Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

rootkill virus, google redirecting


  • This topic is locked This topic is locked
28 replies to this topic

#1 MAMABOST

MAMABOST

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:06:56 AM

Posted 08 February 2012 - 10:24 PM

I have been dealing with this issue for a few months and I just did some checking on the internet and it looks like it might be a virus. When I do a google search and then click on a link, it redirects me to another website. Also on occasion when I am on a site such as facebook and click a link a new tab opens up and a website for work at home moms opens up which is very hard to close. I did have the windows 7 security warning virus right before this happened, but I thought I got rid of it with rkill and malwarebytes anti malware which I still have running on my computer.

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_24
Run by Janet at 21:25:31 on 2012-02-08
Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.3839.2471 [GMT -5:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Program Files (x86)\Common Files\iS3\Anti-Spyware\SZServer.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
C:\Windows\PixArt\Pac207\Monitor.exe
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\HpqSRmon.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\SysWOW64\ping.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.cfcc.edu/
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll
mURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll
mWinlogon: Userinit=c:\windows\syswow64\userinit.exe,
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: {e3215f20-3212-11d6-9f8b-00d0b743919d} - c:\program files (x86)\stopzilla!\sziebho.dll
BHO: Yontoo Layers: {fd72061e-9fde-484d-a58a-0bab4151cad8} - C:\Program Files (x86)\Yontoo Layers Runtime\YontooIEClient.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll
TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [Google Update] "C:\Users\Janet\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10t_Plugin.exe -update plugin
mRun: [dellsupportcenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
StartupFolder: C:\Users\Janet\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files (x86)\Dell\DellDock\DellDock.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\QUICKB~1.LNK - C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MIF5BA~1\Office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
TCP: DhcpNameServer = 192.168.2.1 192.168.2.1
TCP: Interfaces\{435EDEB3-C50B-4F7C-B7C0-2A546D8420BB} : DhcpNameServer = 192.168.2.1 192.168.2.1
TCP: Interfaces\{4F1A01B5-78F4-417A-9E54-3056B084BC7F} : DhcpNameServer = 192.168.2.1 192.168.2.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 consrv:ConServerDllInitialization,2 sxssrv,4
BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO-X64: HP Print Enhancer - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll
BHO-X64: Conduit Engine - No File
BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO-X64: Search Helper - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll
BHO-X64: Vuze Remote - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
c:\program files (x86)\stopzilla!\sziebho.dll
BHO-X64: Yontoo Layers: {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo Layers Runtime\YontooIEClient.dll
BHO-X64: Yontoo Layers - No File
BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
BHO-X64: HP Smart BHO Class - No File
TB-X64: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll
TB-X64: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [dellsupportcenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun-x64: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Janet\AppData\Roaming\Mozilla\Firefox\Profiles\s00oh97f.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
FF - prefs.js: keyword.URL - hxxp://search.bearshare.com/web?src=ffb&systemid=2&q=
FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\NPcol400.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\Sony\Reader\Data\bin\npebldetectmoz.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Janet\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: C:\Users\Janet\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Skype Click to Call: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true);user_pref(extentions.y2layers.installId, 9603426c-431e-438c-b277-8c7b7082045e
FF - user.js: extentions.y2layers.defaultEnableAppsList - Buzzdock,BuzzdockTease,DropDownDeals,BestVideoDownloader,BestVideoDownloader,
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;C:\Windows\system32\DRIVERS\Lbd.sys --> C:\Windows\system32\DRIVERS\Lbd.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atipmdag.sys --> C:\Windows\system32\DRIVERS\atipmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 PAC207;SoC PC-Camera;C:\Windows\system32\DRIVERS\PFC027.SYS --> C:\Windows\system32\DRIVERS\PFC027.SYS [?]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;C:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys [2010-8-14 17152]
S3 motccgp;Motorola USB Composite Device Driver;C:\Windows\system32\DRIVERS\motccgp.sys --> C:\Windows\system32\DRIVERS\motccgp.sys [?]
S3 motccgpfl;MotCcgpFlService;C:\Windows\system32\DRIVERS\motccgpfl.sys --> C:\Windows\system32\DRIVERS\motccgpfl.sys [?]
S3 motusbdevice;Motorola USB Dev Driver;C:\Windows\system32\DRIVERS\motusbdevice.sys --> C:\Windows\system32\DRIVERS\motusbdevice.sys [?]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
.
=============== Created Last 30 ================
.
2012-02-07 00:59:17 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-02-05 14:17:37 0 --sha-w- C:\Windows\System32\dds_trash_log.cmd
2012-01-23 15:01:06 -------- d-----w- C:\Users\Janet\AppData\Local\Deployment
2012-01-23 15:01:06 -------- d-----w- C:\Users\Janet\AppData\Local\Apps
.
==================== Find3M ====================
.
2011-12-20 03:45:49 715038 ----a-w- C:\Windows\unins000.exe
.
============= FINISH: 21:26:45.21 ===============
Attached File  ark.txt   35.94KB   0 downloadsAttached File  Attach.txt   10.19KB   0 downloads

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:56 AM

Posted 10 February 2012 - 02:14 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.
  • Do not run any other tool untill instructed to do so!


Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 MAMABOST

MAMABOST
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:06:56 AM

Posted 12 February 2012 - 02:40 PM

My computer keeps freezing when I do the combo fix. I have let it set as long as an hour and it stops after completing scan #2. I would give you a screen shot, but I have to restart my computer to be able to do anything on it. I have made sure that my malware programs are not running. I do not know what else to do, but my computer is running slower than ever and keeps freezing up on me. Please help.

