\windows\system32\drivers\hwpolicy.sys
13:49:32.0232 3972 hwpolicy - ok
13:49:32.0255 3972 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\windows\system32\drivers\i8042prt.sys
13:49:32.0257 3972 i8042prt - ok
13:49:32.0283 3972 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\windows\system32\drivers\iaStorV.sys
13:49:32.0287 3972 iaStorV - ok
13:49:32.0405 3972 igfx (ad626f6964f4d364d226c39e06872dd3) C:\windows\system32\DRIVERS\igdkmd32.sys
13:49:32.0452 3972 igfx - ok
13:49:32.0475 3972 iirsp (4173ff5708f3236cf25195fecd742915) C:\windows\system32\DRIVERS\iirsp.sys
13:49:32.0476 3972 iirsp - ok
13:49:32.0564 3972 IntcAzAudAddService (7c7b7bf720a7fd091890efeb2583ad8d) C:\windows\system32\drivers\RTKVHDA.sys
13:49:32.0593 3972 IntcAzAudAddService - ok
13:49:32.0627 3972 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\windows\system32\drivers\intelide.sys
13:49:32.0628 3972 intelide - ok
13:49:32.0648 3972 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\windows\system32\DRIVERS\intelppm.sys
13:49:32.0650 3972 intelppm - ok
13:49:32.0676 3972 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\windows\system32\DRIVERS\ipfltdrv.sys
13:49:32.0678 3972 IpFilterDriver - ok
13:49:32.0696 3972 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\windows\system32\drivers\IPMIDrv.sys
13:49:32.0697 3972 IPMIDRV - ok
13:49:32.0715 3972 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\windows\system32\drivers\ipnat.sys
13:49:32.0717 3972 IPNAT - ok
13:49:32.0742 3972 IRENUM (42996cff20a3084a56017b7902307e9f) C:\windows\system32\drivers\irenum.sys
13:49:32.0743 3972 IRENUM - ok
13:49:32.0764 3972 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\windows\system32\drivers\isapnp.sys
13:49:32.0765 3972 isapnp - ok
13:49:32.0784 3972 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\windows\system32\drivers\msiscsi.sys
13:49:32.0787 3972 iScsiPrt - ok
13:49:32.0803 3972 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\windows\system32\drivers\kbdclass.sys
13:49:32.0804 3972 kbdclass - ok
13:49:32.0824 3972 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\windows\system32\drivers\kbdhid.sys
13:49:32.0825 3972 kbdhid - ok
13:49:32.0858 3972 KSecDD (412cea1aa78cc02a447f5c9e62b32ff1) C:\windows\system32\Drivers\ksecdd.sys
13:49:32.0860 3972 KSecDD - ok
13:49:32.0877 3972 KSecPkg (26c046977e85b95036453d7b88ba1820) C:\windows\system32\Drivers\ksecpkg.sys
13:49:32.0880 3972 KSecPkg - ok
13:49:32.0920 3972 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\windows\system32\DRIVERS\lltdio.sys
13:49:32.0922 3972 lltdio - ok
13:49:32.0963 3972 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\windows\system32\DRIVERS\lsi_fc.sys
13:49:32.0965 3972 LSI_FC - ok
13:49:32.0979 3972 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\windows\system32\DRIVERS\lsi_sas.sys
13:49:32.0981 3972 LSI_SAS - ok
13:49:33.0005 3972 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\windows\system32\DRIVERS\lsi_sas2.sys
13:49:33.0007 3972 LSI_SAS2 - ok
13:49:33.0033 3972 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\windows\system32\DRIVERS\lsi_scsi.sys
13:49:33.0034 3972 LSI_SCSI - ok
13:49:33.0055 3972 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\windows\system32\drivers\luafv.sys
13:49:33.0056 3972 luafv - ok
13:49:33.0080 3972 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\windows\system32\DRIVERS\megasas.sys
13:49:33.0082 3972 megasas - ok
13:49:33.0111 3972 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\windows\system32\DRIVERS\MegaSR.sys
13:49:33.0114 3972 MegaSR - ok
13:49:33.0138 3972 Modem (f001861e5700ee84e2d4e52c712f4964) C:\windows\system32\drivers\modem.sys
13:49:33.0140 3972 Modem - ok
13:49:33.0160 3972 monitor (79d10964de86b292320e9dfe02282a23) C:\windows\system32\DRIVERS\monitor.sys
13:49:33.0161 3972 monitor - ok
13:49:33.0177 3972 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\windows\system32\drivers\mouclass.sys
13:49:33.0179 3972 mouclass - ok
13:49:33.0199 3972 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\windows\system32\DRIVERS\mouhid.sys
13:49:33.0201 3972 mouhid - ok
13:49:33.0225 3972 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\windows\system32\drivers\mountmgr.sys
13:49:33.0227 3972 mountmgr - ok
13:49:33.0251 3972 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\windows\system32\drivers\mpio.sys
13:49:33.0253 3972 mpio - ok
13:49:33.0277 3972 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\windows\system32\drivers\mpsdrv.sys
13:49:33.0279 3972 mpsdrv - ok
13:49:33.0311 3972 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\windows\system32\drivers\mrxdav.sys
13:49:33.0313 3972 MRxDAV - ok
13:49:33.0341 3972 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\windows\system32\DRIVERS\mrxsmb.sys
13:49:33.0343 3972 mrxsmb - ok
13:49:33.0376 3972 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\windows\system32\DRIVERS\mrxsmb10.sys
13:49:33.0379 3972 mrxsmb10 - ok
13:49:33.0395 3972 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\windows\system32\DRIVERS\mrxsmb20.sys
13:49:33.0397 3972 mrxsmb20 - ok
13:49:33.0429 3972 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\windows\system32\drivers\msahci.sys
13:49:33.0430 3972 msahci - ok
13:49:33.0463 3972 msdsm (55055f8ad8be27a64c831322a780a228) C:\windows\system32\drivers\msdsm.sys
13:49:33.0465 3972 msdsm - ok
13:49:33.0495 3972 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\windows\system32\drivers\Msfs.sys
13:49:33.0497 3972 Msfs - ok
13:49:33.0512 3972 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\windows\System32\drivers\mshidkmdf.sys
13:49:33.0514 3972 mshidkmdf - ok
13:49:33.0532 3972 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\windows\system32\drivers\msisadrv.sys
13:49:33.0534 3972 msisadrv - ok
13:49:33.0557 3972 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\windows\system32\drivers\MSKSSRV.sys
13:49:33.0559 3972 MSKSSRV - ok
13:49:33.0580 3972 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\windows\system32\drivers\MSPCLOCK.sys
13:49:33.0581 3972 MSPCLOCK - ok
13:49:33.0592 3972 MSPQM (f456e973590d663b1073e9c463b40932) C:\windows\system32\drivers\MSPQM.sys
13:49:33.0594 3972 MSPQM - ok
13:49:33.0616 3972 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\windows\system32\drivers\MsRPC.sys
13:49:33.0619 3972 MsRPC - ok
13:49:33.0635 3972 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\windows\system32\drivers\mssmbios.sys
13:49:33.0637 3972 mssmbios - ok
13:49:33.0652 3972 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\windows\system32\drivers\MSTEE.sys
13:49:33.0653 3972 MSTEE - ok
13:49:33.0678 3972 MTConfig (33599130f44e1f34631cea241de8ac84) C:\windows\system32\DRIVERS\MTConfig.sys
13:49:33.0679 3972 MTConfig - ok
13:49:33.0694 3972 Mup (159fad02f64e6381758c990f753bcc80) C:\windows\system32\Drivers\mup.sys
13:49:33.0696 3972 Mup - ok
13:49:33.0724 3972 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\windows\system32\DRIVERS\nwifi.sys
13:49:33.0728 3972 NativeWifiP - ok
13:49:33.0774 3972 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\windows\system32\drivers\ndis.sys
