Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

infected with crypt.anvh


  • This topic is locked This topic is locked
16 replies to this topic

#1 hungrydragon

hungrydragon

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:57 AM

Posted 20 February 2012 - 10:38 AM

When i was on my computer a couple days back and a notice popped up from AVG so i scanned my pc it found a trojan horse crypt.anvh but the only option im given is to ignore the problem the virus is located in C:\Windows\System32\drivers\dfsc.sys my thought is AVG wont remove it because it could be a driver


.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by Daniel at 22:46:00 on 2012-02-19
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3582.2218 [GMT -6:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Application Updater\ApplicationUpdater.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\TOSHIBA\IVP\ISM\pinger.exe
C:\Windows\system32\svchost.exe -k imgsvc
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\AVG\AVG2012\avgemcx.exe
C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\System32\StikyNot.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Comodo\Dragon\dragon.exe
C:\Program Files\Comodo\Dragon\dragon.exe
C:\Program Files\Comodo\Dragon\dragon.exe
C:\Program Files\Comodo\Dragon\dragon.exe
C:\Program Files\Comodo\Dragon\dragon.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
uStart Page = hxxp://www.google.com/
mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
uURLSearchHooks: SearchSettings Class: {e312764e-7706-43f1-8dab-fcdd2b1e416d} - c:\program files\search settings\SearchSettings.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SearchSettings Class: {e312764e-7706-43f1-8dab-fcdd2b1e416d} - c:\program files\search settings\SearchSettings.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [RESTART_STICKY_NOTES] c:\windows\system32\StikyNot.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [Skytel] Skytel.exe
mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
mRun: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Logitech Download Assistant] c:\windows\system32\rundll32.exe c:\windows\system32\LogiLDA.dll,LogiFetch
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{6DD1B150-30EC-4070-94D4-22CB753AF82B} : DhcpNameServer = 192.168.42.129
TCP: Interfaces\{8FBCCC07-2F34-4DD1-B98C-4023EB418FA5} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{8FBCCC07-2F34-4DD1-B98C-4023EB418FA5}\3516E6469705F696E647 : DhcpNameServer = 10.128.128.128
TCP: Interfaces\{8FBCCC07-2F34-4DD1-B98C-4023EB418FA5}\84F64756C6F5D4169716 : DhcpNameServer = 10.0.0.2 192.168.1.1
TCP: Interfaces\{8FBCCC07-2F34-4DD1-B98C-4023EB418FA5}\94765716E6162556566624 : DhcpNameServer = 10.0.0.2 192.168.2.1
TCP: Interfaces\{8FBCCC07-2F34-4DD1-B98C-4023EB418FA5}\94765716E6162556566624D27657563747 : DhcpNameServer = 10.0.0.2 192.168.33.1
TCP: Interfaces\{8FBCCC07-2F34-4DD1-B98C-4023EB418FA5}\94765716E61625565666C4 : DhcpNameServer = 192.168.1.1 10.0.0.2
TCP: Interfaces\{8FBCCC07-2F34-4DD1-B98C-4023EB418FA5}\D494251444F4250223E444 : DhcpNameServer = 10.0.0.2
TCP: Interfaces\{B0F31E43-512B-499E-AAA1-E7828F7C5D43} : DhcpNameServer = 192.168.1.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-7-11 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-9-13 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-10-7 230608]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-8-8 40016]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-7-11 295248]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-8-18 176128]
R2 Application Updater;Application Updater;c:\program files\application updater\ApplicationUpdater.exe [2010-1-8 380928]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\AVGIDSAgent.exe [2011-10-12 4433248]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776]
R2 ConfigFree Service;ConfigFree Service;c:\program files\toshiba\configfree\CFSvcs.exe [2008-4-17 40960]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2009-10-31 47640]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-2-19 652360]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-7-11 134736]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-7-11 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-10-4 16720]
R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [2008-5-5 7168]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\drivers\LEqdUsb.sys [2009-6-17 40720]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\drivers\LHidEqd.sys [2009-6-17 10384]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-2-19 20464]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2011-6-10 394856]
R3 SmartFaceVWatchSrv;SmartFaceVWatchSrv;c:\program files\toshiba\smartfacev\SmartFaceVWatchSrv.exe [2008-4-24 73728]
S1 jswpslwf;JumpStart Wireless Filter Driver;c:\windows\system32\drivers\jswpslwf.sys [2009-1-13 20384]
S2 avgarcln;Mqdmmdm;c:\windows\system32\svchost.exe -k netsvcs [2009-7-13 20992]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-6-11 136176]
S2 LMIGuardianSvc;LMIGuardianSvc;"c:\program files\logmein\x86\lmiguardiansvc.exe" --> c:\program files\logmein\x86\LMIGuardianSvc.exe [?]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2011-10-10 1153368]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-6-11 136176]
S3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\jumpstart\jswpsapi.exe [2009-1-13 954368]
S3 SVRPEDRV;SVRPEDRV;c:\windows\system32\sysprep\PEDRV.SYS [2008-5-16 9216]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-7-8 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-4-13 1343400]
.
=============== Created Last 30 ================
.
2012-02-20 02:04:50 388096 ----a-r- c:\users\daniel\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2012-02-20 02:04:49 -------- d-----w- c:\program files\Trend Micro
2012-02-20 00:38:47 -------- d-----w- c:\program files\MALWAREBYTES ANTI-MALWARE
2012-02-19 22:11:13 -------- d-----w- c:\users\daniel\appdata\roaming\Malwarebytes
2012-02-19 22:11:07 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-19 22:11:07 -------- d-----w- c:\programdata\Malwarebytes
2012-02-19 22:11:06 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-02-15 17:51:05 478720 ----a-w- c:\windows\system32\timedate.cpl
2012-02-15 17:50:55 690688 ----a-w- c:\windows\system32\msvcrt.dll
2012-02-15 17:50:52 442880 ----a-w- c:\windows\system32\ntshrui.dll
2012-02-15 17:43:23 2343424 ----a-w- c:\windows\system32\win32k.sys
2012-02-13 18:34:17 -------- d-----w- C:\sh4ldr
2012-02-13 18:34:17 -------- d-----w- c:\program files\Enigma Software Group
2012-02-13 18:33:40 -------- d-----w- c:\windows\4E0C6314A8B84026AC15084E8B63AFB5.TMP
2012-02-11 05:37:53 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll
2012-02-11 05:37:53 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll
2012-02-11 05:37:53 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll
2012-02-11 05:37:53 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll
2012-02-11 05:37:53 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll
2012-02-11 05:37:53 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll
2012-02-11 05:37:53 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll
2012-02-05 20:44:11 0 --sha-w- c:\windows\system32\dds_trash_log.cmd
2012-02-02 23:32:04 -------- d-----w- c:\users\daniel\appdata\roaming\PrimoPDF
2012-02-02 23:30:09 180624 ----a-w- c:\windows\system32\Primomonnt.dll
2012-02-02 23:30:07 -------- d-----w- c:\program files\Nitro PDF
2012-01-21 10:01:58 67440 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-01-21 10:01:58 369352 ----a-w- c:\windows\system32\drivers\cng.sys
2012-01-21 10:01:58 314880 ----a-w- c:\windows\system32\webio.dll
2012-01-21 10:01:58 22528 ----a-w- c:\windows\system32\lsass.exe
2012-01-21 10:01:58 224768 ----a-w- c:\windows\system32\schannel.dll
2012-01-21 10:01:58 22016 ----a-w- c:\windows\system32\secur32.dll
2012-01-21 10:01:58 15872 ----a-w- c:\windows\system32\sspisrv.dll
2012-01-21 10:01:58 134000 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-01-21 10:01:58 1038848 ----a-w- c:\windows\system32\lsasrv.dll
2012-01-21 10:01:58 100352 ----a-w- c:\windows\system32\sspicli.dll
.
==================== Find3M ====================
.
2012-02-17 22:04:21 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-12-14 03:04:54 1798656 ----a-w- c:\windows\system32\jscript9.dll
2011-12-14 02:57:18 1127424 ----a-w- c:\windows\system32\wininet.dll
2011-12-14 02:56:58 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2011-12-14 02:50:04 2382848 ----a-w- c:\windows\system32\mshtml.tlb
.
============= FINISH: 22:47:00.66 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:57 AM