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:56 AM

Posted 12 February 2012 - 04:19 PM

Hello

Ok lets try this, I want you to run combofix in safe mode but it is very important that when combofix reboots the computer for you to direct it back into safe mode so it can finish the scan.

Boot into Safe Mode

Reboot your computer in Safe Mode.
  • If the computer is running, shut down Windows, and then turn off the power.
  • Wait 30 seconds, and then turn the computer on.
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe Mode option is selected.
  • Press Enter. The computer then begins to start in Safe mode.
  • Login on your usual account.

after combofix has finished its scan please post the report back here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 MAMABOST

MAMABOST
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:06:56 AM

Posted 12 February 2012 - 10:52 PM

My computer has been running the scan in safe mode now for 7 hours. It is at the point where it completed stage 6. I'm concerned about how long this is taking. Should I just let it keep going? I am not posting from that computer, I have not touched it at all since it started scanning.

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:56 AM

Posted 12 February 2012 - 11:27 PM

that is very long but as long as it is progressing lets leave it alone - if it stops progressing then let me know


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 MAMABOST

MAMABOST
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:06:56 AM

Posted 13 February 2012 - 04:15 PM

I believe the progress has stopped.I let it run all night and at 7am this morning it had completed stage 7. Now at 4pm it is still at the same point. What now?