13:49:33.0782 3972 NDIS - ok
13:49:33.0803 3972 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\windows\system32\DRIVERS\ndiscap.sys
13:49:33.0804 3972 NdisCap - ok
13:49:33.0824 3972 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\windows\system32\DRIVERS\ndistapi.sys
13:49:33.0825 3972 NdisTapi - ok
13:49:33.0853 3972 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\windows\system32\DRIVERS\ndisuio.sys
13:49:33.0855 3972 Ndisuio - ok
13:49:33.0887 3972 NdisWan (38fbe267e7e6983311179230facb1017) C:\windows\system32\DRIVERS\ndiswan.sys
13:49:33.0889 3972 NdisWan - ok
13:49:33.0907 3972 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\windows\system32\drivers\NDProxy.sys
13:49:33.0908 3972 NDProxy - ok
13:49:33.0927 3972 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\windows\system32\DRIVERS\netbios.sys
13:49:33.0928 3972 NetBIOS - ok
13:49:33.0965 3972 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\windows\system32\DRIVERS\netbt.sys
13:49:33.0968 3972 NetBT - ok
13:49:34.0009 3972 netr28 (652881f65b35564575255a0e05e23c55) C:\windows\system32\DRIVERS\netr28.sys
13:49:34.0016 3972 netr28 - ok
13:49:34.0046 3972 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\windows\system32\DRIVERS\nfrd960.sys
13:49:34.0048 3972 nfrd960 - ok
13:49:34.0071 3972 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\windows\system32\drivers\Npfs.sys
13:49:34.0072 3972 Npfs - ok
13:49:34.0095 3972 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\windows\system32\drivers\nsiproxy.sys
13:49:34.0097 3972 nsiproxy - ok
13:49:34.0152 3972 Ntfs (81189c3d7763838e55c397759d49007a) C:\windows\system32\drivers\Ntfs.sys
13:49:34.0165 3972 Ntfs - ok
13:49:34.0177 3972 Null (f9756a98d69098dca8945d62858a812c) C:\windows\system32\drivers\Null.sys
13:49:34.0179 3972 Null - ok
13:49:34.0203 3972 nvamacpi (bc9795f928c1775286e207f55f4870cd) C:\windows\system32\DRIVERS\NVAMACPI.sys
13:49:34.0204 3972 nvamacpi - ok
13:49:34.0423 3972 nvlddmkm (8dfdcffabd7ab73cab9c738c3b7dccf4) C:\windows\system32\DRIVERS\nvlddmkm.sys
13:49:34.0518 3972 nvlddmkm - ok
13:49:34.0555 3972 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\windows\system32\drivers\nvraid.sys
13:49:34.0557 3972 nvraid - ok
13:49:34.0574 3972 nvsmu (f13618f0cb1e95232f4c2401592a59e9) C:\windows\system32\DRIVERS\nvsmu.sys
13:49:34.0575 3972 nvsmu - ok
13:49:34.0608 3972 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\windows\system32\drivers\nvstor.sys
13:49:34.0611 3972 nvstor - ok
13:49:34.0631 3972 nvstor32 (3ff57a9a657c9690ecbc8b1e3b6e3979) C:\windows\system32\DRIVERS\nvstor32.sys
13:49:34.0634 3972 nvstor32 - ok
13:49:34.0659 3972 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\windows\system32\drivers\nv_agp.sys
13:49:34.0662 3972 nv_agp - ok
13:49:34.0704 3972 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\windows\system32\drivers\ohci1394.sys
13:49:34.0705 3972 ohci1394 - ok
13:49:34.0735 3972 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\windows\system32\DRIVERS\parport.sys
13:49:34.0737 3972 Parport - ok
13:49:34.0774 3972 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\windows\system32\drivers\partmgr.sys
13:49:34.0776 3972 partmgr - ok
13:49:34.0798 3972 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\windows\system32\DRIVERS\parvdm.sys
13:49:34.0799 3972 Parvdm - ok
13:49:34.0822 3972 pci (673e55c3498eb970088e812ea820aa8f) C:\windows\system32\drivers\pci.sys
13:49:34.0824 3972 pci - ok
13:49:34.0842 3972 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\windows\system32\drivers\pciide.sys
13:49:34.0844 3972 pciide - ok
13:49:34.0868 3972 pcmcia (f396431b31693e71e8a80687ef523506) C:\windows\system32\DRIVERS\pcmcia.sys
13:49:34.0870 3972 pcmcia - ok
13:49:34.0892 3972 pcw (250f6b43d2b613172035c6747aeeb19f) C:\windows\system32\drivers\pcw.sys
13:49:34.0894 3972 pcw - ok
13:49:34.0927 3972 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\windows\system32\drivers\peauth.sys
13:49:34.0934 3972 PEAUTH - ok
13:49:35.0019 3972 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\windows\system32\DRIVERS\raspptp.sys
13:49:35.0020 3972 PptpMiniport - ok
13:49:35.0043 3972 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\windows\system32\DRIVERS\processr.sys
13:49:35.0045 3972 Processor - ok
13:49:35.0073 3972 Psched (6270ccae2a86de6d146529fe55b3246a) C:\windows\system32\DRIVERS\pacer.sys
13:49:35.0075 3972 Psched - ok
13:49:35.0123 3972 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\windows\system32\DRIVERS\ql2300.sys
13:49:35.0137 3972 ql2300 - ok
13:49:35.0160 3972 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\windows\system32\DRIVERS\ql40xx.sys
13:49:35.0162 3972 ql40xx - ok
13:49:35.0185 3972 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\windows\system32\drivers\qwavedrv.sys
13:49:35.0186 3972 QWAVEdrv - ok
13:49:35.0260 3972 RapportCerberus_34302 (6b6f0a77365667912360ff1d5e984f25) C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus32_34302.sys
13:49:35.0263 3972 RapportCerberus_34302 - ok
13:49:35.0319 3972 RapportEI (34992b59780a8a227a9eb54c97dc4608) C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys
13:49:35.0321 3972 RapportEI - ok
13:49:35.0364 3972 RapportIaso (dd3e4610de9252a957c5bd19bdf47ac4) c:\programdata\trusteer\rapport\store\exts\rapportms\28896\rapportiaso.sys
13:49:35.0365 3972 RapportIaso - ok
13:49:35.0391 3972 RapportKELL (a231b5552148ade82ed3dfba25919b75) C:\windows\system32\Drivers\RapportKELL.sys
13:49:35.0392 3972 RapportKELL - ok
13:49:35.0421 3972 RapportPG (060f8e34707d68178a564935ce4546eb) C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys
13:49:35.0423 3972 RapportPG - ok
13:49:35.0444 3972 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\windows\system32\DRIVERS\rasacd.sys
13:49:35.0446 3972 RasAcd - ok
13:49:35.0462 3972 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\windows\system32\DRIVERS\AgileVpn.sys
13:49:35.0464 3972 RasAgileVpn - ok
13:49:35.0489 3972 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\windows\system32\DRIVERS\rasl2tp.sys
13:49:35.0491 3972 Rasl2tp - ok
13:49:35.0515 3972 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\windows\system32\DRIVERS\raspppoe.sys
13:49:35.0517 3972 RasPppoe - ok
13:49:35.0536 3972 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\windows\system32\DRIVERS\rassstp.sys
13:49:35.0538 3972 RasSstp - ok
13:49:35.0575 3972 rdbss (d528bc58a489409ba40334ebf96a311b) C:\windows\system32\DRIVERS\rdbss.sys
13:49:35.0578 3972 rdbss - ok
13:49:35.0596 3972 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\windows\system32\DRIVERS\rdpbus.sys
13:49:35.0597 3972 rdpbus - ok
13:49:35.0632 3972 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\windows\system32\DRIVERS\RDPCDD.sys
13:49:35.0633 3972 RDPCDD - ok
13:49:35.0652 3972 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\windows\system32\drivers\rdpencdd.sys
13:49:35.0654 3972 RDPENCDD - ok
13:49:35.0675 3972 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\windows\system32\drivers\rdprefmp.sys
13:49:35.0678 3972 RDPREFMP - ok
13:49:35.0712 3972 RDPWD (288b06960d78428ff89e811632684e20) C:\windows\system32\drivers\RDPWD.sys
