Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

DOS/Alureon.A > TDSSKiller > *** STOP: 0x0000007B


  • This topic is locked This topic is locked
13 replies to this topic

#1 Girbaud

Girbaud

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:25 AM

Posted 03 February 2012 - 02:04 AM

Microsoft Essentials showed that I had DOS/Alureon.A virus.

Couldn't remove it so I tried using TDSSKiller

Found 6 issues that it fixed

From then on after I tried to Reboot

*** STOP: 0x0000007B (Blue Screen)/Crash

Downloaded FRST64 ran scan

How should I proceed?

Thanks

Log is attached below

Attached Files

  • Attached File  FRST.txt   119.8KB   11 downloads


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:25 AM

Posted 03 February 2012 - 02:28 AM

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flashdrive as fixlist.txt

cmd: bootrec /FixMbr
TDL4: custom:26000022


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.
On Windows XP: Now please boot into the BartPE CD.
Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 Girbaud

Girbaud
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:25 AM

Posted 03 February 2012 - 02:36 AM

Thanks for the quick reply! Log below

----------------------------------------------------

Fix result of Farbar Recovery Scan Tool (FRST written by farbar) Version: 28-01-2012
Ran by SYSTEM at 2012-02-02 12:34:39 R:1
Running from E:\

==============================================


========= bootrec /FixMbr =========

˙ūT h e o p e r a t i o n c o m p l e t e d s u c c e s s f u l l y .

========= End of CMD: =========


The operation completed successfully.
The operation completed successfully.

==== End of Fixlog ====

#4 Girbaud

Girbaud
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:25 AM

Posted 03 February 2012 - 02:37 AM

Thanks for the quick reply! Log below

----------------------------------------------------

Fix result of Farbar Recovery Scan Tool (FRST written by farbar) Version: 28-01-2012
Ran by SYSTEM at 2012-02-02 12:34:39 R:1
Running from E:\

==============================================


========= bootrec /FixMbr =========

˙ūT h e o p e r a t i o n c o m p l e t e d s u c c e s s f u l l y .

========= End of CMD: =========


The operation completed successfully.
The operation completed successfully.

==== End of Fixlog ====

#5 Girbaud

Girbaud
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:25 AM

Posted 03 February 2012 - 02:38 AM

Thanks for the quick reply! Windows is back! Log below

----------------------------------------------------

Fix result of Farbar Recovery Scan Tool (FRST written by farbar) Version: 28-01-2012
Ran by SYSTEM at 2012-02-02 12:34:39 R:1
Running from E:\

==============================================


========= bootrec /FixMbr =========

˙ūT h e o p e r a t i o n c o m p l e t e d s u c c e s s f u l l y .

========= End of CMD: =========


The operation completed successfully.
The operation completed successfully.

==== End of Fixlog ====

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:25 AM

Posted 03 February 2012 - 03:03 AM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 Girbaud

