Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

msil found by MBAM


  • This topic is locked This topic is locked
18 replies to this topic

#1 ikkemij

ikkemij

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:04 PM

Posted 20 February 2012 - 06:18 AM

Ran MBAM and it found trojan.msil in nvidia/csrss.exe. File is in quarantine now.

Running Avast which didn't find anything. Ran eset online, didn't find anaything.

Ran Cleanup and than GMER(posting log), seems to find trouble.

Please advise.

Attached Files

  • Attached File  gmer.log   163.24KB   1 downloads


BC AdBot (Login to Remove)

 


#2 ikkemij

ikkemij
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:04 PM

Posted 20 February 2012 - 07:55 PM

Replaced Avast free and installed Avira Internet Security trial. Scan found no infections.

#3 nasdaq

nasdaq

  • Malware Response Team
  • 40,254 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:04 AM

Posted 25 February 2012 - 10:45 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Please download and run this DDS Scanning Tool. Nothing will be deleted. It will just give me some additional information about your system.

Posted Image
Download DDS and save it to your desktop from here or here.
Disable any script blocker, and then double click dds.scr to run the tool.
  • When done, DDS will open two (2) logs:
    • DDS.txt
    • Attach.txt
  • Save both reports to your desktop.

Please just paste the contents of the DDS.txt log in your next post.
===


Please Download
TDSSKiller.zip

>>> Double-click on TDSSKiller.exe to run the application.
  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue
    Posted Image
  • If a suspicious file is detected, the default action will be Skip, click on Continue
    Posted Image
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.

===

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) to your desktop. Double click the aswMBR.exe to run it

  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
  • Please post the contents of that log in your next reply.
There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.

Note: You may be asked if you want to download Avast Free Antivirus I suggest you deny this download unless you do not have any Antivirus protection on the computer.
===

Please post the logs for my review.
Let me know what issues are persisting on this computer.

#4 ikkemij

ikkemij
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:04 PM

Posted 25 February 2012 - 06:44 PM

Hi, tnx for your reply.