Posted 21 February 2012 - 02:51 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.
  • Do not run any other tool untill instructed to do so!


Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 hungrydragon

hungrydragon
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:57 AM

Posted 22 February 2012 - 06:30 PM

ComboFix 12-02-22.01 - Daniel 02/22/2012 17:07:39.4.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3582.2597 [GMT -6:00]
Running from: c:\users\Daniel\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-01-22 to 2012-02-22 )))))))))))))))))))))))))))))))
.
.
2012-02-22 23:14 . 2012-02-22 23:14 -------- d-----w- c:\users\LogMeInRemoteUser\AppData\Local\temp
2012-02-22 23:14 . 2012-02-22 23:14 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-02-22 16:05 . 2012-02-22 23:14 -------- d-----w- c:\users\Daniel\AppData\Local\temp
2012-02-22 15:04 . 2010-11-20 08:39 74752 ----a-w- c:\windows\system32\drivers\tdx.sys
2012-02-20 02:04 . 2012-02-20 02:04 388096 ----a-r- c:\users\Daniel\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-02-20 02:04 . 2012-02-20 02:04 -------- d-----w- c:\program files\Trend Micro
2012-02-20 00:38 . 2012-02-20 00:38 -------- d-----w- c:\program files\MALWAREBYTES ANTI-MALWARE
2012-02-19 22:11 . 2012-02-19 22:11 -------- d-----w- c:\users\Daniel\AppData\Roaming\Malwarebytes
2012-02-19 22:11 . 2012-02-20 01:55 -------- d-----w- c:\programdata\Malwarebytes
2012-02-19 22:11 . 2011-12-10 21:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-19 22:11 . 2012-02-19 22:11 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-02-15 17:51 . 2011-12-30 05:27 478720 ----a-w- c:\windows\system32\timedate.cpl
2012-02-15 17:50 . 2011-12-16 07:52 690688 ----a-w- c:\windows\system32\msvcrt.dll
2012-02-15 17:50 . 2012-01-04 08:58 442880 ----a-w- c:\windows\system32\ntshrui.dll
2012-02-15 17:43 . 2012-01-14 03:35 2343424 ----a-w- c:\windows\system32\win32k.sys
2012-02-13 18:34 . 2012-02-13 23:31 -------- d-----w- C:\sh4ldr
2012-02-13 18:34 . 2012-02-13 18:34 -------- d-----w- c:\program files\Enigma Software Group
2012-02-13 18:33 . 2012-02-13 23:31 -------- d-----w- c:\windows\4E0C6314A8B84026AC15084E8B63AFB5.TMP
2012-02-11 05:37 . 2012-02-11 05:37 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin7.dll
2012-02-11 05:37 . 2012-02-11 05:37 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin6.dll
2012-02-11 05:37 . 2012-02-11 05:37 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2012-02-11 05:37 . 2012-02-11 05:37 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2012-02-11 05:37 . 2012-02-11 05:37 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2012-02-11 05:37 . 2012-02-11 05:37 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2012-02-11 05:37 . 2012-02-11 05:37 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll
2012-02-05 20:44 . 2012-02-22 14:43 0 --sha-w- c:\windows\system32\dds_trash_log.cmd
2012-02-02 23:32 . 2012-02-14 00:12 -------- d-----w- c:\users\Daniel\AppData\Roaming\PrimoPDF
2012-02-02 23:30 . 2011-02-28 22:37 180624 ----a-w- c:\windows\system32\Primomonnt.dll
2012-02-02 23:30 . 2012-02-02 23:30 -------- d-----w- c:\program files\Nitro PDF
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-20 17:36 . 2010-04-20 15:20 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-02-17 22:04 . 2011-06-04 05:26 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2010-11-20 144384]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-14 1348904]
"RtHDVCpl"="RtHDVCpl.exe" [2008-04-08 6037504]
"Skytel"="Skytel.exe" [2007-11-21 1826816]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]
"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2009-03-09 55160]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2009-08-05 738616]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-08-31 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2010-11-04 1246544]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2009-07-20 20:28 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Logitech SetPoint.lnk
backup=c:\windows\pss\Logitech SetPoint.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-03-30 04:59 937920 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-08-31 01:57 40368 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Camera Assistant Software]
2008-04-29 18:33 417792 ----a-w- c:\program files\Camera Assistant Software for Toshiba\traybar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Pro Agent]
2010-04-15 08:17 427328 ----a-w- c:\program files\DAEMON Tools Pro\DTAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2006-12-11 04:52 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-10-24 20:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
2005-03-01 23:52 1695744 ----a-w- c:\program files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2011-10-13 19:45 19550344 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmoothView]
2009-07-28 22:00 460088 ----a-w- c:\program files\TOSHIBA\SmoothView\SmoothView.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2011-09-06 22:57 1242448 ----a-w- c:\program files\Steam\steam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-01-18 20:02 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPwrMain]
2009-08-21 17:29 476512 ----a-w- c:\program files\TOSHIBA\Power Saver\TPwrMain.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2011-04-28 14:16 399736 ----a-w- c:\program files\uTorrent\uTorrent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirtualCloneDrive]
2009-06-17 11:44 85160 ----a-w- c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2009-07-14 01:14 65024 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
.
R1 jswpslwf;JumpStart Wireless Filter Driver;c:\windows\system32\DRIVERS\jswpslwf.sys [2008-04-29 20384]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-06-11 136176]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [x]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\RaInfo.sys [x]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-06-11 136176]
R3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\Jumpstart\jswpsapi.exe [2008-04-16 954368]
R3 SVRPEDRV;SVRPEDRV;c:\windows\System32\sysprep\PEDrv.sys [2008-01-18 9216]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-04-13 1343400]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-07-05 721904]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [2011-07-11 23120]
S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [2011-09-13 32592]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [2011-10-07 230608]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [2011-07-11 295248]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-08-18 176128]
S2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [2010-01-08 380928]
S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [2011-08-02 192776]
S2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [2008-04-17 40960]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [2011-07-11 134736]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [2011-07-11 24272]
S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\AVGIDSShim.Sys [2011-10-04 16720]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2006-11-20 7168]
S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\Drivers\LEqdUsb.Sys [2009-06-17 40720]
S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\Drivers\LHidEqd.Sys [2009-06-17 10384]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-12-10 20464]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2011-06-10 394856]
S3 SmartFaceVWatchSrv;SmartFaceVWatchSrv;c:\program files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe [2008-04-25 73728]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - UDFReadr
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
NETSVCS REQUIRES REPAIRS - current entries shown
AeLookupSvc
CertPropSvc
SCPolicySvc
lanmanserver
gpsvc
IKEEXT
AudioSrv
FastUserSwitchingCompatibility
Ias
Irmon
Nla
Ntmssvc
NWCWorkstation
Nwsapagent
Rasauto
Rasman
Remoteaccess
SENS
Sharedaccess
SRService
Tapisrv
Wmi
WmdmPmSp
PCASp50
SE2Dmdm
atinevxx
se59bus
aamqdispatcher
pgfilter
mediaviewer
pdagent
sp_clamsrv
AcronisOSSReinstallSvc
vtserver
CA561
uphclean
ROCKEYNT
delldmi
deventagent
tsp
pdrframe
LXARScan
CTSBLFX.DLL
DCamUSBMke2
USIUDF
WmUsbHid
vncdrv
psimsvc
InterBaseGuardian
wg6n
SMCB000
sfilter
dlaudfam
symantecantibotshim
AlKernel
USB_RNDIS_XP
pageserver
symsnap
pxfhmdfl
HWIONT
beatjammusicstreamingserver
marvinbus
oracle_load_balancer_60_server-forms6i
brmfrmps
vhidmini
btnhnd
EQDRV5
ahcix86s
tfsnopio
{85ccb53b-23d8-4e73-b1b7-9ddb71827d9b}
UMAXPCLS
hpn
dlabmfsm
erecoveryservice
nvax
thinkpadmodemservice
ppmoucls
teefer
paamsrv
mxssvr
mpservice
SilverLink
LVRS
mafwboot
stylexpservice
zebrceb
GT890x
elosystemservice
spupdsvc
incdfs
asuskeyboardservice
freebsd
avgarcln
z525obex
LPCFilter
toside
epson_pm_rpcv2_02
dxdebug
stac97
msmpsvc
e100b
TermService
wuauserv
BITS
ShellHWDetection
LogonHours
PCAudit
helpsvc
uploadmgr
nqcbclvu
iphlpsvc
seclogon
AppInfo
msiscsi
MMCSS
wercplsupport
EapHost
ProfSvc
schedule
hkmsvc
SessionEnv
winmgmt
browser
Themes
BDESVC
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-11 17:23]
.
2012-02-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-11 17:23]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.1.1
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Toshiba\IVP\Services\Software Upgrades\Swupdtmr]
@DACL=(02 0000)
@SACL=
"STATE"=dword:00000003
"TMH"=dword:01cbc66e
"TML"=dword:6880231a
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-02-22 17:17:05
ComboFix-quarantined-files.txt 2012-02-22 23:17
ComboFix2.txt 2012-02-22 22:28
ComboFix3.txt 2012-02-22 15:31
.
Pre-Run: 100,998,467,584 bytes free
Post-Run: 100,923,998,208 bytes free
.
- - End Of File - - 45A59AEAC2113795C8788E5E6E8D6730