Girbaud
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:25 AM

Posted 04 February 2012 - 08:56 PM

Computer was doing a lot better than before. It's not losing focus all the time. Here is the ComboFix Log
-------------------------------------------
ComboFix 12-02-02.02 - Dondre 02/04/2012 17:44:00.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3560.1958 [GMT -6:00]
Running from: c:\users\Dondre\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\VooMuu
c:\program files (x86)\VooMuu\bin\1.0.36.0\copyright.txt
c:\program files (x86)\VooMuu\bin\1.0.36.0\VooMuuSACB.exe
c:\program files (x86)\VooMuu\bin\1.0.36.0\VooMuuSAHook.dll
c:\programdata\~CFOHarbF5uxi64
c:\programdata\~CFOHarbF5uxi64r
.
.
((((((((((((((((((((((((( Files Created from 2012-01-05 to 2012-02-05 )))))))))))))))))))))))))))))))
.
.
2012-02-05 01:00 . 2012-02-05 01:00 -------- d-----w- c:\users\WebDial\AppData\Local\temp
2012-02-05 01:00 . 2012-02-05 01:00 -------- d-----w- c:\users\dmr\AppData\Local\temp
2012-02-05 01:00 . 2012-02-05 01:00 -------- d-----w- c:\users\DefaultAppPool\AppData\Local\temp
2012-02-05 01:00 . 2012-02-05 01:00 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-02-05 01:00 . 2012-02-05 01:00 -------- d-----w- c:\users\Classic .NET AppPool\AppData\Local\temp
2012-02-05 01:00 . 2012-02-05 01:00 -------- d-----w- c:\users\ASP.NET V4.0\AppData\Local\temp
2012-02-04 18:42 . 2012-02-04 18:42 -------- d-----w- c:\users\Dondre\AppData\Local\Diagnostics
2012-02-04 14:27 . 2012-01-06 03:15 8602168 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-02-04 14:26 . 2012-01-06 03:15 8602168 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3BCBEBF4-1015-411B-81C1-D8A6B22797C9}\mpengine.dll
2012-02-04 01:10 . 2012-02-04 01:10 -------- d-----w- C:\Python25
2012-02-04 00:42 . 2012-02-04 22:41 -------- d-----w- c:\users\Dondre\Google
2012-02-03 15:25 . 2012-02-03 15:25 -------- d-----w- c:\program files (x86)\Common Files\Skype
2012-02-03 15:21 . 2012-02-03 15:21 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2E3ECC90-EF6A-49FC-983B-5494B36D48D0}\offreg.dll
2012-02-03 15:20 . 2012-01-06 03:15 8602168 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2E3ECC90-EF6A-49FC-983B-5494B36D48D0}\mpengine.dll
2012-02-02 18:43 . 2012-01-29 20:46 917840 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2012-02-02 18:43 . 2012-01-29 20:46 917840 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F6CD7ACF-4241-465A-8E58-FF72AC2543C9}\gapaengine.dll
2012-02-02 17:54 . 2012-02-02 17:56 -------- d-----w- C:\FRST
2012-02-02 12:18 . 2012-02-02 11:46 -------- d-----w- c:\program files (x86)\Firefox
2012-02-02 05:42 . 2012-02-04 22:52 -------- d-----w- C:\pyproject
2012-02-02 05:39 . 2012-02-02 05:39 -------- d-----w- c:\program files (x86)\Google
2012-02-02 04:18 . 2012-02-02 04:18 -------- d-----w- c:\users\Dondre\.idlerc
2012-02-02 03:25 . 2012-02-04 01:01 -------- d-----w- C:\Python27
2012-02-01 18:34 . 2012-02-01 18:34 -------- d-----w- c:\users\Dondre\AppData\Local\Clearwire
2012-02-01 18:34 . 2012-02-01 18:34 -------- d-----w- c:\users\Dondre\AppData\Roaming\Sierra Wireless
2012-02-01 18:33 . 2012-02-02 16:21 -------- d-----w- c:\program files (x86)\Common Files\PctelEapPeer Authentication
2012-02-01 18:33 . 2012-02-01 18:33 -------- d-----w- c:\programdata\Clearwire
2012-02-01 18:33 . 2012-02-01 18:33 -------- d-----w- c:\program files (x86)\Clearwire
2012-01-31 14:01 . 2012-01-31 14:01 -------- d-sh--w- c:\windows\SysWow64\%USERPROFILE%
2012-01-30 00:17 . 2012-01-30 00:17 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8127D7CC-542A-48F5-A013-29A8092734A0}\offreg.dll
2012-01-30 00:16 . 2012-01-30 00:16 35664 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8127D7CC-542A-48F5-A013-29A8092734A0}\MpKslfa932f4f.sys
2012-01-29 20:46 . 2012-01-29 20:46 917840 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FD002EDF-68EF-4742-A468-526D585DA4DD}\gapaengine.dll
2012-01-29 20:46 . 2012-01-06 03:15 8602168 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8127D7CC-542A-48F5-A013-29A8092734A0}\mpengine.dll
2012-01-29 20:45 . 2012-02-02 16:22 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2012-01-29 20:45 . 2012-02-02 16:23 -------- d-----w- c:\program files\Microsoft Security Client
2012-01-29 18:07 . 2012-02-02 16:27 -------- d-----w- c:\windows\Microsoft Antimalware
2012-01-29 15:36 . 2012-01-29 15:36 -------- d-----w- c:\windows\Sun
2012-01-27 18:36 . 2012-02-02 16:22 -------- d-----w- c:\program files (x86)\FileZilla FTP Client
2012-01-27 15:25 . 2012-02-02 15:51 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-01-27 06:42 . 2012-02-02 16:30 -------- d-----w- c:\windows\Windows Defender Offline
2012-01-27 04:50 . 2012-02-02 16:21 -------- d-----w- C:\21ce2fba243b7f207a78
2012-01-26 21:08 . 2012-01-26 21:08 -------- d-----w- c:\users\Dondre\Adobe Photoshop CS5.1
2012-01-26 21:07 . 2012-01-26 21:07 -------- d-----w- c:\users\Dondre\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
2012-01-26 21:07 . 2012-02-02 16:22 -------- d-----w- c:\program files (x86)\Adobe Download Assistant
2012-01-26 21:07 . 2012-02-02 15:21 -------- d-----w- c:\program files (x86)\Common Files\Adobe AIR
2012-01-26 20:46 . 2012-02-02 15:30 -------- d-----w- c:\users\Dondre\AppData\Local\Google
2012-01-26 01:41 . 2009-07-14 01:14 20480 ----a-w- c:\windows\svchost.exe
2012-01-25 19:15 . 2012-01-26 01:40 -------- d-----w- c:\program files (x86)\Deltastock MetaTrader
2012-01-25 19:15 . 2012-01-25 19:15 -------- d-----w- c:\programdata\MetaQuotes
2012-01-25 15:18 . 2012-01-25 15:18 -------- d-----w- c:\users\Dondre\AppData\Local\Mozilla
2012-01-24 08:34 . 2012-01-24 08:34 48464 ----a-w- c:\windows\system32\drivers\agwraaqg.sys
2012-01-22 16:38 . 2012-02-02 16:24 -------- d-----w- c:\users\Dondre\AppData\Local\Eclipse
2012-01-22 16:37 . 2012-02-02 16:21 -------- d-----w- C:\eclipse
2012-01-21 22:55 . 2009-12-06 01:42 85504 ----a-w- c:\windows\SysWow64\ff_vfw.dll
2012-01-21 22:55 . 2012-02-02 16:22 -------- d-----w- c:\program files (x86)\ffdshow
2012-01-21 22:51 . 2012-02-02 16:23 -------- d--h--w- c:\programdata\Ant.com
2012-01-21 22:51 . 2012-02-02 15:20 -------- d-----w- c:\program files (x86)\Ant.com
2012-01-21 22:51 . 2012-02-02 16:22 -------- d-----w- c:\program files (x86)\Common Files\xing shared
2012-01-21 22:51 . 2012-01-21 22:51 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll
2012-01-21 22:51 . 2012-01-21 22:51 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
2012-01-21 22:50 . 2012-02-02 15:26 -------- d-----w- c:\program files (x86)\Real
2012-01-21 22:49 . 2012-02-02 16:23 -------- d-----w- c:\program files (x86)\PricePeep
2012-01-15 09:06 . 2012-02-02 15:29 -------- d--h--w- c:\programdata\VS
2012-01-14 23:30 . 2012-02-02 15:35 -------- d-----w- c:\users\Dondre\AppData\Roaming\OpenOffice.org
2012-01-14 23:26 . 2012-02-02 16:23 -------- d-----w- c:\program files (x86)\OpenOffice.org 3
2012-01-14 03:35 . 2012-02-03 19:19 -------- d-----w- c:\users\Dondre\AppData\Roaming\FileZilla
2012-01-14 02:12 . 2012-01-23 07:24 -------- d-----w- c:\users\Dondre\AppData\Roaming\skypePM
2012-01-14 02:11 . 2012-02-04 23:26 -------- d-----w- c:\users\Dondre\AppData\Roaming\Skype
2012-01-13 21:27 . 2011-10-26 05:25 1572864 ----a-w- c:\windows\system32\quartz.dll
2012-01-13 21:27 . 2011-10-26 04:32 1328128 ----a-w- c:\windows\SysWow64\quartz.dll
2012-01-13 21:27 . 2011-10-26 05:25 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-01-13 21:27 . 2011-10-26 04:32 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-01-13 21:27 . 2011-11-17 06:41 1731920 ----a-w- c:\windows\system32\ntdll.dll
2012-01-13 21:27 . 2011-11-17 05:38 1292080 ----a-w- c:\windows\SysWow64\ntdll.dll
2012-01-13 21:27 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll
2012-01-13 21:27 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll
2012-01-08 06:47 . 2012-02-02 15:30 -------- d-----w- c:\users\Dondre\.m2
2012-01-08 06:29 . 2012-02-02 15:36 -------- d-----w- c:\users\Dondre\workspace
2012-01-06 08:05 . 2012-02-02 15:28 -------- d-----w- c:\program files\Microsoft
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-31 12:44 . 2010-11-21 03:27 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-01-26 22:35 . 2012-01-01 18:01 2480064 ----a-w- c:\programdata\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll
2012-01-01 23:19 . 2011-12-26 10:22 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-12-12 00:22 . 2010-06-24 16:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-11-24 04:52 . 2011-12-17 02:15 3145216 ----a-w- c:\windows\system32\win32k.sys
2011-11-10 11:54 . 2011-11-05 08:16 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-07-13 336384]
"PWRISOVM.EXE"="c:\program files (x86)\PowerISO\PWRISOVM.EXE" [2011-06-15 307200]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2011-04-13 503942]
"Dell Registration"="c:\program files (x86)\System Registration\prodreg.exe" [2011-08-04 4165440]
"Dell DataSafe Online"="c:\program files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe" [2010-08-26 1117528]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-16 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-16 932288]
"AccuWeatherWidget"="c:\program files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" [2011-04-29 885760]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2011-2-15 1136928]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 DellDigitalDelivery;Dell Digital Delivery Service;c:\program files (x86)\Dell Digital Delivery\DeliveryService.exe [2011-03-24 148360]
R2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-07-08 1692480]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-01-31 158856]
R3 named;ISC BIND;c:\bind\dns\bin\named.exe [2011-11-19 376832]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
R3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\dell support center\pcdsrvc_x64.pkms [2011-12-14 25072]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 VSPerfDrv100;Performance Tools Driver 10.0;c:\program files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [2011-01-19 68440]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-22 61976]
R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [x]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 427880]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [x]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [x]
S1 MpKslfa932f4f;MpKslfa932f4f;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8127D7CC-542A-48F5-A013-29A8092734A0}\MpKslfa932f4f.sys [2012-01-30 35664]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-03 89600]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-07-13 361984]
S2 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x]
S3 amdhub30;AMD USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\amdhub30.sys [x]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 amdxhc;AMD USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\amdxhc.sys [x]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3876758006-4101071613-2309658849-1002Core.job
- c:\users\Dondre\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-26 20:46]
.
2012-01-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3876758006-4101071613-2309658849-1002UA.job
- c:\users\Dondre\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-26 20:46]
.
2012-01-27 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2011-12-14 04:09]
.
2012-01-27 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\uaclauncher.exe [2011-12-14 04:09]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-05-27 1128448]
"QuickSet"="c:\program files\Dell\QuickSet\QuickSet.exe" [2011-02-10 3668336]
"DellStage"="c:\program files (x86)\Dell Stage\Dell Stage\stage_primary.exe" [2011-04-29 2055016]
"Broadcom Wireless Manager UI"="c:\program files\Dell\DW WLAN Card\WLTRAY.exe" [2011-11-05 7464448]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2011-04-12 609144]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
FF - ProfilePath - c:\users\Dondre\AppData\Roaming\Mozilla\Firefox\Profiles\pb9elo4i.default\
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-dplaysvr - c:\windows\system32\config\systemprofile\AppData\Local\dplaysvr.exe
Wow6432Node-HKLM-Run-mcui_exe - c:\program files\McAfee.com\Agent\mcagent.exe
Wow6432Node-HKLM-Run-dplaysvr - c:\windows\system32\config\systemprofile\AppData\Local\dplaysvr.exe
.
.
.
Completion time: 2012-02-04 19:46:56
ComboFix-quarantined-files.txt 2012-02-05 01:46
.
Pre-Run: 419,696,885,760 bytes free
Post-Run: 420,919,246,848 bytes free
.
- - End Of File - - A953EF67A8478383977C8C6189EA0CB3

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:25 AM

Posted 04 February 2012 - 09:00 PM

Greetings

Good That cleaned up some bad guys but I see some other stuff that we need to go after, so I want you to run this custom script for me.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::


Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 Girbaud

Girbaud
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:25 AM

Posted 05 February 2012 - 12:36 AM

Computer is running okay but I sort of suspect it's not 1oo% yet.

I ran the script and the combofix log is below.