DDS txt:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29
Run by user at 23:51:00 on 2012-02-25
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.31.1043.18.3032.1686 [GMT 1:00]
.
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: FireWall *Enabled* {CE40CCC0-8ADB-6D67-25A0-C5B6438E4B57}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\OEM\OSD_1.16\osd.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Avira\AntiVir Desktop\avfwsvc.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\OEM\OSD_1.16\OsdService.exe
C:\Windows\system32\IoctlSvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Fujitsu\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Users\user\AppData\Local\Google\Update\1.3.21.99\GoogleCrashHandler.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = https://login.live.com/login.srf?wa=wsignin1.0&rpsnv=11&ct=1322307795&rver=6.1.6206.0&wp=MBI&wreply=hxxp:%2F%2Fmail.live.com%2Fdefault.aspx&lc=1043&id=64855&mkt=nl-NL&cbcxt=mai&snsc=1
uInternet Settings,ProxyOverride = *.local
BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - c:\program files\techsmith\snagit 8\SnagItBHO.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: SnagIt: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - c:\program files\techsmith\snagit 8\SnagItIEAddin.dll
uRun: [PC Suite Tray] "c:\program files\nokia\nokia pc suite 7\PCSuite.exe" -onlytray
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [FSCRecovery] c:\program files\fujitsu siemens computers\fujitsu siemens computers recovery\FSCRecoveryReminder.exe
mRun: [OSD] c:\program files\oem\osd_1.16\osd.exe
mRun: [Skytel] Skytel.exe
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
LSP: c:\program files\avira\antivir desktop\avsda.dll
DPF: {076169AA-8C3D-4CFC-AC23-3ACA88FC21B5} - hxxp://download.sp.f-secure.com/ols/f-secure-rtm/resources/fslauncher.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} - hxxp://support.f-secure.com/ols/fscax.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {D821DC4A-0814-435E-9820-661C543A4679} - hxxp://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.2.254
TCP: Interfaces\{CFC1E566-BDDC-4256-89B3-9AC4CAF5405B} : DhcpNameServer = 192.168.2.254
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\user\appdata\roaming\mozilla\firefox\profiles\8rkg9hga.default\
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npzylomgamesplayer.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\programdata\zylom\zylomgamesplayer\npzylomgamesplayer.dll
FF - plugin: c:\users\user\appdata\local\google\update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: c:\users\user\appdata\roaming\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\user\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\users\user\appdata\roaming\mozilla\plugins\npoctoshape.dll
.
============= SERVICES / DRIVERS ===============
.
R1 avfwot;avfwot;c:\windows\system32\drivers\avfwot.sys [2012-2-21 111160]
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2012-2-21 36000]
R2 AntiVirFirewallService;Avira FireWall;c:\program files\avira\antivir desktop\avfwsvc.exe [2012-2-21 616400]
R2 AntiVirMailService;Avira Mail Protection;c:\program files\avira\antivir desktop\avmailc.exe [2012-2-21 342480]
R2 AntiVirSchedulerService;Avira Planner;c:\program files\avira\antivir desktop\sched.exe [2012-2-21 86224]
R2 AntiVirService;Avira Realtime Protection;c:\program files\avira\antivir desktop\avguard.exe [2012-2-21 110032]
R2 AntiVirWebService;Avira Web Protection;c:\program files\avira\antivir desktop\avwebgrd.exe [2012-2-21 463824]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2012-2-21 74640]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-2-6 652360]
R2 OsdService;OSD Service;c:\program files\oem\osd_1.16\OsdService.exe [2008-2-22 94208]
R3 avfwim;AvFw Packet Filter Miniport;c:\windows\system32\drivers\avfwim.sys [2012-2-21 91096]
R3 GpdDevDPort;GpdDevDPort;c:\windows\system32\directport.sys [2008-6-17 7168]
R3 GpdKbFilter;GpdKbFilter;c:\windows\system32\kbfiltr.sys [2008-3-31 8192]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-2-6 20464]
R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187B.sys [2010-3-31 350720]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 ICM_UpdaterService;ICM_UpdaterService Disp;c:\program files\samsung\samsung networking wizard\icm_service.exe --> c:\program files\samsung\samsung networking wizard\ICM_Service.exe [?]
S3 androidusb;ADB Interface Driver;c:\windows\system32\drivers\androidusb.sys [2010-10-18 32408]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2010-8-25 39264]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2011-5-13 1492840]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2009-7-25 36608]
S3 NETw5v32;Intel® Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit ;c:\windows\system32\drivers\NETw5v32.sys [2008-7-17 3660800]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2011-11-1 137600]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2011-11-1 8576]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S3 zghsdiag;ZTE General Handset Diagnostic Port;c:\windows\system32\drivers\zghsdiag.sys [2011-1-13 106752]
S3 zghsmdm;ZTE General Handset USB Modem Proprietary;c:\windows\system32\drivers\zghsmdm.sys [2011-1-13 106752]
S3 zghsnmea;ZTE General Handset NMEA Port;c:\windows\system32\drivers\zghsnmea.sys [2011-1-13 106752]
