Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Fake Svchost.exe (winrscmde.exe)


  • Please log in to reply
8 replies to this topic

#1 Lucidus

Lucidus

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:04:49 AM

Posted 16 February 2012 - 07:59 PM

Hi, I'm running Windows 7 64 Bit, and I was infected with a virus last night. Upon infection, my computer immediately restarted on its own (AVG didn't even try to warn me that something was up, and it usually does). When the computer booted up again, I found that I seemingly couldn't run any programs (I noticed something was up when the volume and the battery monitor were the only icons on the task bar next to the clock). I brought up the task manager to see what was happening. I found that, when I would try to run Firefox for example, the process would appear for just a split second, and then disappear. I also noticed another process appearing and disappearing when I'd try to run Firefox: WerFault.exe

I decided to try booting up in safe mode. Nothing changed, except that the firefox.exe would stick around for a little longer before being terminated. I then noticed that, separate from all the normally present svchost.exe processes, at the bottom of the task manager, there was another svchost.exe. This one seemed to be a 32 bit process. I right clicked it, and chose "Open File Location." I was brought to C:/Windows where I found a file called Svchost.exe. I looked in the file description, and found that it was internally labeled as winrscmde.exe

Using a friend's computer, I searched some forums and found that others have had this problem before. Some people, though, just reported slowdown, and were still able to run their programs. I tried downloading TDSKKill.exe, ComboFix.exe, Malwarebytes Antimalware, and anything else that had worked for others before, but none of the programs would run. Of course AVG wouldn't run, nor would Ad Aware.

In safe mode, I tried running the AVG command line scanner. It did detect a trojan downloader (it was somewhere in my users/appdata/sun/java folder). I navigated to the specified file and deleted it without a problem, but it didn't seem to help. After that, the command line scanner wouldn't find anything.

At this point, I found somebody else who had had the winrscmde.exe virus, and who had been seemingly unable to run any applications. He said that after trying out a few things, he discovered that he was able to run 64 bit applications, but not 32 bit ones. I decided to try and run Internet Explorer (x64), and it WORKED! However, most attempts to visit websites would result in me being redirected to "asdvd.info" "gimmeanswers.org" or a number of other seemingly untrustworthy sites.

So, I seem to be at a dead end. I can't get anything running that might provide me with a log. What do I do?

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:04:49 AM

Posted 16 February 2012 - 10:47 PM

Create a new USER account with admin privileges and try to run these tools

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)


Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

#3 bobwiley

bobwiley

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:03:49 AM

Posted 17 February 2012 - 12:39 AM

I also have the problem of being redirected to "asdvd.info" "gimmeanswers.org" and a number of other seemingly untrustworthy sites. I did exactly what you said above but still having the same problem.

Here are my log files. Thanks for your help.

