Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Redirecting


  • This topic is locked This topic is locked
10 replies to this topic

#1 Ninjaneko

Ninjaneko

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:06:27 PM

Posted 01 February 2012 - 01:24 AM

Hi, I've had this problem for a little over 10 days. Another computer in my house has been infected with this virus for over a month though. On my computer, over half of my google searches that I click on are redirected to another site. I can usually get around this by copying the link location and posting it in my address bar, but I just can't trust my computer any more.I've done multiple scans by Avast and Ad Aware, and they couldn't pick it up. I contacted a friend of mine who does tech support, and after we tried some anti-rootkits from Symantec, he recommended Combofix. He said that If it didn't work I'd have to reformat. Sadly, Combofix didn't work (I'm happy to post the log too), and I can't afford to reformat (I lost my windows 7 CD for my laptop), so I'm here asking for help for a poor college student who is normally pretty tech savvy. :)
Here is the DDS log: (I disabled Avast antivirus just during this scan, so it wouldn't keep bugging me about the script.)
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26
Run by Anna at 22:07:08 on 2012-01-31
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3835.1782 [GMT -8:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Sony\Media Gallery\ElbServer.exe
C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Sony\SmartWi Connection Utility\CCP.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Apoint\Apvfb.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files (x86)\Sony\SmartWi Connection Utility\ThirdPartyAppMgr.exe
C:\Program Files (x86)\Sony\SmartWi Connection Utility\PowerManager.exe
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWi.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe
C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
C:\Program Files\Sony\VAIO Personalization Manager\VpmIfPav.exe
C:\Program Files\Sony\VAIO Update 5\VAIOUpdt.exe
C:\Program Files\Sony\VAIO Update Common\VUAgent.exe
C:\Program Files (x86)\DDNi\Oasis\VAIO Messenger.exe
C:\Program Files (x86)\DDNi\Oasis2Service\Oasis2Service.exe
C:\Program Files\Sony\VAIO Care\VCPerfService.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Sony\VAIO Care\VCsystray.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Sony\VAIO Care\VCService.exe
C:\Program Files\Sony\VAIO Care\VCAgent.exe
C:\Windows\System32\vds.exe
C:\Program Files\Sony\VAIO Care\Admload.exe
C:\Windows\SysWOW64\ctfmon.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files\Sony\VAIO Care\listener.exe
C:\Windows\SysWOW64\svchost.exe -k Akamai
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\REGSVR32.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
uRun: [Elbserver] C:\Program Files (x86)\Sony\Media Gallery\ElbServer.exe /Stay
uRun: [Akamai NetSession Interface] "C:\Users\Anna\AppData\Local\Akamai\netsession_win.exe"
mRun: [SmartWiHelper] "C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWiHelper.exe" /WindowsStartup
mRun: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [avast] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
mRun: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
StartupFolder: C:\Users\Anna\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\EVERNO~1.LNK - C:\Windows\Installer\{F761359C-9CED-45AE-9A51-9D6605CD55C4}\Evernote.ico
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: Interfaces\{30625CBE-05E0-49E4-8016-F1FA70204A25} : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{30625CBE-05E0-49E4-8016-F1FA70204A25}\3414250554E4455425 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{30625CBE-05E0-49E4-8016-F1FA70204A25}\358697D41607C656D27657563747 : DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{30625CBE-05E0-49E4-8016-F1FA70204A25}\C696E6B6379737 : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{30625CBE-05E0-49E4-8016-F1FA70204A25}\E4357657563747 : DhcpNameServer = 192.168.169.1
TCP: Interfaces\{78173A8A-4F02-4E66-8F74-FBE4C51A8553} : DhcpNameServer = 68.87.76.182 68.87.78.134
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
mRun-x64: [SmartWiHelper] "C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWiHelper.exe" /WindowsStartup
mRun-x64: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [avast] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
mRun-x64: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
mRun-x64: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
IE-X64: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\5p44mzyj.default\
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
---- FIREFOX POLICIES ----
FF - user.js: general.useragent.extra.brc -
.
============= SERVICES / DRIVERS ===============
.
R0 amd_sata;amd_sata;C:\Windows\system32\DRIVERS\amd_sata.sys --> C:\Windows\system32\DRIVERS\amd_sata.sys [?]
R0 amd_xata;amd_xata;C:\Windows\system32\DRIVERS\amd_xata.sys --> C:\Windows\system32\DRIVERS\amd_xata.sys [?]
R0 Lbd;Lbd;C:\Windows\system32\DRIVERS\Lbd.sys --> C:\Windows\system32\DRIVERS\Lbd.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]
R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2009-7-13 20992]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]
R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2011-9-27 44768]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2010-10-20 821664]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2011-8-15 2329480]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-12-23 2152152]
R2 Oasis2Service;Oasis2Service;C:\Program Files (x86)\DDNi\Oasis2Service\Oasis2Service.exe [2011-8-13 49152]
R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2009-10-24 360224]
R2 SampleCollector;VAIO Care Performance Service;C:\Program Files\Sony\VAIO Care\VCPerfService.exe [2011-6-22 259192]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-9-14 508264]
R2 VCFw;VAIO Content Folder Watcher;C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2010-9-27 864000]
R2 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2010-2-19 529776]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atipmdag.sys --> C:\Windows\system32\DRIVERS\atipmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;C:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys [2011-6-28 17152]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 SFEP;Sony Firmware Extension Parser;C:\Windows\system32\drivers\SFEP.sys --> C:\Windows\system32\drivers\SFEP.sys [?]
R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]
R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]
R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]
R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-9-14 219496]
R3 SpfService;VAIO Entertainment Common Service;C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [2010-9-27 303872]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]
R3 VCService;VCService;C:\Program Files\Sony\VAIO Care\VCService.exe [2011-6-22 44736]
R3 VUAgent;VUAgent;C:\Program Files\Sony\VAIO Update Common\VUAgent.exe [2011-9-23 1429608]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-6-24 135664]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-6-24 135664]
S3 MSSQL$DDNI;SQL Server (DDNI);C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.DDNI\MSSQL\Binn\sqlservr.exe [2009-3-30 43010392]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 SOHCImp;VAIO Media plus Content Importer;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2010-9-10 108400]
S3 SOHDms;VAIO Media plus Digital Media Server;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2010-10-12 423280]
S3 SOHDs;VAIO Media plus Device Searcher;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2010-9-10 67952]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 VAIO Power Management;VAIO Power Management;C:\Program Files\Sony\VAIO Power Management\SPMService.exe [2010-6-24 574320]
S3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2010-2-19 386416]
S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2010-2-19 115568]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files (x86)\Microsoft SQL Server\100\Shared\sqladhlp.exe [2009-3-30 47128]
S4 SQLAgent$DDNI;SQL Server Agent (DDNI);C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.DDNI\MSSQL\Binn\SQLAGENT.EXE [2009-3-30 366936]
.
=============== Created Last 30 ================
.
2012-01-31 19:12:54 98816 ----a-w- C:\Windows\sed.exe
2012-01-31 19:12:54 518144 ----a-w- C:\Windows\SWREG.exe
2012-01-31 19:12:54 256000 ----a-w- C:\Windows\PEV.exe
2012-01-31 19:12:54 208896 ----a-w- C:\Windows\MBR.exe
2012-01-31 19:11:45 -------- d-----w- C:\ComboFix
2012-01-31 19:10:04 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{57145FF8-AEA1-4BE9-9919-17486AA70A96}\offreg.dll
2012-01-31 06:27:25 8602168 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{57145FF8-AEA1-4BE9-9919-17486AA70A96}\mpengine.dll
2012-01-27 01:12:49 -------- d-----w- C:\Users\Anna\AppData\Local\{028D8B92-E363-4CCD-99F9-7E5D3465B446}
2012-01-22 18:01:51 -------- d-----w- C:\Users\Anna\AppData\Local\{82C27CBF-2C57-48B0-BD52-61050BCD3A89}
2012-01-15 17:48:37 43992 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozutils.dll
2012-01-15 17:48:36 626688 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcr80.dll
2012-01-15 17:48:36 548864 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcp80.dll
2012-01-15 17:48:36 479232 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcm80.dll
2012-01-11 20:50:14 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
2012-01-11 20:50:14 1572864 ----a-w- C:\Windows\System32\quartz.dll
2012-01-11 20:50:14 1328128 ----a-w- C:\Windows\SysWow64\quartz.dll
2012-01-11 20:50:13 366592 ----a-w- C:\Windows\System32\qdvd.dll
2012-01-11 20:50:10 1731920 ----a-w- C:\Windows\System32\ntdll.dll
2012-01-11 20:50:10 1292080 ----a-w- C:\Windows\SysWow64\ntdll.dll
2012-01-11 20:50:02 77312 ----a-w- C:\Windows\System32\packager.dll
2012-01-11 20:50:02 67072 ----a-w- C:\Windows\SysWow64\packager.dll
2012-01-09 06:31:57 -------- d-----w- C:\Program Files (x86)\Microsoft
2012-01-09 06:31:36 -------- d-----w- C:\Program Files (x86)\Bing Bar Installer
2012-01-09 06:30:27 -------- d-----w- C:\Users\Anna\AppData\Roaming\HpUpdate
2012-01-09 06:29:46 750440 ------w- C:\Windows\System32\HPDiscoPM5312.dll
2012-01-09 06:28:59 -------- d-----w- C:\Program Files (x86)\HP
2012-01-09 06:28:12 -------- d-----w- C:\Program Files\HP
2012-01-09 06:27:41 -------- d-----w- C:\Users\Anna\AppData\Local\HP
2012-01-02 23:38:11 33856 ---ha-w- C:\Windows\System32\hamachi.sys
2012-01-02 23:38:09 -------- d-----w- C:\Program Files (x86)\LogMeIn Hamachi
2012-01-02 23:37:25 -------- d-----w- C:\Users\Anna\AppData\Local\LogMeIn Hamachi
.
==================== Find3M ====================
.
2012-01-23 13:40:47 16432 ----a-w- C:\Windows\System32\lsdelete.exe
2012-01-12 00:35:40 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-12-23 15:12:12 69376 ----a-w- C:\Windows\System32\drivers\Lbd.sys
2011-12-07 18:39:10 279096 ------w- C:\Windows\System32\MpSigStub.exe
2011-11-24 04:52:09 3145216 ----a-w- C:\Windows\System32\win32k.sys
2011-11-17 06:49:14 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2011-11-17 06:49:14 152432 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2011-11-17 06:44:43 459232 ----a-w- C:\Windows\System32\drivers\cng.sys
2011-11-17 06:35:28 395776 ----a-w- C:\Windows\System32\webio.dll
2011-11-17 06:35:26 29184 ----a-w- C:\Windows\System32\sspisrv.dll
2011-11-17 06:35:26 136192 ----a-w- C:\Windows\System32\sspicli.dll
2011-11-17 06:35:25 340992 ----a-w- C:\Windows\System32\schannel.dll
2011-11-17 06:35:25 28160 ----a-w- C:\Windows\System32\secur32.dll
2011-11-17 06:35:19 1447936 ----a-w- C:\Windows\System32\lsasrv.dll
2011-11-17 06:33:55 31232 ----a-w- C:\Windows\System32\lsass.exe
2011-11-17 05:35:02 314880 ----a-w- C:\Windows\SysWow64\webio.dll
2011-11-17 05:34:52 224768 ----a-w- C:\Windows\SysWow64\schannel.dll
2011-11-17 05:34:52 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2011-11-17 05:28:48 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2011-11-05 05:32:50 2048 ----a-w- C:\Windows\System32\tzres.dll
2011-11-05 04:26:03 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2011-11-04 01:53:39 2309120 ----a-w- C:\Windows\System32\jscript9.dll
2011-11-04 01:44:47 1390080 ----a-w- C:\Windows\System32\wininet.dll
2011-11-04 01:44:21 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl
2011-11-04 01:34:43 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2011-11-03 22:47:42 1798144 ----a-w- C:\Windows\SysWow64\jscript9.dll
2011-11-03 22:40:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2011-11-03 22:39:47 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-11-03 22:31:57 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
.
============= FINISH: 22:14:48.82 ===============