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:57 AM

Posted 22 February 2012 - 07:35 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo

Edited by gringo_pr, 22 February 2012 - 07:36 PM.

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 hungrydragon

hungrydragon
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:57 AM

Posted 23 February 2012 - 12:08 AM

23:05:52.0498 5008 TDSS rootkit removing tool 2.7.13.0 Feb 15 2012 19:33:14
23:05:52.0877 5008 ============================================================
23:05:52.0877 5008 Current date / time: 2012/02/22 23:05:52.0877
23:05:52.0877 5008 SystemInfo:
23:05:52.0877 5008
23:05:52.0877 5008 OS Version: 6.1.7601 ServicePack: 1.0
23:05:52.0877 5008 Product type: Workstation
23:05:52.0877 5008 ComputerName: ZEUS
23:05:52.0877 5008 UserName: Daniel
23:05:52.0877 5008 Windows directory: C:\Windows
23:05:52.0877 5008 System windows directory: C:\Windows
23:05:52.0877 5008 Processor architecture: Intel x86
23:05:52.0877 5008 Number of processors: 2
23:05:52.0877 5008 Page size: 0x1000
23:05:52.0877 5008 Boot type: Normal boot
23:05:52.0877 5008 ============================================================
23:05:54.0134 5008 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
23:05:54.0137 5008 \Device\Harddisk0\DR0:
23:05:54.0137 5008 MBR used
23:05:54.0137 5008 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x1C30B000
23:05:54.0179 5008 Initialize success
23:05:54.0179 5008 ============================================================
23:05:57.0189 1056 ============================================================
23:05:57.0189 1056 Scan started
23:05:57.0189 1056 Mode: Manual;
23:05:57.0189 1056 ============================================================
23:05:58.0174 1056 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
23:05:58.0176 1056 1394ohci - ok
23:05:58.0237 1056 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
23:05:58.0242 1056 ACPI - ok
23:05:58.0294 1056 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
23:05:58.0296 1056 AcpiPmi - ok
23:05:58.0412 1056 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
23:05:58.0421 1056 adp94xx - ok
23:05:58.0507 1056 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
23:05:58.0541 1056 adpahci - ok
23:05:58.0563 1056 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
23:05:58.0569 1056 adpu320 - ok
23:05:58.0663 1056 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
23:05:58.0670 1056 AFD - ok
23:05:58.0767 1056 AgereSoftModem (7e10e3bb9b258ad8a9300f91214d67b9) C:\Windows\system32\DRIVERS\AGRSM.sys
23:05:58.0801 1056 AgereSoftModem - ok
23:05:58.0839 1056 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
23:05:58.0841 1056 agp440 - ok
23:05:58.0906 1056 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
23:05:58.0909 1056 aic78xx - ok
23:05:58.0985 1056 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
23:05:58.0986 1056 aliide - ok
23:05:59.0054 1056 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
23:05:59.0056 1056 amdagp - ok
23:05:59.0086 1056 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
23:05:59.0087 1056 amdide - ok
23:05:59.0151 1056 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
23:05:59.0153 1056 AmdK8 - ok
23:05:59.0200 1056 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
23:05:59.0202 1056 AmdPPM - ok
23:05:59.0261 1056 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
23:05:59.0264 1056 amdsata - ok
23:05:59.0314 1056 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
23:05:59.0318 1056 amdsbs - ok
23:05:59.0343 1056 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
23:05:59.0354 1056 amdxata - ok
23:05:59.0425 1056 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
23:05:59.0426 1056 AppID - ok
23:05:59.0651 1056 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
23:05:59.0654 1056 arc - ok
23:05:59.0704 1056 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
23:05:59.0704 1056 arcsas - ok
23:05:59.0735 1056 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
23:05:59.0735 1056 AsyncMac - ok
23:05:59.0790 1056 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
23:05:59.0791 1056 atapi - ok
23:05:59.0866 1056 athr (ac4adac154563ab41cc79b0257bc685a) C:\Windows\system32\DRIVERS\athr.sys
23:05:59.0901 1056 athr - ok
23:06:00.0089 1056 atikmdag (04f09923a393e4e0e8453a8f78361e73) C:\Windows\system32\DRIVERS\atikmdag.sys
23:06:00.0229 1056 atikmdag - ok
23:06:00.0506 1056 AtiPcie (4aa1eb65481c392955939e735d27118b) C:\Windows\system32\DRIVERS\AtiPcie.sys
23:06:00.0507 1056 AtiPcie - ok
23:06:00.0697 1056 AVGIDSDriver (f6878b90a8a9795116bce335238e65af) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
23:06:00.0700 1056 AVGIDSDriver - ok
23:06:00.0736 1056 AVGIDSEH (19a08a6728a6e02099d64268218cd799) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
23:06:00.0738 1056 AVGIDSEH - ok
23:06:00.0775 1056 AVGIDSFilter (f8927ab1dd086edeff2924a64dc89869) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
23:06:00.0775 1056 AVGIDSFilter - ok
23:06:00.0791 1056 AVGIDSShim (dadca567891033dcf2ec4a3f9da46ae4) C:\Windows\system32\DRIVERS\AVGIDSShim.Sys
23:06:00.0791 1056 AVGIDSShim - ok
23:06:00.0900 1056 Avgldx86 (bf8118cd5e2255387b715b534d64acd1) C:\Windows\system32\DRIVERS\avgldx86.sys
23:06:00.0900 1056 Avgldx86 - ok
23:06:00.0973 1056 Avgmfx86 (1c77ef67f196466adc9924cb288afe87) C:\Windows\system32\DRIVERS\avgmfx86.sys
23:06:00.0975 1056 Avgmfx86 - ok
23:06:01.0079 1056 Avgrkx86 (f2038ed7284b79dcef581468121192a9) C:\Windows\system32\DRIVERS\avgrkx86.sys
23:06:01.0080 1056 Avgrkx86 - ok
23:06:01.0114 1056 Avgtdix (a6d562b612216d8d02a35ebeb92366bd) C:\Windows\system32\DRIVERS\avgtdix.sys
23:06:01.0121 1056 Avgtdix - ok
23:06:01.0227 1056 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
23:06:01.0231 1056 b06bdrv - ok
23:06:01.0332 1056 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
23:06:01.0337 1056 b57nd60x - ok
23:06:01.0386 1056 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
23:06:01.0387 1056 Beep - ok
23:06:01.0420 1056 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
23:06:01.0422 1056 blbdrive - ok
23:06:01.0480 1056 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
23:06:01.0483 1056 bowser - ok
23:06:01.0503 1056 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
23:06:01.0505 1056 BrFiltLo - ok
23:06:01.0530 1056 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
23:06:01.0532 1056 BrFiltUp - ok
23:06:01.0575 1056 BridgeMP (77361d72a04f18809d0efb6cceb74d4b) C:\Windows\system32\DRIVERS\bridge.sys
23:06:01.0578 1056 BridgeMP - ok
23:06:01.0653 1056 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
23:06:01.0659 1056 Brserid - ok
23:06:01.0685 1056 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