23:18:53.0785 5568 TDSS rootkit removing tool 2.7.13.0 Feb 15 2012 19:33:14
23:18:54.0237 5568 ============================================================
23:18:54.0237 5568 Current date / time: 2012/02/16 23:18:54.0237
23:18:54.0237 5568 SystemInfo:
23:18:54.0237 5568
23:18:54.0237 5568 OS Version: 6.1.7601 ServicePack: 1.0
23:18:54.0237 5568 Product type: Workstation
23:18:54.0237 5568 ComputerName:
23:18:54.0237 5568 UserName: DK
23:18:54.0237 5568 Windows directory: C:\Windows
23:18:54.0237 5568 System windows directory: C:\Windows
23:18:54.0237 5568 Running under WOW64
23:18:54.0237 5568 Processor architecture: Intel x64
23:18:54.0237 5568 Number of processors: 2
23:18:54.0237 5568 Page size: 0x1000
23:18:54.0237 5568 Boot type: Normal boot
23:18:54.0237 5568 ============================================================
23:18:54.0440 5568 Drive \Device\Harddisk4\DR4 - Size: 0x1FFFFFE00 (8.00 Gb), SectorSize: 0x200, Cylinders: 0x414, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
23:18:54.0456 5568 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
23:18:54.0456 5568 Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
23:18:54.0456 5568 Drive \Device\Harddisk2\DR2 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xEC93D, SectorsPerTrack: 0x3F, TracksPerCylinder: 0x10, Type 'K0', Flags 0x00000040
23:18:54.0456 5568 Drive \Device\Harddisk3\DR3 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0xD72C, SectorsPerTrack: 0x13, TracksPerCylinder: 0xE0, Type 'K0', Flags 0x00000040
23:18:54.0471 5568 \Device\Harddisk4\DR4:
23:18:54.0471 5568 Invalid mbr signature
23:18:54.0471 5568 \Device\Harddisk0\DR0:
23:18:54.0471 5568 MBR used
23:18:54.0471 5568 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A384C02
23:18:54.0471 5568 \Device\Harddisk1\DR1:
23:18:54.0471 5568 MBR used
23:18:54.0471 5568 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x74705982
23:18:54.0471 5568 \Device\Harddisk2\DR2:
23:18:54.0471 5568 MBR used
23:18:54.0471 5568 \Device\Harddisk2\DR2\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A385421
23:18:54.0471 5568 \Device\Harddisk3\DR3:
23:18:54.0487 5568 MBR used
23:18:54.0487 5568 \Device\Harddisk3\DR3\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
23:18:54.0487 5568 \Device\Harddisk3\DR3\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xDF61800
23:18:54.0549 5568 Initialize success
23:18:54.0549 5568 ============================================================
23:19:02.0505 5580 ============================================================
23:19:02.0505 5580 Scan started
23:19:02.0505 5580 Mode: Manual; TDLFS;
23:19:02.0505 5580 ============================================================
23:19:02.0864 5580 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
23:19:02.0864 5580 1394ohci - ok
23:19:02.0880 5580 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
23:19:02.0880 5580 ACPI - ok
23:19:02.0880 5580 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
23:19:02.0895 5580 AcpiPmi - ok
23:19:02.0895 5580 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
23:19:02.0911 5580 adp94xx - ok
23:19:02.0911 5580 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
23:19:02.0911 5580 adpahci - ok
23:19:02.0927 5580 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
23:19:02.0927 5580 adpu320 - ok
23:19:02.0942 5580 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
23:19:02.0942 5580 AFD - ok
23:19:02.0958 5580 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
23:19:02.0958 5580 agp440 - ok
23:19:02.0958 5580 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
23:19:02.0958 5580 aliide - ok
23:19:02.0973 5580 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
23:19:02.0973 5580 amdide - ok
23:19:02.0973 5580 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
23:19:02.0973 5580 AmdK8 - ok
23:19:02.0989 5580 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
23:19:02.0989 5580 AmdPPM - ok
23:19:02.0989 5580 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
23:19:02.0989 5580 amdsata - ok
23:19:03.0005 5580 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
23:19:03.0005 5580 amdsbs - ok
23:19:03.0020 5580 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
23:19:03.0020 5580 amdxata - ok
23:19:03.0020 5580 AnyDVD (7ce7d6019d0d73f9203ba4ff4ba35b6a) C:\Windows\system32\Drivers\AnyDVD.sys
23:19:03.0020 5580 AnyDVD - ok
23:19:03.0036 5580 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
23:19:03.0036 5580 AppID - ok
23:19:03.0051 5580 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
23:19:03.0051 5580 arc - ok
23:19:03.0051 5580 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
23:19:03.0051 5580 arcsas - ok
23:19:03.0067 5580 ASPI32 - ok
23:19:03.0067 5580 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
23:19:03.0067 5580 AsyncMac - ok
23:19:03.0083 5580 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
23:19:03.0083 5580 atapi - ok
23:19:03.0083 5580 Avgfwfd (96b4456f1dca4eda506ed31c7d2d6b05) C:\Windows\system32\DRIVERS\avgfwd6a.sys
23:19:03.0083 5580 Avgfwfd - ok
23:19:03.0098 5580 AVGIDSDriver (e29ea1a0ec7ab9fa2dc7e75a03f12a4f) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
23:19:03.0098 5580 AVGIDSDriver - ok
23:19:03.0114 5580 AVGIDSEH (f823d184b8e8ffb8da3ead45dbf5bd6a) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
23:19:03.0114 5580 AVGIDSEH - ok
23:19:03.0114 5580 AVGIDSFilter (ed2b25bd7fe35d1944211968842d30da) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
23:19:03.0114 5580 AVGIDSFilter - ok
23:19:03.0129 5580 Avgldx64 (979cf8912449a10b987218bff80a1fa3) C:\Windows\system32\DRIVERS\avgldx64.sys
23:19:03.0129 5580 Avgldx64 - ok
23:19:03.0129 5580 Avgmfx64 (36b1a5843695766eac714daffc5b84d1) C:\Windows\system32\DRIVERS\avgmfx64.sys
23:19:03.0129 5580 Avgmfx64 - ok
23:19:03.0145 5580 Avgrkx64 (1102239fb724527f1febbbbccf6bf313) C:\Windows\system32\DRIVERS\avgrkx64.sys
23:19:03.0145 5580 Avgrkx64 - ok
23:19:03.0161 5580 Avgtdia (11f36d3ea82d9db9aa05a476a210551b) C:\Windows\system32\DRIVERS\avgtdia.sys
23:19:03.0161 5580 Avgtdia - ok
23:19:03.0176 5580 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
23:19:03.0176 5580 b06bdrv - ok
23:19:03.0192 5580 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
23:19:03.0192 5580 b57nd60a - ok
23:19:03.0192 5580 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
23:19:03.0192 5580 Beep - ok
23:19:03.0207 5580 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
23:19:03.0207 5580 blbdrive - ok
23:19:03.0223 5580 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
23:19:03.0223 5580 bowser - ok
23:19:03.0223 5580 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
23:19:03.0223 5580 BrFiltLo - ok
23:19:03.0239 5580 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
23:19:03.0239 5580 BrFiltUp - ok
23:19:03.0254 5580 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
23:19:03.0254 5580 Brserid - ok
23:19:03.0254 5580 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
23:19:03.0254 5580 BrSerWdm - ok
23:19:03.0270 5580 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
23:19:03.0270 5580 BrUsbMdm - ok
23:19:03.0270 5580 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
23:19:03.0270 5580 BrUsbSer - ok
23:19:03.0285 5580 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
23:19:03.0285 5580 BTHMODEM - ok
23:19:03.0301 5580 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
23:19:03.0301 5580 cdfs - ok
23:19:03.0317 5580 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
23:19:03.0317 5580 cdrom - ok
23:19:03.0317 5580 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
23:19:03.0317 5580 circlass - ok
23:19:03.0332 5580 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
23:19:03.0332 5580 CLFS - ok
23:19:03.0348 5580 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
23:19:03.0348 5580 CmBatt - ok
23:19:03.0363 5580 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
23:19:03.0363 5580 cmdide - ok
23:19:03.0379 5580 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
23:19:03.0379 5580 CNG - ok
23:19:03.0379 5580 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
23:19:03.0379 5580 Compbatt - ok
23:19:03.0395 5580 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
23:19:03.0395 5580 CompositeBus - ok
23:19:03.0395 5580 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
23:19:03.0395 5580 crcdisk - ok
23:19:03.0410 5580 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