13:49:35.0715 3972 RDPWD - ok
13:49:35.0750 3972 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\windows\system32\drivers\rdyboost.sys
13:49:35.0752 3972 rdyboost - ok
13:49:35.0789 3972 RimUsb (616eac1b0e48b236a5a9b8ae07fdb81c) C:\windows\system32\Drivers\RimUsb.sys
13:49:35.0791 3972 RimUsb - ok
13:49:35.0824 3972 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\windows\system32\DRIVERS\RimSerial.sys
13:49:35.0825 3972 RimVSerPort - ok
13:49:35.0848 3972 ROOTMODEM (564297827d213f52c7a3a2ff749568ca) C:\windows\system32\Drivers\RootMdm.sys
13:49:35.0849 3972 ROOTMODEM - ok
13:49:35.0886 3972 rspndr (032b0d36ad92b582d869879f5af5b928) C:\windows\system32\DRIVERS\rspndr.sys
13:49:35.0887 3972 rspndr - ok
13:49:35.0925 3972 RSUSBSTOR (96f8dd546677aa5102150acc140377b3) C:\windows\System32\Drivers\RtsUStor.sys
13:49:35.0928 3972 RSUSBSTOR - ok
13:49:35.0948 3972 RTL8167 (05c2613f661584190c752f6184d1c8ef) C:\windows\system32\DRIVERS\Rt86win7.sys
13:49:35.0951 3972 RTL8167 - ok
13:49:35.0986 3972 rtl8192se (97574b6c7488cb463eaa28092d2dc82e) C:\windows\system32\DRIVERS\rtl8192se.sys
13:49:35.0995 3972 rtl8192se - ok
13:49:36.0007 3972 RtsUIR - ok
13:49:36.0054 3972 sbp2port (05d860da1040f111503ac416ccef2bca) C:\windows\system32\drivers\sbp2port.sys
13:49:36.0056 3972 sbp2port - ok
13:49:36.0088 3972 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\windows\system32\DRIVERS\scfilter.sys
13:49:36.0089 3972 scfilter - ok
13:49:36.0125 3972 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\windows\system32\drivers\secdrv.sys
13:49:36.0127 3972 secdrv - ok
13:49:36.0158 3972 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\windows\system32\DRIVERS\serenum.sys
13:49:36.0159 3972 Serenum - ok
13:49:36.0179 3972 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\windows\system32\DRIVERS\serial.sys
13:49:36.0181 3972 Serial - ok
13:49:36.0203 3972 sermouse (79bffb520327ff916a582dfea17aa813) C:\windows\system32\DRIVERS\sermouse.sys
13:49:36.0204 3972 sermouse - ok
13:49:36.0255 3972 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\windows\system32\drivers\sffdisk.sys
13:49:36.0256 3972 sffdisk - ok
13:49:36.0278 3972 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\windows\system32\drivers\sffp_mmc.sys
13:49:36.0279 3972 sffp_mmc - ok
13:49:36.0295 3972 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\windows\system32\drivers\sffp_sd.sys
13:49:36.0297 3972 sffp_sd - ok
13:49:36.0322 3972 sfloppy (db96666cc8312ebc45032f30b007a547) C:\windows\system32\DRIVERS\sfloppy.sys
13:49:36.0324 3972 sfloppy - ok
13:49:36.0363 3972 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\windows\system32\drivers\sisagp.sys
13:49:36.0365 3972 sisagp - ok
13:49:36.0389 3972 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\windows\system32\DRIVERS\SiSRaid2.sys
13:49:36.0390 3972 SiSRaid2 - ok
13:49:36.0413 3972 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\windows\system32\DRIVERS\sisraid4.sys
13:49:36.0415 3972 SiSRaid4 - ok
13:49:36.0433 3972 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\windows\system32\DRIVERS\smb.sys
13:49:36.0434 3972 Smb - ok
13:49:36.0466 3972 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\windows\system32\drivers\spldr.sys
13:49:36.0467 3972 spldr - ok
13:49:36.0520 3972 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\windows\system32\DRIVERS\srv.sys
13:49:36.0524 3972 srv - ok
13:49:36.0549 3972 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\windows\system32\DRIVERS\srv2.sys
13:49:36.0553 3972 srv2 - ok
13:49:36.0577 3972 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\windows\system32\DRIVERS\srvnet.sys
13:49:36.0579 3972 srvnet - ok
13:49:36.0611 3972 stexstor (db32d325c192b801df274bfd12a7e72b) C:\windows\system32\DRIVERS\stexstor.sys
13:49:36.0613 3972 stexstor - ok
13:49:36.0636 3972 swenum (e58c78a848add9610a4db6d214af5224) C:\windows\system32\drivers\swenum.sys
13:49:36.0638 3972 swenum - ok
13:49:36.0720 3972 Tcpip (65d10b191c59c5501a1263fc33f6894b) C:\windows\system32\drivers\tcpip.sys
13:49:36.0734 3972 Tcpip - ok
13:49:36.0778 3972 TCPIP6 (65d10b191c59c5501a1263fc33f6894b) C:\windows\system32\DRIVERS\tcpip.sys
13:49:36.0792 3972 TCPIP6 - ok
13:49:36.0826 3972 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\windows\system32\drivers\tcpipreg.sys
13:49:36.0827 3972 tcpipreg - ok
13:49:36.0867 3972 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\windows\system32\drivers\tdpipe.sys
13:49:36.0868 3972 TDPIPE - ok
13:49:36.0884 3972 TDTCP (2c10395baa4847f83042813c515cc289) C:\windows\system32\drivers\tdtcp.sys
13:49:36.0885 3972 TDTCP - ok
13:49:36.0919 3972 tdx (b459575348c20e8121d6039da063c704) C:\windows\system32\DRIVERS\tdx.sys
13:49:36.0921 3972 tdx - ok
13:49:36.0938 3972 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\windows\system32\drivers\termdd.sys
13:49:36.0940 3972 TermDD - ok
13:49:36.0995 3972 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\windows\system32\DRIVERS\tssecsrv.sys
13:49:36.0997 3972 tssecsrv - ok
13:49:37.0029 3972 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\windows\system32\drivers\tsusbflt.sys
13:49:37.0031 3972 TsUsbFlt - ok
13:49:37.0057 3972 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\windows\system32\DRIVERS\tunnel.sys
13:49:37.0059 3972 tunnel - ok
13:49:37.0095 3972 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\windows\system32\DRIVERS\uagp35.sys
13:49:37.0097 3972 uagp35 - ok
13:49:37.0137 3972 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\windows\system32\DRIVERS\udfs.sys
13:49:37.0140 3972 udfs - ok
13:49:37.0194 3972 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\windows\system32\drivers\uliagpkx.sys
13:49:37.0196 3972 uliagpkx - ok
13:49:37.0217 3972 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\windows\system32\drivers\umbus.sys
13:49:37.0219 3972 umbus - ok
13:49:37.0242 3972 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\windows\system32\DRIVERS\umpass.sys
13:49:37.0243 3972 UmPass - ok
13:49:37.0276 3972 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\windows\system32\Drivers\usbaapl.sys
13:49:37.0278 3972 USBAAPL - ok
13:49:37.0297 3972 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\windows\system32\DRIVERS\usbccgp.sys
13:49:37.0299 3972 usbccgp - ok
13:49:37.0319 3972 USBCCID - ok
13:49:37.0352 3972 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\windows\system32\drivers\usbcir.sys
13:49:37.0354 3972 usbcir - ok
13:49:37.0370 3972 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\windows\system32\DRIVERS\usbehci.sys
13:49:37.0372 3972 usbehci - ok
13:49:37.0398 3972 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\windows\system32\DRIVERS\usbhub.sys
13:49:37.0401 3972 usbhub - ok
13:49:37.0416 3972 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\windows\system32\DRIVERS\usbohci.sys
13:49:37.0418 3972 usbohci - ok
13:49:37.0436 3972 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\windows\system32\DRIVERS\usbprint.sys
13:49:37.0437 3972 usbprint - ok
13:49:37.0456 3972 USBSTOR (f991ab9cc6b908db552166768176896a) C:\windows\system32\drivers\USBSTOR.SYS
13:49:37.0458 3972 USBSTOR - ok