----------------------------------------------------------------
ComboFix 12-02-02.02 - Dondre 02/04/2012 21:44:53.3.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3560.1732 [GMT -6:00]
Running from: c:\users\Dondre\Desktop\ComboFix.exe
Command switches used :: c:\users\Dondre\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-01-05 to 2012-02-05 )))))))))))))))))))))))))))))))
.
.
2012-02-05 03:52 . 2012-02-05 03:52 -------- d-----w- c:\users\WebDial\AppData\Local\temp
2012-02-05 03:52 . 2012-02-05 03:52 -------- d-----w- c:\users\dmr\AppData\Local\temp
2012-02-05 03:52 . 2012-02-05 03:52 -------- d-----w- c:\users\DefaultAppPool\AppData\Local\temp
2012-02-05 03:52 . 2012-02-05 03:52 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-02-05 03:52 . 2012-02-05 03:52 -------- d-----w- c:\users\Classic .NET AppPool\AppData\Local\temp
2012-02-05 03:52 . 2012-02-05 03:52 -------- d-----w- c:\users\ASP.NET V4.0\AppData\Local\temp
2012-02-04 18:42 . 2012-02-04 18:42 -------- d-----w- c:\users\Dondre\AppData\Local\Diagnostics
2012-02-04 14:27 . 2012-01-06 03:15 8602168 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-02-04 14:26 . 2012-01-06 03:15 8602168 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3BCBEBF4-1015-411B-81C1-D8A6B22797C9}\mpengine.dll
2012-02-04 01:10 . 2012-02-04 01:10 -------- d-----w- C:\Python25
2012-02-04 00:42 . 2012-02-04 22:41 -------- d-----w- c:\users\Dondre\Google
2012-02-03 15:25 . 2012-02-03 15:25 -------- d-----w- c:\program files (x86)\Common Files\Skype
2012-02-03 15:21 . 2012-02-03 15:21 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2E3ECC90-EF6A-49FC-983B-5494B36D48D0}\offreg.dll
2012-02-03 15:20 . 2012-01-06 03:15 8602168 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2E3ECC90-EF6A-49FC-983B-5494B36D48D0}\mpengine.dll
2012-02-02 18:43 . 2012-01-29 20:46 917840 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2012-02-02 18:43 . 2012-01-29 20:46 917840 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F6CD7ACF-4241-465A-8E58-FF72AC2543C9}\gapaengine.dll
2012-02-02 17:54 . 2012-02-02 17:56 -------- d-----w- C:\FRST
2012-02-02 12:18 . 2012-02-02 11:46 -------- d-----w- c:\program files (x86)\Firefox
2012-02-02 05:42 . 2012-02-04 22:52 -------- d-----w- C:\pyproject
2012-02-02 05:39 . 2012-02-02 05:39 -------- d-----w- c:\program files (x86)\Google
2012-02-02 04:18 . 2012-02-02 04:18 -------- d-----w- c:\users\Dondre\.idlerc
2012-02-02 03:25 . 2012-02-04 01:01 -------- d-----w- C:\Python27
2012-02-01 18:34 . 2012-02-01 18:34 -------- d-----w- c:\users\Dondre\AppData\Local\Clearwire
2012-02-01 18:34 . 2012-02-01 18:34 -------- d-----w- c:\users\Dondre\AppData\Roaming\Sierra Wireless
2012-02-01 18:33 . 2012-02-02 16:21 -------- d-----w- c:\program files (x86)\Common Files\PctelEapPeer Authentication
2012-02-01 18:33 . 2012-02-01 18:33 -------- d-----w- c:\programdata\Clearwire
2012-02-01 18:33 . 2012-02-01 18:33 -------- d-----w- c:\program files (x86)\Clearwire
2012-01-31 14:01 . 2012-01-31 14:01 -------- d-sh--w- c:\windows\SysWow64\%USERPROFILE%
2012-01-30 00:17 . 2012-01-30 00:17 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8127D7CC-542A-48F5-A013-29A8092734A0}\offreg.dll
2012-01-30 00:16 . 2012-01-30 00:16 35664 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8127D7CC-542A-48F5-A013-29A8092734A0}\MpKslfa932f4f.sys
2012-01-29 20:46 . 2012-01-29 20:46 917840 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FD002EDF-68EF-4742-A468-526D585DA4DD}\gapaengine.dll
2012-01-29 20:46 . 2012-01-06 03:15 8602168 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8127D7CC-542A-48F5-A013-29A8092734A0}\mpengine.dll
2012-01-29 20:45 . 2012-02-02 16:22 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2012-01-29 20:45 . 2012-02-02 16:23 -------- d-----w- c:\program files\Microsoft Security Client
2012-01-29 18:07 . 2012-02-02 16:27 -------- d-----w- c:\windows\Microsoft Antimalware
2012-01-29 15:36 . 2012-01-29 15:36 -------- d-----w- c:\windows\Sun
2012-01-27 18:36 . 2012-02-02 16:22 -------- d-----w- c:\program files (x86)\FileZilla FTP Client
2012-01-27 15:25 . 2012-02-02 15:51 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-01-27 06:42 . 2012-02-02 16:30 -------- d-----w- c:\windows\Windows Defender Offline
2012-01-27 04:50 . 2012-02-02 16:21 -------- d-----w- C:\21ce2fba243b7f207a78
2012-01-26 21:08 . 2012-01-26 21:08 -------- d-----w- c:\users\Dondre\Adobe Photoshop CS5.1
2012-01-26 21:07 . 2012-01-26 21:07 -------- d-----w- c:\users\Dondre\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
2012-01-26 21:07 . 2012-02-02 16:22 -------- d-----w- c:\program files (x86)\Adobe Download Assistant
2012-01-26 21:07 . 2012-02-02 15:21 -------- d-----w- c:\program files (x86)\Common Files\Adobe AIR
2012-01-26 20:46 . 2012-02-02 15:30 -------- d-----w- c:\users\Dondre\AppData\Local\Google
2012-01-26 01:41 . 2009-07-14 01:14 20480 ----a-w- c:\windows\svchost.exe
2012-01-25 19:15 . 2012-01-26 01:40 -------- d-----w- c:\program files (x86)\Deltastock MetaTrader
2012-01-25 19:15 . 2012-01-25 19:15 -------- d-----w- c:\programdata\MetaQuotes
2012-01-25 15:18 . 2012-01-25 15:18 -------- d-----w- c:\users\Dondre\AppData\Local\Mozilla
2012-01-24 08:34 . 2012-01-24 08:34 48464 ----a-w- c:\windows\system32\drivers\agwraaqg.sys
2012-01-22 16:38 . 2012-02-02 16:24 -------- d-----w- c:\users\Dondre\AppData\Local\Eclipse
2012-01-22 16:37 . 2012-02-02 16:21 -------- d-----w- C:\eclipse
2012-01-21 22:55 . 2009-12-06 01:42 85504 ----a-w- c:\windows\SysWow64\ff_vfw.dll
2012-01-21 22:55 . 2012-02-02 16:22 -------- d-----w- c:\program files (x86)\ffdshow
2012-01-21 22:51 . 2012-02-02 16:23 -------- d--h--w- c:\programdata\Ant.com
2012-01-21 22:51 . 2012-02-02 15:20 -------- d-----w- c:\program files (x86)\Ant.com
2012-01-21 22:51 . 2012-02-02 16:22 -------- d-----w- c:\program files (x86)\Common Files\xing shared
2012-01-21 22:51 . 2012-01-21 22:51 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll
2012-01-21 22:51 . 2012-01-21 22:51 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
2012-01-21 22:50 . 2012-02-02 15:26 -------- d-----w- c:\program files (x86)\Real
2012-01-21 22:49 . 2012-02-02 16:23 -------- d-----w- c:\program files (x86)\PricePeep
2012-01-15 09:06 . 2012-02-02 15:29 -------- d--h--w- c:\programdata\VS
2012-01-14 23:30 . 2012-02-02 15:35 -------- d-----w- c:\users\Dondre\AppData\Roaming\OpenOffice.org
2012-01-14 23:26 . 2012-02-02 16:23 -------- d-----w- c:\program files (x86)\OpenOffice.org 3
2012-01-14 03:35 . 2012-02-03 19:19 -------- d-----w- c:\users\Dondre\AppData\Roaming\FileZilla
2012-01-14 02:12 . 2012-01-23 07:24 -------- d-----w- c:\users\Dondre\AppData\Roaming\skypePM
2012-01-14 02:11 . 2012-02-04 23:26 -------- d-----w- c:\users\Dondre\AppData\Roaming\Skype
2012-01-13 21:27 . 2011-10-26 05:25 1572864 ----a-w- c:\windows\system32\quartz.dll
2012-01-13 21:27 . 2011-10-26 04:32 1328128 ----a-w- c:\windows\SysWow64\quartz.dll
2012-01-13 21:27 . 2011-10-26 05:25 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-01-13 21:27 . 2011-10-26 04:32 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-01-13 21:27 . 2011-11-17 06:41 1731920 ----a-w- c:\windows\system32\ntdll.dll
2012-01-13 21:27 . 2011-11-17 05:38 1292080 ----a-w- c:\windows\SysWow64\ntdll.dll
2012-01-13 21:27 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll
2012-01-13 21:27 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll
2012-01-08 06:47 . 2012-02-02 15:30 -------- d-----w- c:\users\Dondre\.m2
2012-01-08 06:29 . 2012-02-02 15:36 -------- d-----w- c:\users\Dondre\workspace
2012-01-06 08:05 . 2012-02-02 15:28 -------- d-----w- c:\program files\Microsoft
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-31 12:44 . 2010-11-21 03:27 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-01-26 22:35 . 2012-01-01 18:01 2480064 ----a-w- c:\programdata\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll
2012-01-01 23:19 . 2011-12-26 10:22 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-12-12 00:22 . 2010-06-24 16:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-11-24 04:52 . 2011-12-17 02:15 3145216 ----a-w- c:\windows\system32\win32k.sys
2011-11-10 11:54 . 2011-11-05 08:16 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-07-13 336384]
"PWRISOVM.EXE"="c:\program files (x86)\PowerISO\PWRISOVM.EXE" [2011-06-15 307200]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2011-04-13 503942]
"Dell Registration"="c:\program files (x86)\System Registration\prodreg.exe" [2011-08-04 4165440]
"Dell DataSafe Online"="c:\program files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe" [2010-08-26 1117528]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-16 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-16 932288]
"AccuWeatherWidget"="c:\program files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" [2011-04-29 885760]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2011-2-15 1136928]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 DellDigitalDelivery;Dell Digital Delivery Service;c:\program files (x86)\Dell Digital Delivery\DeliveryService.exe [2011-03-24 148360]
R2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-07-08 1692480]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-01-31 158856]
R3 named;ISC BIND;c:\bind\dns\bin\named.exe [2011-11-19 376832]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
R3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\dell support center\pcdsrvc_x64.pkms [2011-12-14 25072]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 VSPerfDrv100;Performance Tools Driver 10.0;c:\program files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [2011-01-19 68440]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-22 61976]
R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [x]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 427880]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [x]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [x]
S1 MpKslfa932f4f;MpKslfa932f4f;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8127D7CC-542A-48F5-A013-29A8092734A0}\MpKslfa932f4f.sys [2012-01-30 35664]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-03 89600]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-07-13 361984]
S2 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x]
S3 amdhub30;AMD USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\amdhub30.sys [x]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 amdxhc;AMD USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\amdxhc.sys [x]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3876758006-4101071613-2309658849-1002Core.job
- c:\users\Dondre\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-26 20:46]
.
2012-01-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3876758006-4101071613-2309658849-1002UA.job
- c:\users\Dondre\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-26 20:46]
.
2012-01-27 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2011-12-14 04:09]
.
2012-01-27 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\uaclauncher.exe [2011-12-14 04:09]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-05-27 1128448]
"DellStage"="c:\program files (x86)\Dell Stage\Dell Stage\stage_primary.exe" [2011-04-29 2055016]
"Broadcom Wireless Manager UI"="c:\program files\Dell\DW WLAN Card\WLTRAY.exe" [2011-11-05 7464448]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2011-04-12 609144]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
FF - ProfilePath - c:\users\Dondre\AppData\Roaming\Mozilla\Firefox\Profiles\pb9elo4i.default\
.
.
Completion time: 2012-02-04 23:27:42
ComboFix-quarantined-files.txt 2012-02-05 05:27
ComboFix2.txt 2012-02-05 01:46
.
Pre-Run: 420,902,494,208 bytes free
Post-Run: 420,874,137,600 bytes free
.
- - End Of File - - E3153C78DFB79ADED22643659EE98FB8