Attached Files


Edited by Ninjaneko, 01 February 2012 - 09:36 AM.


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,909 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:27 PM

Posted 04 February 2012 - 10:11 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Please Download
TDSSKiller.zip

>>> Double-click on TDSSKiller.exe to run the application.
  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue
    Posted Image
  • If a suspicious file is detected, the default action will be Skip, click on Continue
    Posted Image
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) ( 511KB ) to your desktop. Double click the aswMBR.exe to run it

  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
  • Please post the contents of that log in your next reply.
There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.

===

Please post the logs for my review.

#3 Ninjaneko

Ninjaneko
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:06:27 PM

Posted 07 February 2012 - 10:37 AM

Here are the logs, Nasdaq:
TDSSKiller Log:
07:02:56.0137 5560 TDSS rootkit removing tool 2.7.10.0 Feb 7 2012 15:14:46
07:02:57.0677 5560 ============================================================
07:02:57.0677 5560 Current date / time: 2012/02/07 07:02:57.0677
07:02:57.0677 5560 SystemInfo:
07:02:57.0677 5560
07:02:57.0677 5560 OS Version: 6.1.7601 ServicePack: 1.0
07:02:57.0677 5560 Product type: Workstation
07:02:57.0677 5560 ComputerName: NODAME
07:02:57.0677 5560 UserName: Anna
07:02:57.0677 5560 Windows directory: C:\Windows
07:02:57.0677 5560 System windows directory: C:\Windows
07:02:57.0677 5560 Running under WOW64
07:02:57.0677 5560 Processor architecture: Intel x64
07:02:57.0677 5560 Number of processors: 2
07:02:57.0677 5560 Page size: 0x1000
07:02:57.0677 5560 Boot type: Normal boot
07:02:57.0677 5560 ============================================================
07:03:00.0482 5560 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
07:03:00.0503 5560 \Device\Harddisk0\DR0:
07:03:00.0504 5560 MBR used
07:03:00.0504 5560 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x12BB000, BlocksNum 0x32000
07:03:00.0504 5560 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x12ED000, BlocksNum 0x241412B0
07:03:00.0576 5560 Initialize success
07:03:00.0576 5560 ============================================================
07:03:11.0343 6220 ============================================================
07:03:11.0343 6220 Scan started
07:03:11.0343 6220 Mode: Manual;
07:03:11.0343 6220 ============================================================
07:03:15.0676 6220 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
07:03:15.0680 6220 1394ohci - ok
07:03:15.0784 6220 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
07:03:15.0792 6220 ACPI - ok
07:03:15.0993 6220 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
07:03:15.0996 6220 AcpiPmi - ok
07:03:16.0142 6220 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
07:03:16.0149 6220 adp94xx - ok
07:03:16.0203 6220 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
07:03:16.0208 6220 adpahci - ok
07:03:16.0289 6220 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
07:03:16.0293 6220 adpu320 - ok
07:03:16.0511 6220 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
07:03:16.0521 6220 AFD - ok
07:03:16.0801 6220 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
07:03:16.0804 6220 agp440 - ok
07:03:17.0075 6220 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
07:03:17.0078 6220 aliide - ok
07:03:17.0264 6220 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
07:03:17.0267 6220 amdide - ok
07:03:17.0336 6220 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
07:03:17.0339 6220 AmdK8 - ok
07:03:18.0241 6220 amdkmdag (d1d06810bf7e21f5763eb06cb7e7262b) C:\Windows\system32\DRIVERS\atipmdag.sys
07:03:18.0403 6220 amdkmdag - ok
07:03:18.0623 6220 amdkmdap (6ba71d6616b56816e57394d77dd1bb6f) C:\Windows\system32\DRIVERS\atikmpag.sys
07:03:18.0629 6220 amdkmdap - ok
07:03:18.0784 6220 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
07:03:18.0788 6220 AmdPPM - ok
07:03:19.0064 6220 amdsata (53d8d46d51d390abdb54eca623165cb7) C:\Windows\system32\drivers\amdsata.sys
07:03:19.0069 6220 amdsata - ok
07:03:19.0467 6220 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
07:03:19.0472 6220 amdsbs - ok
07:03:19.0649 6220 amdxata (75c51148154e34eb3d7bb84749a758d5) C:\Windows\system32\drivers\amdxata.sys
07:03:19.0651 6220 amdxata - ok
07:03:19.0797 6220 amd_sata (08e8a4172c57abd7693a6915cf1e7a99) C:\Windows\system32\DRIVERS\amd_sata.sys
07:03:19.0798 6220 amd_sata - ok
07:03:20.0085 6220 amd_xata (9866af4e4ad7f16e810b6c0b8473f9cd) C:\Windows\system32\DRIVERS\amd_xata.sys
07:03:20.0088 6220 amd_xata - ok
07:03:20.0382 6220 ApfiltrService (2672a9dbaa6a8deea7ec8c7892e32a03) C:\Windows\system32\drivers\Apfiltr.sys
07:03:20.0389 6220 ApfiltrService - ok
07:03:20.0652 6220 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
07:03:20.0655 6220 AppID - ok
07:03:20.0868 6220 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
07:03:20.0935 6220 arc - ok
07:03:21.0422 6220 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
07:03:21.0424 6220 arcsas - ok
07:03:21.0716 6220 aswFsBlk (5a68b880c16ad5a6aa20b49a47ffff24) C:\Windows\system32\drivers\aswFsBlk.sys
07:03:21.0718 6220 aswFsBlk - ok
07:03:21.0987 6220 aswMonFlt (230613be2d3da8053879be5ed2848f2d) C:\Windows\system32\drivers\aswMonFlt.sys
07:03:21.0990 6220 aswMonFlt - ok
07:03:22.0252 6220 aswRdr (0dc1996ae4178d7d14744ef6b3082313) C:\Windows\system32\drivers\aswRdr.sys
07:03:22.0255 6220 aswRdr - ok
07:03:23.0037 6220 aswSnx (b6ff911c23775cdfdd49612d92637af4) C:\Windows\system32\drivers\aswSnx.sys
07:03:23.0162 6220 aswSnx - ok
07:03:23.0650 6220 aswSP (5a590d8516376aed1829fc07d3bdaa4b) C:\Windows\system32\drivers\aswSP.sys
07:03:23.0696 6220 aswSP - ok
07:03:23.0967 6220 aswTdi (3239c0082fb0c1c4ee323730b85690a5) C:\Windows\system32\drivers\aswTdi.sys
07:03:23.0971 6220 aswTdi - ok
07:03:24.0201 6220 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
07:03:24.0204 6220 AsyncMac - ok
07:03:24.0442 6220 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
07:03:24.0444 6220 atapi - ok
07:03:25.0113 6220 athr (d6cad7e5b05055bb8226bdcb1644da27) C:\Windows\system32\DRIVERS\athrx.sys
07:03:25.0162 6220 athr - ok
07:03:25.0408 6220 AtiPcie (7c5d273e29dcc5505469b299c6f29163) C:\Windows\system32\drivers\AtiPcie.sys
07:03:25.0412 6220 AtiPcie - ok
07:03:25.0765 6220 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
07:03:25.0774 6220 b06bdrv - ok
07:03:26.0020 6220 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
07:03:26.0028 6220 b57nd60a - ok
07:03:26.0181 6220 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
07:03:26.0182 6220 Beep - ok
07:03:26.0463 6220 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\drivers\blbdrive.sys
07:03:26.0467 6220 blbdrive - ok
07:03:26.0900 6220 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
07:03:26.0903 6220 bowser - ok
07:03:27.0048 6220 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
07:03:27.0052 6220 BrFiltLo - ok
07:03:27.0216 6220 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
07:03:27.0218 6220 BrFiltUp - ok
07:03:27.0527 6220 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
07:03:27.0530 6220 BridgeMP - ok
07:03:28.0082 6220 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
07:03:28.0090 6220 Brserid - ok
07:03:28.0553 6220 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
07:03:28.0555 6220 BrSerWdm - ok
07:03:28.0848 6220 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
07:03:28.0851 6220 BrUsbMdm - ok
07:03:29.0619 6220 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
07:03:29.0622 6220 BrUsbSer - ok
07:03:30.0014 6220 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
07:03:30.0017 6220 BthEnum - ok
07:03:30.0284 6220 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
07:03:30.0286 6220 BTHMODEM - ok
07:03:30.0465 6220 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
07:03:30.0468 6220 BthPan - ok
07:03:30.0859 6220 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys
07:03:30.0974 6220 BTHPORT - ok
07:03:31.0154 6220 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys
07:03:31.0157 6220 BTHUSB - ok
07:03:31.0321 6220 btwavdt (5c849bd7c78791c5cee9f4651d7fe38d) C:\Windows\system32\drivers\btwavdt.sys
07:03:31.0324 6220 btwavdt - ok
07:03:31.0613 6220 btwrchid (3e1991afa851a36dc978b0a1b0535c8b) C:\Windows\system32\drivers\btwrchid.sys
07:03:31.0615 6220 btwrchid - ok
07:03:31.0648 6220 catchme - ok
07:03:31.0892 6220 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
07:03:31.0897 6220 cdfs - ok
07:03:32.0142 6220 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
07:03:32.0144 6220 cdrom - ok
