Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan PSW.Agent.ASTO in my System Drivers


  • This topic is locked This topic is locked
16 replies to this topic

#1 LadyLecta

LadyLecta

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:38 AM

Posted 08 February 2012 - 07:31 PM

Hi. I'm on an HP computer which is running Windows Vista. So I had the google redirect virus, and I had removed it twice in the past. Then for a couple weeks, I had a rundll error upon start up, saying that the file couldn't be found (It was supposed to be in my temp folder). My computer worked fine, so I (stupidly) ignored it. Then I got the google redirect virus again a few days ago. I installed Panda Cloud Antivirus and Ad Aware yesterday. I removed the google virus today for the third time using Hitman Pro. The redirect is gone, but AVG is now detecting Trojan Horse PSW.Agent.ASTO in a bunch of my system files.

I know that this is pretty serious, but I'm hoping to get out of it without having to wipe my whole computer, since I'm a gamer and it would kill me to lose all my saved games. I also don't have the discs for the operating system because the OS was already installed when my computer arrived.

Please help!

BC AdBot (Login to Remove)

 


#2 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:06:38 AM

Posted 08 February 2012 - 09:12 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

Please take note:

  • If you have since resolved the original problem you were having, we would appreciate you letting us know.
  • If you are unable to create a log because your computer cannot start up successfully please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • If you are unable to perform the steps we have recommended please try one more time and if unsuccessful alert us of such and we will design an alternate means of obtaining the necessary information.
  • If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • Upon completing the steps below another staff member will review your topic an do their best to resolve your issues.
  • If you have already posted a DDS log, please do so again, as your situation may have changed.
  • Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step. Then proceed to run aswMbr.exe as noted below.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


Note:
If you are unable to run a Gmer scan due the fact you are running a 64bit machine please run the following tool and post its log.

Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.



Thanks and again sorry for the delay.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#3 LadyLecta

LadyLecta
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:38 AM

Posted 08 February 2012 - 11:43 PM

Just so you know, I didn't think the response time was long at all. :) However, the GMER took forever.
.
DDS (Ver_2011-08-26.01) - NTFSx86 NETWORK
Internet Explorer: 7.0.6002.18005
Run by Sarah at 21:40:58 on 2012-02-08
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2047.1420 [GMT -6:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\Explorer.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Lavasoft\Ad-Aware\AWSC.exe
C:\Program Files\Lavasoft\Ad-Aware\AWSC.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cndt
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cndt
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cndt
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=c:\windows\system32\userinit.exe
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Steam] "c:\program files\steam\steam.exe" -silent
mRun: [<NO NAME>]
mRun: [hpqSRMon]
mRun: [F5D7050v3] c:\program files\belkin\f5d7050v3\Belkinwcui.exe
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [PSUNMain] "c:\program files\panda security\panda cloud antivirus\PSUNMain.exe" /Traybar
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.4.26.0.cab
TCP: DhcpNameServer = 192.168.11.1
TCP: Interfaces\{145F013E-249E-44F5-A472-D76EE661B04C} : DhcpNameServer = 68.115.71.53 24.196.64.53 24.159.193.40
TCP: Interfaces\{4D40C6C9-D0AD-4B13-A768-7BE0A7FC7C0A} : DhcpNameServer = 192.168.11.1
TCP: Interfaces\{FB251639-F244-4CA5-9E7C-E554D72E6D22} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{FDF66D77-0303-45E3-9160-14D5D83E5B44} : DhcpNameServer = 192.168.11.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Notify: igfxcui - igfxdev.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-7-11 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-9-13 32592]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2012-2-6 64512]
R3 netr73;Belkin Wireless 54G USB Network Adapter Driver for Vista;c:\windows\system32\drivers\netr73.sys [2009-9-13 464384]
S1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-8-8 40016]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\AVGIDSAgent.exe [2011-10-12 4433248]
S2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 DAUpdaterSvc;Dragon Age: Origins Updater;c:\program files\electronic arts\dragon age ultimate\bin_ship\daupdatersvc.service.exe [2011-11-5 25832]
S2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2011-12-23 2152152]
S2 NanoServiceMain;Panda Cloud Antivirus Service;c:\program files\panda security\panda cloud antivirus\PSANHost.exe [2011-4-28 140608]
S2 NecUsb;USB Service;c:\windows\system32\svchost.exe -k NecUsbSevice [2008-1-20 21504]
S2 PSINAflt;PSINAflt;c:\windows\system32\drivers\PSINAflt.sys [2011-8-1 143624]
S2 PSINFile;PSINFile;c:\windows\system32\drivers\PSINFile.sys [2011-4-28 99400]
S2 PSINProc;PSINProc;c:\windows\system32\drivers\PSINProc.sys [2011-4-28 111176]
S2 PSINProt;PSINProt;c:\windows\system32\drivers\PSINProt.sys [2011-4-28 112712]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2011-1-7 378984]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-7-11 134736]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-7-11 24272]
S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-10-4 16720]
S3 hitmanpro35;Hitman Pro 3.5 Support Driver;c:\windows\system32\drivers\hitmanpro36.sys [2012-2-8 23624]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2011-12-23 15232]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-02-08 22:03:12 23624 ----a-w- c:\windows\system32\drivers\hitmanpro36.sys
2012-02-08 22:02:23 -------- d-----w- c:\programdata\HitmanPro
2012-02-07 20:25:25 -------- d-----w- c:\users\sarah\appdata\roaming\Dropbox
2012-02-07 20:20:54 -------- d-----w- c:\users\sarah\appdata\roaming\Panda Security
2012-02-07 20:07:08 -------- d-----w- c:\programdata\Panda Security
2012-02-07 20:07:05 -------- d-----w- c:\program files\Panda Security
2012-02-07 20:05:24 -------- d-----w- C:\temp
2012-02-07 13:03:08 16432 ----a-w- c:\windows\system32\lsdelete.exe
2012-02-06 21:24:00 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2012-02-06 21:11:36 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys
2012-02-06 21:11:18 -------- d-----w- c:\program files\Lavasoft
2012-02-05 14:54:29 0 --sha-w- c:\windows\system32\dds_trash_log.cmd
2012-01-31 15:39:57 9728 ----a-w- c:\windows\system32\lsass.exe
2012-01-31 15:39:57 72704 ----a-w- c:\windows\system32\secur32.dll
2012-01-31 15:39:57 440192 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-01-31 15:39:57 377344 ----a-w- c:\windows\system32\winhttp.dll
2012-01-31 15:39:57 278528 ----a-w- c:\windows\system32\schannel.dll
2012-01-31 15:39:57 1259008 ----a-w- c:\windows\system32\lsasrv.dll
2012-01-30 21:05:02 677136 ----a-w- c:\programdata\microsoft\ehome\packages\mcespotlight\mcespotlight\SpotlightResources.dll
2012-01-29 03:11:01 -------- d-----w- c:\users\sarah\appdata\roaming\Sonarca Sound Recorder Free
2012-01-29 03:10:19 -------- d-----w- c:\users\sarah\appdata\local\TempDIR
2012-01-29 03:10:18 -------- d-----w- c:\program files\Sonarca Sound Recorder Free
2012-01-12 00:12:05 23552 ----a-w- c:\windows\system32\mciseq.dll
2012-01-12 00:12:05 189952 ----a-w- c:\windows\system32\winmm.dll
2012-01-12 00:12:03 66560 ----a-w- c:\windows\system32\packager.dll
2012-01-12 00:12:03 1205064 ----a-w- c:\windows\system32\ntdll.dll
2012-01-12 00:12:02 376320 ----a-w- c:\windows\system32\winsrv.dll
2012-01-12 00:12:02 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2012-01-12 00:12:01 497152 ----a-w- c:\windows\system32\qdvd.dll
2012-01-12 00:12:01 1314816 ----a-w- c:\windows\system32\quartz.dll
.
==================== Find3M ====================
.
2012-02-08 04:06:47 0 ----a-w- c:\windows\system32\drivers\dfsc.sys
2011-12-21 16:43:03 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-23 13:37:27 2043904 ----a-w- c:\windows\system32\win32k.sys
.
============= FINISH: 21:41:11.24 ===============