S4 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-1-3 63928]
.
=============== Created Last 30 ================
.
2012-02-24 22:04:53 6552120 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{e7671d21-1b5d-40ab-a9e8-d07aca8d6774}\mpengine.dll
2012-02-22 18:25:16 -------- d-----w- c:\users\user\appdata\local\{5FB5811D-470E-4926-BAF5-A6135FE2CD4F}
2012-02-22 18:25:05 -------- d-----w- c:\users\user\appdata\local\{8EFC24CE-65CE-49ED-89E8-328B8C4F3EC0}
2012-02-21 14:46:30 -------- d-----w- c:\users\user\appdata\local\{7E055124-BA78-4E3F-858C-A4CD56DC0EB4}
2012-02-21 14:46:18 -------- d-----w- c:\users\user\appdata\local\{2F621FA8-D2AA-4533-82C1-BACDDC4C2C24}
2012-02-21 00:26:27 -------- d-----w- c:\users\user\appdata\roaming\Avira
2012-02-21 00:24:50 91096 ----a-w- c:\windows\system32\drivers\avfwim.sys
2012-02-21 00:24:50 74640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-02-21 00:24:50 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2012-02-21 00:24:50 111160 ----a-w- c:\windows\system32\drivers\avfwot.sys
2012-02-21 00:24:49 -------- d-----w- c:\programdata\Avira
2012-02-21 00:24:49 -------- d-----w- c:\program files\Avira
2012-02-20 23:51:02 -------- d-----w- c:\program files\SpywareBlaster
2012-02-20 16:51:18 -------- d-----w- c:\users\user\appdata\local\{0ACF9FB6-6901-49E7-BA8A-D4E683DD1951}
2012-02-20 16:51:08 -------- d-----w- c:\users\user\appdata\local\{936C8F50-F52B-4288-82D2-7B55B443A083}
2012-02-19 15:57:32 -------- d-----w- c:\users\user\appdata\local\{8FDDF04B-52D3-4298-87A1-56BDE5FA2166}
2012-02-19 15:57:01 -------- d-----w- c:\users\user\appdata\local\{FF5D5926-4889-4748-BD00-2B5860A56635}
2012-02-18 18:07:47 -------- d-----w- c:\users\user\appdata\local\{885DA322-EDF4-4870-A48C-793EBC062E06}
2012-02-18 18:07:16 -------- d-----w- c:\users\user\appdata\local\{CD585485-4718-4B48-B89F-24581302E6E9}
2012-02-18 03:58:54 -------- d-----w- c:\users\user\appdata\local\{8029A3ED-860B-46EF-A4A5-E4C8E2DC0355}
2012-02-18 03:58:43 -------- d-----w- c:\users\user\appdata\local\{B926D151-4E9A-4F93-B833-624E29FF6FCC}
2012-02-17 12:02:16 -------- d-----w- c:\users\user\appdata\local\{3FA76193-794B-498A-8B59-8DDDB3DF3E1B}
2012-02-17 12:02:05 -------- d-----w- c:\users\user\appdata\local\{D60556C1-121C-4F69-8863-BA53DAC04BA7}
2012-02-16 10:34:57 -------- d-----w- c:\users\user\appdata\local\{402D705E-2E12-471D-9E2A-C874E981E6C1}
2012-02-16 10:34:46 -------- d-----w- c:\users\user\appdata\local\{D2B79D11-61A5-4154-BF9E-E75A70B342E4}
2012-02-15 15:15:11 680448 ----a-w- c:\windows\system32\msvcrt.dll
2012-02-15 15:15:05 2044416 ----a-w- c:\windows\system32\win32k.sys
2012-02-15 15:15:04 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2012-02-13 16:09:10 -------- d-----w- c:\users\user\appdata\local\{AABDAC7C-4AF1-4E17-9FA2-19695E2823E2}
2012-02-13 16:08:59 -------- d-----w- c:\users\user\appdata\local\{F2A86FAA-0431-4BC8-BF6D-6C1FE02ABE28}
2012-02-12 16:25:49 -------- d-----w- c:\users\user\appdata\local\{934FD7D2-23F8-4D0C-BE68-BC49B280828A}
2012-02-12 16:25:39 -------- d-----w- c:\users\user\appdata\local\{61AF7AC9-766D-4D32-8E74-331867C2ABDA}
2012-02-06 11:53:34 -------- d-----w- c:\users\user\appdata\local\BlueStacks
2012-02-06 11:53:34 -------- d-----w- c:\programdata\BlueStacks
2012-02-06 11:39:31 -------- d-----w- c:\users\user\appdata\roaming\Malwarebytes
2012-02-06 11:39:11 -------- d-----w- c:\programdata\Malwarebytes
2012-02-06 11:39:10 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-06 11:39:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-02-05 21:57:15 -------- d-sh--w- c:\users\user\Phone Browser
2012-02-05 16:48:55 -------- d-----w- c:\users\user\appdata\roaming\Nokia Suite
2012-02-05 15:44:11 -------- d-----w- c:\users\user\appdata\local\NokiaAccount
2012-02-05 15:43:40 -------- d-----w- c:\users\user\appdata\local\Nokia
2012-02-05 15:40:41 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2012-02-05 15:39:52 -------- d-----w- c:\program files\PC Connectivity Solution
2012-02-05 15:38:03 -------- d-----w- c:\programdata\NokiaInstallerCache
2012-02-05 15:23:20 132224 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2012-02-05 15:23:19 64512 ----a-w- c:\windows\system32\WUDFSvc.dll
2012-02-05 15:23:19 39936 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2012-02-05 15:23:18 92672 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2012-02-05 15:23:18 567808 ----a-w- c:\windows\system32\WUDFx.dll
2012-02-05 15:23:18 195584 ----a-w- c:\windows\system32\WUDFHost.exe
2012-02-05 15:23:18 162304 ----a-w- c:\windows\system32\WUDFPlatform.dll
2012-02-05 15:09:44 -------- d-----w- c:\program files\common files\PCSuite
2012-01-31 20:49:29 -------- d-----w- c:\users\user\appdata\local\{4A4A64A7-DCA7-44A2-9894-BCC53CEAE9B6}
2012-01-29 23:08:42 -------- d-----w- c:\users\user\appdata\local\{0DA9192B-BE69-4039-93CB-3E63EA938549}
.
==================== Find3M ====================
.
2012-01-29 04:10:42 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-01-09 21:55:11 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-12-14 03:04:54 1798656 ----a-w- c:\windows\system32\jscript9.dll
2011-12-14 02:57:18 1127424 ----a-w- c:\windows\system32\wininet.dll
2011-12-14 02:56:58 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2011-12-14 02:50:04 2382848 ----a-w- c:\windows\system32\mshtml.tlb
.
============= FINISH: 23:52:07,69 ===============