07:03:32.0495 6220 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
07:03:32.0498 6220 circlass - ok
07:03:33.0107 6220 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
07:03:33.0115 6220 CLFS - ok
07:03:33.0345 6220 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
07:03:33.0348 6220 CmBatt - ok
07:03:33.0534 6220 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
07:03:33.0536 6220 cmdide - ok
07:03:33.0896 6220 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
07:03:33.0992 6220 CNG - ok
07:03:34.0458 6220 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
07:03:34.0460 6220 Compbatt - ok
07:03:34.0676 6220 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
07:03:34.0680 6220 CompositeBus - ok
07:03:34.0975 6220 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
07:03:34.0977 6220 crcdisk - ok
07:03:35.0255 6220 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
07:03:35.0258 6220 DfsC - ok
07:03:35.0493 6220 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
07:03:35.0496 6220 discache - ok
07:03:35.0753 6220 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
07:03:35.0756 6220 Disk - ok
07:03:35.0965 6220 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
07:03:35.0969 6220 drmkaud - ok
07:03:36.0298 6220 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
07:03:36.0312 6220 DXGKrnl - ok
07:03:37.0154 6220 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
07:03:37.0277 6220 ebdrv - ok
07:03:37.0714 6220 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
07:03:37.0790 6220 elxstor - ok
07:03:38.0254 6220 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
07:03:38.0258 6220 ErrDev - ok
07:03:38.0559 6220 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
07:03:38.0566 6220 exfat - ok
07:03:38.0829 6220 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
07:03:38.0835 6220 fastfat - ok
07:03:39.0016 6220 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
07:03:39.0019 6220 fdc - ok
07:03:39.0505 6220 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
07:03:39.0535 6220 FileInfo - ok
07:03:39.0874 6220 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
07:03:39.0877 6220 Filetrace - ok
07:03:40.0111 6220 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
07:03:40.0113 6220 flpydisk - ok
07:03:40.0468 6220 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
07:03:40.0475 6220 FltMgr - ok
07:03:40.0778 6220 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
07:03:40.0782 6220 FsDepends - ok
07:03:41.0226 6220 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
07:03:41.0228 6220 Fs_Rec - ok
07:03:41.0504 6220 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
07:03:41.0508 6220 fvevol - ok
07:03:41.0747 6220 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
07:03:41.0756 6220 gagp30kx - ok
07:03:42.0149 6220 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
07:03:42.0152 6220 GEARAspiWDM - ok
07:03:42.0602 6220 HabuFltr (c3096d7f9d0c529d538bc53a8b2895c7) C:\Windows\system32\drivers\habu.sys
07:03:42.0606 6220 HabuFltr - ok
07:03:42.0860 6220 hamachi (1e6438d4ea6e1174a3b3b1edc4de660b) C:\Windows\system32\DRIVERS\hamachi.sys
07:03:42.0863 6220 hamachi - ok
07:03:43.0287 6220 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
07:03:43.0290 6220 hcw85cir - ok
07:03:43.0620 6220 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
07:03:43.0684 6220 HdAudAddService - ok
07:03:44.0198 6220 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
07:03:44.0201 6220 HDAudBus - ok
07:03:44.0398 6220 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
07:03:44.0401 6220 HidBatt - ok
07:03:44.0666 6220 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
07:03:44.0670 6220 HidBth - ok
07:03:45.0254 6220 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
07:03:45.0258 6220 HidIr - ok
07:03:45.0579 6220 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
07:03:45.0583 6220 HidUsb - ok
07:03:45.0952 6220 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
07:03:45.0955 6220 HpSAMD - ok
07:03:46.0478 6220 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
07:03:46.0561 6220 HTTP - ok
07:03:47.0135 6220 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
07:03:47.0138 6220 hwpolicy - ok
07:03:47.0435 6220 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
07:03:47.0439 6220 i8042prt - ok
07:03:47.0801 6220 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
07:03:47.0809 6220 iaStorV - ok
07:03:47.0999 6220 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
07:03:48.0002 6220 iirsp - ok
07:03:48.0459 6220 IntcAzAudAddService (490947a9aff7ca31ef2e08f5776105eb) C:\Windows\system32\drivers\RTKVHD64.sys
07:03:48.0568 6220 IntcAzAudAddService - ok
07:03:48.0841 6220 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
07:03:48.0852 6220 intelide - ok
07:03:49.0125 6220 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\drivers\intelppm.sys
07:03:49.0128 6220 intelppm - ok
07:03:49.0684 6220 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
07:03:49.0687 6220 IpFilterDriver - ok
07:03:49.0958 6220 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
07:03:49.0960 6220 IPMIDRV - ok
07:03:50.0230 6220 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
07:03:50.0286 6220 IPNAT - ok
07:03:50.0797 6220 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
07:03:50.0799 6220 IRENUM - ok
07:03:51.0231 6220 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
07:03:51.0233 6220 isapnp - ok
07:03:51.0599 6220 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
07:03:51.0604 6220 iScsiPrt - ok
07:03:51.0896 6220 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
07:03:51.0898 6220 kbdclass - ok
07:03:52.0586 6220 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
07:03:52.0626 6220 kbdhid - ok
07:03:52.0927 6220 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
07:03:52.0930 6220 KSecDD - ok
07:03:53.0284 6220 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
07:03:53.0434 6220 KSecPkg - ok
07:03:53.0645 6220 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
07:03:53.0655 6220 ksthunk - ok
07:03:54.0272 6220 Lavasoft Kernexplorer (9a7fa6371f68335fd3c3d6488bc5a9f8) C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys
07:03:54.0275 6220 Lavasoft Kernexplorer - ok
07:03:54.0995 6220 Lbd (c8b3131857931ae76798a741cc52b021) C:\Windows\system32\DRIVERS\Lbd.sys
07:03:55.0062 6220 Lbd - ok
07:03:55.0515 6220 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
07:03:55.0518 6220 lltdio - ok
07:03:56.0207 6220 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
07:03:56.0210 6220 LSI_FC - ok
07:03:56.0487 6220 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
07:03:56.0491 6220 LSI_SAS - ok
07:03:56.0910 6220 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
07:03:56.0914 6220 LSI_SAS2 - ok
07:03:57.0238 6220 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
07:03:57.0243 6220 LSI_SCSI - ok
07:03:57.0573 6220 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
07:03:57.0577 6220 luafv - ok
07:03:57.0809 6220 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
07:03:57.0812 6220 megasas - ok
07:03:58.0196 6220 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
07:03:58.0205 6220 MegaSR - ok
07:03:58.0623 6220 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
07:03:58.0624 6220 Modem - ok
07:03:58.0852 6220 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
07:03:58.0854 6220 monitor - ok
07:03:59.0120 6220 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
07:03:59.0124 6220 mouclass - ok
07:03:59.0356 6220 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
07:03:59.0359 6220 mouhid - ok
07:03:59.0679 6220 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
07:03:59.0682 6220 mountmgr - ok
07:04:00.0029 6220 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
07:04:00.0034 6220 mpio - ok
07:04:00.0313 6220 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
07:04:00.0315 6220 mpsdrv - ok
07:04:00.0759 6220 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
07:04:00.0763 6220 MRxDAV - ok
07:04:01.0163 6220 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
07:04:01.0169 6220 mrxsmb - ok
07:04:01.0536 6220 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
07:04:01.0546 6220 mrxsmb10 - ok
07:04:02.0046 6220 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
07:04:02.0051 6220 mrxsmb20 - ok
07:04:02.0307 6220 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
07:04:02.0310 6220 msahci - ok
07:04:02.0662 6220 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
07:04:02.0669 6220 msdsm - ok
07:04:03.0100 6220 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
07:04:03.0102 6220 Msfs - ok
07:04:03.0596 6220 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