Attached File  ark.txt   22.23KB   2 downloads

#4 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:06:38 AM

Posted 09 February 2012 - 01:43 AM

Hello LadyLecta,
  • Welcome to Bleeping Computer.
  • My name is fireman4it and I will be helping you with your Malware problem.

    Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
  • In the upper right hand corner of the topic you will see a button called Watch Topic.I suggest you click it and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

  • Finally, please reply using the ADD REPLY button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.


1.
I see you have some leftover Panda Security on your machine we need to get rid of it. You should only have one antivirus at a time on your machine.

Uninstall Panda



The following removal utility can be used to uninstall Panda Security
  • Download AVCleaner10.exe from here and save it to your desktop.
  • Run the UNINSTALLER_07.EXE file by double-clicking it .
  • A window will be displayed requiring confirmation to begin the uninstallation and warning about the system restart once the process has ended. Click Yes.
    Note: No progess bar is displayed. It is necesary to wait until this message is displayed Thank you for waiting. Hit OK to reboot.
Panda should now be removed from your PC.


Original instructions can be found here:
http://www.pandasecurity.com/homeusers/support/card?id=23010&IdIdioma=2



2.
Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Note: If Cure is not an option, Skip instead, do not choose Delete unless instructed.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.


3.
Install Recovery Console and Run ComboFix

This tool is not a toy. If used the wrong way you could trash your computer. Please use only under direction of a Helper. If you decide to do so anyway, please do not blame me or ComboFix.

Download Combofix from any of the links below, and save it to your desktop.

Link 1
Link 2
  • Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are not sure how.
  • Close any open windows, including this one.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • If you did not have it installed, you will see the prompt below. Choose YES.
  • Posted Image
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Note:The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you
should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    Posted Image
  • Click on Yes, to continue scanning for malware.
  • When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).
Leave your computer alone while ComboFix is running.
ComboFix will restart your computer if malware is found; allow it to do so.


Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.


4.
Please download Listparts
Run the tool, click Scan and post the log (Result.txt) it makes.


Things to include in your next reply::
TdssKiller log
Combofix.txt
Results.txt
HOw is your machine running now?

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#5 LadyLecta

LadyLecta
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:38 AM

Posted 09 February 2012 - 12:53 PM

So I uninstalled Panda and I ran the TDSSKiller, but I was only able to start my computer in safe mode, so I'm having a hell of a time disabling AVG so I can run Combofix. I ran msconfig and disabled anything to do with AVG, but combofix still detects AVG running. What should I do? Uninstall AVG? (P.S. I work until late tonight, so I won't be able to do anything until about 11pm CST.)