Attached Files



#5 ikkemij

ikkemij
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:04 PM

Posted 25 February 2012 - 06:49 PM

TDSSKiller

00:45:32.0425 5308 TDSS rootkit removing tool 2.7.14.0 Feb 22 2012 16:54:49
00:45:34.0428 5308 ============================================================
00:45:34.0428 5308 Current date / time: 2012/02/26 00:45:34.0428
00:45:34.0428 5308 SystemInfo:
00:45:34.0428 5308
00:45:34.0428 5308 OS Version: 6.0.6002 ServicePack: 2.0
00:45:34.0428 5308 Product type: Workstation
00:45:34.0428 5308 ComputerName: G2I2R4LAP
00:45:34.0428 5308 UserName: g2i2r4
00:45:34.0428 5308 Windows directory: C:\Windows
00:45:34.0428 5308 System windows directory: C:\Windows
00:45:34.0428 5308 Processor architecture: Intel x86
00:45:34.0428 5308 Number of processors: 2
00:45:34.0428 5308 Page size: 0x1000
00:45:34.0428 5308 Boot type: Normal boot
00:45:34.0428 5308 ============================================================
00:45:36.0159 5308 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
00:45:36.0162 5308 \Device\Harddisk0\DR0:
00:45:36.0162 5308 MBR used
00:45:36.0162 5308 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1194800, BlocksNum 0xBC51800
00:45:36.0162 5308 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xCDE6000, BlocksNum 0x5C336B0
00:45:36.0227 5308 Initialize success
00:45:36.0227 5308 ============================================================
00:46:27.0895 5144 ============================================================
00:46:27.0895 5144 Scan started
00:46:27.0895 5144 Mode: Manual;
00:46:27.0895 5144 ============================================================
00:46:28.0714 5144 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
00:46:28.0719 5144 ACPI - ok
00:46:28.0791 5144 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
00:46:28.0800 5144 adp94xx - ok
00:46:28.0833 5144 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
00:46:28.0840 5144 adpahci - ok
00:46:28.0869 5144 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
00:46:28.0871 5144 adpu160m - ok
00:46:28.0911 5144 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
00:46:28.0913 5144 adpu320 - ok
00:46:29.0000 5144 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
00:46:29.0007 5144 AFD - ok
00:46:29.0042 5144 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
00:46:29.0043 5144 agp440 - ok
00:46:29.0090 5144 ahcix86s (0dee2b628d4c6e23285bb91effdabfde) C:\Windows\system32\drivers\ahcix86s.sys
00:46:29.0091 5144 ahcix86s - ok
00:46:29.0116 5144 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
00:46:29.0117 5144 aic78xx - ok
00:46:29.0143 5144 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
00:46:29.0145 5144 aliide - ok
00:46:29.0168 5144 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
00:46:29.0169 5144 amdagp - ok
00:46:29.0196 5144 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
00:46:29.0198 5144 amdide - ok
00:46:29.0227 5144 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
00:46:29.0228 5144 AmdK7 - ok
00:46:29.0260 5144 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
00:46:29.0261 5144 AmdK8 - ok
00:46:29.0318 5144 androidusb (0e46fda73fd47fa4c61223e45187f7d5) C:\Windows\system32\Drivers\androidusb.sys
00:46:29.0319 5144 androidusb - ok
00:46:29.0418 5144 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
00:46:29.0420 5144 arc - ok
00:46:29.0476 5144 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
00:46:29.0477 5144 arcsas - ok
00:46:29.0519 5144 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
00:46:29.0522 5144 AsyncMac - ok
00:46:29.0557 5144 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
00:46:29.0558 5144 atapi - ok
00:46:29.0646 5144 avfwim (83d71e1911f235e9c0d2f53d54df3129) C:\Windows\system32\DRIVERS\avfwim.sys
00:46:29.0647 5144 avfwim - ok
00:46:29.0713 5144 avfwot (ae0c5d218e815af8f38670a8c5773e6e) C:\Windows\system32\DRIVERS\avfwot.sys
00:46:29.0714 5144 avfwot - ok
00:46:29.0761 5144 avgntflt (7713e4eb0276702faa08e52a6e23f2a6) C:\Windows\system32\DRIVERS\avgntflt.sys
00:46:29.0762 5144 avgntflt - ok
00:46:29.0804 5144 avipbb (13b02b9b969dde270cd7c351203dad3c) C:\Windows\system32\DRIVERS\avipbb.sys
00:46:29.0806 5144 avipbb - ok
00:46:29.0842 5144 avkmgr (271cfd1a989209b1964e24d969552bf7) C:\Windows\system32\DRIVERS\avkmgr.sys
00:46:29.0844 5144 avkmgr - ok
00:46:29.0902 5144 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
00:46:29.0905 5144 Beep - ok
00:46:29.0949 5144 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
00:46:29.0950 5144 blbdrive - ok
00:46:30.0029 5144 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
00:46:30.0031 5144 bowser - ok
00:46:30.0069 5144 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
00:46:30.0071 5144 BrFiltLo - ok
00:46:30.0098 5144 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
00:46:30.0100 5144 BrFiltUp - ok
00:46:30.0143 5144 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
00:46:30.0145 5144 Brserid - ok
00:46:30.0183 5144 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
00:46:30.0185 5144 BrSerWdm - ok
00:46:30.0214 5144 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
00:46:30.0216 5144 BrUsbMdm - ok
00:46:30.0248 5144 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
00:46:30.0250 5144 BrUsbSer - ok
00:46:30.0273 5144 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
00:46:30.0275 5144 BTHMODEM - ok
00:46:30.0341 5144 catchme - ok
00:46:30.0387 5144 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
00:46:30.0391 5144 cdfs - ok
00:46:30.0436 5144 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
00:46:30.0437 5144 cdrom - ok
00:46:30.0478 5144 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
00:46:30.0479 5144 circlass - ok
00:46:30.0522 5144 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
00:46:30.0527 5144 CLFS - ok
00:46:30.0595 5144 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
00:46:30.0597 5144 CmBatt - ok
00:46:30.0629 5144 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
00:46:30.0631 5144 cmdide - ok
00:46:30.0645 5144 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
00:46:30.0646 5144 Compbatt - ok
00:46:30.0668 5144 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
00:46:30.0669 5144 crcdisk - ok
00:46:30.0697 5144 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
00:46:30.0697 5144 Crusoe - ok
00:46:30.0755 5144 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
00:46:30.0757 5144 DfsC - ok
00:46:30.0797 5144 dgderdrv - ok
00:46:30.0905 5144 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
00:46:30.0906 5144 disk - ok
00:46:30.0978 5144 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
00:46:30.0981 5144 drmkaud - ok
00:46:31.0060 5144 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
00:46:31.0083 5144 DXGKrnl - ok
00:46:31.0154 5144 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
00:46:31.0156 5144 E1G60 - ok
00:46:31.0225 5144 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
00:46:31.0227 5144 Ecache - ok
00:46:31.0290 5144 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
00:46:31.0297 5144 elxstor - ok
00:46:31.0343 5144 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
00:46:31.0345 5144 ErrDev - ok
00:46:31.0424 5144 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
00:46:31.0426 5144 exfat - ok
00:46:31.0476 5144 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
00:46:31.0479 5144 fastfat - ok
00:46:31.0505 5144 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
00:46:31.0507 5144 fdc - ok
00:46:31.0551 5144 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