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:56 AM

Posted 14 February 2012 - 03:11 AM

hello stop it and run these


tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 MAMABOST

MAMABOST
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:06:56 AM

Posted 15 February 2012 - 12:56 PM

12:55:03.0046 1776 TDSS rootkit removing tool 2.7.12.0 Feb 11 2012 16:58:52
12:55:03.0638 1776 ============================================================
12:55:03.0638 1776 Current date / time: 2012/02/15 12:55:03.0638
12:55:03.0638 1776 SystemInfo:
12:55:03.0638 1776
12:55:03.0638 1776 OS Version: 6.1.7600 ServicePack: 0.0
12:55:03.0638 1776 Product type: Workstation
12:55:03.0638 1776 ComputerName: JANET-PC
12:55:03.0638 1776 UserName: Janet
12:55:03.0638 1776 Windows directory: C:\Windows
12:55:03.0638 1776 System windows directory: C:\Windows
12:55:03.0638 1776 Running under WOW64
12:55:03.0638 1776 Processor architecture: Intel x64
12:55:03.0638 1776 Number of processors: 2
12:55:03.0638 1776 Page size: 0x1000
12:55:03.0638 1776 Boot type: Safe boot with network
12:55:03.0638 1776 ============================================================
12:55:04.0824 1776 Drive \Device\Harddisk0\DR0 - Size: 0x3A35294400 (232.83 Gb), SectorSize: 0x200, Cylinders: 0x76BA, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
12:55:04.0824 1776 Drive \Device\Harddisk1\DR1 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
12:55:05.0308 1776 \Device\Harddisk0\DR0:
12:55:05.0308 1776 MBR used
12:55:05.0308 1776 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x27C3000
12:55:05.0308 1776 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x27D7000, BlocksNum 0x1A9D1800
12:55:05.0308 1776 \Device\Harddisk1\DR1:
12:55:05.0308 1776 MBR used
12:55:05.0308 1776 \Device\Harddisk1\DR1\Partition0: MBR, Type 0xC, StartLBA 0x3F, BlocksNum 0xDF93782
12:55:05.0323 1776 Initialize success
12:55:05.0323 1776 ============================================================
12:55:07.0055 1820 ============================================================
12:55:07.0055 1820 Scan started
12:55:07.0055 1820 Mode: Manual;
12:55:07.0055 1820 ============================================================
12:55:08.0022 1820 12434596 - ok
12:55:08.0084 1820 1394ohci (69aa89a20dee08bfa650aab6ce37bd10) C:\Windows\system32\DRIVERS\1394ohci.sys
12:55:08.0084 1820 1394ohci - ok
12:55:08.0162 1820 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
12:55:08.0162 1820 ACPI - ok
12:55:08.0178 1820 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
12:55:08.0178 1820 AcpiPmi - ok
12:55:08.0225 1820 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
12:55:08.0225 1820 adp94xx - ok
12:55:08.0240 1820 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
12:55:08.0240 1820 adpahci - ok
12:55:08.0256 1820 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
12:55:08.0256 1820 adpu320 - ok
12:55:08.0318 1820 AFD (6ef20ddf3172e97d69f596fb90602f29) C:\Windows\system32\drivers\afd.sys
12:55:08.0318 1820 AFD - ok
12:55:08.0365 1820 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
12:55:08.0365 1820 agp440 - ok
12:55:08.0443 1820 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
12:55:08.0443 1820 aliide - ok
12:55:08.0490 1820 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
12:55:08.0490 1820 amdide - ok
12:55:08.0537 1820 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
12:55:08.0537 1820 AmdK8 - ok
12:55:08.0724 1820 amdkmdag (9337b5fabc03ca44cd355f700da9b25b) C:\Windows\system32\DRIVERS\atipmdag.sys
12:55:08.0849 1820 amdkmdag - ok
12:55:08.0880 1820 amdkmdap (560688a447e7a87f43774a2ff23a3e52) C:\Windows\system32\DRIVERS\atikmpag.sys
12:55:08.0896 1820 amdkmdap - ok
12:55:08.0942 1820 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
12:55:08.0942 1820 AmdPPM - ok
12:55:09.0005 1820 amdsata (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\DRIVERS\amdsata.sys
12:55:09.0005 1820 amdsata - ok
12:55:09.0005 1820 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
12:55:09.0020 1820 amdsbs - ok
12:55:09.0020 1820 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\DRIVERS\amdxata.sys
12:55:09.0036 1820 amdxata - ok
12:55:09.0067 1820 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
12:55:09.0067 1820 AppID - ok
12:55:09.0161 1820 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
12:55:09.0161 1820 arc - ok
12:55:09.0176 1820 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
12:55:09.0176 1820 arcsas - ok
12:55:09.0254 1820 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
12:55:09.0254 1820 AsyncMac - ok
12:55:09.0286 1820 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
12:55:09.0286 1820 atapi - ok
12:55:09.0348 1820 AtiHdmiService (77c149e6d702737b2e372dee166faef8) C:\Windows\system32\drivers\AtiHdmi.sys
12:55:09.0348 1820 AtiHdmiService - ok
12:55:09.0395 1820 AtiPcie (7c5d273e29dcc5505469b299c6f29163) C:\Windows\system32\DRIVERS\AtiPcie.sys
12:55:09.0395 1820 AtiPcie - ok
12:55:09.0457 1820 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
12:55:09.0473 1820 b06bdrv - ok
12:55:09.0520 1820 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
12:55:09.0520 1820 b57nd60a - ok
12:55:09.0566 1820 BCM42RLY (e001dd475a7c27ebe5a0db45c11bad71) C:\Windows\system32\drivers\BCM42RLY.sys
12:55:09.0566 1820 BCM42RLY - ok
12:55:09.0676 1820 BCM43XX (37394d3553e220fb732c21e217e1bd8b) C:\Windows\system32\DRIVERS\bcmwl664.sys
12:55:09.0722 1820 BCM43XX - ok
12:55:09.0847 1820 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
12:55:09.0847 1820 Beep - ok
12:55:09.0910 1820 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
12:55:09.0910 1820 blbdrive - ok
12:55:09.0972 1820 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
12:55:09.0988 1820 bowser - ok
12:55:10.0019 1820 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
12:55:10.0019 1820 BrFiltLo - ok
12:55:10.0050 1820 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
12:55:10.0050 1820 BrFiltUp - ok
12:55:10.0097 1820 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
12:55:10.0097 1820 BridgeMP - ok
12:55:10.0144 1820 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
12:55:10.0144 1820 Brserid - ok
12:55:10.0159 1820 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
12:55:10.0159 1820 BrSerWdm - ok
12:55:10.0190 1820 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
12:55:10.0190 1820 BrUsbMdm - ok