23:19:03.0426 5580 CSC - ok
23:19:03.0441 5580 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
23:19:03.0441 5580 DfsC - ok
23:19:03.0441 5580 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
23:19:03.0441 5580 discache - ok
23:19:03.0457 5580 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
23:19:03.0457 5580 Disk - ok
23:19:03.0473 5580 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
23:19:03.0473 5580 drmkaud - ok
23:19:03.0488 5580 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
23:19:03.0504 5580 DXGKrnl - ok
23:19:03.0535 5580 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
23:19:03.0551 5580 ebdrv - ok
23:19:03.0566 5580 ElbyCDIO (a05fc7eca0966ebb70e4d17b855a853b) C:\Windows\system32\Drivers\ElbyCDIO.sys
23:19:03.0566 5580 ElbyCDIO - ok
23:19:03.0582 5580 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
23:19:03.0582 5580 elxstor - ok
23:19:03.0597 5580 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
23:19:03.0597 5580 ErrDev - ok
23:19:03.0613 5580 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
23:19:03.0613 5580 exfat - ok
23:19:03.0629 5580 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
23:19:03.0629 5580 fastfat - ok
23:19:03.0629 5580 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
23:19:03.0629 5580 fdc - ok
23:19:03.0644 5580 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
23:19:03.0644 5580 FileInfo - ok
23:19:03.0644 5580 FileMonitor (060cc45cecae2feaff9c8c52d8fafaa8) C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys
23:19:03.0644 5580 FileMonitor - ok
23:19:03.0660 5580 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
23:19:03.0660 5580 Filetrace - ok
23:19:03.0675 5580 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
23:19:03.0675 5580 flpydisk - ok
23:19:03.0675 5580 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
23:19:03.0675 5580 FltMgr - ok
23:19:03.0691 5580 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
23:19:03.0691 5580 FsDepends - ok
23:19:03.0707 5580 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
23:19:03.0707 5580 Fs_Rec - ok
23:19:03.0707 5580 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
23:19:03.0707 5580 fvevol - ok
23:19:03.0722 5580 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
23:19:03.0722 5580 gagp30kx - ok
23:19:03.0738 5580 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
23:19:03.0738 5580 GEARAspiWDM - ok
23:19:03.0738 5580 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
23:19:03.0738 5580 hcw85cir - ok
23:19:03.0753 5580 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
23:19:03.0753 5580 HdAudAddService - ok
23:19:03.0769 5580 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
23:19:03.0769 5580 HDAudBus - ok
23:19:03.0769 5580 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
23:19:03.0769 5580 HidBatt - ok
23:19:03.0785 5580 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
23:19:03.0785 5580 HidBth - ok
23:19:03.0785 5580 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
23:19:03.0785 5580 HidIr - ok
23:19:03.0800 5580 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
23:19:03.0800 5580 HidUsb - ok
23:19:03.0816 5580 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
23:19:03.0816 5580 HpSAMD - ok
23:19:03.0831 5580 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
23:19:03.0831 5580 HTTP - ok
23:19:03.0847 5580 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
23:19:03.0847 5580 hwpolicy - ok
23:19:03.0847 5580 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
23:19:03.0847 5580 i8042prt - ok
23:19:03.0863 5580 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
23:19:03.0863 5580 iaStorV - ok
23:19:03.0878 5580 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
23:19:03.0878 5580 iirsp - ok
23:19:03.0909 5580 IntcAzAudAddService (d42d651676883181400e22957a7e0b1e) C:\Windows\system32\drivers\RTKVHD64.sys
23:19:03.0925 5580 IntcAzAudAddService - ok
23:19:03.0925 5580 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
23:19:03.0925 5580 intelide - ok
23:19:03.0941 5580 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
23:19:03.0941 5580 intelppm - ok
23:19:03.0941 5580 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
23:19:03.0941 5580 IpFilterDriver - ok
23:19:03.0956 5580 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
23:19:03.0956 5580 IPMIDRV - ok
23:19:03.0972 5580 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
23:19:03.0972 5580 IPNAT - ok
23:19:03.0972 5580 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
23:19:03.0972 5580 IRENUM - ok
23:19:03.0987 5580 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
23:19:03.0987 5580 isapnp - ok
23:19:04.0003 5580 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
23:19:04.0003 5580 iScsiPrt - ok
23:19:04.0003 5580 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
23:19:04.0003 5580 kbdclass - ok
23:19:04.0019 5580 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
23:19:04.0019 5580 kbdhid - ok
23:19:04.0019 5580 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
23:19:04.0034 5580 KSecDD - ok
23:19:04.0034 5580 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
23:19:04.0034 5580 KSecPkg - ok
23:19:04.0050 5580 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
23:19:04.0050 5580 ksthunk - ok
23:19:04.0050 5580 L1E (2ac603c3188c704cfce353659aa7ad71) C:\Windows\system32\DRIVERS\L1E62x64.sys
23:19:04.0050 5580 L1E - ok
23:19:04.0065 5580 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
23:19:04.0065 5580 lltdio - ok
23:19:04.0081 5580 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
23:19:04.0081 5580 LSI_FC - ok
23:19:04.0097 5580 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
23:19:04.0097 5580 LSI_SAS - ok
23:19:04.0097 5580 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
23:19:04.0097 5580 LSI_SAS2 - ok
23:19:04.0112 5580 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
23:19:04.0112 5580 LSI_SCSI - ok
23:19:04.0112 5580 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
23:19:04.0128 5580 luafv - ok
23:19:04.0128 5580 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
23:19:04.0128 5580 megasas - ok
23:19:04.0143 5580 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
23:19:04.0143 5580 MegaSR - ok
23:19:04.0159 5580 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
23:19:04.0159 5580 Modem - ok
23:19:04.0159 5580 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
23:19:04.0159 5580 monitor - ok
23:19:04.0175 5580 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
23:19:04.0175 5580 mouclass - ok
23:19:04.0175 5580 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
23:19:04.0175 5580 mouhid - ok
23:19:04.0190 5580 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
23:19:04.0190 5580 mountmgr - ok
23:19:04.0190 5580 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
23:19:04.0206 5580 mpio - ok
23:19:04.0206 5580 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
23:19:04.0206 5580 mpsdrv - ok
23:19:04.0221 5580 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
23:19:04.0221 5580 MRxDAV - ok
23:19:04.0221 5580 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
23:19:04.0221 5580 mrxsmb - ok
23:19:04.0237 5580 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
23:19:04.0237 5580 mrxsmb10 - ok
23:19:04.0253 5580 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
23:19:04.0253 5580 mrxsmb20 - ok
23:19:04.0253 5580 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
23:19:04.0253 5580 msahci - ok
23:19:04.0268 5580 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
23:19:04.0268 5580 msdsm - ok
23:19:04.0284 5580 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
23:19:04.0284 5580 Msfs - ok
23:19:04.0284 5580 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
23:19:04.0284 5580 mshidkmdf - ok
23:19:04.0299 5580 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
23:19:04.0299 5580 msisadrv - ok
23:19:04.0315 5580 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
23:19:04.0315 5580 MSKSSRV - ok
23:19:04.0315 5580 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
23:19:04.0315 5580 MSPCLOCK - ok
23:19:04.0331 5580 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
23:19:04.0331 5580 MSPQM - ok
23:19:04.0346 5580 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
23:19:04.0346 5580 MsRPC - ok