10:53:43.0902 1676 TDSS rootkit removing tool 2.7.11.0 Feb 9 2012 10:12:57
10:53:44.0199 1676 ============================================================
10:53:44.0199 1676 Current date / time: 2012/02/09 10:53:44.0199
10:53:44.0199 1676 SystemInfo:
10:53:44.0199 1676
10:53:44.0199 1676 OS Version: 6.0.6002 ServicePack: 2.0
10:53:44.0199 1676 Product type: Workstation
10:53:44.0199 1676 ComputerName: FRED
10:53:44.0199 1676 UserName: Sarah
10:53:44.0199 1676 Windows directory: C:\Windows
10:53:44.0199 1676 System windows directory: C:\Windows
10:53:44.0199 1676 Processor architecture: Intel x86
10:53:44.0199 1676 Number of processors: 2
10:53:44.0199 1676 Page size: 0x1000
10:53:44.0199 1676 Boot type: Safe boot with network
10:53:44.0199 1676 ============================================================
10:53:44.0495 1676 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
10:53:44.0511 1676 \Device\Harddisk0\DR0:
10:53:44.0511 1676 MBR used
10:53:44.0511 1676 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x23F4B8EF
10:53:44.0511 1676 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x23F4B92E, BlocksNum 0x14E1D93
10:53:44.0589 1676 Initialize success
10:53:44.0589 1676 ============================================================
10:53:52.0201 0492 ============================================================
10:53:52.0201 0492 Scan started
10:53:52.0201 0492 Mode: Manual;
10:53:52.0201 0492 ============================================================
10:53:52.0311 0492 .avgldx86 - ok
10:53:52.0326 0492 .avgtdix - ok
10:53:52.0389 0492 .psinknc - ok
10:53:52.0467 0492 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
10:53:52.0467 0492 ACPI - ok
10:53:52.0529 0492 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
10:53:52.0529 0492 adp94xx - ok
10:53:52.0576 0492 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
10:53:52.0576 0492 adpahci - ok
10:53:52.0607 0492 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
10:53:52.0607 0492 adpu160m - ok
10:53:52.0638 0492 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
10:53:52.0638 0492 adpu320 - ok
10:53:52.0701 0492 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
10:53:52.0701 0492 AFD - ok
10:53:52.0747 0492 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
10:53:52.0747 0492 agp440 - ok
10:53:52.0779 0492 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
10:53:52.0779 0492 aic78xx - ok
10:53:52.0810 0492 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
10:53:52.0810 0492 aliide - ok
10:53:52.0825 0492 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
10:53:52.0825 0492 amdagp - ok
10:53:52.0888 0492 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
10:53:52.0888 0492 amdide - ok
10:53:52.0919 0492 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
10:53:52.0919 0492 AmdK7 - ok
10:53:52.0966 0492 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
10:53:52.0966 0492 AmdK8 - ok
10:53:53.0028 0492 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
10:53:53.0028 0492 arc - ok
10:53:53.0075 0492 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
10:53:53.0075 0492 arcsas - ok
10:53:53.0122 0492 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
10:53:53.0122 0492 AsyncMac - ok
10:53:53.0184 0492 atapi (2d9c903dc76a66813d350a562de40ed9) C:\Windows\system32\drivers\atapi.sys
10:53:53.0184 0492 atapi - ok
10:53:53.0293 0492 AVGIDSDriver (4cbb56fbc9c0cbc517e6e3a6889ebddc) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
10:53:53.0293 0492 AVGIDSDriver - ok
10:53:53.0325 0492 AVGIDSEH (459bce188232e2fe6152423efef65d76) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
10:53:53.0325 0492 AVGIDSEH - ok
10:53:53.0371 0492 AVGIDSFilter (91d9abe7e88eac7c167cba4ed4d983bf) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
10:53:53.0371 0492 AVGIDSFilter - ok
10:53:53.0434 0492 AVGIDSShim (3fc2714e185c04308215d46730d41a94) C:\Windows\system32\DRIVERS\AVGIDSShim.Sys
10:53:53.0434 0492 AVGIDSShim - ok
10:53:53.0449 0492 Avgldx86 - ok
10:53:53.0496 0492 Avgmfx86 (1c77ef67f196466adc9924cb288afe87) C:\Windows\system32\DRIVERS\avgmfx86.sys
10:53:53.0496 0492 Avgmfx86 - ok
10:53:53.0559 0492 Avgrkx86 (f2038ed7284b79dcef581468121192a9) C:\Windows\system32\DRIVERS\avgrkx86.sys
10:53:53.0559 0492 Avgrkx86 - ok
10:53:53.0559 0492 Avgtdix - ok
10:53:53.0668 0492 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
10:53:53.0668 0492 Beep - ok
10:53:53.0715 0492 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
10:53:53.0715 0492 blbdrive - ok
10:53:53.0793 0492 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
10:53:53.0793 0492 bowser - ok
10:53:53.0824 0492 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
10:53:53.0824 0492 BrFiltLo - ok
10:53:53.0855 0492 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
10:53:53.0855 0492 BrFiltUp - ok
10:53:53.0886 0492 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
10:53:53.0886 0492 Brserid - ok
10:53:53.0902 0492 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
10:53:53.0902 0492 BrSerWdm - ok
10:53:53.0917 0492 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
10:53:53.0917 0492 BrUsbMdm - ok
10:53:53.0917 0492 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
10:53:53.0917 0492 BrUsbSer - ok
10:53:53.0949 0492 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
10:53:53.0949 0492 BTHMODEM - ok
10:53:53.0995 0492 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
10:53:53.0995 0492 cdfs - ok
10:53:53.0995 0492 cdrom - ok
10:53:54.0011 0492 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
10:53:54.0011 0492 circlass - ok
10:53:54.0042 0492 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
10:53:54.0058 0492 CLFS - ok
10:53:54.0089 0492 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
10:53:54.0089 0492 cmdide - ok
10:53:54.0105 0492 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\drivers\compbatt.sys
10:53:54.0105 0492 Compbatt - ok
10:53:54.0120 0492 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
10:53:54.0120 0492 crcdisk - ok
10:53:54.0136 0492 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
10:53:54.0136 0492 Crusoe - ok
10:53:54.0183 0492 DfsC - ok
10:53:54.0229 0492 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
10:53:54.0229 0492 disk - ok
10:53:54.0276 0492 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
10:53:54.0276 0492 drmkaud - ok
10:53:54.0307 0492 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
10:53:54.0307 0492 DXGKrnl - ok
10:53:54.0339 0492 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
10:53:54.0339 0492 E1G60 - ok
10:53:54.0385 0492 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
10:53:54.0385 0492 Ecache - ok
10:53:54.0432 0492 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
10:53:54.0432 0492 elxstor - ok
10:53:54.0463 0492 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
10:53:54.0463 0492 ErrDev - ok
10:53:54.0510 0492 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
10:53:54.0510 0492 exfat - ok