13:49:37.0477 3972 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\windows\system32\drivers\usbuhci.sys
13:49:37.0479 3972 usbuhci - ok
13:49:37.0499 3972 usbvideo (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\windows\System32\Drivers\usbvideo.sys
13:49:37.0502 3972 usbvideo - ok
13:49:37.0526 3972 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\windows\system32\drivers\vdrvroot.sys
13:49:37.0528 3972 vdrvroot - ok
13:49:37.0552 3972 vga (17c408214ea61696cec9c66e388b14f3) C:\windows\system32\DRIVERS\vgapnp.sys
13:49:37.0554 3972 vga - ok
13:49:37.0570 3972 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\windows\System32\drivers\vga.sys
13:49:37.0572 3972 VgaSave - ok
13:49:37.0596 3972 vhdmp (5461686cca2fda57b024547733ab42e3) C:\windows\system32\drivers\vhdmp.sys
13:49:37.0599 3972 vhdmp - ok
13:49:37.0626 3972 viaagp (c829317a37b4bea8f39735d4b076e923) C:\windows\system32\drivers\viaagp.sys
13:49:37.0627 3972 viaagp - ok
13:49:37.0650 3972 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\windows\system32\DRIVERS\viac7.sys
13:49:37.0652 3972 ViaC7 - ok
13:49:37.0673 3972 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\windows\system32\drivers\viaide.sys
13:49:37.0674 3972 viaide - ok
13:49:37.0692 3972 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\windows\system32\drivers\volmgr.sys
13:49:37.0693 3972 volmgr - ok
13:49:37.0721 3972 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\windows\system32\drivers\volmgrx.sys
13:49:37.0725 3972 volmgrx - ok
13:49:37.0747 3972 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\windows\system32\drivers\volsnap.sys
13:49:37.0750 3972 volsnap - ok
13:49:37.0774 3972 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\windows\system32\DRIVERS\vsmraid.sys
13:49:37.0776 3972 vsmraid - ok
13:49:37.0801 3972 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\windows\system32\DRIVERS\vwifibus.sys
13:49:37.0803 3972 vwifibus - ok
13:49:37.0833 3972 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\windows\system32\DRIVERS\vwififlt.sys
13:49:37.0834 3972 vwififlt - ok
13:49:37.0853 3972 vwifimp (a3f04cbea6c2a10e6cb01f8b47611882) C:\windows\system32\DRIVERS\vwifimp.sys
13:49:37.0854 3972 vwifimp - ok
13:49:37.0867 3972 vwltdhca - ok
13:49:37.0903 3972 WacomPen (de3721e89c653aa281428c8a69745d90) C:\windows\system32\DRIVERS\wacompen.sys
13:49:37.0904 3972 WacomPen - ok
13:49:37.0943 3972 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\windows\system32\DRIVERS\wanarp.sys
13:49:37.0945 3972 WANARP - ok
13:49:37.0953 3972 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\windows\system32\DRIVERS\wanarp.sys
13:49:37.0954 3972 Wanarpv6 - ok
13:49:37.0998 3972 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\windows\system32\DRIVERS\wd.sys
13:49:38.0000 3972 Wd - ok
13:49:38.0030 3972 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\windows\system32\drivers\Wdf01000.sys
13:49:38.0036 3972 Wdf01000 - ok
13:49:38.0098 3972 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\windows\system32\DRIVERS\wfplwf.sys
13:49:38.0100 3972 WfpLwf - ok
13:49:38.0124 3972 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\windows\system32\drivers\wimmount.sys
13:49:38.0125 3972 WIMMount - ok
13:49:38.0180 3972 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\windows\system32\DRIVERS\WinUsb.sys
13:49:38.0181 3972 WinUsb - ok
13:49:38.0211 3972 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\windows\system32\drivers\wmiacpi.sys
13:49:38.0212 3972 WmiAcpi - ok
13:49:38.0266 3972 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\windows\system32\drivers\ws2ifsl.sys
13:49:38.0267 3972 ws2ifsl - ok
13:49:38.0304 3972 WSDPrintDevice (553f6ccd7c58eb98d4a8fbdaf283d7a9) C:\windows\system32\DRIVERS\WSDPrint.sys
13:49:38.0306 3972 WSDPrintDevice - ok
13:49:38.0360 3972 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\windows\system32\drivers\WudfPf.sys
13:49:38.0362 3972 WudfPf - ok
13:49:38.0381 3972 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\windows\system32\DRIVERS\WUDFRd.sys
13:49:38.0383 3972 WUDFRd - ok
13:49:38.0431 3972 MBR (0x1B8) (9d77962af9dda2c93541779df4e970cf) \Device\Harddisk0\DR0
13:49:38.0452 3972 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.a ) - infected
13:49:38.0452 3972 \Device\Harddisk0\DR0 - detected Rootkit.Boot.SST.a (0)
13:49:38.0474 3972 Boot (0x1200) (207772a5439521512faaa0869451df98) \Device\Harddisk0\DR0\Partition0
13:49:38.0475 3972 \Device\Harddisk0\DR0\Partition0 - ok
13:49:38.0492 3972 Boot (0x1200) (5bb4c7ea96bd907e635b72fa06a4e43e) \Device\Harddisk0\DR0\Partition1
13:49:38.0493 3972 \Device\Harddisk0\DR0\Partition1 - ok
13:49:38.0499 3972 ============================================================
13:49:38.0499 3972 Scan finished
13:49:38.0499 3972 ============================================================
13:49:38.0518 2992 Detected object count: 1
13:49:38.0518 2992 Actual detected object count: 1
13:49:46.0426 2992 \Device\Harddisk0\DR0\# - copied to quarantine
13:49:46.0426 2992 \Device\Harddisk0\DR0 - copied to quarantine
13:49:46.0468 2992 \Device\Harddisk0\DR0\TDLFS\mbr - copied to quarantine
13:49:46.0475 2992 \Device\Harddisk0\DR0\TDLFS\vbr - copied to quarantine
13:49:46.0496 2992 \Device\Harddisk0\DR0\TDLFS\bid - copied to quarantine
13:49:46.0507 2992 \Device\Harddisk0\DR0\TDLFS\affid - copied to quarantine
13:49:46.0520 2992 \Device\Harddisk0\DR0\TDLFS\boot - copied to quarantine
13:49:46.0536 2992 \Device\Harddisk0\DR0\TDLFS\cmd32 - copied to quarantine
13:49:46.0554 2992 \Device\Harddisk0\DR0\TDLFS\cmd64 - copied to quarantine
13:49:46.0573 2992 \Device\Harddisk0\DR0\TDLFS\dbg32 - copied to quarantine
13:49:46.0594 2992 \Device\Harddisk0\DR0\TDLFS\dbg64 - copied to quarantine
13:49:46.0638 2992 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
13:49:46.0672 2992 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
13:49:46.0698 2992 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
13:49:46.0726 2992 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
13:49:46.0756 2992 \Device\Harddisk0\DR0\TDLFS\main - copied to quarantine
13:49:46.0788 2992 \Device\Harddisk0\DR0\TDLFS\subid - copied to quarantine
13:49:46.0822 2992 \Device\Harddisk0\DR0\TDLFS\info - copied to quarantine
13:49:46.0859 2992 \Device\Harddisk0\DR0\TDLFS\mainfb.script - copied to quarantine
13:49:46.0911 2992 \Device\Harddisk0\DR0\TDLFS\com32 - copied to quarantine
13:49:46.0977 2992 \Device\Harddisk0\DR0\TDLFS\bbr232 - copied to quarantine
13:49:47.0040 2992 \Device\Harddisk0\DR0\TDLFS\serf332 - copied to quarantine
13:49:47.0297 2992 \Device\Harddisk0\DR0\TDLFS\sant32 - copied to quarantine
13:49:47.0343 2992 \Device\Harddisk0\DR0\TDLFS\serf_conf - copied to quarantine
13:49:47.0390 2992 \Device\Harddisk0\DR0\TDLFS\time.txt - copied to quarantine
13:49:47.0443 2992 \Device\Harddisk0\DR0\TDLFS\bbr_conf - copied to quarantine
13:49:47.0445 2992 \Device\Harddisk0\DR0 - processing error
13:49:49.0782 2992 \Device\Harddisk0\DR0 - will be restored on reboot
13:49:49.0783 2992 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.a ) - User select action: Cure Restore
13:50:07.0618 4876 Deinitialize success