23:19:04.0346 5580 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
23:19:04.0346 5580 mssmbios - ok
23:19:04.0362 5580 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
23:19:04.0362 5580 MSTEE - ok
23:19:04.0377 5580 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
23:19:04.0377 5580 MTConfig - ok
23:19:04.0377 5580 MTsensor (03b7145c889603537e9ffeabb1ad1089) C:\Windows\system32\DRIVERS\ASACPI.sys
23:19:04.0377 5580 MTsensor - ok
23:19:04.0393 5580 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
23:19:04.0393 5580 Mup - ok
23:19:04.0409 5580 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
23:19:04.0409 5580 NativeWifiP - ok
23:19:04.0424 5580 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
23:19:04.0424 5580 NDIS - ok
23:19:04.0440 5580 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
23:19:04.0440 5580 NdisCap - ok
23:19:04.0440 5580 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
23:19:04.0440 5580 NdisTapi - ok
23:19:04.0455 5580 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
23:19:04.0455 5580 Ndisuio - ok
23:19:04.0455 5580 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
23:19:04.0455 5580 NdisWan - ok
23:19:04.0471 5580 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
23:19:04.0471 5580 NDProxy - ok
23:19:04.0487 5580 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
23:19:04.0487 5580 NetBIOS - ok
23:19:04.0502 5580 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
23:19:04.0502 5580 NetBT - ok
23:19:04.0518 5580 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
23:19:04.0518 5580 nfrd960 - ok
23:19:04.0533 5580 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
23:19:04.0533 5580 Npfs - ok
23:19:04.0533 5580 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
23:19:04.0533 5580 nsiproxy - ok
23:19:04.0565 5580 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
23:19:04.0565 5580 Ntfs - ok
23:19:04.0580 5580 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
23:19:04.0580 5580 Null - ok
23:19:04.0736 5580 nvlddmkm (b15258b1f45f9571758ac6bb2f043b01) C:\Windows\system32\DRIVERS\nvlddmkm.sys
23:19:04.0783 5580 nvlddmkm - ok
23:19:04.0799 5580 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
23:19:04.0799 5580 nvraid - ok
23:19:04.0814 5580 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
23:19:04.0814 5580 nvstor - ok
23:19:04.0830 5580 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
23:19:04.0830 5580 nv_agp - ok
23:19:04.0830 5580 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
23:19:04.0830 5580 ohci1394 - ok
23:19:04.0845 5580 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
23:19:04.0845 5580 Parport - ok
23:19:04.0861 5580 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
23:19:04.0861 5580 partmgr - ok
23:19:04.0877 5580 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
23:19:04.0877 5580 pci - ok
23:19:04.0877 5580 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
23:19:04.0877 5580 pciide - ok
23:19:04.0892 5580 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
23:19:04.0892 5580 pcmcia - ok
23:19:04.0908 5580 PCTCore (54e013b6d55b81c0aa1ebea80ff42383) C:\Windows\system32\drivers\PCTCore64.sys
23:19:04.0908 5580 PCTCore - ok
23:19:04.0923 5580 pctDS (ff43e3b1687e4e2140de6349ea5c7372) C:\Windows\system32\drivers\pctDS64.sys
23:19:04.0923 5580 pctDS - ok
23:19:04.0939 5580 pctEFA (60e9a05852af7e9cb11237c00aee4ccf) C:\Windows\system32\drivers\pctEFA64.sys
23:19:04.0939 5580 pctEFA - ok
23:19:04.0939 5580 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
23:19:04.0955 5580 pcw - ok
23:19:04.0955 5580 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
23:19:04.0970 5580 PEAUTH - ok
23:19:04.0986 5580 Point64 (4f0878fd62d5f7444c5f1c4c66d9d293) C:\Windows\system32\DRIVERS\point64.sys
23:19:04.0986 5580 Point64 - ok
23:19:05.0001 5580 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
23:19:05.0001 5580 PptpMiniport - ok
23:19:05.0017 5580 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
23:19:05.0017 5580 Processor - ok
23:19:05.0017 5580 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
23:19:05.0017 5580 Psched - ok
23:19:05.0048 5580 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
23:19:05.0048 5580 ql2300 - ok
23:19:05.0064 5580 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
23:19:05.0064 5580 ql40xx - ok
23:19:05.0079 5580 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
23:19:05.0079 5580 QWAVEdrv - ok
23:19:05.0079 5580 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
23:19:05.0079 5580 RasAcd - ok
23:19:05.0095 5580 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
23:19:05.0095 5580 RasAgileVpn - ok
23:19:05.0095 5580 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
23:19:05.0111 5580 Rasl2tp - ok
23:19:05.0111 5580 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
23:19:05.0111 5580 RasPppoe - ok
23:19:05.0126 5580 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
23:19:05.0126 5580 RasSstp - ok
23:19:05.0142 5580 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
23:19:05.0142 5580 rdbss - ok
23:19:05.0142 5580 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
23:19:05.0142 5580 rdpbus - ok
23:19:05.0157 5580 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
23:19:05.0157 5580 RDPCDD - ok
23:19:05.0173 5580 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
23:19:05.0173 5580 RDPDR - ok
23:19:05.0173 5580 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
23:19:05.0173 5580 RDPENCDD - ok
23:19:05.0189 5580 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
23:19:05.0189 5580 RDPREFMP - ok
23:19:05.0204 5580 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
23:19:05.0204 5580 RDPWD - ok
23:19:05.0204 5580 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
23:19:05.0204 5580 rdyboost - ok
23:19:05.0220 5580 RegFilter (c7de6f41b1a734ea70bd2dc67235becc) C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys
23:19:05.0220 5580 RegFilter - ok
23:19:05.0220 5580 Revoflt (9c3ac71a9934b884fac567a8807e9c4d) C:\Windows\system32\DRIVERS\revoflt.sys
23:19:05.0220 5580 Revoflt - ok
23:19:05.0235 5580 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
23:19:05.0235 5580 rspndr - ok
23:19:05.0251 5580 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
23:19:05.0251 5580 s3cap - ok
23:19:05.0251 5580 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
23:19:05.0267 5580 sbp2port - ok
23:19:05.0267 5580 SCDEmu - ok
23:19:05.0282 5580 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
23:19:05.0282 5580 scfilter - ok
23:19:05.0298 5580 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
23:19:05.0298 5580 secdrv - ok
23:19:05.0298 5580 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
23:19:05.0298 5580 Serenum - ok
23:19:05.0313 5580 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
23:19:05.0313 5580 Serial - ok
23:19:05.0329 5580 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
23:19:05.0329 5580 sermouse - ok
23:19:05.0329 5580 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
23:19:05.0329 5580 sffdisk - ok
23:19:05.0345 5580 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
23:19:05.0345 5580 sffp_mmc - ok
23:19:05.0345 5580 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
23:19:05.0360 5580 sffp_sd - ok
23:19:05.0360 5580 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
23:19:05.0360 5580 sfloppy - ok
23:19:05.0376 5580 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
23:19:05.0376 5580 SiSRaid2 - ok
23:19:05.0376 5580 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
23:19:05.0391 5580 SiSRaid4 - ok
23:19:05.0391 5580 SmartDefragDriver (dd0443bc6cc78a19fd399817f8c51401) C:\Windows\system32\Drivers\SmartDefragDriver.sys
23:19:05.0391 5580 SmartDefragDriver - ok
23:19:05.0407 5580 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
23:19:05.0407 5580 Smb - ok
23:19:05.0423 5580 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
23:19:05.0423 5580 spldr - ok
23:19:05.0438 5580 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
23:19:05.0438 5580 srv - ok
23:19:05.0454 5580 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
23:19:05.0454 5580 srv2 - ok
23:19:05.0454 5580 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
23:19:05.0454 5580 srvnet - ok
23:19:05.0470 5580 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
23:19:05.0470 5580 stexstor - ok
23:19:05.0486 5580 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