23:06:01.0687 1056 BrSerWdm - ok
23:06:01.0714 1056 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
23:06:01.0715 1056 BrUsbMdm - ok
23:06:01.0730 1056 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
23:06:01.0734 1056 BrUsbSer - ok
23:06:01.0805 1056 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
23:06:01.0807 1056 BTHMODEM - ok
23:06:02.0001 1056 catchme - ok
23:06:02.0064 1056 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
23:06:02.0079 1056 cdfs - ok
23:06:02.0126 1056 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\drivers\cdrom.sys
23:06:02.0126 1056 cdrom - ok
23:06:02.0263 1056 cdudf_xp - ok
23:06:02.0302 1056 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
23:06:02.0304 1056 circlass - ok
23:06:02.0348 1056 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
23:06:02.0353 1056 CLFS - ok
23:06:02.0423 1056 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
23:06:02.0425 1056 CmBatt - ok
23:06:02.0460 1056 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
23:06:02.0462 1056 cmdide - ok
23:06:02.0549 1056 CNG (6427525d76f61d0c519b008d3680e8e7) C:\Windows\system32\Drivers\cng.sys
23:06:02.0557 1056 CNG - ok
23:06:02.0590 1056 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
23:06:02.0592 1056 Compbatt - ok
23:06:02.0651 1056 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
23:06:02.0653 1056 CompositeBus - ok
23:06:02.0705 1056 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
23:06:02.0706 1056 crcdisk - ok
23:06:02.0790 1056 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
23:06:02.0792 1056 discache - ok
23:06:02.0864 1056 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
23:06:02.0866 1056 Disk - ok
23:06:02.0937 1056 Dot4 (b5e479eb83707dd698f66953e922042c) C:\Windows\system32\DRIVERS\Dot4.sys
23:06:02.0941 1056 Dot4 - ok
23:06:02.0996 1056 Dot4Print (caefd09b6a6249c53a67d55a9a9fcabf) C:\Windows\system32\drivers\Dot4Prt.sys
23:06:02.0998 1056 Dot4Print - ok
23:06:03.0021 1056 dot4usb (cf491ff38d62143203c065260567e2f7) C:\Windows\system32\DRIVERS\dot4usb.sys
23:06:03.0023 1056 dot4usb - ok
23:06:03.0079 1056 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
23:06:03.0082 1056 drmkaud - ok
23:06:03.0134 1056 DVDVRRdr_xp (79cedb9f3d18b6c7dc99ddda2e734b17) C:\Windows\system32\drivers\DVDVRRdr_xp.sys
23:06:03.0138 1056 DVDVRRdr_xp - ok
23:06:03.0165 1056 dvd_2K (543808acfedf574e7714c9091ad9c638) C:\Windows\system32\drivers\dvd_2K.sys
23:06:03.0165 1056 dvd_2K - ok
23:06:03.0265 1056 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
23:06:03.0281 1056 DXGKrnl - ok
23:06:03.0440 1056 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
23:06:03.0532 1056 ebdrv - ok
23:06:03.0607 1056 ElbyCDIO (44996a2addd2db7454f2ca40b67d8941) C:\Windows\system32\Drivers\ElbyCDIO.sys
23:06:03.0609 1056 ElbyCDIO - ok
23:06:03.0706 1056 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
23:06:03.0715 1056 elxstor - ok
23:06:03.0772 1056 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
23:06:03.0774 1056 ErrDev - ok
23:06:03.0890 1056 esgiguard - ok
23:06:03.0975 1056 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
23:06:03.0979 1056 exfat - ok
23:06:04.0013 1056 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
23:06:04.0018 1056 fastfat - ok
23:06:04.0052 1056 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
23:06:04.0053 1056 fdc - ok
23:06:04.0082 1056 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
23:06:04.0085 1056 FileInfo - ok
23:06:04.0099 1056 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
23:06:04.0102 1056 Filetrace - ok
23:06:04.0140 1056 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
23:06:04.0141 1056 flpydisk - ok
23:06:04.0180 1056 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
23:06:04.0186 1056 FltMgr - ok
23:06:04.0219 1056 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
23:06:04.0219 1056 FsDepends - ok
23:06:04.0235 1056 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
23:06:04.0235 1056 Fs_Rec - ok
23:06:04.0325 1056 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
23:06:04.0330 1056 fvevol - ok
23:06:04.0412 1056 FwLnk (cbc22823628544735625b280665e434e) C:\Windows\system32\DRIVERS\FwLnk.sys
23:06:04.0414 1056 FwLnk - ok
23:06:04.0462 1056 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
23:06:04.0464 1056 gagp30kx - ok
23:06:04.0509 1056 GEARAspiWDM (f2f431d1573ee632975c524418655b84) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
23:06:04.0510 1056 GEARAspiWDM - ok
23:06:04.0604 1056 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
23:06:04.0605 1056 hcw85cir - ok
23:06:04.0653 1056 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
23:06:04.0656 1056 HDAudBus - ok
23:06:04.0684 1056 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
23:06:04.0685 1056 HidBatt - ok
23:06:04.0721 1056 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
23:06:04.0722 1056 HidBth - ok
23:06:04.0771 1056 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
23:06:04.0772 1056 HidIr - ok
23:06:04.0837 1056 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys
23:06:04.0840 1056 HidUsb - ok
23:06:04.0947 1056 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
23:06:04.0950 1056 HpSAMD - ok
23:06:05.0030 1056 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
23:06:05.0040 1056 HTTP - ok
23:06:05.0102 1056 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
23:06:05.0103 1056 hwpolicy - ok
23:06:05.0178 1056 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
23:06:05.0181 1056 i8042prt - ok
23:06:05.0233 1056 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
23:06:05.0240 1056 iaStorV - ok
23:06:05.0300 1056 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
23:06:05.0302 1056 iirsp - ok
23:06:05.0421 1056 IntcAzAudAddService (b9cbd3dea7ca02868621173bf7a2af9f) C:\Windows\system32\drivers\RTKVHDA.sys
23:06:05.0489 1056 IntcAzAudAddService - ok
23:06:05.0525 1056 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
23:06:05.0527 1056 intelide - ok
23:06:05.0608 1056 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
23:06:05.0611 1056 intelppm - ok
23:06:05.0638 1056 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
23:06:05.0640 1056 IpFilterDriver - ok
23:06:05.0694 1056 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
23:06:05.0697 1056 IPMIDRV - ok
23:06:05.0727 1056 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
23:06:05.0730 1056 IPNAT - ok
23:06:05.0782 1056 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
23:06:05.0784 1056 IRENUM - ok
23:06:05.0820 1056 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
23:06:05.0823 1056 isapnp - ok
23:06:05.0854 1056 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
23:06:05.0857 1056 iScsiPrt - ok