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:25 AM

Posted 05 February 2012 - 12:47 AM

Hello

I want you to run this tool for me next.

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 Girbaud

Girbaud
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:25 AM

Posted 05 February 2012 - 12:54 AM

Hi,

Appreciate all the help.

Here's the log below.

---------------------------------------------

23:51:52.0794 4832 TDSS rootkit removing tool 2.7.9.0 Feb 1 2012 09:28:49
23:51:53.0306 4832 ============================================================
23:51:53.0306 4832 Current date / time: 2012/02/04 23:51:53.0306
23:51:53.0306 4832 SystemInfo:
23:51:53.0306 4832
23:51:53.0306 4832 OS Version: 6.1.7601 ServicePack: 1.0
23:51:53.0306 4832 Product type: Workstation
23:51:53.0307 4832 ComputerName: DONDRE-GBLAPTOP
23:51:53.0307 4832 UserName: Dondre
23:51:53.0307 4832 Windows directory: C:\windows
23:51:53.0307 4832 System windows directory: C:\windows
23:51:53.0307 4832 Running under WOW64
23:51:53.0307 4832 Processor architecture: Intel x64
23:51:53.0307 4832 Number of processors: 4
23:51:53.0307 4832 Page size: 0x1000
23:51:53.0307 4832 Boot type: Normal boot
23:51:53.0307 4832 ============================================================
23:51:53.0978 4832 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
23:51:53.0997 4832 \Device\Harddisk0\DR0:
23:51:54.0008 4832 MBR used
23:51:54.0008 4832 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1D4C000
23:51:54.0008 4832 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1D7E800, BlocksNum 0x38607030
23:51:54.0041 4832 Initialize success
23:51:54.0041 4832 ============================================================
23:51:55.0873 4416 ============================================================
23:51:55.0873 4416 Scan started
23:51:55.0873 4416 Mode: Manual;
23:51:55.0873 4416 ============================================================
23:51:56.0604 4416 1394ohci (a87d604aea360176311474c87a63bb88) C:\windows\system32\drivers\1394ohci.sys
23:51:56.0609 4416 1394ohci - ok
23:51:56.0654 4416 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\windows\system32\drivers\ACPI.sys
23:51:56.0662 4416 ACPI - ok
23:51:56.0682 4416 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\windows\system32\drivers\acpipmi.sys
23:51:56.0683 4416 AcpiPmi - ok
23:51:56.0735 4416 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\drivers\adp94xx.sys
23:51:56.0742 4416 adp94xx - ok
23:51:56.0785 4416 adpahci (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\drivers\adpahci.sys
23:51:56.0791 4416 adpahci - ok
23:51:56.0815 4416 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\drivers\adpu320.sys
23:51:56.0819 4416 adpu320 - ok
23:51:56.0876 4416 AFD (d5b031c308a409a0a576bff4cf083d30) C:\windows\system32\drivers\afd.sys
23:51:56.0885 4416 AFD - ok
23:51:56.0903 4416 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\drivers\agp440.sys
23:51:56.0904 4416 agp440 - ok
23:51:56.0938 4416 aliide (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\drivers\aliide.sys
23:51:56.0938 4416 aliide - ok
23:51:57.0016 4416 amdhub30 (f1a84d67a03f7536ebda9db426ef0e00) C:\windows\system32\DRIVERS\amdhub30.sys
23:51:57.0017 4416 amdhub30 - ok
23:51:57.0035 4416 amdide (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\drivers\amdide.sys
23:51:57.0036 4416 amdide - ok
23:51:57.0083 4416 amdiox64 (6a2eeb0c4133b20773bb3dd0b7b377b4) C:\windows\system32\DRIVERS\amdiox64.sys
23:51:57.0085 4416 amdiox64 - ok
23:51:57.0116 4416 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\drivers\amdk8.sys
23:51:57.0118 4416 AmdK8 - ok
23:51:57.0414 4416 amdkmdag (8bd152eaaefeb8667e7e43fd8cac3642) C:\windows\system32\DRIVERS\atikmdag.sys
23:51:57.0498 4416 amdkmdag - ok
23:51:57.0640 4416 amdkmdap (4112266bd3949ebe9b0b8ab198d3d0ee) C:\windows\system32\DRIVERS\atikmpag.sys
23:51:57.0645 4416 amdkmdap - ok
23:51:57.0718 4416 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\DRIVERS\amdppm.sys
23:51:57.0722 4416 AmdPPM - ok
23:51:57.0758 4416 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\windows\system32\drivers\amdsata.sys
23:51:57.0760 4416 amdsata - ok
23:51:57.0826 4416 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\drivers\amdsbs.sys
23:51:57.0830 4416 amdsbs - ok
23:51:57.0849 4416 amdxata (540daf1cea6094886d72126fd7c33048) C:\windows\system32\drivers\amdxata.sys
23:51:57.0850 4416 amdxata - ok
23:51:57.0904 4416 amdxhc (d8c25ff90e2e8fc7cbe26e2203ec4757) C:\windows\system32\DRIVERS\amdxhc.sys
23:51:57.0906 4416 amdxhc - ok
23:51:57.0958 4416 amd_sata (bb4fe7889db9cbbe61a308e99697f53c) C:\windows\system32\DRIVERS\amd_sata.sys
23:51:57.0960 4416 amd_sata - ok
23:51:57.0980 4416 amd_xata (5631cba53f1cbea3f9e88348e6723391) C:\windows\system32\DRIVERS\amd_xata.sys
23:51:57.0981 4416 amd_xata - ok
23:51:58.0077 4416 ApfiltrService (24ed0eb2b2558970176ecee680f8f806) C:\windows\system32\DRIVERS\Apfiltr.sys
23:51:58.0083 4416 ApfiltrService - ok
23:51:58.0148 4416 AppID (89a69c3f2f319b43379399547526d952) C:\windows\system32\drivers\appid.sys
23:51:58.0152 4416 AppID - ok
23:51:58.0225 4416 arc (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\drivers\arc.sys
23:51:58.0227 4416 arc - ok
23:51:58.0265 4416 arcsas (019af6924aefe7839f61c830227fe79c) C:\windows\system32\drivers\arcsas.sys
23:51:58.0267 4416 arcsas - ok
23:51:58.0336 4416 AsyncMac (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys
23:51:58.0337 4416 AsyncMac - ok
23:51:58.0363 4416 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\drivers\atapi.sys
23:51:58.0364 4416 atapi - ok
23:51:58.0429 4416 AtiHDAudioService (cbd14f698def12ee3557604b726cb8eb) C:\windows\system32\drivers\AtihdW76.sys
23:51:58.0432 4416 AtiHDAudioService - ok
23:51:58.0527 4416 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\windows\system32\drivers\bxvbda.sys
23:51:58.0535 4416 b06bdrv - ok
23:51:58.0564 4416 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys
23:51:58.0567 4416 b57nd60a - ok
23:51:58.0591 4416 BCM42RLY (801ce1cdf383492b927821c05cb6e8d5) C:\windows\system32\drivers\BCM42RLY.sys
23:51:58.0592 4416 BCM42RLY - ok
23:51:58.0761 4416 BCM43XX (783f1c7ed6b39454a8d1028d4f30768d) C:\windows\system32\DRIVERS\bcmwl664.sys
23:51:58.0803 4416 BCM43XX - ok
23:51:58.0929 4416 Beep (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys
23:51:58.0949 4416 Beep - ok
23:51:59.0046 4416 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\DRIVERS\blbdrive.sys
23:51:59.0048 4416 blbdrive - ok
23:51:59.0073 4416 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\windows\system32\DRIVERS\bowser.sys
23:51:59.0096 4416 bowser - ok
23:51:59.0115 4416 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\drivers\BrFiltLo.sys
23:51:59.0116 4416 BrFiltLo - ok
23:51:59.0138 4416 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\drivers\BrFiltUp.sys
23:51:59.0138 4416 BrFiltUp - ok
23:51:59.0199 4416 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\windows\system32\DRIVERS\bridge.sys
23:51:59.0219 4416 BridgeMP - ok
23:51:59.0257 4416 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\System32\Drivers\Brserid.sys
23:51:59.0262 4416 Brserid - ok
23:51:59.0282 4416 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys
23:51:59.0284 4416 BrSerWdm - ok
23:51:59.0304 4416 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys
23:51:59.0306 4416 BrUsbMdm - ok
23:51:59.0326 4416 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\windows\System32\Drivers\BrUsbSer.sys
23:51:59.0327 4416 BrUsbSer - ok
23:51:59.0365 4416 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\windows\system32\drivers\BthEnum.sys
23:51:59.0369 4416 BthEnum - ok
23:51:59.0390 4416 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\drivers\bthmodem.sys
23:51:59.0392 4416 BTHMODEM - ok
23:51:59.0419 4416 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\windows\system32\DRIVERS\bthpan.sys