00:46:31.0552 5144 FileInfo - ok
00:46:31.0579 5144 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
00:46:31.0581 5144 Filetrace - ok
00:46:31.0604 5144 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
00:46:31.0607 5144 flpydisk - ok
00:46:31.0660 5144 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
00:46:31.0663 5144 FltMgr - ok
00:46:31.0741 5144 fssfltr (8e307583e6b45f1accf762fe22a61c0d) C:\Windows\system32\DRIVERS\fssfltr.sys
00:46:31.0742 5144 fssfltr - ok
00:46:31.0824 5144 FsUsbExDisk (cbe5f69a5e5b918225f420ba748f3742) C:\Windows\system32\FsUsbExDisk.SYS
00:46:31.0827 5144 FsUsbExDisk - ok
00:46:31.0860 5144 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
00:46:31.0862 5144 Fs_Rec - ok
00:46:31.0893 5144 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
00:46:31.0895 5144 gagp30kx - ok
00:46:31.0937 5144 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
00:46:31.0938 5144 GEARAspiWDM - ok
00:46:32.0000 5144 GpdDevDPort (f1785fb4b89442aac648492b35ebcdc9) C:\Windows\system32\directport.sys
00:46:32.0002 5144 GpdDevDPort - ok
00:46:32.0014 5144 GpdKbFilter (e48c4e69e2126aac01888c60cc6ed966) C:\Windows\system32\kbfiltr.sys
00:46:32.0020 5144 GpdKbFilter - ok
00:46:32.0074 5144 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
00:46:32.0077 5144 HdAudAddService - ok
00:46:32.0136 5144 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
00:46:32.0145 5144 HDAudBus - ok
00:46:32.0165 5144 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
00:46:32.0166 5144 HidBth - ok
00:46:32.0196 5144 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
00:46:32.0197 5144 HidIr - ok
00:46:32.0237 5144 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
00:46:32.0239 5144 HidUsb - ok
00:46:32.0270 5144 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
00:46:32.0271 5144 HpCISSs - ok
00:46:32.0329 5144 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
00:46:32.0335 5144 HTTP - ok
00:46:32.0373 5144 hwdatacard - ok
00:46:32.0407 5144 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
00:46:32.0408 5144 i2omp - ok
00:46:32.0460 5144 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
00:46:32.0461 5144 i8042prt - ok
00:46:32.0525 5144 iaStor (e5a0034847537eaee3c00349d5c34c5f) C:\Windows\system32\drivers\iastor.sys
00:46:32.0528 5144 iaStor - ok
00:46:32.0569 5144 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
00:46:32.0574 5144 iaStorV - ok
00:46:32.0927 5144 igfx (dce0b53570703cce580d066f89ef58cd) C:\Windows\system32\DRIVERS\igdkmd32.sys
00:46:33.0184 5144 igfx - ok
00:46:33.0211 5144 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
00:46:33.0212 5144 iirsp - ok
00:46:33.0335 5144 IntcAzAudAddService (fbbe3f1697d393be685cd6192b1ec95a) C:\Windows\system32\drivers\RTKVHDA.sys
00:46:33.0404 5144 IntcAzAudAddService - ok
00:46:33.0439 5144 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
00:46:33.0441 5144 intelide - ok
00:46:33.0483 5144 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
00:46:33.0484 5144 intelppm - ok
00:46:33.0526 5144 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
00:46:33.0528 5144 IpFilterDriver - ok
00:46:33.0544 5144 IpInIp - ok
00:46:33.0571 5144 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
00:46:33.0572 5144 IPMIDRV - ok
00:46:33.0604 5144 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
00:46:33.0607 5144 IPNAT - ok
00:46:33.0649 5144 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
00:46:33.0651 5144 IRENUM - ok
00:46:33.0679 5144 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
00:46:33.0680 5144 isapnp - ok
00:46:33.0725 5144 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
00:46:33.0727 5144 iScsiPrt - ok
00:46:33.0760 5144 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
00:46:33.0761 5144 iteatapi - ok
00:46:33.0786 5144 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
00:46:33.0787 5144 iteraid - ok
00:46:33.0827 5144 JRAID (c36f3a1a4e8416ef43f30deab7701730) C:\Windows\system32\drivers\jraid.sys
00:46:33.0828 5144 JRAID - ok
00:46:33.0843 5144 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
00:46:33.0844 5144 kbdclass - ok
00:46:33.0879 5144 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
00:46:33.0881 5144 kbdhid - ok
00:46:33.0940 5144 KMWDFILTER (566c5fd480fdbce3ba5cf9fbcffaea9a) C:\Windows\system32\DRIVERS\KMWDFILTER.sys
00:46:33.0942 5144 KMWDFILTER - ok
00:46:33.0997 5144 KSecDD (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
00:46:34.0005 5144 KSecDD - ok
00:46:34.0047 5144 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
00:46:34.0049 5144 lltdio - ok
00:46:34.0086 5144 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
00:46:34.0088 5144 LSI_FC - ok
00:46:34.0116 5144 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
00:46:34.0118 5144 LSI_SAS - ok
00:46:34.0172 5144 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
00:46:34.0174 5144 LSI_SCSI - ok
00:46:34.0202 5144 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
00:46:34.0204 5144 luafv - ok
00:46:34.0255 5144 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\Windows\system32\drivers\mbam.sys
00:46:34.0256 5144 MBAMProtector - ok
00:46:34.0316 5144 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
00:46:34.0317 5144 megasas - ok
00:46:34.0364 5144 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
00:46:34.0371 5144 MegaSR - ok
00:46:34.0402 5144 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
00:46:34.0404 5144 Modem - ok
00:46:34.0427 5144 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
00:46:34.0428 5144 monitor - ok
00:46:34.0446 5144 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
00:46:34.0448 5144 mouclass - ok
00:46:34.0478 5144 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
00:46:34.0480 5144 mouhid - ok
00:46:34.0503 5144 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
00:46:34.0505 5144 MountMgr - ok
00:46:34.0555 5144 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
00:46:34.0557 5144 mpio - ok
00:46:34.0636 5144 MpKsl2af41bd1 - ok
00:46:34.0671 5144 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
00:46:34.0673 5144 mpsdrv - ok
00:46:34.0694 5144 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
00:46:34.0695 5144 Mraid35x - ok
00:46:34.0737 5144 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
00:46:34.0739 5144 MRxDAV - ok
00:46:34.0791 5144 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
00:46:34.0793 5144 mrxsmb - ok
00:46:34.0852 5144 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
00:46:34.0857 5144 mrxsmb10 - ok
00:46:34.0904 5144 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
00:46:34.0906 5144 mrxsmb20 - ok
00:46:34.0957 5144 msahci (5457dcfa7c0da43522f4d9d4049c1472) C:\Windows\system32\drivers\msahci.sys
00:46:34.0958 5144 msahci - ok
00:46:34.0987 5144 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
00:46:34.0989 5144 msdsm - ok
00:46:35.0022 5144 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
00:46:35.0023 5144 Msfs - ok
00:46:35.0062 5144 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
00:46:35.0064 5144 msisadrv - ok
00:46:35.0095 5144 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
00:46:35.0097 5144 MSKSSRV - ok
00:46:35.0126 5144 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
00:46:35.0128 5144 MSPCLOCK - ok
00:46:35.0143 5144 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
00:46:35.0145 5144 MSPQM - ok
00:46:35.0190 5144 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
00:46:35.0193 5144 MsRPC - ok
00:46:35.0213 5144 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