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:10 PM

Posted 31 January 2012 - 01:09 PM

Hello

Ok lets try this, I want you to run combofix in safe mode but it is very important that when combofix reboots the computer for you to direct it back into safe mode so it can finish the scan.

Boot into Safe Mode

Reboot your computer in Safe Mode.
  • If the computer is running, shut down Windows, and then turn off the power.
  • Wait 30 seconds, and then turn the computer on.
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe Mode option is selected.
  • Press Enter. The computer then begins to start in Safe mode.
  • Login on your usual account.

after combofix has finished its scan please post the report back here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 2012

2012
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:05:10 PM

Posted 31 January 2012 - 05:32 PM

ComboFix 12-01-30.02 - Melissa 31/01/2012 20:03:08.1.2 - x86 MINIMAL
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.3327.3004 [GMT 0:00]
Running from: c:\users\Melissa\Downloads\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\~04Id4NPd4vpvFJ
c:\programdata\~04Id4NPd4vpvFJr
c:\programdata\~n5Rbk57zQRzLBw
c:\programdata\~n5Rbk57zQRzLBwr
c:\programdata\04Id4NPd4vpvFJ
c:\programdata\n5Rbk57zQRzLBw
c:\programdata\n5Rbk57zQRzLBw.exe
c:\programdata\PAwhgCLyHSr.exe
c:\programdata\yEInuXEOiED.exe
c:\users\Melissa\AppData\Local\dplayx.dll
c:\users\Melissa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check
c:\users\Melissa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check\System Check.lnk
c:\users\Melissa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check\Uninstall System Check.lnk
c:\windows\$NtUninstallKB30617$
c:\windows\$NtUninstallKB30617$\177309199
c:\windows\$NtUninstallKB30617$\2320433705\@
c:\windows\$NtUninstallKB30617$\2320433705\click.tlb
c:\windows\$NtUninstallKB30617$\2320433705\L\xadqgnnk
c:\windows\$NtUninstallKB30617$\2320433705\loader.tlb
c:\windows\$NtUninstallKB30617$\2320433705\U\@00000001
c:\windows\$NtUninstallKB30617$\2320433705\U\@000000c0
c:\windows\$NtUninstallKB30617$\2320433705\U\@000000cb
c:\windows\$NtUninstallKB30617$\2320433705\U\@000000cf
c:\windows\$NtUninstallKB30617$\2320433705\U\@80000000
c:\windows\$NtUninstallKB30617$\2320433705\U\@800000c0
c:\windows\$NtUninstallKB30617$\2320433705\U\@800000cb
c:\windows\$NtUninstallKB30617$\2320433705\U\@800000cf
c:\windows\$NtUninstallKB34918$
c:\windows\$NtUninstallKB34918$\2796135892
C:\Winlogon.exe
c:\winlogon.exe\ATTRIB.3XE
c:\winlogon.exe\catchme.3XE
c:\winlogon.exe\CF5987.3XE
c:\winlogon.exe\ComboFix-Download.3XE
c:\winlogon.exe\CSCRIPT.3XE
c:\winlogon.exe\dd.3XE
c:\winlogon.exe\dumphive.3XE
c:\winlogon.exe\ERUNT.3XE
c:\winlogon.exe\extract.3XE
c:\winlogon.exe\FileKill.3XE
c:\winlogon.exe\grep.3XE
c:\winlogon.exe\gsar.3XE
c:\winlogon.exe\handle.3XE
c:\winlogon.exe\hidec.3XE
c:\winlogon.exe\mbr.3XE
c:\winlogon.exe\mtee.3XE
c:\winlogon.exe\NirCmd.3XE
c:\winlogon.exe\NirCmdC.3XE
c:\winlogon.exe\NIRKMD.3XE
c:\winlogon.exe\pausep.3XE
c:\winlogon.exe\pev.3XE
c:\winlogon.exe\pevb.3XE
c:\winlogon.exe\PING.3XE
c:\winlogon.exe\PV.3XE
c:\winlogon.exe\rmbr.3XE
c:\winlogon.exe\ROUTE.3XE
c:\winlogon.exe\s0rt.3XE
c:\winlogon.exe\sed.3XE
c:\winlogon.exe\setpath.3XE
c:\winlogon.exe\swreg.3XE
c:\winlogon.exe\swsc.3XE
c:\winlogon.exe\swxcacls.3XE
c:\winlogon.exe\tail.3XE
c:\winlogon.exe\zip.3XE
D:\install.exe
.
c:\windows\system32\drivers\cdrom.sys was missing
Restored copy from - c:\windows\System32\DriverStore\FileRepository\cdrom.inf_x86_neutral_6381e09675524225\cdrom.sys
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_.cdrom
.
.
((((((((((((((((((((((((( Files Created from 2011-12-28 to 2012-01-31 )))))))))))))))))))))))))))))))
.
.
2012-01-31 20:09 . 2012-01-31 22:16 -------- d-----w- c:\users\Guest\AppData\Local\temp
2012-01-31 20:09 . 2012-01-31 20:09 -------- d-----w- c:\users\Melissa\AppData\Local\temp
2012-01-31 20:09 . 2012-01-31 20:09 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-01-31 20:09 . 2010-11-20 08:38 108544 ----a-w- c:\windows\system32\drivers\cdrom.sys
2012-01-31 19:21 . 2011-03-25 02:57 43008 ----a-w- c:\windows\system32\drivers\usbehci.sys
2012-01-31 13:48 . 2012-01-31 13:48 -------- d-----w- C:\TDSSKiller_Quarantine
2012-01-29 15:20 . 2012-01-29 15:20 -------- d--h--w- c:\users\Melissa\AppData\Roaming\SUPERAntiSpyware.com
2012-01-29 13:30 . 2012-01-29 13:30 -------- d--h--w- c:\programdata\SUPERAntiSpyware.com
2012-01-29 13:29 . 2012-01-30 09:30 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-01-29 13:29 . 2012-01-30 09:30 -------- d--h--w- c:\programdata\Spybot - Search & Destroy
2012-01-29 13:15 . 2012-01-29 13:15 -------- d-----w- c:\windows\system32\MpEngineStore
2012-01-29 13:03 . 2012-01-29 21:27 -------- d-----w- c:\program files\GridinSoft Trojan Killer
2012-01-26 22:09 . 2012-01-26 22:09 54016 ----a-w- c:\windows\system32\drivers\weghjs.sys
2012-01-26 21:28 . 2012-01-26 22:08 -------- d--h--w- c:\users\Melissa\AppData\Roaming\Icysdo
2012-01-26 21:28 . 2012-01-26 21:28 -------- d--h--w- c:\users\Melissa\AppData\Roaming\Disob
2012-01-25 22:25 . 2012-01-25 22:25 -------- d--h--w- c:\users\Melissa\AppData\Roaming\Malwarebytes
2012-01-25 22:24 . 2012-01-25 22:24 -------- d--h--w- c:\programdata\Malwarebytes
2012-01-25 22:24 . 2012-01-30 23:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-01-25 10:16 . 2012-01-25 10:16 56208 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
2012-01-24 19:00 . 2012-01-06 04:19 6557240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{AC62B586-6C1B-4EB9-8AB8-D5172EEBFCDF}\mpengine.dll
2012-01-15 17:51 . 2012-01-15 17:51 548864 ----a-w- c:\program files\Mozilla Firefox\msvcp80.dll
2012-01-15 17:51 . 2012-01-15 17:51 479232 ----a-w- c:\program files\Mozilla Firefox\msvcm80.dll
2012-01-15 17:51 . 2012-01-15 17:51 43992 ----a-w- c:\program files\Mozilla Firefox\mozutils.dll
2012-01-15 17:51 . 2012-01-15 17:51 626688 ----a-w- c:\program files\Mozilla Firefox\msvcr80.dll
2012-01-14 13:23 . 2011-11-17 05:38 1288472 ----a-w- c:\windows\system32\ntdll.dll
2012-01-14 13:23 . 2011-11-19 14:01 67072 ----a-w- c:\windows\system32\packager.dll
2012-01-14 13:23 . 2011-10-26 04:32 514560 ----a-w- c:\windows\system32\qdvd.dll
2012-01-14 13:23 . 2011-10-26 04:32 1328128 ----a-w- c:\windows\system32\quartz.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-26 22:09 . 2012-01-26 22:09 700 ----a-w- c:\windows\Fonts\grdayohc
2011-11-25 20:40 . 2011-11-25 20:40 158056 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10139.bin
2011-11-24 04:25 . 2011-12-15 18:26 2342912 ----a-w- c:\windows\system32\win32k.sys
2011-11-15 14:29 . 2010-03-16 20:39 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-11-05 04:35 . 2011-12-15 18:30 981504 ----a-w- c:\windows\system32\wininet.dll
2011-11-05 04:26 . 2011-12-15 18:26 2048 ----a-w- c:\windows\system32\tzres.dll
2011-11-05 02:48 . 2011-12-15 18:30 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2012-01-15 17:51 . 2011-10-27 10:20 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-09-03 25623336]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-18 13797920]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-09-22 7739936]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-06-15 141624]
"RIMBBLaunchAgent.exe"="c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-02-18 79192]
.
c:\users\Melissa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2009-09-03 03:38 25623336 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
R0 RapportKELL;RapportKELL;c:\windows\System32\Drivers\RapportKELL.sys [2012-01-25 56208]
R1 RapportCerberus_34302;RapportCerberus_34302;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus32_34302.sys [2011-12-15 228208]
R1 RapportEI;RapportEI;c:\program files\Trusteer\Rapport\bin\RapportEI.sys [2012-01-25 71440]
R1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [2012-01-25 164112]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
R1 vwltdhca;vwltdhca;c:\windows\system32\drivers\vwltdhca.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [2012-01-25 931640]
R2 WMI_Hook_Service;WMI_Hook_Service;c:\program files\msi\WMIHookBtnFn\WMI_Hook_Service.exe [2009-09-25 101376]
R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [2008-04-25 17920]
R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y6032.sys [2009-07-13 214016]
R3 enecirhid;ENE CIR HID Receiver;c:\windows\system32\DRIVERS\enecirhid.sys [2009-05-20 11776]
R3 enecirhidma;ENE CIR HIDmini Filter;c:\windows\system32\DRIVERS\enecirhidma.sys [2008-04-25 5632]
R3 netr28;Ralink 802.11n Wireless Driver for Windows Vista;c:\windows\system32\DRIVERS\netr28.sys [2009-07-13 530944]
R3 RapportIaso;RapportIaso;c:\programdata\trusteer\rapport\store\exts\rapportms\28896\rapportiaso.sys [2011-08-08 21520]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUStor.sys [2009-06-24 167424]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-08-21 189440]
R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [2009-08-19 859648]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-29 1343400]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 17920]
S0 nvamacpi;NVIDIA Away Mode System;c:\windows\system32\DRIVERS\NVAMACPI.sys [2009-07-17 24608]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2009-06-29 59904]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-889429749-3349684975-3093206057-1001Core.job
- c:\users\Melissa\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-16 15:51]
.
2012-01-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-889429749-3349684975-3093206057-1001UA.job
- c:\users\Melissa\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-16 15:51]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://msi.msn.com
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Melissa\AppData\Roaming\Mozilla\Firefox\Profiles\6btfg32f.default\
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
HKCU-Run-Rim.DesktopHelper.exe - c:\program files\Research In Motion\BlackBerry Desktop\Rim.DesktopHelper.exe
HKCU-Run-yEInuXEOiED.exe - c:\programdata\yEInuXEOiED.exe
HKCU-Run-Trojan Killer - c:\program files\GridinSoft Trojan Killer\trojankiller.exe
AddRemove-iPod Video Converter - c:\program files\iPodRobot\iPod Video Converter\uninst.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\SYSTEM32\WISPTIS.EXE
c:\windows\SYSTEM32\WISPTIS.EXE
c:\program files\Common Files\microsoft shared\ink\TabTip.exe
c:\windows\system32\conhost.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Completion time: 2012-01-31 22:24:02 - machine was rebooted
ComboFix-quarantined-files.txt 2012-01-31 22:24
.
Pre-Run: 4,625,502,208 bytes free
Post-Run: 5,132,267,520 bytes free
.
- - End Of File - - 2C712E8223589E55DE92CA0A8873A66B