23:06:05.0946 1056 jswpslwf (11ad410f41af42ba12e63187e3ec141a) C:\Windows\system32\DRIVERS\jswpslwf.sys
23:06:05.0948 1056 jswpslwf - ok
23:06:06.0008 1056 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys
23:06:06.0011 1056 kbdclass - ok
23:06:06.0059 1056 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys
23:06:06.0061 1056 kbdhid - ok
23:06:06.0101 1056 KR10I (e8ca038f51f7761bd6e3a3b0b8014263) C:\Windows\system32\drivers\kr10i.sys
23:06:06.0104 1056 KR10I - ok
23:06:06.0131 1056 KR10N (6a4adb9186dd0e114e623daf57e42b31) C:\Windows\system32\drivers\kr10n.sys
23:06:06.0136 1056 KR10N - ok
23:06:06.0175 1056 KSecDD (f4647bb23db9038a7536cf6b68f4207f) C:\Windows\system32\Drivers\ksecdd.sys
23:06:06.0178 1056 KSecDD - ok
23:06:06.0208 1056 KSecPkg (e73cae53bbb72ba26918492c6b4c229d) C:\Windows\system32\Drivers\ksecpkg.sys
23:06:06.0211 1056 KSecPkg - ok
23:06:06.0287 1056 LEqdUsb (70035567754bed4e6ad353ca3f175127) C:\Windows\system32\Drivers\LEqdUsb.Sys
23:06:06.0290 1056 LEqdUsb - ok
23:06:06.0319 1056 LHidEqd (32491b6bae0afad1d7a62c0ef0af4321) C:\Windows\system32\Drivers\LHidEqd.Sys
23:06:06.0321 1056 LHidEqd - ok
23:06:06.0357 1056 LHidFilt (7f9c7b28cf1c859e1c42619eea946dc8) C:\Windows\system32\DRIVERS\LHidFilt.Sys
23:06:06.0359 1056 LHidFilt - ok
23:06:06.0434 1056 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
23:06:06.0436 1056 lltdio - ok
23:06:06.0572 1056 LMIInfo - ok
23:06:06.0620 1056 lmimirr (4477689e2d8ae6b78ba34c9af4cc1ed1) C:\Windows\system32\DRIVERS\lmimirr.sys
23:06:06.0622 1056 lmimirr - ok
23:06:06.0653 1056 LMIRfsClientNP - ok
23:06:06.0712 1056 LMIRfsDriver (3faa563ddf853320f90259d455a01d79) C:\Windows\system32\drivers\LMIRfsDriver.sys
23:06:06.0714 1056 LMIRfsDriver - ok
23:06:06.0744 1056 LMouFilt (ab33792a87285344f43b5ce23421bab0) C:\Windows\system32\DRIVERS\LMouFilt.Sys
23:06:06.0746 1056 LMouFilt - ok
23:06:06.0841 1056 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
23:06:06.0844 1056 LSI_FC - ok
23:06:06.0869 1056 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
23:06:06.0872 1056 LSI_SAS - ok
23:06:06.0897 1056 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
23:06:06.0898 1056 LSI_SAS2 - ok
23:06:06.0929 1056 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
23:06:06.0932 1056 LSI_SCSI - ok
23:06:06.0973 1056 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
23:06:06.0976 1056 luafv - ok
23:06:07.0027 1056 LUsbFilt (77030525cd86a93f1af34fa9b96d33ce) C:\Windows\system32\Drivers\LUsbFilt.Sys
23:06:07.0028 1056 LUsbFilt - ok
23:06:07.0107 1056 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\Windows\system32\drivers\mbam.sys
23:06:07.0109 1056 MBAMProtector - ok
23:06:07.0151 1056 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
23:06:07.0153 1056 megasas - ok
23:06:07.0184 1056 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
23:06:07.0190 1056 MegaSR - ok
23:06:07.0234 1056 mmc_2K (db790a7675d595d96588429cc14028ca) C:\Windows\system32\drivers\mmc_2K.sys
23:06:07.0236 1056 mmc_2K - ok
23:06:07.0279 1056 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
23:06:07.0280 1056 Modem - ok
23:06:07.0312 1056 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
23:06:07.0313 1056 monitor - ok
23:06:07.0357 1056 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
23:06:07.0360 1056 mouclass - ok
23:06:07.0390 1056 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
23:06:07.0392 1056 mouhid - ok
23:06:07.0449 1056 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
23:06:07.0452 1056 mountmgr - ok
23:06:07.0503 1056 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
23:06:07.0506 1056 mpio - ok
23:06:07.0512 1056 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
23:06:07.0528 1056 mpsdrv - ok
23:06:07.0590 1056 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
23:06:07.0590 1056 MRxDAV - ok
23:06:07.0678 1056 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
23:06:07.0681 1056 mrxsmb - ok
23:06:07.0724 1056 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
23:06:07.0729 1056 mrxsmb10 - ok
23:06:07.0751 1056 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
23:06:07.0753 1056 mrxsmb20 - ok
23:06:07.0791 1056 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
23:06:07.0794 1056 msahci - ok
23:06:07.0835 1056 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
23:06:07.0837 1056 msdsm - ok
23:06:07.0907 1056 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
23:06:07.0909 1056 Msfs - ok
23:06:07.0947 1056 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
23:06:07.0949 1056 mshidkmdf - ok
23:06:07.0978 1056 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
23:06:07.0980 1056 msisadrv - ok
23:06:08.0027 1056 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
23:06:08.0029 1056 MSKSSRV - ok
23:06:08.0070 1056 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
23:06:08.0073 1056 MSPCLOCK - ok
23:06:08.0093 1056 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
23:06:08.0095 1056 MSPQM - ok
23:06:08.0126 1056 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
23:06:08.0131 1056 MsRPC - ok
23:06:08.0149 1056 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
23:06:08.0150 1056 mssmbios - ok
23:06:08.0199 1056 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
23:06:08.0201 1056 MSTEE - ok
23:06:08.0217 1056 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
23:06:08.0219 1056 MTConfig - ok
23:06:08.0260 1056 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
23:06:08.0263 1056 Mup - ok
23:06:08.0377 1056 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
23:06:08.0383 1056 NativeWifiP - ok
23:06:08.0450 1056 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
23:06:08.0456 1056 NDIS - ok
23:06:08.0510 1056 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
23:06:08.0512 1056 NdisCap - ok
23:06:08.0532 1056 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
23:06:08.0535 1056 NdisTapi - ok
23:06:08.0594 1056 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
23:06:08.0596 1056 Ndisuio - ok
23:06:08.0645 1056 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
23:06:08.0648 1056 NdisWan - ok
23:06:08.0709 1056 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
23:06:08.0712 1056 NDProxy - ok
23:06:08.0751 1056 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
23:06:08.0753 1056 NetBIOS - ok
23:06:08.0803 1056 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
23:06:08.0808 1056 NetBT - ok
23:06:08.0865 1056 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
23:06:08.0867 1056 nfrd960 - ok
23:06:08.0922 1056 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
23:06:08.0925 1056 Npfs - ok
23:06:08.0948 1056 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
23:06:08.0950 1056 nsiproxy - ok