00:46:35.0214 5144 mssmbios - ok
00:46:35.0261 5144 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
00:46:35.0263 5144 MSTEE - ok
00:46:35.0287 5144 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
00:46:35.0289 5144 Mup - ok
00:46:35.0356 5144 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
00:46:35.0359 5144 NativeWifiP - ok
00:46:35.0439 5144 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
00:46:35.0460 5144 NDIS - ok
00:46:35.0479 5144 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
00:46:35.0481 5144 NdisTapi - ok
00:46:35.0504 5144 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
00:46:35.0506 5144 Ndisuio - ok
00:46:35.0540 5144 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
00:46:35.0542 5144 NdisWan - ok
00:46:35.0563 5144 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
00:46:35.0565 5144 NDProxy - ok
00:46:35.0604 5144 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
00:46:35.0606 5144 NetBIOS - ok
00:46:35.0650 5144 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
00:46:35.0654 5144 netbt - ok
00:46:35.0872 5144 NETw5v32 (840d89327c45b0cb9e1ab130249046e2) C:\Windows\system32\DRIVERS\NETw5v32.sys
00:46:36.0014 5144 NETw5v32 - ok
00:46:36.0046 5144 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
00:46:36.0047 5144 nfrd960 - ok
00:46:36.0100 5144 nmwcd (f6c40e0a565ee3ce5aeeb325e10054f2) C:\Windows\system32\drivers\ccdcmb.sys
00:46:36.0102 5144 nmwcd - ok
00:46:36.0157 5144 nmwcdc (2a394e9e1fa3565e4b2fea470ffe4d6b) C:\Windows\system32\drivers\ccdcmbo.sys
00:46:36.0158 5144 nmwcdc - ok
00:46:36.0203 5144 nmwcdnsu (99b224f8026cb534724aa3c408561e45) C:\Windows\system32\drivers\nmwcdnsu.sys
00:46:36.0206 5144 nmwcdnsu - ok
00:46:36.0240 5144 nmwcdnsuc (d23257682d349a5e2e4507ed33decc16) C:\Windows\system32\drivers\nmwcdnsuc.sys
00:46:36.0242 5144 nmwcdnsuc - ok
00:46:36.0279 5144 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
00:46:36.0281 5144 Npfs - ok
00:46:36.0302 5144 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
00:46:36.0304 5144 nsiproxy - ok
00:46:36.0386 5144 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
00:46:36.0420 5144 Ntfs - ok
00:46:36.0447 5144 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
00:46:36.0449 5144 ntrigdigi - ok
00:46:36.0483 5144 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
00:46:36.0484 5144 Null - ok
00:46:36.0525 5144 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
00:46:36.0526 5144 nvraid - ok
00:46:36.0564 5144 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
00:46:36.0565 5144 nvstor - ok
00:46:36.0593 5144 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
00:46:36.0594 5144 nv_agp - ok
00:46:36.0606 5144 NwlnkFlt - ok
00:46:36.0620 5144 NwlnkFwd - ok
00:46:36.0659 5144 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
00:46:36.0661 5144 ohci1394 - ok
00:46:36.0717 5144 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
00:46:36.0718 5144 Parport - ok
00:46:36.0753 5144 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
00:46:36.0754 5144 partmgr - ok
00:46:36.0784 5144 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
00:46:36.0786 5144 Parvdm - ok
00:46:36.0857 5144 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\Windows\system32\DRIVERS\pccsmcfd.sys
00:46:36.0858 5144 pccsmcfd - ok
00:46:36.0904 5144 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
00:46:36.0907 5144 pci - ok
00:46:36.0942 5144 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
00:46:36.0944 5144 pciide - ok
00:46:36.0976 5144 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
00:46:36.0979 5144 pcmcia - ok
00:46:37.0039 5144 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
00:46:37.0073 5144 PEAUTH - ok
00:46:37.0158 5144 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
00:46:37.0160 5144 PptpMiniport - ok
00:46:37.0192 5144 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
00:46:37.0194 5144 Processor - ok
00:46:37.0266 5144 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
00:46:37.0269 5144 PSched - ok
00:46:37.0334 5144 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
00:46:37.0380 5144 ql2300 - ok
00:46:37.0415 5144 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
00:46:37.0417 5144 ql40xx - ok
00:46:37.0448 5144 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
00:46:37.0450 5144 QWAVEdrv - ok
00:46:37.0469 5144 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
00:46:37.0473 5144 RasAcd - ok
00:46:37.0514 5144 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
00:46:37.0516 5144 Rasl2tp - ok
00:46:37.0567 5144 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
00:46:37.0568 5144 RasPppoe - ok
00:46:37.0610 5144 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
00:46:37.0612 5144 RasSstp - ok
00:46:37.0689 5144 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
00:46:37.0694 5144 rdbss - ok
00:46:37.0718 5144 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
00:46:37.0721 5144 RDPCDD - ok
00:46:37.0769 5144 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
00:46:37.0773 5144 rdpdr - ok
00:46:37.0790 5144 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
00:46:37.0792 5144 RDPENCDD - ok
00:46:37.0830 5144 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
00:46:37.0834 5144 RDPWD - ok
00:46:37.0888 5144 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
00:46:37.0889 5144 rspndr - ok
00:46:37.0943 5144 RTL8169 (2d19a7469ea19993d0c12e627f4530bc) C:\Windows\system32\DRIVERS\Rtlh86.sys
00:46:37.0947 5144 RTL8169 - ok
00:46:37.0992 5144 RTL8187B (661af6a63dff9f23b1dc3fb7b3e7a917) C:\Windows\system32\DRIVERS\RTL8187B.sys
00:46:37.0998 5144 RTL8187B - ok
00:46:38.0032 5144 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
00:46:38.0033 5144 sbp2port - ok
00:46:38.0071 5144 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
00:46:38.0072 5144 secdrv - ok
00:46:38.0100 5144 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
00:46:38.0102 5144 Serenum - ok
00:46:38.0136 5144 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
00:46:38.0137 5144 Serial - ok
00:46:38.0170 5144 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
00:46:38.0175 5144 sermouse - ok
00:46:38.0240 5144 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
00:46:38.0242 5144 sffdisk - ok
00:46:38.0262 5144 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
00:46:38.0263 5144 sffp_mmc - ok
00:46:38.0285 5144 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
00:46:38.0287 5144 sffp_sd - ok
00:46:38.0309 5144 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
00:46:38.0310 5144 sfloppy - ok
00:46:38.0346 5144 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
00:46:38.0347 5144 sisagp - ok
00:46:38.0370 5144 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
00:46:38.0371 5144 SiSRaid2 - ok
00:46:38.0400 5144 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
00:46:38.0401 5144 SiSRaid4 - ok
00:46:38.0450 5144 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
00:46:38.0452 5144 Smb - ok
00:46:38.0477 5144 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
00:46:38.0478 5144 spldr - ok
00:46:38.0537 5144 sptd (d15da1ba189770d93eea2d7e18f95af9) C:\Windows\system32\Drivers\sptd.sys
00:46:38.0537 5144 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: d15da1ba189770d93eea2d7e18f95af9
00:46:38.0539 5144 sptd ( LockedFile.Multi.Generic ) - warning
00:46:38.0539 5144 sptd - detected LockedFile.Multi.Generic (1)
00:46:38.0591 5144 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
00:46:38.0596 5144 srv - ok
00:46:38.0646 5144 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