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:10 PM

Posted 31 January 2012 - 06:39 PM

Greetings

Good That cleaned up some bad guys but I see some other stuff that we need to go after, so I want you to run this custom script for me.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

KillAll::

File::
c:\windows\system32\drivers\weghjs.sys
c:\windows\Fonts\grdayohc

Folder::
c:\users\Melissa\AppData\Roaming\Icysdo
c:\users\Melissa\AppData\Roaming\Disob

Driver::
vwltdhca

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 2012

2012
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:05:10 PM

Posted 31 January 2012 - 07:54 PM

ComboFix 12-01-30.02 - Melissa 01/02/2012 0:07.2.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.3327.2274 [GMT 0:00]
Running from: c:\users\Melissa\Downloads\ComboFix.exe
Command switches used :: c:\users\Melissa\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\Fonts\grdayohc"
"c:\windows\system32\drivers\weghjs.sys"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Melissa\AppData\Roaming\Disob
c:\users\Melissa\AppData\Roaming\Icysdo
c:\users\Melissa\AppData\Roaming\Icysdo\ufwu.uze
c:\users\Melissa\Desktop\System Check.lnk
c:\windows\Fonts\grdayohc
c:\windows\system32\drivers\weghjs.sys
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_vwltdhca
.
.
((((((((((((((((((((((((( Files Created from 2012-01-01 to 2012-02-01 )))))))))))))))))))))))))))))))
.
.
2012-02-01 00:18 . 2012-02-01 00:49 -------- d-----w- c:\users\Melissa\AppData\Local\temp
2012-02-01 00:18 . 2012-02-01 00:18 -------- d-----w- c:\users\Guest\AppData\Local\temp
2012-02-01 00:18 . 2012-02-01 00:18 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-01-31 20:09 . 2010-11-20 08:38 108544 ----a-w- c:\windows\system32\drivers\cdrom.sys
2012-01-31 19:21 . 2011-03-25 02:57 43008 ----a-w- c:\windows\system32\drivers\usbehci.sys
2012-01-31 13:48 . 2012-01-31 13:48 -------- d-----w- C:\TDSSKiller_Quarantine
2012-01-29 15:20 . 2012-01-29 15:20 -------- d-----w- c:\users\Melissa\AppData\Roaming\SUPERAntiSpyware.com
2012-01-29 13:30 . 2012-01-29 13:30 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-01-29 13:29 . 2012-01-30 09:30 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-01-29 13:29 . 2012-01-30 09:30 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-01-29 13:15 . 2012-01-29 13:15 -------- d-----w- c:\windows\system32\MpEngineStore
2012-01-29 13:03 . 2012-01-29 21:27 -------- d-----w- c:\program files\GridinSoft Trojan Killer
2012-01-25 22:25 . 2012-01-25 22:25 -------- d-----w- c:\users\Melissa\AppData\Roaming\Malwarebytes
2012-01-25 22:24 . 2012-01-25 22:24 -------- d-----w- c:\programdata\Malwarebytes
2012-01-25 22:24 . 2012-01-30 23:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-01-25 10:16 . 2012-01-25 10:16 56208 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
2012-01-24 19:00 . 2012-01-06 04:19 6557240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{AC62B586-6C1B-4EB9-8AB8-D5172EEBFCDF}\mpengine.dll
2012-01-15 17:51 . 2012-01-15 17:51 548864 ----a-w- c:\program files\Mozilla Firefox\msvcp80.dll
2012-01-15 17:51 . 2012-01-15 17:51 479232 ----a-w- c:\program files\Mozilla Firefox\msvcm80.dll
2012-01-15 17:51 . 2012-01-15 17:51 43992 ----a-w- c:\program files\Mozilla Firefox\mozutils.dll
2012-01-15 17:51 . 2012-01-15 17:51 626688 ----a-w- c:\program files\Mozilla Firefox\msvcr80.dll
2012-01-14 13:23 . 2011-11-17 05:38 1288472 ----a-w- c:\windows\system32\ntdll.dll
2012-01-14 13:23 . 2011-11-19 14:01 67072 ----a-w- c:\windows\system32\packager.dll
2012-01-14 13:23 . 2011-10-26 04:32 514560 ----a-w- c:\windows\system32\qdvd.dll
2012-01-14 13:23 . 2011-10-26 04:32 1328128 ----a-w- c:\windows\system32\quartz.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-25 20:40 . 2011-11-25 20:40 158056 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10139.bin
2011-11-24 04:25 . 2011-12-15 18:26 2342912 ----a-w- c:\windows\system32\win32k.sys
2011-11-15 14:29 . 2010-03-16 20:39 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-11-05 04:35 . 2011-12-15 18:30 981504 ----a-w- c:\windows\system32\wininet.dll
2011-11-05 04:26 . 2011-12-15 18:26 2048 ----a-w- c:\windows\system32\tzres.dll
2011-11-05 02:48 . 2011-12-15 18:30 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2012-01-15 17:51 . 2011-10-27 10:20 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-09-03 25623336]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-18 13797920]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-09-22 7739936]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-06-15 141624]
"RIMBBLaunchAgent.exe"="c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-02-18 79192]
.
c:\users\Melissa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2009-09-03 03:38 25623336 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y6032.sys [2009-07-13 214016]
R3 enecirhid;ENE CIR HID Receiver;c:\windows\system32\DRIVERS\enecirhid.sys [2009-05-20 11776]
R3 enecirhidma;ENE CIR HIDmini Filter;c:\windows\system32\DRIVERS\enecirhidma.sys [2008-04-25 5632]
R3 netr28;Ralink 802.11n Wireless Driver for Windows Vista;c:\windows\system32\DRIVERS\netr28.sys [2009-07-13 530944]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUStor.sys [2009-06-24 167424]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-29 1343400]
S0 nvamacpi;NVIDIA Away Mode System;c:\windows\system32\DRIVERS\NVAMACPI.sys [2009-07-17 24608]
S0 RapportKELL;RapportKELL;c:\windows\System32\Drivers\RapportKELL.sys [2012-01-25 56208]
S1 RapportCerberus_34302;RapportCerberus_34302;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus32_34302.sys [2011-12-15 228208]
S1 RapportEI;RapportEI;c:\program files\Trusteer\Rapport\bin\RapportEI.sys [2012-01-25 71440]
S1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [2012-01-25 164112]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [2012-01-25 931640]
S2 WMI_Hook_Service;WMI_Hook_Service;c:\program files\msi\WMIHookBtnFn\WMI_Hook_Service.exe [2009-09-25 101376]
S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [2008-04-25 17920]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2009-06-29 59904]
S3 RapportIaso;RapportIaso;c:\programdata\trusteer\rapport\store\exts\rapportms\28896\rapportiaso.sys [2011-08-08 21520]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-08-21 189440]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [2009-08-19 859648]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 17920]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - RAPPORTIASO
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-889429749-3349684975-3093206057-1001Core.job
- c:\users\Melissa\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-16 15:51]
.
2012-01-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-889429749-3349684975-3093206057-1001UA.job
- c:\users\Melissa\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-16 15:51]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://msi.msn.com
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Melissa\AppData\Roaming\Mozilla\Firefox\Profiles\6btfg32f.default\
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(2972)
c:\program files\SoftStylus\sstlstsrv.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\nvvsvc.exe
c:\windows\SYSTEM32\WISPTIS.EXE
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\taskhost.exe
c:\windows\SYSTEM32\WISPTIS.EXE
c:\program files\Common Files\microsoft shared\ink\TabTip.exe
c:\windows\system32\conhost.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2012-02-01 00:50:50 - machine was rebooted
ComboFix-quarantined-files.txt 2012-02-01 00:50
ComboFix2.txt 2012-01-31 22:24
.
Pre-Run: 4,652,683,264 bytes free
Post-Run: 4,537,716,736 bytes free
.
- - End Of File - - 0356515CC2EF59312FF6925F8430F94D