23:06:09.0022 1056 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
23:06:09.0096 1056 Ntfs - ok
23:06:09.0118 1056 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
23:06:09.0120 1056 Null - ok
23:06:09.0163 1056 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
23:06:09.0165 1056 nvraid - ok
23:06:09.0208 1056 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
23:06:09.0212 1056 nvstor - ok
23:06:09.0272 1056 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
23:06:09.0276 1056 nv_agp - ok
23:06:09.0311 1056 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
23:06:09.0314 1056 ohci1394 - ok
23:06:09.0398 1056 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
23:06:09.0401 1056 Parport - ok
23:06:09.0462 1056 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys
23:06:09.0464 1056 partmgr - ok
23:06:09.0490 1056 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
23:06:09.0492 1056 Parvdm - ok
23:06:09.0587 1056 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
23:06:09.0589 1056 pci - ok
23:06:09.0612 1056 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
23:06:09.0614 1056 pciide - ok
23:06:09.0647 1056 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
23:06:09.0651 1056 pcmcia - ok
23:06:09.0673 1056 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
23:06:09.0675 1056 pcw - ok
23:06:09.0723 1056 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
23:06:09.0762 1056 PEAUTH - ok
23:06:09.0839 1056 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
23:06:09.0842 1056 PptpMiniport - ok
23:06:09.0867 1056 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
23:06:09.0869 1056 Processor - ok
23:06:09.0953 1056 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
23:06:09.0955 1056 Psched - ok
23:06:10.0007 1056 pwd_2k (a9694824a73dad758f863ae3b3e8c4b6) C:\Windows\system32\drivers\pwd_2k.sys
23:06:10.0011 1056 pwd_2k - ok
23:06:10.0057 1056 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\Windows\system32\Drivers\PxHelp20.sys
23:06:10.0059 1056 PxHelp20 - ok
23:06:10.0146 1056 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
23:06:10.0168 1056 ql2300 - ok
23:06:10.0192 1056 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
23:06:10.0196 1056 ql40xx - ok
23:06:10.0231 1056 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
23:06:10.0233 1056 QWAVEdrv - ok
23:06:10.0277 1056 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
23:06:10.0280 1056 RasAcd - ok
23:06:10.0370 1056 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
23:06:10.0372 1056 RasAgileVpn - ok
23:06:10.0408 1056 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
23:06:10.0411 1056 Rasl2tp - ok
23:06:10.0472 1056 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
23:06:10.0475 1056 RasPppoe - ok
23:06:10.0511 1056 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
23:06:10.0515 1056 RasSstp - ok
23:06:10.0582 1056 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
23:06:10.0588 1056 rdbss - ok
23:06:10.0651 1056 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
23:06:10.0652 1056 rdpbus - ok
23:06:10.0705 1056 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
23:06:10.0707 1056 RDPCDD - ok
23:06:10.0775 1056 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
23:06:10.0777 1056 RDPENCDD - ok
23:06:10.0802 1056 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
23:06:10.0804 1056 RDPREFMP - ok
23:06:10.0850 1056 RDPWD (288b06960d78428ff89e811632684e20) C:\Windows\system32\drivers\RDPWD.sys
23:06:10.0855 1056 RDPWD - ok
23:06:10.0926 1056 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
23:06:10.0931 1056 rdyboost - ok
23:06:10.0986 1056 RimUsb (0f6756ef8bda6dfa7be50465c83132bb) C:\Windows\system32\Drivers\RimUsb.sys
23:06:10.0987 1056 RimUsb - ok
23:06:11.0067 1056 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
23:06:11.0070 1056 rspndr - ok
23:06:11.0131 1056 RTL8167 (5283b9a27ff230f2ff70d92451ff409a) C:\Windows\system32\DRIVERS\Rt86win7.sys
23:06:11.0140 1056 RTL8167 - ok
23:06:11.0200 1056 RTL8169 (7157e70a90cce49deb8885d23a073a39) C:\Windows\system32\DRIVERS\Rtlh86.sys
23:06:11.0203 1056 RTL8169 - ok
23:06:11.0244 1056 RTSTOR (9ff7d9cf3a5f296613588b0e8db83afe) C:\Windows\system32\drivers\RTSTOR.SYS
23:06:11.0248 1056 RTSTOR - ok
23:06:11.0310 1056 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
23:06:11.0313 1056 sbp2port - ok
23:06:11.0406 1056 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
23:06:11.0409 1056 scfilter - ok
23:06:11.0508 1056 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
23:06:11.0510 1056 secdrv - ok
23:06:11.0570 1056 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
23:06:11.0572 1056 Serenum - ok
23:06:11.0626 1056 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
23:06:11.0628 1056 Serial - ok
23:06:11.0660 1056 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
23:06:11.0663 1056 sermouse - ok
23:06:11.0725 1056 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
23:06:11.0727 1056 sffdisk - ok
23:06:11.0769 1056 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
23:06:11.0772 1056 sffp_mmc - ok
23:06:11.0792 1056 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
23:06:11.0795 1056 sffp_sd - ok
23:06:11.0821 1056 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
23:06:11.0823 1056 sfloppy - ok
23:06:11.0879 1056 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
23:06:11.0879 1056 sisagp - ok
23:06:11.0910 1056 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
23:06:11.0910 1056 SiSRaid2 - ok
23:06:11.0943 1056 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
23:06:11.0946 1056 SiSRaid4 - ok
23:06:11.0991 1056 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
23:06:12.0000 1056 Smb - ok
23:06:12.0065 1056 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
23:06:12.0068 1056 spldr - ok
23:06:12.0148 1056 sptd (d15da1ba189770d93eea2d7e18f95af9) C:\Windows\System32\Drivers\sptd.sys
23:06:12.0209 1056 sptd - ok
23:06:12.0273 1056 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
23:06:12.0279 1056 srv - ok
23:06:12.0312 1056 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
23:06:12.0318 1056 srv2 - ok
23:06:12.0348 1056 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
23:06:12.0351 1056 srvnet - ok
23:06:12.0449 1056 StarOpen (f92254b0bcfcd10caac7bccc7cb7f467) C:\Windows\system32\drivers\StarOpen.sys
23:06:12.0451 1056 StarOpen - ok
23:06:12.0526 1056 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
23:06:12.0528 1056 stexstor - ok
23:06:12.0660 1056 SVRPEDRV (3e4239b92139f7174a0da7d53fe5e1ab) C:\Windows\System32\sysprep\PEDrv.sys
23:06:12.0662 1056 SVRPEDRV - ok
23:06:12.0706 1056 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
23:06:12.0708 1056 swenum - ok