00:46:38.0648 5144 srv2 - ok
00:46:38.0697 5144 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
00:46:38.0700 5144 srvnet - ok
00:46:38.0750 5144 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
00:46:38.0751 5144 ssmdrv - ok
00:46:38.0792 5144 StillCam (ef70b3d22b4bffda6ea851ecb063efaa) C:\Windows\system32\DRIVERS\serscan.sys
00:46:38.0794 5144 StillCam - ok
00:46:38.0858 5144 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
00:46:38.0861 5144 swenum - ok
00:46:38.0906 5144 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
00:46:38.0908 5144 Symc8xx - ok
00:46:38.0933 5144 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
00:46:38.0935 5144 Sym_hi - ok
00:46:38.0967 5144 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
00:46:38.0968 5144 Sym_u3 - ok
00:46:39.0062 5144 Tcpip (16731b631f28f63cd9f4cb60940e7ddd) C:\Windows\system32\drivers\tcpip.sys
00:46:39.0094 5144 Tcpip - ok
00:46:39.0135 5144 Tcpip6 (16731b631f28f63cd9f4cb60940e7ddd) C:\Windows\system32\DRIVERS\tcpip.sys
00:46:39.0146 5144 Tcpip6 - ok
00:46:39.0192 5144 tcpipreg (3fc13f09af9be487c7b4fac4070a036c) C:\Windows\system32\drivers\tcpipreg.sys
00:46:39.0194 5144 tcpipreg - ok
00:46:39.0219 5144 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
00:46:39.0222 5144 TDPIPE - ok
00:46:39.0249 5144 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
00:46:39.0251 5144 TDTCP - ok
00:46:39.0292 5144 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
00:46:39.0294 5144 tdx - ok
00:46:39.0340 5144 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
00:46:39.0342 5144 TermDD - ok
00:46:39.0409 5144 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
00:46:39.0411 5144 tssecsrv - ok
00:46:39.0456 5144 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
00:46:39.0458 5144 tunmp - ok
00:46:39.0509 5144 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
00:46:39.0513 5144 tunnel - ok
00:46:39.0544 5144 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
00:46:39.0546 5144 uagp35 - ok
00:46:39.0588 5144 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
00:46:39.0595 5144 udfs - ok
00:46:39.0640 5144 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
00:46:39.0642 5144 uliagpkx - ok
00:46:39.0679 5144 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
00:46:39.0684 5144 uliahci - ok
00:46:39.0720 5144 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
00:46:39.0722 5144 UlSata - ok
00:46:39.0760 5144 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
00:46:39.0762 5144 ulsata2 - ok
00:46:39.0791 5144 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
00:46:39.0792 5144 umbus - ok
00:46:39.0851 5144 upperdev (47f5f9d837d80ffd5882a14db9da0a67) C:\Windows\system32\DRIVERS\usbser_lowerflt.sys
00:46:39.0852 5144 upperdev - ok
00:46:39.0904 5144 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
00:46:39.0906 5144 usbaudio - ok
00:46:39.0921 5144 usbbus - ok
00:46:39.0967 5144 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
00:46:39.0969 5144 usbccgp - ok
00:46:39.0998 5144 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
00:46:40.0000 5144 usbcir - ok
00:46:40.0015 5144 UsbDiag - ok
00:46:40.0046 5144 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
00:46:40.0048 5144 usbehci - ok
00:46:40.0100 5144 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
00:46:40.0103 5144 usbhub - ok
00:46:40.0132 5144 USBModem - ok
00:46:40.0159 5144 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
00:46:40.0163 5144 usbohci - ok
00:46:40.0205 5144 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
00:46:40.0208 5144 usbprint - ok
00:46:40.0255 5144 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
00:46:40.0256 5144 usbscan - ok
00:46:40.0297 5144 usbser (d575246188f63de0accf6eac5fb59e6a) C:\Windows\system32\drivers\usbser.sys
00:46:40.0300 5144 usbser - ok
00:46:40.0349 5144 UsbserFilt (e44f0d17be0908b58dcc99ccb99c6c32) C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys
00:46:40.0351 5144 UsbserFilt - ok
00:46:40.0398 5144 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
00:46:40.0400 5144 USBSTOR - ok
00:46:40.0434 5144 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
00:46:40.0435 5144 usbuhci - ok
00:46:40.0500 5144 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
00:46:40.0502 5144 usbvideo - ok
00:46:40.0554 5144 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
00:46:40.0555 5144 vga - ok
00:46:40.0590 5144 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
00:46:40.0592 5144 VgaSave - ok
00:46:40.0617 5144 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
00:46:40.0618 5144 viaagp - ok
00:46:40.0650 5144 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
00:46:40.0652 5144 ViaC7 - ok
00:46:40.0681 5144 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
00:46:40.0684 5144 viaide - ok
00:46:40.0714 5144 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
00:46:40.0715 5144 volmgr - ok
00:46:40.0767 5144 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
00:46:40.0773 5144 volmgrx - ok
00:46:40.0835 5144 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
00:46:40.0839 5144 volsnap - ok
00:46:40.0866 5144 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
00:46:40.0869 5144 vsmraid - ok
00:46:40.0913 5144 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
00:46:40.0915 5144 WacomPen - ok
00:46:40.0932 5144 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
00:46:40.0934 5144 Wanarp - ok
00:46:40.0943 5144 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
00:46:40.0946 5144 Wanarpv6 - ok
00:46:40.0983 5144 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
00:46:40.0984 5144 Wd - ok
00:46:41.0039 5144 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
00:46:41.0047 5144 Wdf01000 - ok
00:46:41.0172 5144 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys
00:46:41.0175 5144 WmiAcpi - ok
00:46:41.0256 5144 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
00:46:41.0259 5144 WpdUsb - ok
00:46:41.0288 5144 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
00:46:41.0291 5144 ws2ifsl - ok
00:46:41.0383 5144 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
00:46:41.0387 5144 WudfPf - ok
00:46:41.0418 5144 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
00:46:41.0421 5144 WUDFRd - ok
00:46:41.0499 5144 zghsdiag (c6031757a76bddc3e93647a177916cec) C:\Windows\system32\DRIVERS\zghsdiag.sys
00:46:41.0501 5144 zghsdiag - ok
00:46:41.0546 5144 zghsmdm (c6031757a76bddc3e93647a177916cec) C:\Windows\system32\DRIVERS\zghsmdm.sys
00:46:41.0548 5144 zghsmdm - ok
00:46:41.0593 5144 zghsnmea (c6031757a76bddc3e93647a177916cec) C:\Windows\system32\DRIVERS\zghsnmea.sys
00:46:41.0595 5144 zghsnmea - ok
00:46:41.0641 5144 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
00:46:41.0697 5144 \Device\Harddisk0\DR0 - ok
00:46:41.0703 5144 Boot (0x1200) (a66ec8e48aba2f5ce899249ed92bdc94) \Device\Harddisk0\DR0\Partition0
00:46:41.0705 5144 \Device\Harddisk0\DR0\Partition0 - ok
00:46:41.0730 5144 Boot (0x1200) (242f5bbf672d4f9bb7d52d27e56c3088) \Device\Harddisk0\DR0\Partition1
00:46:41.0732 5144 \Device\Harddisk0\DR0\Partition1 - ok
00:46:41.0733 5144 ============================================================
00:46:41.0733 5144 Scan finished
00:46:41.0733 5144 ============================================================
00:46:41.0843 5324 Detected object count: 1
00:46:41.0843 5324 Actual detected object count: 1
00:47:14.0970 5324 sptd ( LockedFile.Multi.Generic ) - skipped by user
00:47:14.0970 5324 sptd ( LockedFile.Multi.Generic ) - User select action: Skip