10:53:54.0526 0492 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
10:53:54.0526 0492 fastfat - ok
10:53:54.0557 0492 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
10:53:54.0557 0492 fdc - ok
10:53:54.0573 0492 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
10:53:54.0573 0492 FileInfo - ok
10:53:54.0604 0492 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
10:53:54.0604 0492 Filetrace - ok
10:53:54.0619 0492 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
10:53:54.0619 0492 flpydisk - ok
10:53:54.0651 0492 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
10:53:54.0651 0492 FltMgr - ok
10:53:54.0682 0492 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
10:53:54.0682 0492 Fs_Rec - ok
10:53:54.0697 0492 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
10:53:54.0697 0492 gagp30kx - ok
10:53:54.0760 0492 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
10:53:54.0760 0492 GEARAspiWDM - ok
10:53:54.0791 0492 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
10:53:54.0807 0492 HDAudBus - ok
10:53:54.0807 0492 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
10:53:54.0807 0492 HidBth - ok
10:53:54.0822 0492 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
10:53:54.0822 0492 HidIr - ok
10:53:54.0838 0492 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
10:53:54.0838 0492 HidUsb - ok
10:53:54.0885 0492 hitmanpro35 (411bce825fca2b296ff89b833de11321) C:\Windows\system32\drivers\hitmanpro36.sys
10:53:54.0885 0492 hitmanpro35 - ok
10:53:54.0916 0492 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
10:53:54.0916 0492 HpCISSs - ok
10:53:54.0963 0492 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
10:53:54.0963 0492 HTTP - ok
10:53:54.0978 0492 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
10:53:54.0978 0492 i2omp - ok
10:53:55.0041 0492 i8042prt (7c877c89a98395ce6ad87477c646e80f) C:\Windows\system32\DRIVERS\i8042prt.sys
10:53:55.0041 0492 Suspicious file (Forged): C:\Windows\system32\DRIVERS\i8042prt.sys. Real md5: 7c877c89a98395ce6ad87477c646e80f, Fake md5: 22d56c8184586b7a1f6fa60be5f5a2bd
10:53:55.0041 0492 i8042prt ( Virus.Win32.ZAccess.c ) - infected
10:53:55.0041 0492 i8042prt - detected Virus.Win32.ZAccess.c (0)
10:53:55.0087 0492 iaStor (37769c28e1c6489c56e41db7a32d58c5) C:\Windows\system32\drivers\iastor.sys
10:53:55.0087 0492 iaStor - ok
10:53:55.0119 0492 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
10:53:55.0119 0492 iaStorV - ok
10:53:55.0197 0492 igfx (62f534791ae488a475a3e508d92af4cc) C:\Windows\system32\DRIVERS\igdkmd32.sys
10:53:55.0212 0492 igfx - ok
10:53:55.0243 0492 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
10:53:55.0243 0492 iirsp - ok
10:53:55.0337 0492 IntcAzAudAddService (5d26ccb06e1f3b5c26e863df3f4f2611) C:\Windows\system32\drivers\RTKVHDA.sys
10:53:55.0337 0492 IntcAzAudAddService - ok
10:53:55.0368 0492 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
10:53:55.0368 0492 intelide - ok
10:53:55.0415 0492 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
10:53:55.0415 0492 intelppm - ok
10:53:55.0446 0492 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
10:53:55.0446 0492 IpFilterDriver - ok
10:53:55.0462 0492 IpInIp - ok
10:53:55.0477 0492 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
10:53:55.0477 0492 IPMIDRV - ok
10:53:55.0493 0492 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
10:53:55.0493 0492 IPNAT - ok
10:53:55.0540 0492 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
10:53:55.0540 0492 IRENUM - ok
10:53:55.0555 0492 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
10:53:55.0555 0492 isapnp - ok
10:53:55.0587 0492 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
10:53:55.0587 0492 iScsiPrt - ok
10:53:55.0602 0492 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
10:53:55.0602 0492 iteatapi - ok
10:53:55.0618 0492 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
10:53:55.0618 0492 iteraid - ok
10:53:55.0633 0492 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
10:53:55.0633 0492 kbdclass - ok
10:53:55.0649 0492 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
10:53:55.0649 0492 kbdhid - ok
10:53:55.0696 0492 KSecDD (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
10:53:55.0696 0492 KSecDD - ok
10:53:55.0805 0492 Lavasoft Kernexplorer (6c4a3804510ad8e0f0c07b5be3d44ddb) C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys
10:53:55.0805 0492 Lavasoft Kernexplorer - ok
10:53:55.0852 0492 Lbd (336abe8721cbc3110f1c6426da633417) C:\Windows\system32\DRIVERS\Lbd.sys
10:53:55.0852 0492 Lbd - ok
10:53:55.0899 0492 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
10:53:55.0899 0492 lltdio - ok
10:53:55.0930 0492 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
10:53:55.0945 0492 LSI_FC - ok
10:53:55.0961 0492 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
10:53:55.0961 0492 LSI_SAS - ok
10:53:55.0977 0492 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
10:53:55.0992 0492 LSI_SCSI - ok
10:53:56.0008 0492 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
10:53:56.0008 0492 luafv - ok
10:53:56.0039 0492 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
10:53:56.0039 0492 megasas - ok
10:53:56.0070 0492 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
10:53:56.0070 0492 MegaSR - ok
10:53:56.0086 0492 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
10:53:56.0086 0492 Modem - ok
10:53:56.0101 0492 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
10:53:56.0101 0492 monitor - ok
10:53:56.0117 0492 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
10:53:56.0117 0492 mouclass - ok
10:53:56.0133 0492 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
10:53:56.0133 0492 mouhid - ok
10:53:56.0133 0492 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
10:53:56.0133 0492 MountMgr - ok
10:53:56.0179 0492 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
10:53:56.0179 0492 mpio - ok
10:53:56.0195 0492 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
10:53:56.0195 0492 mpsdrv - ok
10:53:56.0211 0492 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
10:53:56.0211 0492 Mraid35x - ok
10:53:56.0273 0492 MREMP50 (9bd4dcb5412921864a7aacdedfbd1923) C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
10:53:56.0273 0492 MREMP50 - ok
10:53:56.0289 0492 MRESP50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
10:53:56.0289 0492 MRESP50 - ok
10:53:56.0335 0492 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
10:53:56.0335 0492 MRxDAV - ok
10:53:56.0367 0492 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
10:53:56.0367 0492 mrxsmb - ok
10:53:56.0398 0492 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
10:53:56.0398 0492 mrxsmb10 - ok
10:53:56.0429 0492 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
10:53:56.0429 0492 mrxsmb20 - ok
10:53:56.0460 0492 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
10:53:56.0460 0492 msahci - ok
10:53:56.0476 0492 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
10:53:56.0476 0492 msdsm - ok