12:55:10.0206 1820 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
12:55:10.0206 1820 BrUsbSer - ok
12:55:10.0237 1820 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
12:55:10.0237 1820 BTHMODEM - ok
12:55:10.0284 1820 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
12:55:10.0284 1820 cdfs - ok
12:55:10.0315 1820 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
12:55:10.0315 1820 cdrom - ok
12:55:10.0362 1820 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
12:55:10.0362 1820 circlass - ok
12:55:10.0393 1820 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
12:55:10.0409 1820 CLFS - ok
12:55:10.0471 1820 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
12:55:10.0471 1820 CmBatt - ok
12:55:10.0487 1820 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
12:55:10.0487 1820 cmdide - ok
12:55:10.0534 1820 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
12:55:10.0534 1820 CNG - ok
12:55:10.0596 1820 CnxtHdAudService (d2d11004e0d114b4a7c07fde6cebfcee) C:\Windows\system32\drivers\CHDRT64.sys
12:55:10.0612 1820 CnxtHdAudService - ok
12:55:10.0627 1820 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
12:55:10.0627 1820 Compbatt - ok
12:55:10.0658 1820 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
12:55:10.0658 1820 CompositeBus - ok
12:55:10.0690 1820 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
12:55:10.0690 1820 crcdisk - ok
12:55:10.0752 1820 CSC (4a6173c2279b498cd8f57cae504564cb) C:\Windows\system32\drivers\csc.sys
12:55:10.0752 1820 CSC - ok
12:55:10.0830 1820 dc3d (23d4b856725f5fc3c4f410c150ab107b) C:\Windows\system32\DRIVERS\dc3d.sys
12:55:10.0830 1820 dc3d - ok
12:55:10.0892 1820 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
12:55:10.0892 1820 DfsC - ok
12:55:10.0924 1820 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
12:55:10.0924 1820 discache - ok
12:55:10.0955 1820 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
12:55:10.0955 1820 Disk - ok
12:55:11.0080 1820 Dot4 (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys
12:55:11.0080 1820 Dot4 - ok
12:55:11.0111 1820 Dot4Print (85135ad27e79b689335c08167d917cde) C:\Windows\system32\DRIVERS\Dot4Prt.sys
12:55:11.0111 1820 Dot4Print - ok
12:55:11.0126 1820 dot4usb (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys
12:55:11.0126 1820 dot4usb - ok
12:55:11.0158 1820 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
12:55:11.0158 1820 drmkaud - ok
12:55:11.0220 1820 DXGKrnl (ebce0b0924835f635f620d19f0529dce) C:\Windows\System32\drivers\dxgkrnl.sys
12:55:11.0236 1820 DXGKrnl - ok
12:55:11.0345 1820 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
12:55:11.0407 1820 ebdrv - ok
12:55:11.0454 1820 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
12:55:11.0470 1820 elxstor - ok
12:55:11.0501 1820 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
12:55:11.0501 1820 ErrDev - ok
12:55:11.0532 1820 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
12:55:11.0532 1820 exfat - ok
12:55:11.0579 1820 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
12:55:11.0579 1820 fastfat - ok
12:55:11.0610 1820 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
12:55:11.0610 1820 fdc - ok
12:55:11.0657 1820 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
12:55:11.0657 1820 FileInfo - ok
12:55:11.0672 1820 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
12:55:11.0672 1820 Filetrace - ok
12:55:11.0688 1820 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
12:55:11.0688 1820 flpydisk - ok
12:55:11.0735 1820 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
12:55:11.0735 1820 FltMgr - ok
12:55:11.0766 1820 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
12:55:11.0766 1820 FsDepends - ok
12:55:11.0797 1820 fssfltr (6c06701bf1db05405804d7eb610991ce) C:\Windows\system32\DRIVERS\fssfltr.sys
12:55:11.0797 1820 fssfltr - ok
12:55:11.0813 1820 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
12:55:11.0813 1820 Fs_Rec - ok
12:55:11.0844 1820 fvevol (b8b2a6e1558f8f5de5ce431c5b2c7b09) C:\Windows\system32\DRIVERS\fvevol.sys
12:55:11.0844 1820 fvevol - ok
12:55:11.0891 1820 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
12:55:11.0891 1820 gagp30kx - ok
12:55:11.0922 1820 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
12:55:11.0922 1820 GEARAspiWDM - ok
12:55:12.0000 1820 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
12:55:12.0000 1820 hcw85cir - ok
12:55:12.0031 1820 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
12:55:12.0047 1820 HDAudBus - ok
12:55:12.0062 1820 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
12:55:12.0062 1820 HidBatt - ok
12:55:12.0078 1820 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
12:55:12.0078 1820 HidBth - ok
12:55:12.0125 1820 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
12:55:12.0125 1820 HidIr - ok
12:55:12.0172 1820 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
12:55:12.0172 1820 HidUsb - ok
12:55:12.0234 1820 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
12:55:12.0234 1820 HpSAMD - ok
12:55:12.0281 1820 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
12:55:12.0296 1820 HTTP - ok
12:55:12.0328 1820 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
12:55:12.0328 1820 hwpolicy - ok
12:55:12.0359 1820 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
12:55:12.0359 1820 i8042prt - ok
12:55:12.0390 1820 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys
12:55:12.0406 1820 iaStorV - ok
12:55:12.0437 1820 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
12:55:12.0437 1820 iirsp - ok
12:55:12.0499 1820 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
12:55:12.0499 1820 intelide - ok
12:55:12.0515 1820 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
12:55:12.0515 1820 intelppm - ok
12:55:12.0546 1820 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:55:12.0546 1820 IpFilterDriver - ok
12:55:12.0562 1820 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
12:55:12.0577 1820 IPMIDRV - ok
12:55:12.0593 1820 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
12:55:12.0593 1820 IPNAT - ok
12:55:12.0655 1820 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
12:55:12.0655 1820 IRENUM - ok
12:55:12.0655 1820 is3srv - ok
12:55:12.0686 1820 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
12:55:12.0686 1820 isapnp - ok
12:55:12.0702 1820 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