23:19:05.0486 5580 storflt - ok
23:19:05.0502 5580 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
23:19:05.0502 5580 storvsc - ok
23:19:05.0517 5580 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
23:19:05.0517 5580 swenum - ok
23:19:05.0517 5580 tap0901 (4ef44915e522f3ecd1a3ff540aa64126) C:\Windows\system32\DRIVERS\tap0901.sys
23:19:05.0533 5580 tap0901 - ok
23:19:05.0548 5580 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
23:19:05.0564 5580 Tcpip - ok
23:19:05.0595 5580 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
23:19:05.0595 5580 TCPIP6 - ok
23:19:05.0611 5580 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
23:19:05.0611 5580 tcpipreg - ok
23:19:05.0611 5580 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
23:19:05.0626 5580 TDPIPE - ok
23:19:05.0642 5580 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
23:19:05.0642 5580 TDTCP - ok
23:19:05.0642 5580 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
23:19:05.0642 5580 tdx - ok
23:19:05.0658 5580 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
23:19:05.0658 5580 TermDD - ok
23:19:05.0673 5580 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
23:19:05.0673 5580 tssecsrv - ok
23:19:05.0689 5580 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
23:19:05.0689 5580 TsUsbFlt - ok
23:19:05.0689 5580 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
23:19:05.0689 5580 tunnel - ok
23:19:05.0704 5580 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
23:19:05.0704 5580 uagp35 - ok
23:19:05.0720 5580 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
23:19:05.0720 5580 udfs - ok
23:19:05.0736 5580 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
23:19:05.0736 5580 uliagpkx - ok
23:19:05.0736 5580 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
23:19:05.0736 5580 umbus - ok
23:19:05.0751 5580 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
23:19:05.0751 5580 UmPass - ok
23:19:05.0767 5580 UrlFilter (82520fe7a49765e76281dcc7d90c09f6) C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys
23:19:05.0767 5580 UrlFilter - ok
23:19:05.0767 5580 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
23:19:05.0767 5580 USBAAPL64 - ok
23:19:05.0782 5580 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\drivers\usbccgp.sys
23:19:05.0782 5580 usbccgp - ok
23:19:05.0782 5580 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
23:19:05.0782 5580 usbcir - ok
23:19:05.0798 5580 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
23:19:05.0798 5580 usbehci - ok
23:19:05.0814 5580 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
23:19:05.0814 5580 usbhub - ok
23:19:05.0814 5580 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
23:19:05.0814 5580 usbohci - ok
23:19:05.0829 5580 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
23:19:05.0829 5580 usbprint - ok
23:19:05.0845 5580 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
23:19:05.0845 5580 USBSTOR - ok
23:19:05.0845 5580 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys
23:19:05.0845 5580 usbuhci - ok
23:19:05.0860 5580 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
23:19:05.0860 5580 vdrvroot - ok
23:19:05.0876 5580 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
23:19:05.0876 5580 vga - ok
23:19:05.0876 5580 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
23:19:05.0876 5580 VgaSave - ok
23:19:05.0892 5580 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
23:19:05.0892 5580 vhdmp - ok
23:19:05.0907 5580 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
23:19:05.0907 5580 viaide - ok
23:19:05.0907 5580 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
23:19:05.0907 5580 vmbus - ok
23:19:05.0923 5580 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
23:19:05.0923 5580 VMBusHID - ok
23:19:05.0938 5580 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
23:19:05.0938 5580 volmgr - ok
23:19:05.0938 5580 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
23:19:05.0954 5580 volmgrx - ok
23:19:05.0954 5580 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
23:19:05.0954 5580 volsnap - ok
23:19:05.0970 5580 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
23:19:05.0970 5580 vsmraid - ok
23:19:05.0985 5580 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
23:19:05.0985 5580 vwifibus - ok
23:19:06.0001 5580 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
23:19:06.0001 5580 WacomPen - ok
23:19:06.0001 5580 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
23:19:06.0001 5580 WANARP - ok
23:19:06.0001 5580 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
23:19:06.0001 5580 Wanarpv6 - ok
23:19:06.0016 5580 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
23:19:06.0016 5580 Wd - ok
23:19:06.0032 5580 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
23:19:06.0048 5580 Wdf01000 - ok
23:19:06.0063 5580 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
23:19:06.0063 5580 WfpLwf - ok
23:19:06.0063 5580 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
23:19:06.0063 5580 WIMMount - ok
23:19:06.0094 5580 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
23:19:06.0094 5580 WinUsb - ok
23:19:06.0110 5580 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
23:19:06.0110 5580 WmiAcpi - ok
23:19:06.0126 5580 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
23:19:06.0126 5580 ws2ifsl - ok
23:19:06.0141 5580 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
23:19:06.0141 5580 WudfPf - ok
23:19:06.0141 5580 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
23:19:06.0157 5580 WUDFRd - ok
23:19:06.0157 5580 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk4\DR4
23:19:06.0204 5580 \Device\Harddisk4\DR4 - ok
23:19:06.0219 5580 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
23:19:06.0282 5580 \Device\Harddisk0\DR0 - ok
23:19:06.0282 5580 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
23:19:06.0297 5580 \Device\Harddisk1\DR1 - ok
23:19:06.0297 5580 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk2\DR2
23:19:06.0328 5580 \Device\Harddisk2\DR2 - ok
23:19:06.0344 5580 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk3\DR3
23:19:06.0360 5580 \Device\Harddisk3\DR3 ( TDSS File System ) - warning
23:19:06.0360 5580 \Device\Harddisk3\DR3 - detected TDSS File System (1)
23:19:06.0360 5580 Boot (0x1200) (98d216bf19c61a345581512d45b6ad4a) \Device\Harddisk0\DR0\Partition0
23:19:06.0360 5580 \Device\Harddisk0\DR0\Partition0 - ok
23:19:06.0360 5580 Boot (0x1200) (b29608038e2e9db6ef52c2d55bf782c3) \Device\Harddisk1\DR1\Partition0
23:19:06.0360 5580 \Device\Harddisk1\DR1\Partition0 - ok
23:19:06.0360 5580 Boot (0x1200) (cfffdd82ffbdccf42db291330a3c5d35) \Device\Harddisk2\DR2\Partition0
23:19:06.0360 5580 \Device\Harddisk2\DR2\Partition0 - ok
23:19:06.0375 5580 Boot (0x1200) (c0d169fd4948e60ddc51c1e2247a8d3c) \Device\Harddisk3\DR3\Partition0
23:19:06.0375 5580 \Device\Harddisk3\DR3\Partition0 - ok
23:19:06.0375 5580 Boot (0x1200) (a2d11653096319cc1a903d2611ee23dd) \Device\Harddisk3\DR3\Partition1
23:19:06.0375 5580 \Device\Harddisk3\DR3\Partition1 - ok
23:19:06.0375 5580 ============================================================
23:19:06.0375 5580 Scan finished
23:19:06.0375 5580 ============================================================
23:19:06.0391 5312 Detected object count: 1
23:19:06.0391 5312 Actual detected object count: 1
23:19:10.0604 5312 \Device\Harddisk3\DR3\TDLFS\ph.dll - copied to quarantine
23:19:10.0604 5312 \Device\Harddisk3\DR3\TDLFS\phx.dll - copied to quarantine
23:19:10.0619 5312 \Device\Harddisk3\DR3\TDLFS\phd - copied to quarantine
23:19:10.0619 5312 \Device\Harddisk3\DR3\TDLFS\phdx - copied to quarantine
23:19:10.0619 5312 \Device\Harddisk3\DR3\TDLFS\phs - copied to quarantine
23:19:10.0619 5312 \Device\Harddisk3\DR3\TDLFS\phdata - copied to quarantine
23:19:10.0619 5312 \Device\Harddisk3\DR3\TDLFS\phld - copied to quarantine
23:19:10.0635 5312 \Device\Harddisk3\DR3\TDLFS\phln - copied to quarantine
23:19:10.0635 5312 \Device\Harddisk3\DR3\TDLFS\phlx - copied to quarantine
23:19:10.0635 5312 \Device\Harddisk3\DR3\TDLFS\phm - copied to quarantine
23:19:10.0635 5312 \Device\Harddisk3\DR3\TDLFS\sub.dll - copied to quarantine
23:19:10.0635 5312 \Device\Harddisk3\DR3\TDLFS\subx.dll - copied to quarantine
23:19:10.0635 5312 \Device\Harddisk3\DR3 ( TDSS File System ) - User select action: Quarantine
23:19:14.0551 5556 Deinitialize success