07:04:03.0599 6220 mshidkmdf - ok
07:04:03.0903 6220 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
07:04:03.0904 6220 msisadrv - ok
07:04:04.0166 6220 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
07:04:04.0170 6220 MSKSSRV - ok
07:04:04.0609 6220 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
07:04:04.0612 6220 MSPCLOCK - ok
07:04:05.0107 6220 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
07:04:05.0109 6220 MSPQM - ok
07:04:05.0483 6220 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
07:04:05.0489 6220 MsRPC - ok
07:04:05.0772 6220 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
07:04:05.0775 6220 mssmbios - ok
07:04:06.0268 6220 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
07:04:06.0271 6220 MSTEE - ok
07:04:06.0636 6220 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
07:04:06.0638 6220 MTConfig - ok
07:04:07.0111 6220 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
07:04:07.0113 6220 Mup - ok
07:04:07.0763 6220 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
07:04:07.0772 6220 NativeWifiP - ok
07:04:08.0175 6220 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
07:04:08.0189 6220 NDIS - ok
07:04:08.0424 6220 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
07:04:08.0427 6220 NdisCap - ok
07:04:08.0769 6220 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
07:04:08.0772 6220 NdisTapi - ok
07:04:09.0059 6220 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
07:04:09.0062 6220 Ndisuio - ok
07:04:09.0685 6220 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
07:04:09.0689 6220 NdisWan - ok
07:04:10.0241 6220 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
07:04:10.0243 6220 NDProxy - ok
07:04:10.0618 6220 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
07:04:10.0623 6220 NetBIOS - ok
07:04:10.0982 6220 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
07:04:10.0987 6220 NetBT - ok
07:04:11.0345 6220 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
07:04:11.0349 6220 nfrd960 - ok
07:04:11.0811 6220 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
07:04:11.0813 6220 Npfs - ok
07:04:12.0328 6220 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
07:04:12.0330 6220 nsiproxy - ok
07:04:12.0905 6220 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
07:04:13.0106 6220 Ntfs - ok
07:04:13.0359 6220 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
07:04:13.0362 6220 Null - ok
07:04:13.0683 6220 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
07:04:13.0773 6220 nvraid - ok
07:04:14.0185 6220 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
07:04:14.0192 6220 nvstor - ok
07:04:14.0436 6220 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
07:04:14.0658 6220 nv_agp - ok
07:04:15.0107 6220 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
07:04:15.0111 6220 ohci1394 - ok
07:04:15.0571 6220 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
07:04:15.0575 6220 Parport - ok
07:04:15.0825 6220 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
07:04:15.0828 6220 partmgr - ok
07:04:16.0375 6220 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
07:04:16.0378 6220 pci - ok
07:04:16.0612 6220 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
07:04:16.0615 6220 pciide - ok
07:04:17.0101 6220 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
07:04:17.0105 6220 pcmcia - ok
07:04:17.0595 6220 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
07:04:17.0598 6220 pcw - ok
07:04:17.0893 6220 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
07:04:17.0919 6220 PEAUTH - ok
07:04:18.0579 6220 Point64 (4f0878fd62d5f7444c5f1c4c66d9d293) C:\Windows\system32\DRIVERS\point64.sys
07:04:18.0583 6220 Point64 - ok
07:04:18.0880 6220 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
07:04:18.0885 6220 PptpMiniport - ok
07:04:19.0402 6220 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
07:04:19.0404 6220 Processor - ok
07:04:19.0691 6220 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
07:04:19.0696 6220 Psched - ok
07:04:20.0016 6220 PxHlpa64 (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys
07:04:20.0020 6220 PxHlpa64 - ok
07:04:20.0674 6220 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
07:04:21.0038 6220 ql2300 - ok
07:04:21.0308 6220 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
07:04:21.0312 6220 ql40xx - ok
07:04:21.0722 6220 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
07:04:21.0726 6220 QWAVEdrv - ok
07:04:22.0080 6220 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
07:04:22.0083 6220 RasAcd - ok
07:04:22.0442 6220 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
07:04:22.0445 6220 RasAgileVpn - ok
07:04:22.0868 6220 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
07:04:22.0871 6220 Rasl2tp - ok
07:04:22.0990 6220 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
07:04:22.0995 6220 RasPppoe - ok
07:04:23.0340 6220 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
07:04:23.0378 6220 RasSstp - ok
07:04:23.0712 6220 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
07:04:23.0717 6220 rdbss - ok
07:04:24.0077 6220 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
07:04:24.0081 6220 rdpbus - ok
07:04:24.0576 6220 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
07:04:24.0580 6220 RDPCDD - ok
07:04:24.0889 6220 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
07:04:24.0891 6220 RDPENCDD - ok
07:04:25.0079 6220 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
07:04:25.0081 6220 RDPREFMP - ok
07:04:25.0314 6220 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
07:04:25.0318 6220 RDPWD - ok
07:04:25.0656 6220 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
07:04:25.0665 6220 rdyboost - ok
07:04:25.0954 6220 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
07:04:25.0959 6220 RFCOMM - ok
07:04:26.0264 6220 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
07:04:26.0268 6220 rspndr - ok
07:04:26.0500 6220 RSUSBSTOR (5aab4808e8ccae8c2ecda5b791260616) C:\Windows\system32\Drivers\RtsUStor.sys
07:04:26.0504 6220 RSUSBSTOR - ok
07:04:27.0046 6220 RTHDMIAzAudService (d6d381b76056c668679723938f06f16c) C:\Windows\system32\drivers\RtHDMIVX.sys
07:04:27.0056 6220 RTHDMIAzAudService - ok
07:04:27.0380 6220 RTL8167 (7ea8d2eb9bbfd2ab8a3117a1e96d3b3a) C:\Windows\system32\DRIVERS\Rt64win7.sys
07:04:27.0385 6220 RTL8167 - ok
07:04:27.0646 6220 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
07:04:27.0649 6220 sbp2port - ok
07:04:28.0312 6220 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
07:04:28.0314 6220 scfilter - ok
07:04:28.0611 6220 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
07:04:28.0614 6220 secdrv - ok
07:04:28.0886 6220 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
07:04:28.0891 6220 Serenum - ok
07:04:29.0146 6220 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
07:04:29.0150 6220 Serial - ok
07:04:29.0469 6220 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
07:04:29.0472 6220 sermouse - ok
07:04:30.0233 6220 SFEP (286d3889e6ab5589646ff8a63cb928ae) C:\Windows\system32\drivers\SFEP.sys
07:04:30.0236 6220 SFEP - ok
07:04:30.0576 6220 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
07:04:30.0578 6220 sffdisk - ok
07:04:30.0764 6220 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
07:04:30.0796 6220 sffp_mmc - ok
07:04:31.0216 6220 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
07:04:31.0218 6220 sffp_sd - ok
07:04:31.0665 6220 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
07:04:31.0668 6220 sfloppy - ok
07:04:31.0872 6220 Sftfs (a40abfdcb75f835fdf3ce0cc64e4250d) C:\Windows\system32\DRIVERS\Sftfslh.sys
07:04:31.0884 6220 Sftfs - ok
07:04:32.0150 6220 Sftplay (411769ed1cb12d2b44217734347bdb7a) C:\Windows\system32\DRIVERS\Sftplaylh.sys
07:04:32.0158 6220 Sftplay - ok
07:04:32.0389 6220 Sftredir (a14d0df34bbb00ea94da16193d0c7957) C:\Windows\system32\DRIVERS\Sftredirlh.sys
07:04:32.0391 6220 Sftredir - ok
07:04:32.0558 6220 Sftvol (393b22addd89979eb1c60898f51c3648) C:\Windows\system32\DRIVERS\Sftvollh.sys
07:04:32.0560 6220 Sftvol - ok
07:04:32.0955 6220 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
07:04:32.0959 6220 SiSRaid2 - ok
07:04:33.0619 6220 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
07:04:33.0622 6220 SiSRaid4 - ok
07:04:33.0820 6220 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
07:04:33.0824 6220 Smb - ok
07:04:34.0271 6220 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
07:04:34.0274 6220 spldr - ok
07:04:34.0553 6220 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
07:04:34.0560 6220 srv - ok
07:04:34.0942 6220 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
07:04:34.0949 6220 srv2 - ok
07:04:35.0333 6220 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
07:04:35.0338 6220 srvnet - ok