all went very smoothly. it definitely seems to be back to normal. no more annoying pop ups or errors.

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:10 PM

Posted 31 January 2012 - 08:08 PM

Hello

:P2P Warning!:

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
Once upon a time, P2P file sharing was fairly safe. That is no longer true. P2P programs form a direct conduit on to your computer, their security measures are easily circumvented and malware writers are increasingly exploiting them to spread their wares on to your computer. Further to that, if your P2P program is not configured correctly, your computer may be sharing more files than you realise. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.

FBI Cyber Education Letter
File sharing infects 500,000 computers
USAToday
infoworld


These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

Adobe Reader 9.1
Java™ 6 Update 19
SoulSeek 157 NS 13e
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.

Update Adobe Reader

Recently there have been vulnerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

If you don't like Adobe Reader (53 MB), you can download Foxit PDF Reader(7 MB) from here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.

Note: When installing FoxitReader, be careful not to install anything to do with AskBar.
[/list]

Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

TFC(Temp File Cleaner):

  • Please download TFC to your desktop,
  • Save any unsaved work. TFC will close all open application windows.
  • Double-click TFC.exe to run the program.
  • If prompted, click "Yes" to reboot.
Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. Only if needed will you be prompted to reboot.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 2012

2012
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:05:10 PM

Posted 31 January 2012 - 09:08 PM

log file from MBAM

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.01.31.09

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 8.0.7601.17514
Melissa :: MELISSA-MSI [administrator]

01/02/2012 01:48:13
mbam-log-2012-02-01 (01-48-13).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 191794
Time elapsed: 3 minute(s), 56 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


hijack this log

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 02:06:50, on 01/02/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Normal

Running processes:
C:\windows\system32\taskhost.exe
C:\windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Program Files\Trend Micro\HijackThis\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://msi.msn.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [RIMBBLaunchAgent.exe] C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: McAfee Security Scan Plus.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} (WRC Class) - http://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx
O16 - DPF: {DAF7E6E6-D53A-439A-B28D-12271406B8A9} (RIM AxLoader) - http://mobileapps.blackberry.com/devicesoftware/AxLoader.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\windows\system32\nvvsvc.exe
O23 - Service: Rapport Management Service (RapportMgmtService) - Trusteer Ltd. - C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
O23 - Service: WMI_Hook_Service - MICRO-STAR INT'L,.LTD. - C:\Program Files\msi\WMIHookBtnFn\WMI_Hook_Service.exe

--
End of file - 6428 bytes



there are two items quarantined from 28/01/2012 in MBAM "trojan fake alert and pum hijack". i didnt delete them as your instructions did not call for this. is it ok to leave them there? apart from that issue everything else is running very smoothly.

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:10 PM

Posted 31 January 2012 - 09:17 PM

Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\windows\system32\NvCpl.dll,NvStartup
      O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
      O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
      O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
      O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
      O4 - Global Startup: McAfee Security Scan Plus.lnk = ?
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brackets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the ActiveX control to install
    • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • Click on copy to clipboard and paste the results here in this topic
  • you may also find here C:\Program Files\Eset\Eset Online Scanner\log.txt
Copy and paste that log as a reply to this topic