12:55:12.0702 1820 iScsiPrt - ok
12:55:12.0764 1820 k57nd60a (d85f3f18e44f7447b5f1ba5c85baeb7c) C:\Windows\system32\DRIVERS\k57nd60a.sys
12:55:12.0764 1820 k57nd60a - ok
12:55:12.0811 1820 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
12:55:12.0811 1820 kbdclass - ok
12:55:12.0827 1820 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
12:55:12.0827 1820 kbdhid - ok
12:55:12.0858 1820 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
12:55:12.0858 1820 KSecDD - ok
12:55:12.0905 1820 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
12:55:12.0905 1820 KSecPkg - ok
12:55:12.0952 1820 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
12:55:12.0952 1820 ksthunk - ok
12:55:13.0045 1820 Lavasoft Kernexplorer (9a7fa6371f68335fd3c3d6488bc5a9f8) C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys
12:55:13.0045 1820 Lavasoft Kernexplorer - ok
12:55:13.0108 1820 Lbd (3c46290f7a5d45ba6ef32c248e22aa69) C:\Windows\system32\DRIVERS\Lbd.sys
12:55:13.0108 1820 Lbd - ok
12:55:13.0154 1820 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
12:55:13.0154 1820 lltdio - ok
12:55:13.0201 1820 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
12:55:13.0201 1820 LSI_FC - ok
12:55:13.0232 1820 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
12:55:13.0232 1820 LSI_SAS - ok
12:55:13.0264 1820 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
12:55:13.0264 1820 LSI_SAS2 - ok
12:55:13.0279 1820 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
12:55:13.0279 1820 LSI_SCSI - ok
12:55:13.0326 1820 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
12:55:13.0326 1820 luafv - ok
12:55:13.0373 1820 MBAMProtector (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys
12:55:13.0373 1820 MBAMProtector - ok
12:55:13.0435 1820 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
12:55:13.0451 1820 megasas - ok
12:55:13.0498 1820 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
12:55:13.0513 1820 MegaSR - ok
12:55:13.0529 1820 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
12:55:13.0529 1820 Modem - ok
12:55:13.0560 1820 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
12:55:13.0560 1820 monitor - ok
12:55:13.0591 1820 motccgp (93f5adcad940111f6d4d71ae1d9ec7f6) C:\Windows\system32\DRIVERS\motccgp.sys
12:55:13.0607 1820 motccgp - ok
12:55:13.0622 1820 motccgpfl (d51e009baeda07ebc107d49d224c2414) C:\Windows\system32\DRIVERS\motccgpfl.sys
12:55:13.0622 1820 motccgpfl - ok
12:55:13.0669 1820 MotoSwitchService (ebd05f60cafc5bba2602b8d7101082d3) C:\Windows\system32\DRIVERS\motswch.sys
12:55:13.0669 1820 MotoSwitchService - ok
12:55:13.0716 1820 motusbdevice (307727f9829fb46ff4be0e4d1dac5002) C:\Windows\system32\DRIVERS\motusbdevice.sys
12:55:13.0716 1820 motusbdevice - ok
12:55:13.0747 1820 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
12:55:13.0747 1820 mouclass - ok
12:55:13.0778 1820 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
12:55:13.0778 1820 mouhid - ok
12:55:13.0810 1820 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
12:55:13.0810 1820 mountmgr - ok
12:55:13.0825 1820 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
12:55:13.0825 1820 mpio - ok
12:55:13.0841 1820 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
12:55:13.0856 1820 mpsdrv - ok
12:55:13.0903 1820 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
12:55:13.0903 1820 MRxDAV - ok
12:55:13.0934 1820 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
12:55:13.0934 1820 mrxsmb - ok
12:55:13.0981 1820 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:55:13.0981 1820 mrxsmb10 - ok
12:55:13.0997 1820 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:55:13.0997 1820 mrxsmb20 - ok
12:55:14.0028 1820 msahci (bccf16d5fb1109162380e3e28dc9e4e5) C:\Windows\system32\DRIVERS\msahci.sys
12:55:14.0028 1820 msahci - ok
12:55:14.0059 1820 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
12:55:14.0059 1820 msdsm - ok
12:55:14.0090 1820 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
12:55:14.0090 1820 Msfs - ok
12:55:14.0122 1820 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
12:55:14.0122 1820 mshidkmdf - ok
12:55:14.0137 1820 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
12:55:14.0137 1820 msisadrv - ok
12:55:14.0184 1820 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
12:55:14.0184 1820 MSKSSRV - ok
12:55:14.0215 1820 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
12:55:14.0215 1820 MSPCLOCK - ok
12:55:14.0231 1820 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
12:55:14.0231 1820 MSPQM - ok
12:55:14.0246 1820 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
12:55:14.0262 1820 MsRPC - ok
12:55:14.0278 1820 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
12:55:14.0278 1820 mssmbios - ok
12:55:14.0293 1820 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
12:55:14.0293 1820 MSTEE - ok
12:55:14.0309 1820 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
12:55:14.0309 1820 MTConfig - ok
12:55:14.0340 1820 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
12:55:14.0340 1820 Mup - ok
12:55:14.0387 1820 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
12:55:14.0387 1820 NativeWifiP - ok
12:55:14.0434 1820 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
12:55:14.0465 1820 NDIS - ok
12:55:14.0527 1820 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
12:55:14.0527 1820 NdisCap - ok
12:55:14.0574 1820 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
12:55:14.0574 1820 NdisTapi - ok
12:55:14.0605 1820 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
12:55:14.0605 1820 Ndisuio - ok
12:55:14.0621 1820 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
12:55:14.0621 1820 NdisWan - ok
12:55:14.0636 1820 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
12:55:14.0636 1820 NDProxy - ok
12:55:14.0683 1820 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
12:55:14.0683 1820 NetBIOS - ok
12:55:14.0699 1820 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
12:55:14.0714 1820 NetBT - ok
12:55:14.0761 1820 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
12:55:14.0777 1820 nfrd960 - ok
12:55:14.0792 1820 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
12:55:14.0792 1820 Npfs - ok
12:55:14.0824 1820 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
12:55:14.0839 1820 nsiproxy - ok
12:55:14.0886 1820 Ntfs (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys
12:55:14.0933 1820 Ntfs - ok
12:55:14.0948 1820 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
12:55:14.0948 1820 Null - ok
12:55:14.0980 1820 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys
12:55:14.0980 1820 nvraid - ok
12:55:14.0995 1820 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys
12:55:15.0011 1820 nvstor - ok
12:55:15.0026 1820 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
12:55:15.0026 1820 nv_agp - ok
12:55:15.0073 1820 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
12:55:15.0073 1820 ohci1394 - ok
12:55:15.0136 1820 PAC207 (3a6dceb1848470320e4a3c12d7a35b1c) C:\Windows\system32\DRIVERS\PFC027.SYS
12:55:15.0151 1820 PAC207 - ok
12:55:15.0182 1820 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
12:55:15.0182 1820 Parport - ok
12:55:15.0214 1820 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
12:55:15.0214 1820 partmgr - ok
12:55:15.0245 1820 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
12:55:15.0245 1820 pci - ok
12:55:15.0292 1820 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
12:55:15.0292 1820 pciide - ok
12:55:15.0307 1820 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
12:55:15.0307 1820 pcmcia - ok
12:55:15.0323 1820 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
12:55:15.0338 1820 pcw - ok
12:55:15.0370 1820 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
12:55:15.0385 1820 PEAUTH - ok
12:55:15.0541 1820 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
12:55:15.0541 1820 PptpMiniport - ok
12:55:15.0557 1820 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
12:55:15.0557 1820 Processor - ok
12:55:15.0619 1820 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
12:55:15.0619 1820 Psched - ok
12:55:15.0682 1820 PxHlpa64 (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys
12:55:15.0682 1820 PxHlpa64 - ok
12:55:15.0728 1820 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
12:55:15.0760 1820 ql2300 - ok
12:55:15.0775 1820 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
12:55:15.0791 1820 ql40xx - ok
12:55:15.0822 1820 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
12:55:15.0822 1820 QWAVEdrv - ok
12:55:15.0853 1820 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
12:55:15.0853 1820 RasAcd - ok
12:55:15.0884 1820 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
12:55:15.0884 1820 RasAgileVpn - ok
12:55:15.0931 1820 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
12:55:15.0931 1820 Rasl2tp - ok
12:55:15.0947 1820 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
12:55:15.0947 1820 RasPppoe - ok
12:55:15.0978 1820 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
12:55:15.0978 1820 RasSstp - ok
12:55:16.0009 1820 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
12:55:16.0009 1820 rdbss - ok
12:55:16.0025 1820 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
12:55:16.0025 1820 rdpbus - ok
12:55:16.0056 1820 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
12:55:16.0056 1820 RDPCDD - ok
12:55:16.0087 1820 RDPDR (9706b84dbabfc4b4ca46c5a82b14dfa3) C:\Windows\system32\drivers\rdpdr.sys
12:55:16.0087 1820 RDPDR - ok
12:55:16.0118 1820 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
12:55:16.0118 1820 RDPENCDD - ok
12:55:16.0150 1820 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
12:55:16.0150 1820 RDPREFMP - ok
12:55:16.0181 1820 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
12:55:16.0181 1820 RDPWD - ok
12:55:16.0228 1820 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
12:55:16.0228 1820 rdyboost - ok
12:55:16.0290 1820 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
12:55:16.0290 1820 rspndr - ok
12:55:16.0337 1820 RSUSBSTOR (652bb6db6397757e45dcd513692cee0e) C:\Windows\system32\Drivers\RtsUStor.sys
12:55:16.0337 1820 RSUSBSTOR - ok
12:55:16.0368 1820 s3cap (88af6e02ab19df7fd07ecdf9c91e9af6) C:\Windows\system32\DRIVERS\vms3cap.sys
12:55:16.0368 1820 s3cap - ok
12:55:16.0399 1820 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
12:55:16.0399 1820 sbp2port - ok
12:55:16.0415 1820 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
12:55:16.0415 1820 scfilter - ok
12:55:16.0493 1820 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
12:55:16.0493 1820 secdrv - ok
12:55:16.0540 1820 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
12:55:16.0540 1820 Serenum - ok
12:55:16.0571 1820 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
12:55:16.0571 1820 Serial - ok
12:55:16.0618 1820 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
12:55:16.0618 1820 sermouse - ok
12:55:16.0649 1820 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
12:55:16.0649 1820 sffdisk - ok
12:55:16.0680 1820 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
12:55:16.0680 1820 sffp_mmc - ok
12:55:16.0696 1820 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\DRIVERS\sffp_sd.sys
12:55:16.0696 1820 sffp_sd - ok
12:55:16.0711 1820 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
12:55:16.0711 1820 sfloppy - ok
12:55:16.0774 1820 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
12:55:16.0774 1820 SiSRaid2 - ok
12:55:16.0789 1820 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
12:55:16.0789 1820 SiSRaid4 - ok
12:55:16.0820 1820 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
12:55:16.0820 1820 Smb - ok
12:55:16.0898 1820 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
12:55:16.0898 1820 spldr - ok
12:55:16.0961 1820 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
12:55:16.0976 1820 srv - ok
12:55:17.0008 1820 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
12:55:17.0023 1820 srv2 - ok
12:55:17.0054 1820 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
12:55:17.0054 1820 srvnet - ok
12:55:17.0101 1820 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
12:55:17.0117 1820 stexstor - ok
12:55:17.0164 1820 storflt (ffd7a6f15b14234b5b0e5d49e7961895) C:\Windows\system32\DRIVERS\vmstorfl.sys
12:55:17.0164 1820 storflt - ok
12:55:17.0195 1820 storvsc (8fccbefc5c440b3c23454656e551b09a) C:\Windows\system32\DRIVERS\storvsc.sys
12:55:17.0195 1820 storvsc - ok
12:55:17.0226 1820 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
12:55:17.0226 1820 swenum - ok
12:55:17.0257 1820 szkg5 - ok
12:55:17.0366 1820 Tcpip (b9d87c7707f058ac652a398cd28de14b) C:\Windows\system32\drivers\tcpip.sys
12:55:17.0413 1820 Tcpip - ok
12:55:17.0476 1820 TCPIP6 (b9d87c7707f058ac652a398cd28de14b) C:\Windows\system32\DRIVERS\tcpip.sys