07:04:35.0546 6220 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
07:04:35.0550 6220 stexstor - ok
07:04:35.0825 6220 StillCam (decacb6921ded1a38642642685d77dac) C:\Windows\system32\DRIVERS\serscan.sys
07:04:35.0827 6220 StillCam - ok
07:04:36.0060 6220 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
07:04:36.0083 6220 swenum - ok
07:04:36.0700 6220 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
07:04:36.0958 6220 Tcpip - ok
07:04:37.0397 6220 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
07:04:37.0411 6220 TCPIP6 - ok
07:04:37.0595 6220 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
07:04:37.0597 6220 tcpipreg - ok
07:04:37.0749 6220 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
07:04:37.0752 6220 TDPIPE - ok
07:04:37.0961 6220 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
07:04:37.0964 6220 TDTCP - ok
07:04:38.0389 6220 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
07:04:38.0393 6220 tdx - ok
07:04:38.0610 6220 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
07:04:38.0613 6220 TermDD - ok
07:04:39.0088 6220 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
07:04:39.0091 6220 tssecsrv - ok
07:04:39.0192 6220 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
07:04:39.0196 6220 TsUsbFlt - ok
07:04:39.0375 6220 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
07:04:39.0378 6220 tunnel - ok
07:04:39.0458 6220 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
07:04:39.0460 6220 uagp35 - ok
07:04:39.0643 6220 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
07:04:39.0648 6220 udfs - ok
07:04:39.0833 6220 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
07:04:39.0836 6220 uliagpkx - ok
07:04:39.0918 6220 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
07:04:39.0922 6220 umbus - ok
07:04:40.0031 6220 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
07:04:40.0037 6220 UmPass - ok
07:04:40.0269 6220 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
07:04:40.0272 6220 usbccgp - ok
07:04:40.0439 6220 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
07:04:40.0442 6220 usbcir - ok
07:04:41.0197 6220 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
07:04:41.0201 6220 usbehci - ok
07:04:41.0455 6220 usbfilter (2c780746dc44a28fe67004dc58173f05) C:\Windows\system32\DRIVERS\usbfilter.sys
07:04:41.0459 6220 usbfilter - ok
07:04:41.0597 6220 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
07:04:41.0602 6220 usbhub - ok
07:04:41.0838 6220 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
07:04:41.0841 6220 usbohci - ok
07:04:42.0037 6220 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
07:04:42.0039 6220 usbprint - ok
07:04:42.0264 6220 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
07:04:42.0267 6220 usbscan - ok
07:04:42.0444 6220 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
07:04:42.0447 6220 USBSTOR - ok
07:04:42.0770 6220 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\drivers\usbuhci.sys
07:04:42.0774 6220 usbuhci - ok
07:04:43.0123 6220 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
07:04:43.0126 6220 usbvideo - ok
07:04:43.0516 6220 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
07:04:43.0518 6220 vdrvroot - ok
07:04:43.0806 6220 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
07:04:43.0809 6220 vga - ok
07:04:44.0006 6220 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
07:04:44.0009 6220 VgaSave - ok
07:04:44.0111 6220 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
07:04:44.0118 6220 vhdmp - ok
07:04:44.0180 6220 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
07:04:44.0184 6220 viaide - ok
07:04:44.0281 6220 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
07:04:44.0283 6220 volmgr - ok
07:04:44.0399 6220 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
07:04:44.0406 6220 volmgrx - ok
07:04:44.0672 6220 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
07:04:44.0678 6220 volsnap - ok
07:04:45.0794 6220 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
07:04:45.0836 6220 vsmraid - ok
07:04:46.0212 6220 vtany - ok
07:04:46.0737 6220 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
07:04:46.0739 6220 vwifibus - ok
07:04:47.0132 6220 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
07:04:47.0135 6220 vwififlt - ok
07:04:47.0423 6220 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
07:04:47.0425 6220 WacomPen - ok
07:04:47.0718 6220 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
07:04:47.0723 6220 WANARP - ok
07:04:47.0746 6220 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
07:04:47.0747 6220 Wanarpv6 - ok
07:04:47.0999 6220 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
07:04:48.0003 6220 Wd - ok
07:04:48.0302 6220 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
07:04:48.0316 6220 Wdf01000 - ok
07:04:48.0608 6220 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
07:04:48.0612 6220 WfpLwf - ok
07:04:48.0971 6220 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
07:04:48.0974 6220 WIMMount - ok
07:04:49.0351 6220 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
07:04:49.0418 6220 WinUsb - ok
07:04:49.0905 6220 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
07:04:49.0908 6220 WmiAcpi - ok
07:04:50.0261 6220 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
07:04:50.0266 6220 ws2ifsl - ok
07:04:50.0585 6220 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
07:04:50.0589 6220 WudfPf - ok
07:04:50.0993 6220 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
07:04:51.0001 6220 WUDFRd - ok
07:04:51.0244 6220 xspirit - ok
07:04:51.0291 6220 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
07:04:51.0405 6220 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - infected
07:04:51.0406 6220 \Device\Harddisk0\DR0 - detected Rootkit.Boot.SST.b (0)
07:04:51.0448 6220 Boot (0x1200) (ea9cdc7515065dfe0fbb3baea7598bd2) \Device\Harddisk0\DR0\Partition0
07:04:51.0464 6220 \Device\Harddisk0\DR0\Partition0 - ok
07:04:51.0491 6220 Boot (0x1200) (f65fe85295606a0c58ba11648c44a109) \Device\Harddisk0\DR0\Partition1
07:04:51.0501 6220 \Device\Harddisk0\DR0\Partition1 - ok
07:04:51.0502 6220 ============================================================
07:04:51.0502 6220 Scan finished
07:04:51.0502 6220 ============================================================
07:04:51.0516 3752 Detected object count: 1
07:04:51.0516 3752 Actual detected object count: 1
07:05:06.0515 3752 \Device\Harddisk0\DR0\# - copied to quarantine
07:05:06.0517 3752 \Device\Harddisk0\DR0 - copied to quarantine
07:05:12.0749 3752 \Device\Harddisk0\DR0\TDLFS\mbr - copied to quarantine
07:05:12.0753 3752 \Device\Harddisk0\DR0\TDLFS\vbr - copied to quarantine
07:05:12.0755 3752 \Device\Harddisk0\DR0\TDLFS\bid - copied to quarantine
07:05:12.0773 3752 \Device\Harddisk0\DR0\TDLFS\affid - copied to quarantine
07:05:12.0956 3752 \Device\Harddisk0\DR0\TDLFS\boot - copied to quarantine
07:05:13.0035 3752 \Device\Harddisk0\DR0\TDLFS\cmd32 - copied to quarantine
07:05:13.0096 3752 \Device\Harddisk0\DR0\TDLFS\cmd64 - copied to quarantine
07:05:13.0175 3752 \Device\Harddisk0\DR0\TDLFS\dbg32 - copied to quarantine
07:05:13.0229 3752 \Device\Harddisk0\DR0\TDLFS\dbg64 - copied to quarantine
07:05:13.0282 3752 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
07:05:13.0338 3752 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
07:05:13.0561 3752 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
07:05:13.0605 3752 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
07:05:13.0686 3752 \Device\Harddisk0\DR0\TDLFS\main - copied to quarantine
07:05:13.0773 3752 \Device\Harddisk0\DR0\TDLFS\subid - copied to quarantine
07:05:13.0871 3752 \Device\Harddisk0\DR0\TDLFS\info - copied to quarantine
07:05:13.0983 3752 \Device\Harddisk0\DR0\TDLFS\mainfb.script - copied to quarantine
07:05:14.0165 3752 \Device\Harddisk0\DR0\TDLFS\com64 - copied to quarantine
07:05:14.0236 3752 \Device\Harddisk0\DR0\TDLFS\bbr232 - copied to quarantine
07:05:14.0369 3752 \Device\Harddisk0\DR0\TDLFS\serf332 - copied to quarantine
07:05:14.0508 3752 \Device\Harddisk0\DR0\TDLFS\serf364 - copied to quarantine
07:05:14.0598 3752 \Device\Harddisk0\DR0\TDLFS\bbr264 - copied to quarantine
07:05:14.0656 3752 \Device\Harddisk0\DR0\TDLFS\serf_conf - copied to quarantine
07:05:16.0350 3752 \Device\Harddisk0\DR0\TDLFS\sant64 - copied to quarantine
07:05:16.0428 3752 \Device\Harddisk0\DR0\TDLFS\time.txt - copied to quarantine
07:05:16.0699 3752 \Device\Harddisk0\DR0\TDLFS\bbr_conf - copied to quarantine
07:05:17.0361 3752 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - will be cured on reboot
07:05:17.0365 3752 \Device\Harddisk0\DR0 - ok
07:05:17.0365 3752 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - User select action: Cure
07:05:35.0524 6188 Deinitialize success