10:53:56.0491 0492 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
10:53:56.0491 0492 Msfs - ok
10:53:56.0523 0492 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
10:53:56.0523 0492 msisadrv - ok
10:53:56.0554 0492 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
10:53:56.0554 0492 MSKSSRV - ok
10:53:56.0569 0492 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
10:53:56.0569 0492 MSPCLOCK - ok
10:53:56.0601 0492 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
10:53:56.0601 0492 MSPQM - ok
10:53:56.0632 0492 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
10:53:56.0632 0492 MsRPC - ok
10:53:56.0663 0492 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
10:53:56.0663 0492 mssmbios - ok
10:53:56.0663 0492 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
10:53:56.0663 0492 MSTEE - ok
10:53:56.0694 0492 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
10:53:56.0694 0492 Mup - ok
10:53:56.0741 0492 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
10:53:56.0741 0492 NativeWifiP - ok
10:53:56.0788 0492 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
10:53:56.0803 0492 NDIS - ok
10:53:56.0803 0492 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
10:53:56.0803 0492 NdisTapi - ok
10:53:56.0819 0492 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
10:53:56.0819 0492 Ndisuio - ok
10:53:56.0850 0492 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
10:53:56.0850 0492 NdisWan - ok
10:53:56.0881 0492 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
10:53:56.0881 0492 NDProxy - ok
10:53:56.0913 0492 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
10:53:56.0913 0492 NetBIOS - ok
10:53:56.0959 0492 netr73 (847b64e9069946556bcfcdce638566d8) C:\Windows\system32\DRIVERS\netr73.sys
10:53:56.0959 0492 netr73 - ok
10:53:56.0975 0492 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
10:53:56.0975 0492 nfrd960 - ok
10:53:57.0006 0492 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
10:53:57.0022 0492 Npfs - ok
10:53:57.0022 0492 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
10:53:57.0022 0492 nsiproxy - ok
10:53:57.0084 0492 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
10:53:57.0084 0492 Ntfs - ok
10:53:57.0100 0492 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
10:53:57.0115 0492 ntrigdigi - ok
10:53:57.0115 0492 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
10:53:57.0115 0492 Null - ok
10:53:57.0349 0492 nvlddmkm (73a70f1d89c942eedd99a3f10459b051) C:\Windows\system32\DRIVERS\nvlddmkm.sys
10:53:57.0396 0492 nvlddmkm - ok
10:53:57.0490 0492 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
10:53:57.0490 0492 nvraid - ok
10:53:57.0505 0492 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
10:53:57.0505 0492 nvstor - ok
10:53:57.0552 0492 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
10:53:57.0552 0492 nv_agp - ok
10:53:57.0568 0492 NwlnkFlt - ok
10:53:57.0568 0492 NwlnkFwd - ok
10:53:57.0615 0492 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
10:53:57.0615 0492 ohci1394 - ok
10:53:57.0646 0492 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
10:53:57.0646 0492 Parport - ok
10:53:57.0677 0492 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
10:53:57.0677 0492 partmgr - ok
10:53:57.0708 0492 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
10:53:57.0708 0492 Parvdm - ok
10:53:57.0739 0492 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
10:53:57.0739 0492 pci - ok
10:53:57.0755 0492 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
10:53:57.0755 0492 pciide - ok
10:53:57.0771 0492 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
10:53:57.0771 0492 pcmcia - ok
10:53:57.0817 0492 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
10:53:57.0817 0492 PEAUTH - ok
10:53:57.0849 0492 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
10:53:57.0849 0492 PptpMiniport - ok
10:53:57.0880 0492 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
10:53:57.0880 0492 Processor - ok
10:53:57.0927 0492 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
10:53:57.0927 0492 PSched - ok
10:53:57.0989 0492 PSINAflt (18b347125d597751b69ce8c6c03a4ba2) C:\Windows\system32\DRIVERS\PSINAflt.sys
10:53:57.0989 0492 PSINAflt - ok
10:53:58.0051 0492 PSINFile (072a5c1983b85504239c307d41d741be) C:\Windows\system32\DRIVERS\PSINFile.sys
10:53:58.0051 0492 PSINFile - ok
10:53:58.0098 0492 PSINProc (0fb3436762e672800eb1c0578ac379c8) C:\Windows\system32\DRIVERS\PSINProc.sys
10:53:58.0098 0492 PSINProc - ok
10:53:58.0145 0492 PSINProt (7534273ca15900cdd1c3b392dd6b595b) C:\Windows\system32\DRIVERS\PSINProt.sys
10:53:58.0145 0492 PSINProt - ok
10:53:58.0207 0492 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
10:53:58.0207 0492 ql2300 - ok
10:53:58.0239 0492 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
10:53:58.0239 0492 ql40xx - ok
10:53:58.0254 0492 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
10:53:58.0254 0492 QWAVEdrv - ok
10:53:58.0285 0492 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
10:53:58.0285 0492 RasAcd - ok
10:53:58.0301 0492 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
10:53:58.0301 0492 Rasl2tp - ok
10:53:58.0332 0492 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
10:53:58.0332 0492 RasPppoe - ok
10:53:58.0348 0492 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
10:53:58.0348 0492 RasSstp - ok
10:53:58.0379 0492 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
10:53:58.0379 0492 rdbss - ok
10:53:58.0410 0492 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
10:53:58.0410 0492 RDPCDD - ok
10:53:58.0441 0492 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
10:53:58.0441 0492 rdpdr - ok
10:53:58.0457 0492 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
10:53:58.0457 0492 RDPENCDD - ok
10:53:58.0473 0492 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
10:53:58.0473 0492 RDPWD - ok
10:53:58.0504 0492 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
10:53:58.0504 0492 rspndr - ok
10:53:58.0551 0492 RTL8169 (abbe0f54ba3a378262c9cb86cf7d91f8) C:\Windows\system32\DRIVERS\Rtlh86.sys
10:53:58.0551 0492 RTL8169 - ok
10:53:58.0566 0492 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
10:53:58.0566 0492 sbp2port - ok
10:53:58.0597 0492 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
10:53:58.0597 0492 secdrv - ok
10:53:58.0613 0492 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
10:53:58.0613 0492 Serenum - ok
10:53:58.0629 0492 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
10:53:58.0629 0492 Serial - ok
10:53:58.0660 0492 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
10:53:58.0660 0492 sermouse - ok
10:53:58.0675 0492 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
10:53:58.0691 0492 sffdisk - ok
10:53:58.0707 0492 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
10:53:58.0707 0492 sffp_mmc - ok
10:53:58.0722 0492 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
10:53:58.0722 0492 sffp_sd - ok
10:53:58.0738 0492 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