#6 ikkemij

ikkemij
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:04 PM

Posted 25 February 2012 - 07:00 PM

aswMBR

aswMBR version 0.9.9.1649 Copyright© 2011 AVAST Software
Run date: 2012-02-26 00:52:00
-----------------------------
00:52:00.418 OS Version: Windows 6.0.6002 Service Pack 2
00:52:00.418 Number of processors: 2 586 0xF0D
00:52:00.420 ComputerName: userLAP UserName: user
00:52:01.349 Initialize success
00:52:13.500 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
00:52:13.503 Disk 0 Vendor: WDC_WD1600BEVT-22ZCT0 11.01A11 Size: 152627MB BusType: 3
00:52:13.547 Disk 0 MBR read successfully
00:52:13.550 Disk 0 MBR scan
00:52:13.553 Disk 0 Windows VISTA default MBR code
00:52:13.562 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 9000 MB offset 2048
00:52:13.580 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 96419 MB offset 18434048
00:52:13.602 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 47206 MB offset 215900160
00:52:13.609 Disk 0 scanning sectors +312579760
00:52:13.660 Disk 0 scanning C:\Windows\system32\drivers
00:52:21.049 Service scanning
00:52:34.019 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
00:52:38.297 Modules scanning
00:52:43.992 Disk 0 trace - called modules:
00:52:44.018 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x857361f8]<<
00:52:44.020 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86383aa8]
00:52:44.021 3 CLASSPNP.SYS[8b59f8b3] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x86144b98]
00:52:44.021 \Driver\atapi[0x86153ae0] -> IRP_MJ_CREATE -> 0x857361f8
00:52:44.022 Scan finished successfully
00:53:56.510 Disk 0 MBR has been saved successfully to "C:\Users\user\Desktop\MBR.dat"
00:53:56.515 The log file has been saved successfully to "C:\Users\user\Desktop\aswMBR.txt"

Attached Files

  • Attached File  MBR.zip   564bytes   0 downloads


#7 ikkemij

ikkemij
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:04 PM

Posted 25 February 2012 - 07:01 PM

I used MBAM to remove msil.

Call me paranoide but I what to be sure my computer is save now.

Thank you for your time and your reply.

#8 nasdaq

nasdaq

  • Malware Response Team
  • 40,254 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:04 AM

Posted 26 February 2012 - 09:22 AM

Disable the CD emulators....

Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK
IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.

Do not re-enable these drivers until otherwise instructed. Or when this computer is clean.

After please run the TDSSKILLER AND aswMBR tools.
Post the logs for my review.

Let me know what problem persists.

#9 ikkemij

ikkemij
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:04 PM

Posted 26 February 2012 - 10:30 AM

Hi

Didn't know I had to turn something of (must have missed that, sorry).

Reran TDSS and attached the file.

Also reran aswMBR version 0.9 and attached that file too.

Unsure about system after MBAM found msil.

Attached Files



#10 nasdaq

nasdaq

  • Malware Response Team
  • 40,254 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:04 AM

Posted 26 February 2012 - 11:45 AM

You can restore the emulator.
HOW TO: Enable the CD Emulators...

To re-enable your Emulation drivers, double click DeFogger to run the tool.
  • The application window will appear
  • Click the Re-enable button to re-enable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK
IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_enable which will appear on your desktop.

===

Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop

IMPORTANT....

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Do not install any other programs until this if fixed.


How to : Disable Anti-virus and Firewall...
http://www.bleepingcomputer.com/forums/topic114351.html

Double click on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt
Note:
Do not mouse click ComboFix's window while it's running. That may cause it to stall


Note: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

#11 ikkemij

ikkemij
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:04 PM

Posted 26 February 2012 - 07:21 PM

ran combofix, log is attached.

#12 nasdaq

nasdaq

  • Malware Response Team
  • 40,254 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:04 AM

Posted 27 February 2012 - 09:38 AM

The log is not available.

Please copy and past the result for my review.

#13 ikkemij

ikkemij
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:04 PM

Posted 27 February 2012 - 07:11 PM

hi,
Must have done something wrong, sorry.

I reran combofix. First I set all protection to in-active in Avira internet Sercurity.

Still it detected combofix running towards the end and warned me about it running several times in the end.
I tried again but I got the same results.

Please find the log attached.

Attached Files



#14 nasdaq

nasdaq

  • Malware Response Team
  • 40,254 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:04 AM

Posted 28 February 2012 - 08:38 AM

The log is clean.

Just one more check.

Third party programs if not up to date can be an open door for an infection

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

#15 ikkemij

ikkemij
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:04 PM

Posted 28 February 2012 - 05:59 PM

Results of screen317's Security Check version 0.99.31
Windows Vista Service Pack 2 x86 (UAC is enabled)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:

Avira Internet Security 2012
WMI entry may not exist for antivirus; attempting automatic update.
Avira successfully updated!
```````````````````````````````
Anti-malware/Other Utilities Check:

SpywareBlaster 4.6
Java™ 6 Update 29
Java version out of date!
Adobe Flash Player 11.1.102.55
Adobe Reader X (10.1.2)
Mozilla Firefox (10.0.2)
````````````````````````````````
Process Check:
objlist.exe by Laurent

Malwarebytes' Anti-Malware mbamservice.exe
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
``````````End of Log````````````

I find Firefox 10.0.2 freezing up on me while there's no reason for it. For instance, I'm like pretyping now (I type and seconds later the text appears).

I see I need to update Java. I wasn't aware of that.

Do you have any extra advice for me?

Tnx for helping out, you're the best!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users