aswMBR Log:
aswMBR version 0.9.9.1532 Copyright© 2011 AVAST Software
Run date: 2012-02-07 07:17:36
-----------------------------
07:17:36.416 OS Version: Windows x64 6.1.7601 Service Pack 1
07:17:36.416 Number of processors: 2 586 0x603
07:17:36.416 ComputerName: NODAME UserName: Anna
07:17:37.742 Initialize success
07:17:37.898 AVAST engine defs: 12020700
07:18:20.955 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000060
07:18:20.955 Disk 0 Vendor: WDC_WD32 01.0 Size: 305245MB BusType: 11
07:18:20.987 Disk 0 MBR read successfully
07:18:21.002 Disk 0 MBR scan
07:18:21.002 Disk 0 Windows 7 default MBR code
07:18:21.002 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 9588 MB offset 2048
07:18:21.018 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 19640320
07:18:21.033 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 295554 MB offset 19845120
07:18:21.033 Service scanning
07:18:23.171 Modules scanning
07:18:23.171 Disk 0 trace - called modules:
07:18:23.233 ntoskrnl.exe CLASSPNP.SYS disk.sys amd_xata.sys ACPI.sys storport.sys hal.dll amd_sata.sys
07:18:23.249 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004311340]
07:18:23.264 3 CLASSPNP.SYS[fffff8800165143f] -> nt!IofCallDriver -> [0xfffffa800428d040]
07:18:23.264 5 amd_xata.sys[fffff8800115a7a8] -> nt!IofCallDriver -> [0xfffffa800428ad30]
07:18:23.280 7 ACPI.sys[fffff88000e4b7a1] -> nt!IofCallDriver -> \Device\00000060[0xfffffa8004288060]
07:18:24.419 AVAST engine scan C:\Windows
07:18:28.303 AVAST engine scan C:\Windows\system32
07:21:41.353 AVAST engine scan C:\Windows\system32\drivers
07:21:55.565 AVAST engine scan C:\Users\Anna
07:29:24.050 AVAST engine scan C:\ProgramData
07:32:51.016 Scan finished successfully
07:33:28.222 Disk 0 MBR has been saved successfully to "C:\Users\Anna\Desktop\MBR.dat"
07:33:28.237 The log file has been saved successfully to "C:\Users\Anna\Desktop\aswMBR.txt"