23:06:12.0780 1056 SynTP (70534d1e4f9ac990536d5fb5b550b3de) C:\Windows\system32\DRIVERS\SynTP.sys
23:06:12.0787 1056 SynTP - ok
23:06:12.0909 1056 Tcpip (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\drivers\tcpip.sys
23:06:12.0933 1056 Tcpip - ok
23:06:12.0995 1056 TCPIP6 (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\DRIVERS\tcpip.sys
23:06:13.0011 1056 TCPIP6 - ok
23:06:13.0073 1056 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
23:06:13.0073 1056 tcpipreg - ok
23:06:13.0149 1056 tdcmdpst (6fdfba25002ce4bac463ac866ae71405) C:\Windows\system32\DRIVERS\tdcmdpst.sys
23:06:13.0151 1056 tdcmdpst - ok
23:06:13.0210 1056 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
23:06:13.0212 1056 TDPIPE - ok
23:06:13.0262 1056 TDTCP (2c10395baa4847f83042813c515cc289) C:\Windows\system32\drivers\tdtcp.sys
23:06:13.0265 1056 TDTCP - ok
23:06:13.0331 1056 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
23:06:13.0333 1056 tdx - ok
23:06:13.0386 1056 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
23:06:13.0389 1056 TermDD - ok
23:06:13.0532 1056 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
23:06:13.0535 1056 tssecsrv - ok
23:06:13.0628 1056 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
23:06:13.0631 1056 TsUsbFlt - ok
23:06:13.0738 1056 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
23:06:13.0742 1056 tunnel - ok
23:06:13.0780 1056 TVALZ (fc24015b4052600c324c43e3a79c0664) C:\Windows\system32\DRIVERS\TVALZ_O.SYS
23:06:13.0782 1056 TVALZ - ok
23:06:13.0833 1056 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
23:06:13.0836 1056 uagp35 - ok
23:06:13.0931 1056 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
23:06:13.0935 1056 udfs - ok
23:06:14.0013 1056 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
23:06:14.0016 1056 uliagpkx - ok
23:06:14.0047 1056 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys
23:06:14.0050 1056 umbus - ok
23:06:14.0070 1056 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
23:06:14.0072 1056 UmPass - ok
23:06:14.0144 1056 USBAAPL (1df89c499bf45d878b87ebd4421d462d) C:\Windows\system32\Drivers\usbaapl.sys
23:06:14.0175 1056 USBAAPL - ok
23:06:14.0206 1056 usbaudio (1d9f2bd026e8e2d45033a4df3f16b78c) C:\Windows\system32\drivers\usbaudio.sys
23:06:14.0222 1056 usbaudio - ok
23:06:14.0253 1056 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
23:06:14.0253 1056 usbccgp - ok
23:06:14.0300 1056 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
23:06:14.0300 1056 usbcir - ok
23:06:14.0327 1056 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys
23:06:14.0330 1056 usbehci - ok
23:06:14.0398 1056 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
23:06:14.0404 1056 usbhub - ok
23:06:14.0429 1056 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\DRIVERS\usbohci.sys
23:06:14.0431 1056 usbohci - ok
23:06:14.0517 1056 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
23:06:14.0519 1056 usbprint - ok
23:06:14.0544 1056 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
23:06:14.0547 1056 USBSTOR - ok
23:06:14.0568 1056 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\drivers\usbuhci.sys
23:06:14.0570 1056 usbuhci - ok
23:06:14.0620 1056 usbvideo (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\Windows\system32\Drivers\usbvideo.sys
23:06:14.0624 1056 usbvideo - ok
23:06:14.0683 1056 usb_rndisx (d82f43d15fdaa666856c0190cb73e7c9) C:\Windows\system32\DRIVERS\usb8023x.sys
23:06:14.0685 1056 usb_rndisx - ok
23:06:14.0765 1056 UVCFTR (8c5094a8ab24de7496c7c19942f2df04) C:\Windows\system32\Drivers\UVCFTR_S.SYS
23:06:14.0768 1056 UVCFTR - ok
23:06:14.0804 1056 VClone (94d73b62e458fb56c9ce60aa96d914f9) C:\Windows\system32\DRIVERS\VClone.sys
23:06:14.0807 1056 VClone - ok
23:06:14.0825 1056 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
23:06:14.0828 1056 vdrvroot - ok
23:06:14.0892 1056 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
23:06:14.0894 1056 vga - ok
23:06:14.0922 1056 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
23:06:14.0925 1056 VgaSave - ok
23:06:14.0958 1056 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
23:06:14.0962 1056 vhdmp - ok
23:06:15.0027 1056 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
23:06:15.0030 1056 viaagp - ok
23:06:15.0057 1056 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
23:06:15.0060 1056 ViaC7 - ok
23:06:15.0101 1056 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
23:06:15.0102 1056 viaide - ok
23:06:15.0141 1056 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
23:06:15.0143 1056 volmgr - ok
23:06:15.0189 1056 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
23:06:15.0195 1056 volmgrx - ok
23:06:15.0230 1056 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
23:06:15.0235 1056 volsnap - ok
23:06:15.0276 1056 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
23:06:15.0280 1056 vsmraid - ok
23:06:15.0307 1056 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
23:06:15.0307 1056 vwifibus - ok
23:06:15.0354 1056 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
23:06:15.0354 1056 vwififlt - ok
23:06:15.0391 1056 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
23:06:15.0394 1056 WacomPen - ok
23:06:15.0442 1056 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
23:06:15.0445 1056 WANARP - ok
23:06:15.0450 1056 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
23:06:15.0452 1056 Wanarpv6 - ok
23:06:15.0520 1056 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
23:06:15.0521 1056 Wd - ok
23:06:15.0569 1056 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
23:06:15.0579 1056 Wdf01000 - ok
23:06:15.0641 1056 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
23:06:15.0643 1056 WfpLwf - ok
23:06:15.0666 1056 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
23:06:15.0668 1056 WIMMount - ok
23:06:15.0772 1056 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
23:06:15.0774 1056 WmiAcpi - ok
23:06:15.0808 1056 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
23:06:15.0811 1056 ws2ifsl - ok
23:06:15.0885 1056 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
23:06:15.0889 1056 WudfPf - ok
23:06:15.0970 1056 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
23:06:15.0974 1056 WUDFRd - ok
23:06:16.0040 1056 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
23:06:16.0095 1056 \Device\Harddisk0\DR0 - ok
23:06:16.0100 1056 Boot (0x1200) (d8665ca410fe1b58d1c561473eb64b4b) \Device\Harddisk0\DR0\Partition0
23:06:16.0101 1056 \Device\Harddisk0\DR0\Partition0 - ok
23:06:16.0103 1056 ============================================================
23:06:16.0103 1056 Scan finished
23:06:16.0103 1056 ============================================================
23:06:16.0119 4332 Detected object count: 0
23:06:16.0120 4332 Actual detected object count: 0