12:55:17.0491 1820 TCPIP6 - ok
12:55:17.0538 1820 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
12:55:17.0538 1820 tcpipreg - ok
12:55:17.0569 1820 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
12:55:17.0569 1820 TDPIPE - ok
12:55:17.0585 1820 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
12:55:17.0585 1820 TDTCP - ok
12:55:17.0600 1820 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
12:55:17.0600 1820 tdx - ok
12:55:17.0632 1820 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
12:55:17.0632 1820 TermDD - ok
12:55:17.0678 1820 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
12:55:17.0678 1820 tssecsrv - ok
12:55:17.0710 1820 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
12:55:17.0725 1820 tunnel - ok
12:55:17.0725 1820 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
12:55:17.0725 1820 uagp35 - ok
12:55:17.0788 1820 udfs (31ba4a33afab6a69ea092b18017f737f) C:\Windows\system32\DRIVERS\udfs.sys
12:55:17.0788 1820 udfs - ok
12:55:17.0819 1820 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
12:55:17.0834 1820 uliagpkx - ok
12:55:17.0866 1820 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
12:55:17.0881 1820 umbus - ok
12:55:17.0897 1820 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
12:55:17.0897 1820 UmPass - ok
12:55:17.0944 1820 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys
12:55:17.0944 1820 usbccgp - ok
12:55:17.0959 1820 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
12:55:17.0959 1820 usbcir - ok
12:55:17.0975 1820 usbehci (cb490987a7f6928a04bb838e3bd8a936) C:\Windows\system32\DRIVERS\usbehci.sys
12:55:17.0975 1820 usbehci - ok
12:55:18.0022 1820 usbhub (18124ef0a881a00ee222d02a3ee30270) C:\Windows\system32\DRIVERS\usbhub.sys
12:55:18.0022 1820 usbhub - ok
12:55:18.0037 1820 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
12:55:18.0037 1820 usbohci - ok
12:55:18.0053 1820 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
12:55:18.0053 1820 usbprint - ok
12:55:18.0084 1820 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
12:55:18.0100 1820 usbscan - ok
12:55:18.0115 1820 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS
12:55:18.0115 1820 USBSTOR - ok
12:55:18.0131 1820 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
12:55:18.0131 1820 usbuhci - ok
12:55:18.0162 1820 usb_rndisx (70d05ee263568a742d14e1876df80532) C:\Windows\system32\DRIVERS\usb8023x.sys
12:55:18.0162 1820 usb_rndisx - ok
12:55:18.0209 1820 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
12:55:18.0209 1820 vdrvroot - ok
12:55:18.0224 1820 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
12:55:18.0224 1820 vga - ok
12:55:18.0256 1820 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
12:55:18.0256 1820 VgaSave - ok
12:55:18.0271 1820 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
12:55:18.0287 1820 vhdmp - ok
12:55:18.0334 1820 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
12:55:18.0334 1820 viaide - ok
12:55:18.0365 1820 vmbus (1501699d7eda984abc4155a7da5738d1) C:\Windows\system32\DRIVERS\vmbus.sys
12:55:18.0365 1820 vmbus - ok
12:55:18.0396 1820 VMBusHID (ae10c35761889e65a6f7176937c5592c) C:\Windows\system32\DRIVERS\VMBusHID.sys
12:55:18.0396 1820 VMBusHID - ok
12:55:18.0412 1820 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
12:55:18.0412 1820 volmgr - ok
12:55:18.0443 1820 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
12:55:18.0443 1820 volmgrx - ok
12:55:18.0490 1820 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
12:55:18.0490 1820 volsnap - ok
12:55:18.0521 1820 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
12:55:18.0521 1820 vsmraid - ok
12:55:18.0568 1820 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
12:55:18.0568 1820 vwifibus - ok
12:55:18.0583 1820 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
12:55:18.0599 1820 vwififlt - ok
12:55:18.0646 1820 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
12:55:18.0646 1820 WacomPen - ok
12:55:18.0677 1820 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
12:55:18.0677 1820 WANARP - ok
12:55:18.0708 1820 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
12:55:18.0708 1820 Wanarpv6 - ok
12:55:18.0755 1820 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
12:55:18.0755 1820 Wd - ok
12:55:18.0802 1820 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
12:55:18.0817 1820 Wdf01000 - ok
12:55:18.0895 1820 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
12:55:18.0911 1820 WfpLwf - ok
12:55:18.0958 1820 WimFltr (b14ef15bd757fa488f9c970eee9c0d35) C:\Windows\system32\DRIVERS\wimfltr.sys
12:55:18.0958 1820 WimFltr - ok
12:55:18.0973 1820 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
12:55:18.0973 1820 WIMMount - ok
12:55:19.0098 1820 WinUsb (4d52c872018af7e18d078978dcc3f6f2) C:\Windows\system32\DRIVERS\WinUsb.sys
12:55:19.0114 1820 WinUsb - ok
12:55:19.0192 1820 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
12:55:19.0192 1820 WmiAcpi - ok
12:55:19.0238 1820 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
12:55:19.0238 1820 ws2ifsl - ok
12:55:19.0301 1820 WudfPf (c63907207b837a5c05cf6d1606aa0008) C:\Windows\system32\drivers\WudfPf.sys
12:55:19.0301 1820 WudfPf - ok
12:55:19.0332 1820 WUDFRd (d885a873d733020f8b9b9ff4b1666158) C:\Windows\system32\DRIVERS\WUDFRd.sys
12:55:19.0348 1820 WUDFRd - ok
12:55:19.0394 1820 MBR (0x1B8) (cdb4de4bbd714f152979da2dcbef57eb) \Device\Harddisk0\DR0
12:55:19.0457 1820 \Device\Harddisk0\DR0 - ok
12:55:19.0457 1820 MBR (0x1B8) (ce554f27bef456dabcc3651c40f92732) \Device\Harddisk1\DR1
12:55:20.0284 1820 \Device\Harddisk1\DR1 - ok
12:55:20.0284 1820 Boot (0x1200) (526b821c4a94aed195983aaa1d0aaf23) \Device\Harddisk0\DR0\Partition0
12:55:20.0284 1820 \Device\Harddisk0\DR0\Partition0 - ok
12:55:20.0299 1820 Boot (0x1200) (54674717da321b4e8fe4ca288c7caefb) \Device\Harddisk0\DR0\Partition1
12:55:20.0299 1820 \Device\Harddisk0\DR0\Partition1 - ok
12:55:20.0315 1820 Boot (0x1200) (1a34adb4b3ef1d742b873db6e70dbb68) \Device\Harddisk1\DR1\Partition0
12:55:20.0315 1820 \Device\Harddisk1\DR1\Partition0 - ok
12:55:20.0315 1820 ============================================================
12:55:20.0315 1820 Scan finished
12:55:20.0315 1820 ============================================================
12:55:20.0330 1812 Detected object count: 0
12:55:20.0330 1812 Actual detected object count: 0