aswMBR version 0.9.9.1532 Copyright© 2011 AVAST Software
Run date: 2012-02-16 23:08:50
-----------------------------
23:08:50.054 OS Version: Windows x64 6.1.7601 Service Pack 1
23:08:50.054 Number of processors: 2 586 0x170A
23:08:50.054 ComputerName: UserName:
23:08:50.585 Initialize success
23:09:30.104 AVAST engine defs: 12021601
23:09:43.707 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-3
23:09:43.723 Disk 0 Vendor: WDC_WD5002ABYS-02B1B0 02.03B03 Size: 476940MB BusType: 3
23:09:43.723 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP2T1L0-5
23:09:43.723 Disk 1 Vendor: WDC_WD10EALS-00Z8A0 05.01D05 Size: 953869MB BusType: 3
23:09:43.723 Disk 2 \Device\Harddisk2\DR2 -> \Device\Ide\IdeDeviceP3T0L0-4
23:09:43.723 Disk 2 Vendor: WDC_WD5000YS-01MPB0 07.02E07 Size: 476940MB BusType: 3
23:09:43.723 Disk 3 (boot) \Device\Harddisk3\DR3 -> \Device\Ide\IdeDeviceP3T1L0-7
23:09:43.738 Disk 3 Vendor: OCZ-VERTEX2_3.5 1.22 Size: 114473MB BusType: 3
23:09:43.738 Disk 4 \Device\Harddisk4\DR4 -> \Device\Ide\IdeDeviceP1T0L0-1
23:09:43.738 Disk 4 Vendor: Config___Disk_0 1.2569 Size: 8191MB BusType: 3
23:09:43.738 Disk 3 MBR read successfully
23:09:43.738 Disk 3 MBR scan
23:09:43.754 Disk 3 Windows 7 default MBR code
23:09:43.848 Disk 3 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
23:09:43.863 Disk 3 Partition 2 00 07 HPFS/NTFS NTFS 114371 MB offset 206848
23:09:43.863 Service scanning
23:09:45.111 Modules scanning
23:09:45.111 Disk 3 trace - called modules:
23:09:45.111 ntoskrnl.exe CLASSPNP.SYS disk.sys PCTCore64.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
23:09:45.127 1 nt!IofCallDriver -> \Device\Harddisk3\DR3[0xfffffa80040cd060]
23:09:45.127 3 CLASSPNP.SYS[fffff8800180143f] -> nt!IofCallDriver -> [0xfffffa80040ca9a0]
23:09:45.127 5 PCTCore64.sys[fffff88001026094] -> nt!IofCallDriver -> [0xfffffa8003fe1580]
23:09:45.142 7 ACPI.sys[fffff88000f247a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP3T1L0-7[0xfffffa8003ff0060]
23:09:45.439 AVAST engine scan C:\Windows
23:09:46.484 AVAST engine scan C:\Windows\system32
23:10:57.373 AVAST engine scan C:\Windows\system32\drivers
23:11:01.866 AVAST engine scan C:\Users\Dave
23:11:54.165 Disk 3 MBR has been saved successfully to "C:\TEMP\MBR.dat"
23:11:54.165 The log file has been saved successfully to "C:\TEMP\aswMBR.txt"