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 2012

2012
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:05:10 PM

Posted 01 February 2012 - 10:14 AM

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.7600.16385 (win7_rtm.090713-1255)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=c968186e9131304aa9e3f2494433a8fd
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-02-01 11:09:02
# local_time=2012-02-01 11:09:02 (+0000, GMT Standard Time)
# country="United Kingdom"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=512 16777215 100 0 35018 35018 0 0
# compatibility_mode=5893 16776574 66 94 483547 80559668 0 0
# compatibility_mode=8192 67108863 100 0 3818 3818 0 0
# scanned=25460
# found=0
# cleaned=0
# scan_time=1277
esets_scanner_update returned -1 esets_gle=53251
# version=7
# iexplore.exe=8.00.7600.16385 (win7_rtm.090713-1255)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=c968186e9131304aa9e3f2494433a8fd
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-02-01 02:56:16
# local_time=2012-02-01 02:56:16 (+0000, GMT Standard Time)
# country="United Kingdom"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=512 16777215 100 0 36339 36339 0 0
# compatibility_mode=5893 16776574 66 94 484868 80560989 0 0
# compatibility_mode=8192 67108863 100 0 5139 5139 0 0
# scanned=167413
# found=25
# cleaned=0
# scan_time=13578
C:\Qoobox\Quarantine\C\ProgramData\n5Rbk57zQRzLBw.exe.vir a variant of Win32/Kryptik.ZTU trojan (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\ProgramData\PAwhgCLyHSr.exe.vir a variant of Win32/Kryptik.ZRX trojan (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\ProgramData\yEInuXEOiED.exe.vir a variant of Win32/Kryptik.ZTU trojan (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Users\Melissa\AppData\Local\dplayx.dll.vir a variant of Win32/Kryptik.ZOI trojan (unable to clean) 00000000000000000000000000000000 I
C:\TDSSKiller_Quarantine\31.01.2012_13.48.19\mbr0000\tdlfs0000\tsk0006.dta Win64/Olmasco.W trojan (unable to clean) 00000000000000000000000000000000 I
C:\TDSSKiller_Quarantine\31.01.2012_13.48.19\mbr0000\tdlfs0000\tsk0007.dta a variant of Win32/Olmasco.O trojan (unable to clean) 00000000000000000000000000000000 I
C:\TDSSKiller_Quarantine\31.01.2012_13.48.19\mbr0000\tdlfs0000\tsk0008.dta Win64/Olmasco.X trojan (unable to clean) 00000000000000000000000000000000 I
C:\TDSSKiller_Quarantine\31.01.2012_13.48.19\mbr0000\tdlfs0000\tsk0009.dta Win32/Olmasco.O trojan (unable to clean) 00000000000000000000000000000000 I
C:\TDSSKiller_Quarantine\31.01.2012_13.48.19\mbr0000\tdlfs0000\tsk0010.dta Win64/Olmasco.R trojan (unable to clean) 00000000000000000000000000000000 I
C:\TDSSKiller_Quarantine\31.01.2012_13.48.19\mbr0000\tdlfs0000\tsk0011.dta a variant of Win32/Olmasco.Q trojan (unable to clean) 00000000000000000000000000000000 I
C:\TDSSKiller_Quarantine\31.01.2012_13.48.19\mbr0000\tdlfs0000\tsk0012.dta Win64/Olmasco.X trojan (unable to clean) 00000000000000000000000000000000 I
C:\TDSSKiller_Quarantine\31.01.2012_13.48.19\mbr0001\tdlfs0000\tsk0006.dta Win64/Olmasco.W trojan (unable to clean) 00000000000000000000000000000000 I
C:\TDSSKiller_Quarantine\31.01.2012_13.48.19\mbr0001\tdlfs0000\tsk0007.dta a variant of Win32/Olmasco.O trojan (unable to clean) 00000000000000000000000000000000 I
C:\TDSSKiller_Quarantine\31.01.2012_13.48.19\mbr0001\tdlfs0000\tsk0008.dta Win64/Olmasco.X trojan (unable to clean) 00000000000000000000000000000000 I
C:\TDSSKiller_Quarantine\31.01.2012_13.48.19\mbr0001\tdlfs0000\tsk0009.dta Win32/Olmasco.O trojan (unable to clean) 00000000000000000000000000000000 I
C:\TDSSKiller_Quarantine\31.01.2012_13.48.19\mbr0001\tdlfs0000\tsk0010.dta Win64/Olmasco.R trojan (unable to clean) 00000000000000000000000000000000 I
C:\TDSSKiller_Quarantine\31.01.2012_13.48.19\mbr0001\tdlfs0000\tsk0011.dta a variant of Win32/Olmasco.Q trojan (unable to clean) 00000000000000000000000000000000 I
C:\TDSSKiller_Quarantine\31.01.2012_13.48.19\mbr0001\tdlfs0000\tsk0012.dta Win64/Olmasco.X trojan (unable to clean) 00000000000000000000000000000000 I
D:\MELISSA-MSI\Backup Set 2012-01-28 194231\Backup Files 2012-01-28 194231\Backup files 4.zip multiple threats (unable to clean) 00000000000000000000000000000000 I
D:\MELISSA-MSI\Backup Set 2012-01-28 194231\Backup Files 2012-01-28 194231\Backup files 5.zip a variant of Win32/Kryptik.ZOI trojan (unable to clean) 00000000000000000000000000000000 I
D:\MELISSA-MSI\Backup Set 2012-01-28 194231\Backup Files 2012-01-28 194231\Backup files 6.zip multiple threats (unable to clean) 00000000000000000000000000000000 I
D:\MELISSA-MSI\Backup Set 2012-01-28 194231\Backup Files 2012-01-29 190000\Backup files 12.zip a variant of Win32/1AntiVirus application (unable to clean) 00000000000000000000000000000000 I
D:\MELISSA-MSI\Backup Set 2012-01-28 194231\Backup Files 2012-01-29 190000\Backup files 2.zip a variant of Win32/1AntiVirus application (unable to clean) 00000000000000000000000000000000 I
D:\MELISSA-MSI\Backup Set 2012-01-28 194231\Backup Files 2012-01-29 190000\Backup files 4.zip multiple threats (unable to clean) 00000000000000000000000000000000 I
D:\MELISSA-MSI\Backup Set 2012-01-28 194231\Backup Files 2012-01-29 190000\Backup files 7.zip multiple threats (unable to clean) 00000000000000000000000000000000 I

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:10 PM

Posted 01 February 2012 - 10:40 AM

Hello

The Online scan is only reporting backups created during the course of this fix C:\Qoobox\Quarantine\, and/or items located in System Restore's cache C:\System Volume Information\, Whatever is in these folders can't harm you unless you choose to perform a manual restore. the following steps will remove these backups.

it is also reporting backups that you made of your computer - I would make a new backup now and remove all the old backups


Very well done!! This is my general post for when your logs show no more signs of malware - Please let me know if you still are having problems with your computer and what these problems are.


The following procedure will implement some cleanup procedures. It will also reset your System Restore by flushing out previous restore points and create a new restore point. It will also remove all the backups our tools may have made.

Any programs and logs that are left over you can just be deleted from the desktop. TFC is a free temp file cleaner that is very easy to use, I would keep this and use before you do any scans or when you want to free up some space.

:DeFogger:

  • To re-enable your Emulation drivers, double click DeFogger to run the tool.
  • The application window will appear
  • Click the Re-enable button to re-enable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK
Your Emulation drivers are now re-enabled.


:Uninstall ComboFix:

  • turn off all active protection software
  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box ComboFix /Uninstall and click OK.
  • Note the space between the X and the /Uninstall, it needs to be there.
  • Posted Image


:remove tools:

Please download OTCleanIt and save it to desktop. This tool will remove all the tools we used to clean your pc.
  • Double-click OTCleanIt.exe.
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes, if not delete it by yourself.
  • If asked to restart the computer, please do so
Note: If you receive a warning from your firewall or other security programs regarding OTCleanIt attempting to contact the internet, please allow it to do so.


:Make your Internet Explorer more secure:

  • From within Internet Explorer click on the Tools menu and then click on Options.
  • Click once on the Security tab
  • Click once on the Internet icon so it becomes highlighted.
  • Click once on the Custom Level button.
  • Change the Download signed ActiveX controls to Prompt
  • Change the Download unsigned ActiveX controls to Disable
  • Change the Initialise and script ActiveX controls not marked as safe to Disable
  • Change the Installation of desktop items to Prompt
  • Change the Launching programs and files in an IFRAME to Prompt
  • When all these settings have been made, click on the OK button.
  • If it prompts you as to whether or not you want to save the settings, press the Yes button.
    Next press the Apply button and then the OK to exit the Internet Properties page.


:Make Firefox more secure:

please visit this page to explain how to make Firefox more secure - How to Secure Firefox


Make sure your applications have all of their updates

It is also possible for other programs on your computer to have security vulnerability that can allow malware to infect you. Therefore, it is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities. You can check these by visiting Secunia Software Inspector


:Turn On Automatic Updates:

Turn On Automatic Updates
1. Click Start, click Run, type sysdm.cpl, and then press ENTER.
2. Click the Automatic Updates tab, and then click to select one of the following options. We recommend that you select the Automatic (recommended) Automatically download recommended updates for my computer and install them

If you click this setting, click to select the day and time for scheduled updates to occur. You can schedule Automatic Updates for any time of day. Remember, your computer must be on at the scheduled time for updates to be installed. After you set this option, Windows recognizes when you are online and uses your Internet connection to find updates on the Windows Update Web site or on the Microsoft Update Web site that apply to your computer. Updates are downloaded automatically in the background, and you are not notified or interrupted during this process. An icon appears in the notification area of your taskbar when the updates are being downloaded. You can point to the icon to view the download status. To pause or to resume the download, right-click the icon, and then click Pause or Resume. When the download is completed, another message appears in the notification area so that you can review the updates that are scheduled for installation. If you choose not to install at that time, Windows starts the installation on your set schedule.

or visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

:antispyware programs:

I would reccomend the download and installation of some or all of the following programs (all free), and the updating of them regularly:

  • WinPatrol As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.
  • Spyware Blaster - By altering your registry, this program stops harmful sites from installing things like ActiveX Controls on your machines.
  • Malwarebytes' Anti-Malware Malwarebytes' Anti-Malware is a new and powerful anti-malware tool. It is
    totally free but for real-time protection you will have to pay a small one-time fee. We used this to help clean your computer and recomend keeping it and using often.

Here is some great reading about how to be safer online:

PC Safety and Security - What Do I Need? from my friends at Tech Support Forum
and
COMPUTER SECURITY - a short guide to staying safer online from my friends at Malware Removal

I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can then be closed.

I Will Keep This Open For About Three Days, If Anything Comes Up - Just Come Back And Let Me Know, after that time you will have to send me a PM

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:10 PM

Posted 04 February 2012 - 12:59 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users