23:51:59.0421 4416 BthPan - ok
23:51:59.0467 4416 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\windows\system32\Drivers\BTHport.sys
23:51:59.0479 4416 BTHPORT - ok
23:51:59.0508 4416 BTHUSB (f188b7394d81010767b6df3178519a37) C:\windows\system32\Drivers\BTHUSB.sys
23:51:59.0512 4416 BTHUSB - ok
23:51:59.0572 4416 BTWAMPFL (a0dfb69ade3444c78b17636fcf28e898) C:\windows\system32\DRIVERS\btwampfl.sys
23:51:59.0578 4416 BTWAMPFL - ok
23:51:59.0607 4416 btwaudio (7cf028ce78696882b327ff13d2dfa534) C:\windows\system32\drivers\btwaudio.sys
23:51:59.0610 4416 btwaudio - ok
23:51:59.0650 4416 btwavdt (3def2370e414b4e299673558ba171a51) C:\windows\system32\DRIVERS\btwavdt.sys
23:51:59.0652 4416 btwavdt - ok
23:51:59.0677 4416 btwl2cap (346b4051b3d7ff70e8f027869b8eca6e) C:\windows\system32\DRIVERS\btwl2cap.sys
23:51:59.0679 4416 btwl2cap - ok
23:51:59.0718 4416 btwrchid (9937e0e4dfc0030560a6dfe9d3a94b39) C:\windows\system32\DRIVERS\btwrchid.sys
23:51:59.0719 4416 btwrchid - ok
23:51:59.0768 4416 catchme - ok
23:51:59.0811 4416 cdfs (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys
23:51:59.0816 4416 cdfs - ok
23:51:59.0855 4416 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\windows\system32\DRIVERS\cdrom.sys
23:51:59.0860 4416 cdrom - ok
23:51:59.0892 4416 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\drivers\circlass.sys
23:51:59.0893 4416 circlass - ok
23:51:59.0970 4416 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys
23:51:59.0979 4416 CLFS - ok
23:52:00.0045 4416 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\DRIVERS\CmBatt.sys
23:52:00.0047 4416 CmBatt - ok
23:52:00.0067 4416 cmdide (e19d3f095812725d88f9001985b94edd) C:\windows\system32\drivers\cmdide.sys
23:52:00.0069 4416 cmdide - ok
23:52:00.0112 4416 CNG (c4943b6c962e4b82197542447ad599f4) C:\windows\system32\Drivers\cng.sys
23:52:00.0119 4416 CNG - ok
23:52:00.0163 4416 Compbatt (102de219c3f61415f964c88e9085ad14) C:\windows\system32\drivers\compbatt.sys
23:52:00.0166 4416 Compbatt - ok
23:52:00.0193 4416 CompositeBus (03edb043586cceba243d689bdda370a8) C:\windows\system32\DRIVERS\CompositeBus.sys
23:52:00.0196 4416 CompositeBus - ok
23:52:00.0224 4416 crcdisk (1c827878a998c18847245fe1f34ee597) C:\windows\system32\drivers\crcdisk.sys
23:52:00.0225 4416 crcdisk - ok
23:52:00.0284 4416 CtClsFlt (bc3d4f90978cd7c8eabd1baf3bf7873a) C:\windows\system32\DRIVERS\CtClsFlt.sys
23:52:00.0287 4416 CtClsFlt - ok
23:52:00.0333 4416 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\windows\system32\Drivers\dfsc.sys
23:52:00.0336 4416 DfsC - ok
23:52:00.0358 4416 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys
23:52:00.0360 4416 discache - ok
23:52:00.0385 4416 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\drivers\disk.sys
23:52:00.0388 4416 Disk - ok
23:52:00.0426 4416 drmkaud (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys
23:52:00.0429 4416 drmkaud - ok
23:52:00.0490 4416 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\windows\System32\drivers\dxgkrnl.sys
23:52:00.0510 4416 DXGKrnl - ok
23:52:00.0619 4416 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\drivers\evbda.sys
23:52:00.0647 4416 ebdrv - ok
23:52:00.0737 4416 elxstor (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\drivers\elxstor.sys
23:52:00.0745 4416 elxstor - ok
23:52:00.0763 4416 ErrDev (34a3c54752046e79a126e15c51db409b) C:\windows\system32\drivers\errdev.sys
23:52:00.0764 4416 ErrDev - ok
23:52:00.0837 4416 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys
23:52:00.0843 4416 exfat - ok
23:52:00.0864 4416 fastfat (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys
23:52:00.0871 4416 fastfat - ok
23:52:00.0896 4416 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\drivers\fdc.sys
23:52:00.0897 4416 fdc - ok
23:52:00.0942 4416 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\windows\system32\drivers\fileinfo.sys
23:52:00.0946 4416 FileInfo - ok
23:52:00.0968 4416 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\windows\system32\drivers\filetrace.sys
23:52:00.0971 4416 Filetrace - ok
23:52:00.0994 4416 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\windows\system32\drivers\flpydisk.sys
23:52:00.0995 4416 flpydisk - ok
23:52:01.0028 4416 FltMgr (da6b67270fd9db3697b20fce94950741) C:\windows\system32\drivers\fltmgr.sys
23:52:01.0035 4416 FltMgr - ok
23:52:01.0066 4416 FsDepends (d43703496149971890703b4b1b723eac) C:\windows\system32\drivers\FsDepends.sys
23:52:01.0069 4416 FsDepends - ok
23:52:01.0088 4416 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\windows\system32\drivers\Fs_Rec.sys
23:52:01.0091 4416 Fs_Rec - ok
23:52:01.0116 4416 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\windows\system32\DRIVERS\fvevol.sys
23:52:01.0121 4416 fvevol - ok
23:52:01.0150 4416 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\windows\system32\drivers\gagp30kx.sys
23:52:01.0151 4416 gagp30kx - ok
23:52:01.0177 4416 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\windows\system32\drivers\hcw85cir.sys
23:52:01.0178 4416 hcw85cir - ok
23:52:01.0243 4416 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\windows\system32\drivers\HdAudio.sys
23:52:01.0251 4416 HdAudAddService - ok
23:52:01.0282 4416 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\windows\system32\DRIVERS\HDAudBus.sys
23:52:01.0286 4416 HDAudBus - ok
23:52:01.0305 4416 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\windows\system32\drivers\HidBatt.sys
23:52:01.0306 4416 HidBatt - ok
23:52:01.0329 4416 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\windows\system32\drivers\hidbth.sys
23:52:01.0331 4416 HidBth - ok
23:52:01.0363 4416 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\windows\system32\drivers\hidir.sys
23:52:01.0364 4416 HidIr - ok
23:52:01.0410 4416 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\windows\system32\drivers\hidusb.sys
23:52:01.0413 4416 HidUsb - ok
23:52:01.0450 4416 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\windows\system32\drivers\HpSAMD.sys
23:52:01.0451 4416 HpSAMD - ok
23:52:01.0515 4416 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\windows\system32\drivers\HTTP.sys
23:52:01.0532 4416 HTTP - ok
23:52:01.0549 4416 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\windows\system32\drivers\hwpolicy.sys
23:52:01.0552 4416 hwpolicy - ok
23:52:01.0575 4416 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\windows\system32\DRIVERS\i8042prt.sys
23:52:01.0579 4416 i8042prt - ok
23:52:01.0605 4416 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\windows\system32\drivers\iaStorV.sys
23:52:01.0610 4416 iaStorV - ok
23:52:01.0656 4416 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\windows\system32\drivers\iirsp.sys
23:52:01.0658 4416 iirsp - ok
23:52:01.0699 4416 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\windows\system32\drivers\intelide.sys
23:52:01.0700 4416 intelide - ok
23:52:01.0728 4416 intelppm (ada036632c664caa754079041cf1f8c1) C:\windows\system32\drivers\intelppm.sys
23:52:01.0729 4416 intelppm - ok
23:52:01.0755 4416 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\windows\system32\DRIVERS\ipfltdrv.sys
23:52:01.0758 4416 IpFilterDriver - ok
23:52:01.0779 4416 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\windows\system32\drivers\IPMIDrv.sys
23:52:01.0780 4416 IPMIDRV - ok
23:52:01.0813 4416 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\windows\system32\drivers\ipnat.sys
23:52:01.0818 4416 IPNAT - ok
23:52:01.0837 4416 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\windows\system32\drivers\irenum.sys
23:52:01.0839 4416 IRENUM - ok
23:52:01.0859 4416 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\windows\system32\drivers\isapnp.sys
23:52:01.0860 4416 isapnp - ok
23:52:01.0906 4416 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\windows\system32\drivers\msiscsi.sys
23:52:01.0910 4416 iScsiPrt - ok