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:56 AM

Posted 15 February 2012 - 01:01 PM

OK let me have the aswMBR Report


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 MAMABOST

MAMABOST
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:06:56 AM

Posted 15 February 2012 - 01:05 PM

It's running

#12 MAMABOST

MAMABOST
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:06:56 AM

Posted 15 February 2012 - 01:11 PM

aswMBR version 0.9.9.1532 Copyright© 2011 AVAST Software
Run date: 2012-02-15 12:56:44
-----------------------------
12:56:44.353 OS Version: Windows x64 6.1.7600
12:56:44.353 Number of processors: 2 586 0x6B02
12:56:44.369 ComputerName: JANET-PC UserName: Janet
12:56:46.444 Initialize success
12:57:49.468 AVAST engine defs: 12021500
12:57:53.898 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
12:57:53.914 Disk 0 Vendor: WDC_WD2500AAJS-75M0A0 02.03E02 Size: 238418MB BusType: 11
12:57:53.929 Disk 0 MBR read successfully
12:57:53.929 Disk 0 MBR scan
12:57:53.945 Disk 0 Windows VISTA default MBR code
12:57:53.945 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
12:57:53.960 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 20358 MB offset 81920
12:57:53.992 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 218019 MB offset 41775104
12:57:54.007 Service scanning
12:57:55.895 Modules scanning
12:57:55.895 Disk 0 trace - called modules:
12:57:55.910 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
12:57:55.957 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004626060]
12:57:55.957 3 CLASSPNP.SYS[fffff880018c943f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8004597680]
12:57:57.158 AVAST engine scan C:\Windows
12:58:00.029 AVAST engine scan C:\Windows\system32
12:58:13.554 File: C:\Windows\system32\consrv.dll **INFECTED** Win32:Sirefef-HO [Rtk]
13:00:22.364 File: C:\Windows\assembly\GAC_32\Desktop.ini **INFECTED** Win32:Sirefef-FQ [Drp]
13:00:25.016 File: C:\Windows\assembly\GAC_64\Desktop.ini **INFECTED** Win32:Sirefef-HO [Rtk]
13:02:23.196 File: C:\Windows\assembly\temp\U\80000004.@ **INFECTED** Win64:ZAccess-A [Trj]
13:02:23.287 File: C:\Windows\assembly\temp\U\80000032.@ **INFECTED** Win32:DNSChanger-VJ [Trj]
13:02:23.740 File: C:\Windows\assembly\tmp\TF1N9VH3\IEExecRemote.dll **SUSPICIOUS**
13:02:23.773 File: C:\Windows\assembly\tmp\TF1N9VH3\__AssemblyInfo__.ini **SUSPICIOUS**
13:02:24.258 AVAST engine scan C:\Windows\system32\drivers
13:02:36.449 AVAST engine scan C:\Users\Janet
13:08:25.579 AVAST engine scan C:\ProgramData
13:10:12.813 Scan finished successfully
13:10:27.236 Disk 0 MBR has been saved successfully to "C:\Users\Janet\Desktop\MBR.dat"
13:10:27.286 The log file has been saved successfully to "C:\Users\Janet\Desktop\aswMBR.txt"

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:56 AM

Posted 15 February 2012 - 01:30 PM

:Avenger by Swandog:

  • Download Avenger by Swandog and unzip it to your Desktop.

    Note: This program must be run from an account with Administrator priviledges.

  • Open the Avenger folder and double click Avenger.exe to launch the programme.
  • Copy the text in the code box below and Paste it into the Input script here: box.
Files to replace with dummy:
C:\Windows\system32\consrv.dll

Files to delete:
C:\Windows\assembly\GAC_32\Desktop.ini
C:\Windows\assembly\GAC_64\Desktop.ini

Folders to delete:
C:\Windows\assembly\temp\U
C:\Windows\assembly\tmp\TF1N9VH3

  • Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

  • Ensure the following:
    • Scan for Rootkits is checked.
    • Automatically disable any rootkits found is Unchecked.
  • Press the Execute key.
  • Avenger will now process the script you've pasted (this may involve more than one re-boot), when finished it will produce a log file.
  • Post the log back here please. (it can also be found at C:\avenger.txt)

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 MAMABOST

MAMABOST
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:06:56 AM

Posted 15 February 2012 - 02:54 PM

Should I see avenger running? I input the code and it asked to reboot so I let it and nothing happened. I then did it all again and still nothing happened. The log is not on the C drive.

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:56 AM

Posted 15 February 2012 - 03:00 PM

rerun aswMBR and send me the report



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users