aswMBR version 0.9.9.1532 Copyright© 2011 AVAST Software
Run date: 2012-02-16 23:19:16
-----------------------------
23:19:16.376 OS Version: Windows x64 6.1.7601 Service Pack 1
23:19:16.376 Number of processors: 2 586 0x170A
23:19:16.376 ComputerName: UserName: DK
23:19:16.844 Initialize success
23:19:56.309 AVAST engine defs: 12021601
23:20:00.646 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-3
23:20:00.646 Disk 0 Vendor: WDC_WD5002ABYS-02B1B0 02.03B03 Size: 476940MB BusType: 3
23:20:00.646 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP2T1L0-5
23:20:00.646 Disk 1 Vendor: WDC_WD10EALS-00Z8A0 05.01D05 Size: 953869MB BusType: 3
23:20:00.646 Disk 2 \Device\Harddisk2\DR2 -> \Device\Ide\IdeDeviceP3T0L0-4
23:20:00.646 Disk 2 Vendor: WDC_WD5000YS-01MPB0 07.02E07 Size: 476940MB BusType: 3
23:20:00.646 Disk 3 (boot) \Device\Harddisk3\DR3 -> \Device\Ide\IdeDeviceP3T1L0-7
23:20:00.662 Disk 3 Vendor: OCZ-VERTEX2_3.5 1.22 Size: 114473MB BusType: 3
23:20:00.662 Disk 4 \Device\Harddisk4\DR4 -> \Device\Ide\IdeDeviceP1T0L0-1
23:20:00.662 Disk 4 Vendor: Config___Disk_0 1.2569 Size: 8191MB BusType: 3
23:20:00.677 Disk 3 MBR read successfully
23:20:00.677 Disk 3 MBR scan
23:20:00.693 Disk 3 Windows 7 default MBR code
23:20:00.693 Disk 3 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
23:20:00.708 Disk 3 Partition 2 00 07 HPFS/NTFS NTFS 114371 MB offset 206848
23:20:00.724 Service scanning
23:20:01.598 Modules scanning
23:20:01.598 Disk 3 trace - called modules:
23:20:01.613 ntoskrnl.exe CLASSPNP.SYS disk.sys PCTCore64.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
23:20:01.613 1 nt!IofCallDriver -> \Device\Harddisk3\DR3[0xfffffa80040cd060]
23:20:01.629 3 CLASSPNP.SYS[fffff8800180143f] -> nt!IofCallDriver -> [0xfffffa80040ca9a0]
23:20:01.629 5 PCTCore64.sys[fffff88001026094] -> nt!IofCallDriver -> [0xfffffa8003fe1580]
23:20:01.629 7 ACPI.sys[fffff88000f247a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP3T1L0-7[0xfffffa8003ff0060]
23:20:02.612 AVAST engine scan C:\Windows
23:20:11.645 AVAST engine scan C:\Windows\system32
23:22:07.623 AVAST engine scan C:\Windows\system32\drivers
23:22:11.164 AVAST engine scan C:\Users\DK
23:22:13.172 AVAST engine scan C:\ProgramData
23:23:18.528 Scan finished successfully
23:24:46.561 Disk 3 MBR has been saved successfully to "C:\TEMP\MBR.dat"
23:24:46.561 The log file has been saved successfully to "C:\TEMP\aswMBR.txt"