23:52:01.0965 4416 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\windows\system32\DRIVERS\kbdclass.sys
23:52:01.0966 4416 kbdclass - ok
23:52:02.0004 4416 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\windows\system32\drivers\kbdhid.sys
23:52:02.0005 4416 kbdhid - ok
23:52:02.0038 4416 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\windows\system32\Drivers\ksecdd.sys
23:52:02.0042 4416 KSecDD - ok
23:52:02.0063 4416 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\windows\system32\Drivers\ksecpkg.sys
23:52:02.0068 4416 KSecPkg - ok
23:52:02.0087 4416 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\windows\system32\drivers\ksthunk.sys
23:52:02.0090 4416 ksthunk - ok
23:52:02.0192 4416 lltdio (1538831cf8ad2979a04c423779465827) C:\windows\system32\DRIVERS\lltdio.sys
23:52:02.0195 4416 lltdio - ok
23:52:02.0242 4416 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\windows\system32\drivers\lsi_fc.sys
23:52:02.0243 4416 LSI_FC - ok
23:52:02.0263 4416 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\windows\system32\drivers\lsi_sas.sys
23:52:02.0265 4416 LSI_SAS - ok
23:52:02.0285 4416 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\windows\system32\drivers\lsi_sas2.sys
23:52:02.0287 4416 LSI_SAS2 - ok
23:52:02.0308 4416 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\windows\system32\drivers\lsi_scsi.sys
23:52:02.0310 4416 LSI_SCSI - ok
23:52:02.0330 4416 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys
23:52:02.0333 4416 luafv - ok
23:52:02.0353 4416 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\drivers\megasas.sys
23:52:02.0354 4416 megasas - ok
23:52:02.0404 4416 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\drivers\MegaSR.sys
23:52:02.0408 4416 MegaSR - ok
23:52:02.0432 4416 Modem (800ba92f7010378b09f9ed9270f07137) C:\windows\system32\drivers\modem.sys
23:52:02.0435 4416 Modem - ok
23:52:02.0463 4416 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\windows\system32\DRIVERS\monitor.sys
23:52:02.0464 4416 monitor - ok
23:52:02.0492 4416 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\windows\system32\DRIVERS\mouclass.sys
23:52:02.0496 4416 mouclass - ok
23:52:02.0516 4416 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\windows\system32\drivers\mouhid.sys
23:52:02.0518 4416 mouhid - ok
23:52:02.0562 4416 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\windows\system32\drivers\mountmgr.sys
23:52:02.0565 4416 mountmgr - ok
23:52:02.0587 4416 MpFilter (c177a7ebf5e8a0b596f618870516cab8) C:\windows\system32\DRIVERS\MpFilter.sys
23:52:02.0591 4416 MpFilter - ok
23:52:02.0611 4416 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\windows\system32\drivers\mpio.sys
23:52:02.0614 4416 mpio - ok
23:52:02.0810 4416 MpKslfa932f4f (0ebb390b7aeec45ec061d9870a34fd42) c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{8127D7CC-542A-48F5-A013-29A8092734A0}\MpKslfa932f4f.sys
23:52:02.0811 4416 MpKslfa932f4f - ok
23:52:02.0911 4416 MpNWMon (8fbf6b31fe8af1833d93c5913d5b4d55) C:\windows\system32\DRIVERS\MpNWMon.sys
23:52:02.0912 4416 MpNWMon - ok
23:52:02.0936 4416 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\windows\system32\drivers\mpsdrv.sys
23:52:02.0940 4416 mpsdrv - ok
23:52:02.0968 4416 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\windows\system32\drivers\mrxdav.sys
23:52:02.0974 4416 MRxDAV - ok
23:52:02.0995 4416 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\windows\system32\DRIVERS\mrxsmb.sys
23:52:03.0000 4416 mrxsmb - ok
23:52:03.0024 4416 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\windows\system32\DRIVERS\mrxsmb10.sys
23:52:03.0032 4416 mrxsmb10 - ok
23:52:03.0053 4416 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\windows\system32\DRIVERS\mrxsmb20.sys
23:52:03.0058 4416 mrxsmb20 - ok
23:52:03.0077 4416 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\windows\system32\drivers\msahci.sys
23:52:03.0078 4416 msahci - ok
23:52:03.0102 4416 msdsm (db801a638d011b9633829eb6f663c900) C:\windows\system32\drivers\msdsm.sys
23:52:03.0105 4416 msdsm - ok
23:52:03.0140 4416 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\windows\system32\drivers\Msfs.sys
23:52:03.0142 4416 Msfs - ok
23:52:03.0158 4416 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\windows\System32\drivers\mshidkmdf.sys
23:52:03.0161 4416 mshidkmdf - ok
23:52:03.0178 4416 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\windows\system32\drivers\msisadrv.sys
23:52:03.0180 4416 msisadrv - ok
23:52:03.0258 4416 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\windows\system32\drivers\MSKSSRV.sys
23:52:03.0260 4416 MSKSSRV - ok
23:52:03.0317 4416 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\windows\system32\drivers\MSPCLOCK.sys
23:52:03.0319 4416 MSPCLOCK - ok
23:52:03.0341 4416 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\windows\system32\drivers\MSPQM.sys
23:52:03.0344 4416 MSPQM - ok
23:52:03.0369 4416 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\windows\system32\drivers\MsRPC.sys
23:52:03.0376 4416 MsRPC - ok
23:52:03.0395 4416 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\windows\system32\DRIVERS\mssmbios.sys
23:52:03.0398 4416 mssmbios - ok
23:52:03.0422 4416 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\windows\system32\drivers\MSTEE.sys
23:52:03.0424 4416 MSTEE - ok
23:52:03.0441 4416 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\windows\system32\drivers\MTConfig.sys
23:52:03.0442 4416 MTConfig - ok
23:52:03.0460 4416 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\windows\system32\Drivers\mup.sys
23:52:03.0463 4416 Mup - ok
23:52:03.0529 4416 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\windows\system32\DRIVERS\nwifi.sys
23:52:03.0537 4416 NativeWifiP - ok
23:52:03.0630 4416 NDIS (c38b8ae57f78915905064a9a24dc1586) C:\windows\system32\drivers\ndis.sys
23:52:03.0641 4416 NDIS - ok
23:52:03.0678 4416 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\windows\system32\DRIVERS\ndiscap.sys
23:52:03.0681 4416 NdisCap - ok
23:52:03.0714 4416 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\windows\system32\DRIVERS\ndistapi.sys
23:52:03.0717 4416 NdisTapi - ok
23:52:03.0738 4416 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\windows\system32\DRIVERS\ndisuio.sys
23:52:03.0741 4416 Ndisuio - ok
23:52:03.0764 4416 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\windows\system32\DRIVERS\ndiswan.sys
23:52:03.0770 4416 NdisWan - ok
23:52:03.0789 4416 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\windows\system32\drivers\NDProxy.sys
23:52:03.0793 4416 NDProxy - ok
23:52:03.0813 4416 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\windows\system32\DRIVERS\netbios.sys
23:52:03.0816 4416 NetBIOS - ok
23:52:03.0836 4416 NetBT (09594d1089c523423b32a4229263f068) C:\windows\system32\DRIVERS\netbt.sys
23:52:03.0841 4416 NetBT - ok
23:52:03.0913 4416 nfrd960 (77889813be4d166cdab78ddba990da92) C:\windows\system32\drivers\nfrd960.sys
23:52:03.0914 4416 nfrd960 - ok
23:52:03.0936 4416 NisDrv (5f7d72cbcdd025af1f38fdeee5646968) C:\windows\system32\DRIVERS\NisDrvWFP.sys
23:52:03.0938 4416 NisDrv - ok
23:52:03.0984 4416 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\windows\system32\drivers\Npfs.sys
23:52:03.0986 4416 Npfs - ok
23:52:04.0005 4416 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\windows\system32\drivers\nsiproxy.sys
23:52:04.0008 4416 nsiproxy - ok
23:52:04.0148 4416 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\windows\system32\drivers\Ntfs.sys
23:52:04.0163 4416 Ntfs - ok
23:52:04.0186 4416 Null (9899284589f75fa8724ff3d16aed75c1) C:\windows\system32\drivers\Null.sys
23:52:04.0186 4416 Null - ok
23:52:04.0233 4416 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\windows\system32\drivers\nvraid.sys
23:52:04.0236 4416 nvraid - ok
23:52:04.0265 4416 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\windows\system32\drivers\nvstor.sys