Attached Files

  • Attached File  MBR.zip   566bytes   0 downloads


#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,909 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:27 PM

Posted 07 February 2012 - 01:25 PM

Good work.

Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop

IMPORTANT....

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Do not install any other programs until this if fixed.


How to : Disable Anti-virus and Firewall...
http://www.bleepingcomputer.com/forums/topic114351.html

Double click on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt
Note:
Do not mouse click ComboFix's window while it's running. That may cause it to stall


Note: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html
===

Third party programs if not up to date can be the cause infiltration of an infection.

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.

Please post the logs for my review.

#5 Ninjaneko

Ninjaneko
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:06:27 PM

Posted 07 February 2012 - 09:57 PM

Combo Fix Log results:
ComboFix 12-02-07.01 - Anna 02/07/2012 11:22:13.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3835.1730 [GMT -8:00]
Running from: c:\users\Anna\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-01-07 to 2012-02-07 )))))))))))))))))))))))))))))))
.
.
2012-02-07 20:22 . 2012-02-07 20:22 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-01-15 17:48 . 2012-01-15 17:48 43992 ----a-w- c:\program files (x86)\Mozilla Firefox\mozutils.dll
2012-01-15 17:48 . 2012-01-15 17:48 479232 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcm80.dll
2012-01-15 17:48 . 2012-01-15 17:48 626688 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr80.dll
2012-01-15 17:48 . 2012-01-15 17:48 548864 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp80.dll
2012-01-12 00:35 . 2012-01-12 00:35 -------- d-----w- c:\windows\system32\Macromed
2012-01-11 20:50 . 2011-10-26 05:25 1572864 ----a-w- c:\windows\system32\quartz.dll
2012-01-11 20:50 . 2011-10-26 04:32 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-01-11 20:50 . 2011-10-26 04:32 1328128 ----a-w- c:\windows\SysWow64\quartz.dll
2012-01-11 20:50 . 2011-10-26 05:25 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-01-11 20:50 . 2011-11-17 06:41 1731920 ----a-w- c:\windows\system32\ntdll.dll
2012-01-11 20:50 . 2011-11-17 05:38 1292080 ----a-w- c:\windows\SysWow64\ntdll.dll
2012-01-11 20:50 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll
2012-01-11 20:50 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll
2012-01-09 06:31 . 2012-01-20 18:17 -------- d-----w- c:\program files (x86)\Microsoft
2012-01-09 06:31 . 2012-01-20 18:17 -------- d-----w- c:\program files (x86)\Bing Bar Installer
2012-01-09 06:30 . 2012-01-09 06:30 -------- d-----w- c:\users\Anna\AppData\Roaming\HpUpdate
2012-01-09 06:29 . 2010-11-17 05:24 750440 ------w- c:\windows\system32\HPDiscoPM5312.dll
2012-01-09 06:29 . 2012-01-09 06:38 -------- d-----w- c:\programdata\HP
2012-01-09 06:28 . 2012-01-09 06:30 -------- d-----w- c:\program files (x86)\HP
2012-01-09 06:28 . 2012-01-09 06:28 -------- d-----w- c:\program files\HP
2012-01-09 06:27 . 2012-01-09 06:27 -------- d-----w- c:\users\Anna\AppData\Local\HP
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-27 08:52 . 2010-10-17 07:33 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-01-23 13:40 . 2011-06-28 20:51 16432 ----a-w- c:\windows\system32\lsdelete.exe
2012-01-12 00:35 . 2011-06-21 16:44 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-12-23 15:12 . 2011-06-28 19:46 69376 ----a-w- c:\windows\system32\drivers\Lbd.sys
2011-11-24 04:52 . 2011-12-15 04:22 3145216 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-06-24 39408]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2011-08-02 1242448]
"Elbserver"="c:\program files (x86)\Sony\Media Gallery\ElbServer.exe" [2010-02-09 81328]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SmartWiHelper"="c:\program files (x86)\Sony\SmartWi Connection Utility\SmartWiHelper.exe" [2010-01-20 82944]
"PMBVolumeWatcher"="c:\program files (x86)\Sony\PMB\PMBVolumeWatcher.exe" [2010-01-22 597792]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-30 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-06-08 421160]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"avast"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2011-09-06 3722416]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-10 49208]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-02-02 1987976]
.
c:\users\Anna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-9-4 1081632]
Evernote Clipper.lnk - c:\windows\Installer\{F761359C-9CED-45AE-9A51-9D6605CD55C4}\Evernote.ico [2011-1-6 293950]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-24 135664]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-24 135664]
R3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2012-01-23 2152152]
R3 MSSQL$DDNI;SQL Server (DDNI);c:\program files (x86)\Microsoft SQL Server\MSSQL10.DDNI\MSSQL\Binn\sqlservr.exe [2009-03-30 43010392]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]
R3 SOHCImp;VAIO Media plus Content Importer;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2010-09-10 108400]
R3 SOHDms;VAIO Media plus Digital Media Server;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2010-10-12 423280]
R3 SOHDs;VAIO Media plus Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2010-09-10 67952]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2010-03-25 574320]
R3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2010-02-20 386416]
R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2010-02-20 115568]
R3 vtany;vtany;c:\windows\vtany.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 xspirit;xspirit;c:\users\Anna\AppData\Local\Temp\xspirit.sys [x]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files (x86)\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-03-31 47128]
R4 SQLAgent$DDNI;SQL Server Agent (DDNI);c:\program files (x86)\Microsoft SQL Server\MSSQL10.DDNI\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 366936]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [x]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [x]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-10-20 821664]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-02-02 2343816]
S2 Oasis2Service;Oasis2Service;c:\program files (x86)\DDNi\Oasis2Service\Oasis2Service.exe [2011-08-14 49152]
S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2009-10-24 360224]
S2 SampleCollector;VAIO Care Performance Service;c:\program files\Sony\VAIO Care\VCPerfService.exe [2011-01-29 259192]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-09-14 508264]
S2 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2010-09-27 864000]
S2 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2010-02-20 529776]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-09-14 219496]
S3 SpfService;VAIO Entertainment Common Service;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [2010-09-27 303872]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
S3 VCService;VCService;c:\program files\Sony\VAIO Care\VCService.exe [2011-02-14 44736]
S3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update Common\VUAgent.exe [2011-09-23 1429608]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ASWMBR
*Deregistered* - aswMBR
*Deregistered* - Lavasoft Kernexplorer
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-07 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-12-23 13:39]
.
2012-02-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-24 19:40]
.
2012-02-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-24 19:40]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-09-06 20:45 134384 ----a-w- c:\program files\Alwil Software\Avast5\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-04-07 10134560]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Add to Evernote 4.0 - c:\program files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
IE: {{A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://c:\program files (x86)\Evernote\Evernote\EvernoteIE.dll/204
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 134.71.247.170 134.71.247.100 134.71.247.190
FF - ProfilePath - c:\users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\5p44mzyj.default\
FF - user.js: general.useragent.extra.brc -
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-Akamai NetSession Interface - c:\users\Anna\AppData\Local\Akamai\netsession_win.exe
HKLM-Run-Apoint - c:\program files (x86)\Apoint\Apoint.exe
AddRemove-{4D15C6C1-74C9-4AA4-8378-CEEDE7E53F39}_is1 - c:\program files\Mount&Blade Warband\Modules\Brytenwalda\unins000.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\SampleCollector]
"ImagePath"="\"c:\program files\Sony\VAIO Care\VCPerfService.exe\" \"/service\" \"/sstates\" \"/sampleinterval=5000\" \"/procinterval=5\" \"/dllinterval=120\" \"/counter=\Processor(_Total)\% Processor Time:1/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:1\" \"/counter=\Network Interface(*)\Bytes Total/sec:1\" \"/expandcounter=\Processor Information(*)\Processor Frequency:1\" \"/expandcounter=\Processor(*)\% Idle Time:1\" \"/expandcounter=\Processor(*)\% C1 Time:1\" \"/expandcounter=\Processor(*)\% C2 Time:1\" \"/expandcounter=\Processor(*)\% C3 Time:1\" \"/expandcounter=\Processor(*)\% Processor Time:1\" \"/directory=c:\programdata\Sony Corporation\VAIO Care\inteldata\""
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_e286960.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3941070960-2003171563-2124088978-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-3941070960-2003171563-2124088978-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_USERS\S-1-5-21-3941070960-2003171563-2124088978-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:32,a6,00,13,97,7b,c4,28,8f,b0,b2,c5,e9,19,8e,2f,ef,66,58,b4,28,77,f7,
e0,de,a2,93,6c,66,08,4e,56,47,01,36,0d,29,b4,b6,ce,94,28,cb,74,8d,1c,ca,d7,\
"??"=hex:06,85,d9,17,9d,7d,f5,f6,a7,aa,cc,99,84,fc,5b,98
.
[HKEY_USERS\S-1-5-21-3941070960-2003171563-2124088978-1004\Software\SecuROM\License information*]
"datasecu"=hex:6a,21,21,7b,4f,eb,03,59,b3,f2,7b,70,00,7f,99,99,81,ba,00,94,5a,
27,bc,07,80,59,26,6d,0e,54,f6,f7,86,76,7f,81,4b,0b,1c,22,e4,bc,82,9b,9d,a5,\
"rkeysecu"=hex:e6,0b,cf,9d,d3,83,e9,01,cc,63,28,ed,52,3a,aa,95
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-02-07 12:24:58
ComboFix-quarantined-files.txt 2012-02-07 20:24
ComboFix2.txt 2012-01-31 20:22
.
Pre-Run: 115,102,027,776 bytes free
Post-Run: 115,054,460,928 bytes free
.
- - End Of File - - 5DDD275A2988FE86795DE8EF2D7218A1