#4 Stewnaylor

Stewnaylor

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:09:49 AM

Posted 17 February 2012 - 05:57 AM

As mentioned, I would run TDSKILLER as this will find any rootkits working away in the background.

I would also either run, malwarebytes, or superantispyware (my personal best as this has a usb option so no installer required)

The system I was working ok with this infection was cleared by just running TDSKILLER and then a quick scan with Superantispyware. I did complete a full scan but this did not find any extra issues.

After the final reboot loaded into full mode (windows xp pro) tested and all working OK.

On the antivirus side of things, Over the last your or so, Personally I have noticed AVG not being that good anymore...

Microsoft Security Essentials is pretty good but limited in its functionality, or the one that I like is Avast.

The free avast has a sandbox that helps alot on dodgy software etc, might be worth you having a look at it.

#5 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:04:49 AM

Posted 17 February 2012 - 08:43 AM

bobwiley

Please create a new topic :thumbup2:

#6 Lucidus

Lucidus
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:04:49 AM

Posted 17 February 2012 - 10:09 PM

Try as I may, I cannot get TDSSKiller.exe to run. In fact, I still can't get most programs to run. Some programs that I've noticed are working: Internet Explorer (x64), Windows Photo Viewer, 7zip, WinRar. The CMD prompt works.

I tried creating a new user account, but it seems that the virus has a way of keeping me from doing that as well. I also tried renaming TDSSKiller.exe to TDSSKiller.com, but nothing has changed. If only I could get you guys a log! Are there any 64 bit antivirus programs? It seems that the fake svchost.exe is only able to target 32 bit programs.

#7 Lucidus

Lucidus
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:04:49 AM

Posted 17 February 2012 - 10:25 PM

Another thing I tried was just deleting the fake Svchost.exe. Another one takes its place after just a few seconds. I've tried running programs in those few seconds where it doesn't exist, with no luck. I also tried renaming Svchost.exe to Svchost.txt and deleting the contents of the exe file. Again, no luck, when I look again all the contents of the exe are back. I have no idea what any of it means, but perhaps you'd like me to post the contents of the exe-turned-txt file?

#8 bobwiley

bobwiley

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:03:49 AM

Posted 18 February 2012 - 01:41 AM

No such luck. Ran TDSKILLER, superantispyware, malwarebytes, and aswMBR and still get redirected when doing a Google search.

#9 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:04:49 AM

Posted 18 February 2012 - 07:35 AM

Another thing I tried was just deleting the fake Svchost.exe. Another one takes its place after just a few seconds. I've tried running programs in those few seconds where it doesn't exist, with no luck. I also tried renaming Svchost.exe to Svchost.txt and deleting the contents of the exe file. Again, no luck, when I look again all the contents of the exe are back. I have no idea what any of it means, but perhaps you'd like me to post the contents of the exe-turned-txt file?



Please do not mess with critical system files

I want you to manually check for this file and folder

C:/WINDOWS/SYSTEM64 (not the sysWOW64 folder)

C:/windows/system32/consrv.dll

Let me know if you have this file and folder


Also see if you can run this TOOL

Download

FIXTDSS

Launch it ,It may ask for restart,reboot the PC

On reboot LET ME KNOW WHAT IT FINDS

good luck

Edited by narenxp, 18 February 2012 - 07:49 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users