10:53:58.0738 0492 sfloppy - ok
10:53:58.0769 0492 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
10:53:58.0769 0492 sisagp - ok
10:53:58.0785 0492 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
10:53:58.0785 0492 SiSRaid2 - ok
10:53:58.0800 0492 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
10:53:58.0800 0492 SiSRaid4 - ok
10:53:58.0847 0492 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
10:53:58.0847 0492 Smb - ok
10:53:58.0878 0492 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
10:53:58.0878 0492 spldr - ok
10:53:58.0909 0492 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
10:53:58.0909 0492 srv - ok
10:53:58.0956 0492 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
10:53:58.0956 0492 srv2 - ok
10:53:58.0972 0492 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
10:53:58.0972 0492 srvnet - ok
10:53:59.0019 0492 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
10:53:59.0019 0492 swenum - ok
10:53:59.0050 0492 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
10:53:59.0050 0492 Symc8xx - ok
10:53:59.0065 0492 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
10:53:59.0065 0492 Sym_hi - ok
10:53:59.0097 0492 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
10:53:59.0097 0492 Sym_u3 - ok
10:53:59.0143 0492 Tcpip (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
10:53:59.0159 0492 Tcpip - ok
10:53:59.0175 0492 Tcpip6 (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
10:53:59.0175 0492 Tcpip6 - ok
10:53:59.0206 0492 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
10:53:59.0206 0492 tcpipreg - ok
10:53:59.0237 0492 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
10:53:59.0237 0492 TDPIPE - ok
10:53:59.0253 0492 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
10:53:59.0253 0492 TDTCP - ok
10:53:59.0284 0492 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
10:53:59.0284 0492 tdx - ok
10:53:59.0299 0492 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
10:53:59.0299 0492 TermDD - ok
10:53:59.0331 0492 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
10:53:59.0331 0492 tssecsrv - ok
10:53:59.0362 0492 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
10:53:59.0362 0492 tunmp - ok
10:53:59.0393 0492 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
10:53:59.0393 0492 tunnel - ok
10:53:59.0409 0492 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
10:53:59.0409 0492 uagp35 - ok
10:53:59.0455 0492 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
10:53:59.0455 0492 udfs - ok
10:53:59.0502 0492 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
10:53:59.0502 0492 uliagpkx - ok
10:53:59.0533 0492 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
10:53:59.0533 0492 uliahci - ok
10:53:59.0565 0492 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
10:53:59.0565 0492 UlSata - ok
10:53:59.0580 0492 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
10:53:59.0580 0492 ulsata2 - ok
10:53:59.0611 0492 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
10:53:59.0611 0492 umbus - ok
10:53:59.0643 0492 USBAAPL (d4fb6ecc60a428564ba8768b0e23c0fc) C:\Windows\system32\Drivers\usbaapl.sys
10:53:59.0643 0492 USBAAPL - ok
10:53:59.0689 0492 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
10:53:59.0689 0492 usbccgp - ok
10:53:59.0736 0492 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
10:53:59.0736 0492 usbcir - ok
10:53:59.0752 0492 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
10:53:59.0752 0492 usbehci - ok
10:53:59.0799 0492 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
10:53:59.0799 0492 usbhub - ok
10:53:59.0814 0492 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
10:53:59.0814 0492 usbohci - ok
10:53:59.0845 0492 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
10:53:59.0845 0492 usbprint - ok
10:53:59.0861 0492 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
10:53:59.0861 0492 USBSTOR - ok
10:53:59.0877 0492 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
10:53:59.0877 0492 usbuhci - ok
10:53:59.0908 0492 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
10:53:59.0908 0492 vga - ok
10:53:59.0923 0492 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
10:53:59.0923 0492 VgaSave - ok
10:53:59.0939 0492 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
10:53:59.0939 0492 viaagp - ok
10:53:59.0970 0492 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
10:53:59.0970 0492 ViaC7 - ok
10:54:00.0001 0492 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
10:54:00.0001 0492 viaide - ok
10:54:00.0017 0492 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
10:54:00.0017 0492 volmgr - ok
10:54:00.0048 0492 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
10:54:00.0048 0492 volmgrx - ok
10:54:00.0064 0492 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
10:54:00.0064 0492 volsnap - ok
10:54:00.0095 0492 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
10:54:00.0095 0492 vsmraid - ok
10:54:00.0126 0492 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
10:54:00.0126 0492 WacomPen - ok
10:54:00.0157 0492 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
10:54:00.0157 0492 Wanarp - ok
10:54:00.0173 0492 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
10:54:00.0173 0492 Wanarpv6 - ok
10:54:00.0189 0492 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
10:54:00.0189 0492 Wd - ok
10:54:00.0220 0492 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
10:54:00.0220 0492 Wdf01000 - ok
10:54:00.0267 0492 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys
10:54:00.0267 0492 WmiAcpi - ok
10:54:00.0313 0492 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
10:54:00.0313 0492 WpdUsb - ok
10:54:00.0360 0492 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
10:54:00.0360 0492 ws2ifsl - ok
10:54:00.0391 0492 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
10:54:00.0391 0492 WUDFRd - ok
10:54:00.0423 0492 XDva391 - ok
10:54:00.0469 0492 MBR (0x1B8) (81cd5ec01db0ce57edd853f82462ef27) \Device\Harddisk0\DR0
10:54:00.0703 0492 \Device\Harddisk0\DR0 - ok
10:54:00.0703 0492 Boot (0x1200) (5ec57b3e09e563ef17c3fc00c8e85c9e) \Device\Harddisk0\DR0\Partition0
10:54:00.0703 0492 \Device\Harddisk0\DR0\Partition0 - ok
10:54:00.0703 0492 Boot (0x1200) (ea0f2994a38f0c6f76c89a9d78b3ec85) \Device\Harddisk0\DR0\Partition1
10:54:00.0703 0492 \Device\Harddisk0\DR0\Partition1 - ok
10:54:00.0703 0492 ============================================================
10:54:00.0703 0492 Scan finished
10:54:00.0703 0492 ============================================================
10:54:00.0703 1052 Detected object count: 1
10:54:00.0703 1052 Actual detected object count: 1
10:54:20.0781 1052 C:\Windows\system32\DRIVERS\i8042prt.sys - copied to quarantine
10:54:22.0715 1052 Backup copy found, using it..
10:54:22.0731 1052 C:\Windows\system32\DRIVERS\i8042prt.sys - will be cured on reboot
10:54:25.0398 1052 i8042prt ( Virus.Win32.ZAccess.c ) - User select action: Cure
10:54:42.0824 1280 Deinitialize success