23:52:04.0269 4416 nvstor - ok
23:52:04.0289 4416 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\windows\system32\drivers\nv_agp.sys
23:52:04.0293 4416 nv_agp - ok
23:52:04.0311 4416 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\windows\system32\drivers\ohci1394.sys
23:52:04.0312 4416 ohci1394 - ok
23:52:04.0336 4416 Parport (0086431c29c35be1dbc43f52cc273887) C:\windows\system32\drivers\parport.sys
23:52:04.0337 4416 Parport - ok
23:52:04.0374 4416 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\windows\system32\drivers\partmgr.sys
23:52:04.0377 4416 partmgr - ok
23:52:04.0421 4416 PCDSRVC{1E208CE0-FB7451FF-06020101}_0 (7317a0b550f7ac0223b7070897670476) c:\program files\dell support center\pcdsrvc_x64.pkms
23:52:04.0423 4416 PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - ok
23:52:04.0466 4416 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\windows\system32\drivers\pci.sys
23:52:04.0471 4416 pci - ok
23:52:04.0490 4416 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\windows\system32\drivers\pciide.sys
23:52:04.0493 4416 pciide - ok
23:52:04.0537 4416 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\windows\system32\drivers\pcmcia.sys
23:52:04.0542 4416 pcmcia - ok
23:52:04.0567 4416 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\windows\system32\drivers\pcw.sys
23:52:04.0571 4416 pcw - ok
23:52:04.0599 4416 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\windows\system32\drivers\peauth.sys
23:52:04.0610 4416 PEAUTH - ok
23:52:04.0715 4416 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\windows\system32\DRIVERS\raspptp.sys
23:52:04.0720 4416 PptpMiniport - ok
23:52:04.0740 4416 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\windows\system32\drivers\processr.sys
23:52:04.0742 4416 Processor - ok
23:52:04.0808 4416 Psched (0557cf5a2556bd58e26384169d72438d) C:\windows\system32\DRIVERS\pacer.sys
23:52:04.0812 4416 Psched - ok
23:52:04.0959 4416 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\windows\system32\drivers\ql2300.sys
23:52:04.0983 4416 ql2300 - ok
23:52:05.0004 4416 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\windows\system32\drivers\ql40xx.sys
23:52:05.0005 4416 ql40xx - ok
23:52:05.0026 4416 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\windows\system32\drivers\qwavedrv.sys
23:52:05.0028 4416 QWAVEdrv - ok
23:52:05.0045 4416 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\windows\system32\DRIVERS\rasacd.sys
23:52:05.0047 4416 RasAcd - ok
23:52:05.0122 4416 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\windows\system32\DRIVERS\AgileVpn.sys
23:52:05.0126 4416 RasAgileVpn - ok
23:52:05.0154 4416 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\windows\system32\DRIVERS\rasl2tp.sys
23:52:05.0159 4416 Rasl2tp - ok
23:52:05.0183 4416 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\windows\system32\DRIVERS\raspppoe.sys
23:52:05.0186 4416 RasPppoe - ok
23:52:05.0226 4416 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\windows\system32\DRIVERS\rassstp.sys
23:52:05.0230 4416 RasSstp - ok
23:52:05.0255 4416 rdbss (77f665941019a1594d887a74f301fa2f) C:\windows\system32\DRIVERS\rdbss.sys
23:52:05.0263 4416 rdbss - ok
23:52:05.0281 4416 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\windows\system32\drivers\rdpbus.sys
23:52:05.0283 4416 rdpbus - ok
23:52:05.0317 4416 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\windows\system32\DRIVERS\RDPCDD.sys
23:52:05.0320 4416 RDPCDD - ok
23:52:05.0352 4416 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\windows\system32\drivers\rdpencdd.sys
23:52:05.0355 4416 RDPENCDD - ok
23:52:05.0398 4416 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\windows\system32\drivers\rdprefmp.sys
23:52:05.0400 4416 RDPREFMP - ok
23:52:05.0419 4416 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\windows\system32\drivers\RDPWD.sys
23:52:05.0423 4416 RDPWD - ok
23:52:05.0443 4416 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\windows\system32\drivers\rdyboost.sys
23:52:05.0448 4416 rdyboost - ok
23:52:05.0496 4416 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\windows\system32\DRIVERS\rfcomm.sys
23:52:05.0501 4416 RFCOMM - ok
23:52:05.0569 4416 RsFx0103 (cd553b8633466a6d1c115812f2619f1f) C:\windows\system32\DRIVERS\RsFx0103.sys
23:52:05.0574 4416 RsFx0103 - ok
23:52:05.0609 4416 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\windows\system32\DRIVERS\rspndr.sys
23:52:05.0613 4416 rspndr - ok
23:52:05.0661 4416 RSUSBSTOR (135a64530d7699ad48f29d73a658dd11) C:\windows\system32\Drivers\RtsUStor.sys
23:52:05.0665 4416 RSUSBSTOR - ok
23:52:05.0701 4416 RTL8167 (9140db0911de035fed0a9a77a2d156ea) C:\windows\system32\DRIVERS\Rt64win7.sys
23:52:05.0710 4416 RTL8167 - ok
23:52:05.0755 4416 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\windows\system32\drivers\sbp2port.sys
23:52:05.0757 4416 sbp2port - ok
23:52:05.0797 4416 SCDEmu (b2f50286dc82b93c013e3fc57ba1a956) C:\windows\system32\drivers\SCDEmu.sys
23:52:05.0800 4416 SCDEmu - ok
23:52:05.0820 4416 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\windows\system32\DRIVERS\scfilter.sys
23:52:05.0823 4416 scfilter - ok
23:52:05.0864 4416 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\windows\system32\DRIVERS\sdbus.sys
23:52:05.0869 4416 sdbus - ok
23:52:05.0904 4416 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys
23:52:05.0905 4416 secdrv - ok
23:52:05.0946 4416 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\windows\system32\drivers\serenum.sys
23:52:05.0947 4416 Serenum - ok
23:52:05.0970 4416 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\windows\system32\drivers\serial.sys
23:52:05.0973 4416 Serial - ok
23:52:05.0991 4416 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\windows\system32\drivers\sermouse.sys
23:52:05.0993 4416 sermouse - ok
23:52:06.0025 4416 sffdisk (a554811bcd09279536440c964ae35bbf) C:\windows\system32\drivers\sffdisk.sys
23:52:06.0026 4416 sffdisk - ok
23:52:06.0044 4416 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\windows\system32\drivers\sffp_mmc.sys
23:52:06.0045 4416 sffp_mmc - ok
23:52:06.0063 4416 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\windows\system32\drivers\sffp_sd.sys
23:52:06.0064 4416 sffp_sd - ok
23:52:06.0085 4416 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\windows\system32\drivers\sfloppy.sys
23:52:06.0086 4416 sfloppy - ok
23:52:06.0134 4416 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\windows\system32\drivers\SiSRaid2.sys
23:52:06.0136 4416 SiSRaid2 - ok
23:52:06.0158 4416 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\windows\system32\drivers\sisraid4.sys
23:52:06.0160 4416 SiSRaid4 - ok
23:52:06.0210 4416 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\windows\system32\DRIVERS\smb.sys
23:52:06.0214 4416 Smb - ok
23:52:06.0275 4416 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\windows\system32\drivers\spldr.sys
23:52:06.0277 4416 spldr - ok
23:52:06.0331 4416 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\windows\system32\DRIVERS\srv.sys
23:52:06.0338 4416 srv - ok
23:52:06.0380 4416 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\windows\system32\DRIVERS\srv2.sys
23:52:06.0389 4416 srv2 - ok
23:52:06.0434 4416 srvnet (27e461f0be5bff5fc737328f749538c3) C:\windows\system32\DRIVERS\srvnet.sys
23:52:06.0440 4416 srvnet - ok
23:52:06.0495 4416 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\windows\system32\drivers\stexstor.sys
23:52:06.0496 4416 stexstor - ok
23:52:06.0540 4416 STHDA (eba98394a7d58f7552c52192bd8fa7e6) C:\windows\system32\DRIVERS\stwrt64.sys
23:52:06.0549 4416 STHDA - ok
23:52:06.0575 4416 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\windows\system32\DRIVERS\swenum.sys
23:52:06.0576 4416 swenum - ok
23:52:06.0753 4416 Tcpip (fc62769e7bff2896035aeed399108162) C:\windows\system32\drivers\tcpip.sys
23:52:06.0769 4416 Tcpip - ok