Security Check log

Results of screen317's Security Check version 0.99.30
Windows 7 x64 (UAC is enabled)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
avast! Free Antivirus
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Ad-Aware
Java™ 6 Update 26
Java™ 6 Update 3
Java version out of date!
Adobe Flash Player 11.1.102.55
Adobe Reader 9 Adobe Reader out of date!
Mozilla Firefox (9.0.1)
````````````````````````````````
Process Check:
objlist.exe by Laurent

Ad-Aware AAWService.exe is disabled!
Ad-Aware AAWTray.exe is disabled!
Alwil Software Avast5 AvastSvc.exe
Alwil Software Avast5 AvastUI.exe
``````````End of Log````````````

#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,909 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:27 PM

Posted 08 February 2012 - 10:45 AM

The ComboFix log is clean.

Secure your system by updating 3rd party programs.

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.

Check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

If present remove the old version(s) of Java using the Add/Remove Programs applet.


Java™ 6 Update 26
Java™ 6 Update 3


===

Get the latest version of the Adobe Reader.
http://get.adobe.com/reader/
Before your download I suggest you unckeck the box on the top right "Include in your download" this is not required. While the installation is in progress you can also deny the installation of any other programs that may be suggested.

When installed remove your old version of the Reader using the Add/Remove Programs applet if present.

Any remaining issues with this computer?

#7 Ninjaneko

Ninjaneko
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:06:27 PM

Posted 09 February 2012 - 12:32 AM

Thank you so much! :) Everything appears to be working smoothly, and I'll be creating a back up in the morning.
Two quick questions:
I've updated Java and Adobe Reader. I was able to uninstall Java 6 update 26, but when I try to uninstall Java 6 update 3, Windows 7 asks me if I want the following program from an unknown publisher to make changes to my computer:"C:\Windows\Installer\ca047.msi" I tried looking it up, but couldn't find anything on it. Is it okay to proceed with uninstalling the Java 6 update 3?

I know you are a very busy person, but might I ask for help with another computer in the household experiencing similar, yet slightly different problem--Windows Vista, Google Redirecting to Getanswers and Happili (My Laptop never redirected to these)? If I need to submit a separate ticket, I will completely understand.

Thank you again, Nasdaq! I wish there was a way I could repay you.

#8 nasdaq

nasdaq

  • Malware Response Team
  • 39,909 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:27 PM

Posted 09 February 2012 - 01:28 PM

Download Revo Uninstaller and run it to remove the old version of Java 6 update 3.

http://majorgeeks.com/Revo_Uninstaller_d5706.html

Revo Uninstaller helps you to remove any unwanted application installed on your computer.

===

Please start a new topic for the other computer.

When the logs are posted copy the URL and paste the URL in your next reply.
I will expedite the matter.

#9 nasdaq

nasdaq

  • Malware Response Team
  • 39,909 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:27 PM

Posted 16 February 2012 - 11:46 AM

Time for some housekeeping

The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following bold text into the Run box and click OK:

ComboFix /Uninstall
===

#10 Ninjaneko

Ninjaneko
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:06:27 PM

Posted 22 February 2012 - 09:33 AM

I used Revo and uninstalled that Java update. Also, Combofix is uninstalled too.

Sorry about the slow reply. ><

#11 nasdaq

nasdaq

  • Malware Response Team
  • 39,909 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:27 PM

Posted 28 February 2012 - 10:13 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users