#6 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:06:38 AM

Posted 09 February 2012 - 08:11 PM

Hello,

Go ahead and ignore the Avg warning and run Combofix.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#7 LadyLecta

LadyLecta
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:38 AM

Posted 09 February 2012 - 09:43 PM

I can't seem to find the Combofix log. I searched for it and came up with nothing. :( But here's the ListParts log.

ListParts by Farbar
Ran by Sarah on 09-02-2012 at 20:36:34
Windows Vista (X86)
Running From: C:\Users\Sarah\Desktop
Language: 0409
************************************************************

========================= Memory info ======================

Percentage of memory in use: 21%
Total physical RAM: 2046.58 MB
Available physical RAM: 1615.22 MB
Total Pagefile: 4330.18 MB
Available Pagefile: 4064.89 MB
Total Virtual: 2047.88 MB
Available Virtual: 1983.05 MB

======================= Partitions =========================

1 Drive c: (HP) (Fixed) (Total:287.65 GB) (Free:70.44 GB) NTFS ==>[Drive with boot components (obtanied from BCD)]
2 Drive d: (FACTORY_IMAGE) (Fixed) (Total:10.44 GB) (Free:1.39 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 298 GB 0 B
Disk 1 No Media 0 B 0 B
Disk 2 No Media 0 B 0 B
Disk 3 No Media 0 B 0 B
Disk 4 No Media 0 B 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 288 GB 32 KB
Partition 2 Primary 10 GB 288 GB

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 0 C HP NTFS Partition 288 GB Healthy System (partition with boot components)

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 D FACTORY_IMA NTFS Partition 10 GB Healthy



****** End Of Log ******

#8 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:06:38 AM

Posted 09 February 2012 - 10:29 PM

Hello,

The Combofix log should be located at C:\Combofix.txt. How is the machine running now?

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#9 LadyLecta

LadyLecta
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:38 AM

Posted 10 February 2012 - 12:14 AM

My computer still crashes with the blue screen when I try to boot it up normally, but I can at least still start up in safe mode. And I looked in the C drive as well as my entire computer for a Combofix text log, and it's not anywhere.

#10 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:06:38 AM

Posted 10 February 2012 - 12:24 AM

Hello,


1.
Windows Vista includes a disk checking tool called CHKDSK which is similar to the "scandisk" tool from older versions of Windows. This application scans your hard drives for errors such as lost sectors, bad sectors and corruption.

You can launch CHKDSK using two methods (the former being the easiest):

Graphical Interface:

Open the Computer option from the start menu, which will display all of the drives available to scan on your PC:

Posted Image

Then, right click on the drive you wish to scan for errors and select Properties:
Posted Image

Now click the Tools menu, then Check Now under the error-checking section:
Posted Image

You have several options within the check disk tool. It is always recommended you leave the "automatically fix file system errors" box checked, as this repairs and problems found. If you want to perform a deeper scan, tick "scan for and attempt recovery of bad sectors". This second option takes longer, but is worth doing if you suspect a drive problem. Since we are having problems choose the second option.Once you are configured, click Start:

Posted Image

If you try to check a disk that is currently in use, you will receive a message asking if you wish to schedule a scan. Accepting this will perform the scan next time you restart your PC:

Posted Image


2.
You may have corrupt critical system files. Let's see if we can fix that.

1. SelectPosted Image
2. Select All Programs
3. Select Accessories
4. Right click Command Prompt and choose Run as administrator

Posted Image

  • If you have the User Account Control (UAC) enabled you will be asked for authorization prior to the command prompt opening.
  • You may simply need to press the Continue button if you are the administrator or insert the administrator password.
  • Type in sfc /scannow in the command window and press enter.
  • Note the space between the c and the /
  • If any files require replacing SFC will replace them. You may be asked to insert your Vista DVD for this process to continue. This can be done with a borrowed DVD if you don't have one.
  • Be patient because the scan may take some time.
  • Allow the scan to run and when completed, reboot the system.


3.
Go ahead and run Combofix again and see if it produces a log.

4.
Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

Things to include in your next reply::
Combofix.txt
aswMBR log
Still Blue screening?

Edited by fireman4it, 10 February 2012 - 12:27 AM.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#11 LadyLecta

LadyLecta
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:38 AM

Posted 10 February 2012 - 06:03 PM

Hi, so I spent the entirety of last night trying to run the CHKDSK. Here's what happened: My computer spent about an hour and a half on the "loading windows files" screen. I -THINK- I started it up in safe mode that time. Then the scan started. 3 or 4 hours later, the scan finished and the computer tried to boot up. I got the blue screen and tried to start it up again, with the same result. Stuck on loading screen, CHKDSK scan, fail to boot & blue screen. I tried for a third time this morning in normal mode, and the same thing happened.