23:52:06.0813 4416 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\windows\system32\DRIVERS\tcpip.sys
23:52:06.0827 4416 TCPIP6 - ok
23:52:06.0849 4416 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\windows\system32\drivers\tcpipreg.sys
23:52:06.0851 4416 tcpipreg - ok
23:52:06.0871 4416 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\windows\system32\drivers\tdpipe.sys
23:52:06.0873 4416 TDPIPE - ok
23:52:06.0889 4416 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\windows\system32\drivers\tdtcp.sys
23:52:06.0891 4416 TDTCP - ok
23:52:06.0930 4416 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\windows\system32\DRIVERS\tdx.sys
23:52:06.0933 4416 tdx - ok
23:52:06.0955 4416 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\windows\system32\DRIVERS\termdd.sys
23:52:06.0958 4416 TermDD - ok
23:52:07.0019 4416 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\windows\system32\DRIVERS\tssecsrv.sys
23:52:07.0021 4416 tssecsrv - ok
23:52:07.0039 4416 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\windows\system32\drivers\tsusbflt.sys
23:52:07.0042 4416 TsUsbFlt - ok
23:52:07.0058 4416 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\windows\system32\drivers\TsUsbGD.sys
23:52:07.0059 4416 TsUsbGD - ok
23:52:07.0116 4416 tunnel (3566a8daafa27af944f5d705eaa64894) C:\windows\system32\DRIVERS\tunnel.sys
23:52:07.0121 4416 tunnel - ok
23:52:07.0141 4416 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\windows\system32\drivers\uagp35.sys
23:52:07.0142 4416 uagp35 - ok
23:52:07.0194 4416 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\windows\system32\DRIVERS\udfs.sys
23:52:07.0203 4416 udfs - ok
23:52:07.0239 4416 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\windows\system32\drivers\uliagpkx.sys
23:52:07.0240 4416 uliagpkx - ok
23:52:07.0259 4416 umbus (dc54a574663a895c8763af0fa1ff7561) C:\windows\system32\DRIVERS\umbus.sys
23:52:07.0262 4416 umbus - ok
23:52:07.0279 4416 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\windows\system32\drivers\umpass.sys
23:52:07.0280 4416 UmPass - ok
23:52:07.0309 4416 usbccgp (19ad7990c0b67e48dac5b26f99628223) C:\windows\system32\DRIVERS\usbccgp.sys
23:52:07.0311 4416 usbccgp - ok
23:52:07.0348 4416 usbcir (af0892a803fdda7492f595368e3b68e7) C:\windows\system32\drivers\usbcir.sys
23:52:07.0351 4416 usbcir - ok
23:52:07.0371 4416 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\windows\system32\DRIVERS\usbehci.sys
23:52:07.0374 4416 usbehci - ok
23:52:07.0402 4416 usbfilter (573d192e268f0c5b486b7e96f661e538) C:\windows\system32\DRIVERS\usbfilter.sys
23:52:07.0403 4416 usbfilter - ok
23:52:07.0444 4416 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\windows\system32\DRIVERS\usbhub.sys
23:52:07.0452 4416 usbhub - ok
23:52:07.0472 4416 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\windows\system32\DRIVERS\usbohci.sys
23:52:07.0475 4416 usbohci - ok
23:52:07.0494 4416 usbprint (73188f58fb384e75c4063d29413cee3d) C:\windows\system32\drivers\usbprint.sys
23:52:07.0496 4416 usbprint - ok
23:52:07.0520 4416 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\windows\system32\DRIVERS\USBSTOR.SYS
23:52:07.0524 4416 USBSTOR - ok
23:52:07.0544 4416 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\windows\system32\drivers\usbuhci.sys
23:52:07.0546 4416 usbuhci - ok
23:52:07.0570 4416 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\windows\system32\Drivers\usbvideo.sys
23:52:07.0573 4416 usbvideo - ok
23:52:07.0597 4416 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\windows\system32\drivers\vdrvroot.sys
23:52:07.0600 4416 vdrvroot - ok
23:52:07.0645 4416 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\windows\system32\DRIVERS\vgapnp.sys
23:52:07.0648 4416 vga - ok
23:52:07.0669 4416 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\windows\System32\drivers\vga.sys
23:52:07.0672 4416 VgaSave - ok
23:52:07.0696 4416 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\windows\system32\drivers\vhdmp.sys
23:52:07.0700 4416 vhdmp - ok
23:52:07.0719 4416 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\windows\system32\drivers\viaide.sys
23:52:07.0721 4416 viaide - ok
23:52:07.0767 4416 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\windows\system32\drivers\volmgr.sys
23:52:07.0770 4416 volmgr - ok
23:52:07.0795 4416 volmgrx (a255814907c89be58b79ef2f189b843b) C:\windows\system32\drivers\volmgrx.sys
23:52:07.0805 4416 volmgrx - ok
23:52:07.0827 4416 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\windows\system32\drivers\volsnap.sys
23:52:07.0832 4416 volsnap - ok
23:52:07.0869 4416 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\windows\system32\drivers\vsmraid.sys
23:52:07.0872 4416 vsmraid - ok
23:52:08.0071 4416 VSPerfDrv100 (ca64a8838b4674d14bdf88aba2f253ea) C:\Program Files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys
23:52:08.0073 4416 VSPerfDrv100 - ok
23:52:08.0243 4416 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\windows\system32\DRIVERS\vwifibus.sys
23:52:08.0245 4416 vwifibus - ok
23:52:08.0295 4416 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\windows\system32\DRIVERS\vwififlt.sys
23:52:08.0299 4416 vwififlt - ok
23:52:08.0331 4416 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\windows\system32\drivers\wacompen.sys
23:52:08.0331 4416 WacomPen - ok
23:52:08.0378 4416 WANARP (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
23:52:08.0382 4416 WANARP - ok
23:52:08.0408 4416 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
23:52:08.0409 4416 Wanarpv6 - ok
23:52:08.0460 4416 Wd (72889e16ff12ba0f235467d6091b17dc) C:\windows\system32\drivers\wd.sys
23:52:08.0461 4416 Wd - ok
23:52:08.0518 4416 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\windows\system32\drivers\Wdf01000.sys
23:52:08.0532 4416 Wdf01000 - ok
23:52:08.0598 4416 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\windows\system32\DRIVERS\wfplwf.sys
23:52:08.0601 4416 WfpLwf - ok
23:52:08.0634 4416 WimFltr (b14ef15bd757fa488f9c970eee9c0d35) C:\windows\system32\DRIVERS\wimfltr.sys
23:52:08.0637 4416 WimFltr - ok
23:52:08.0658 4416 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\windows\system32\drivers\wimmount.sys
23:52:08.0659 4416 WIMMount - ok
23:52:08.0726 4416 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\windows\system32\DRIVERS\wmiacpi.sys
23:52:08.0728 4416 WmiAcpi - ok
23:52:08.0773 4416 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\windows\system32\drivers\ws2ifsl.sys
23:52:08.0774 4416 ws2ifsl - ok
23:52:08.0834 4416 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\windows\system32\drivers\WudfPf.sys
23:52:08.0837 4416 WudfPf - ok
23:52:08.0861 4416 WUDFRd (cf8d590be3373029d57af80914190682) C:\windows\system32\DRIVERS\WUDFRd.sys
23:52:08.0865 4416 WUDFRd - ok
23:52:08.0933 4416 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
23:52:09.0029 4416 \Device\Harddisk0\DR0 - ok
23:52:09.0038 4416 Boot (0x1200) (de4cfc9a6bceac4db23f9f39b2598578) \Device\Harddisk0\DR0\Partition0
23:52:09.0042 4416 \Device\Harddisk0\DR0\Partition0 - ok
23:52:09.0078 4416 Boot (0x1200) (546d171838d335143e076588f8dd2b63) \Device\Harddisk0\DR0\Partition1
23:52:09.0083 4416 \Device\Harddisk0\DR0\Partition1 - ok
23:52:09.0084 4416 ============================================================
23:52:09.0084 4416 Scan finished
23:52:09.0084 4416 ============================================================
23:52:09.0107 2620 Detected object count: 0
23:52:09.0108 2620 Actual detected object count: 0

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:25 AM

Posted 05 February 2012 - 01:08 AM

Hello

This is the tool I would like you to try and run next.

Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:25 AM

Posted 09 February 2012 - 12:07 PM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:25 AM

Posted 12 February 2012 - 02:55 AM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users