P.S. I am wondering if "Internet Security" is a legitimate scan or if it's a scam/virus. It popped up a week or so ago (interrupting my Ad Aware scan) and I panicked because it's not something I'm familiar with or purposefully started. I called my more tech-savvy roommate to check it out, and she seemed to think it was legit, but when the scan finished it asked me to purchase a subscription to get rid of the viruses. I clearly didn't buy anything, but she asked me to ask for your opinion on whether it was a "real" (AKA Microsoft or Windows) scan or a scam.

#12 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:06:38 AM

Posted 10 February 2012 - 11:42 PM

P.S. I am wondering if "Internet Security" is a legitimate scan or if it's a scam/virus. It popped up a week or so ago (interrupting my Ad Aware scan) and I panicked because it's not something I'm familiar with or purposefully started. I called my more tech-savvy roommate to check it out, and she seemed to think it was legit, but when the scan finished it asked me to purchase a subscription to get rid of the viruses. I clearly didn't buy anything, but she asked me to ask for your opinion on whether it was a "real" (AKA Microsoft or Windows) scan or a scam.

That was most likely a Fake Antivirus.


Please go ahead and run sfc/scannow from my previous post please.
This can be done in Safemode.

I think but not for sure Hitmanpro may have removed a crucial infected system file. I'm not familiar with Hitman pro . If you open Hitman Pro and click Settings at the bottom, then click History at the top and make sure everything is checked in there and click Restore this should restore everything Hitmanpro removed. Then close the program and run Combofix immediately after and post the log.

I also need for you to go ahead and run aswMBR scan from my previous post and post its log.

Edited by fireman4it, 10 February 2012 - 11:44 PM.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#13 LadyLecta

LadyLecta
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:38 AM

Posted 11 February 2012 - 09:53 PM

I ran Combofix again, and it STILL didn't produce a log. I have no clue why. Two windows popped up during the Combofix scan though. One was a windows error saying pev.3XE (was it pev?... unfortunately I can't remember now) had stopped working and it gave me the option to close the program. I left it alone for 40 minutes. When nothing changed for those 40 minutes, I closed the window (I did not click "close program," I clicked the X) Combofix popped up a window and said it it found a rootkit and needed to reboot.

Reboot in normal mode still results in a blue screen, but booting up in safe mode doesn't stall on the "loading windows files" screen anymore.

Looked for anything titled Hitman on my computer, but it was a scan that I ran instead of saved, a one time thing, so there's no interface for me to open. I also ran the aswMBR and the log is as follows:

aswMBR version 0.9.9.1532 Copyright© 2011 AVAST Software
Run date: 2012-02-11 20:42:59
-----------------------------
20:42:59.369 OS Version: Windows 6.0.6002 Service Pack 2
20:42:59.369 Number of processors: 2 586 0x1706
20:42:59.369 ComputerName: FRED UserName:
20:43:00.149 Initialize success
20:43:29.258 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
20:43:29.258 Disk 0 Vendor: SAMSUNG_ CP10 Size: 305245MB BusType: 8
20:43:29.274 Disk 0 MBR read successfully
20:43:29.274 Disk 0 MBR scan
20:43:29.274 Disk 0 unknown MBR code
20:43:29.290 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 294551 MB offset 63
20:43:29.305 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 10691 MB offset 603240750
20:43:29.305 Disk 0 scanning sectors +625137345
20:43:29.368 Disk 0 scanning C:\Windows\system32\drivers
20:43:34.828 Service scanning
20:43:35.171 Service .avgldx86 \? **LOCKED** 123
20:43:35.171 Service .avgtdix \? **LOCKED** 123
20:43:35.171 Service .psinknc \? **LOCKED** 123
20:43:36.185 Modules scanning
20:43:39.398 Disk 0 trace - called modules:
20:43:39.414 ntkrnlpa.exe CLASSPNP.SYS disk.sys iastor.sys hal.dll
20:43:39.414 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8583b1b0]
20:43:39.414 3 CLASSPNP.SYS[883a18b3] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x8447b028]
20:43:39.430 Scan finished successfully
20:43:53.251 Disk 0 MBR has been saved successfully to "C:\Users\Sarah\Desktop\MBR.dat"
20:43:53.251 The log file has been saved successfully to "C:\Users\Sarah\Desktop\aswMBR.txt"

Edited by LadyLecta, 11 February 2012 - 09:57 PM.


#14 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:06:38 AM

Posted 12 February 2012 - 11:45 PM

Hello,

At this point with no malware being left on the machine I think it has been a faulty driver or file that is missing.. I hate to say it but a reformat and reinstall is the only was to fix this since we don't know what Panda or Hitman removed. If your going to reformat and reinstall you can back up some stuff just make sure to follow these guidelines.

You can back up all your important documents, personal data files, photos to a CD or DVD drive, not a flash drive or external hard drive as they may become compromised in the process. The safest practice is not to backup any executable files (*.exe), screensavers (*.scr), autorun (.ini) or script files (.php, .asp, .htm, .html, .xml ) files because they may be infected by malware. Avoid backing up compressed files (.zip, .cab, .rar) that have executables inside them as some types of malware can penetrate compressed files and infect the .exe files within them. Other types of malware may even disguise itself by hiding a file extension or adding to the existing extension as shown here so be sure you look closely at the full file name. If you cannot see the file extension, you may need to reconfigure Windows to show file name extensions . Then make sure you scan the backed up data with your anti-virus prior to to copying it back to your hard drive.

If your CD/DVD drive is unusable, another word of caution if you are considering backing up to an external usb hard drive as your only alternative. External drives are more susceptible to infection and can become compromised in the process of backing up data. I'm not saying you should not try using such devices but I want to make you aware of all your options and associated risks so you can make an informed decision if its worth that risk.

Note:
Again, do not back up any data with the following file extensions: exe, .scr, .ini, .htm, .html, .php, .asp, .xml, .zip, .rar, .cab as they may be infected.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#15 LadyLecta

LadyLecta
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:38 AM

Posted 13 February 2012 - 10:23 AM

Alright. :( I was hoping not to have to reformat since my OS came pre-installed, so now I have to call HP to (hopefully) get them. But thank you for helping me. One last question: Do you know if something like Dropbox would keep viruses in the files it stores? And if so, would a scan with an antivirus do the trick?

Again, thank you for your help.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users