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:57 AM

Posted 23 February 2012 - 09:07 AM

I need to see the aswMBR report also


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 hungrydragon

hungrydragon
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:57 AM

Posted 23 February 2012 - 09:29 AM

aswMBR version 0.9.9.1649 Copyright© 2011 AVAST Software
Run date: 2012-02-22 23:30:00
-----------------------------
23:30:00.758 OS Version: Windows 6.1.7601 Service Pack 1
23:30:00.758 Number of processors: 2 586 0x301
23:30:00.758 ComputerName: ZEUS UserName:
23:30:02.146 Initialize success
23:30:11.475 AVAST engine defs: 12022201
23:30:21.069 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
23:30:21.069 Disk 0 Vendor: WDC_WD2500BEVS-26UST0 01.01A01 Size: 238475MB BusType: 11
23:30:21.085 Disk 0 MBR read successfully
23:30:21.085 Disk 0 MBR scan
23:30:21.100 Disk 0 Windows 7 default MBR code
23:30:21.116 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
23:30:21.132 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 230934 MB offset 3074048
23:30:21.163 Disk 0 Partition 3 00 17 Hidd HPFS/NTFS NTFS 6040 MB offset 476026880
23:30:21.178 Disk 0 scanning sectors +488396800
23:30:21.241 Disk 0 scanning C:\Windows\system32\drivers
23:30:24.002 File: C:\Windows\system32\drivers\dfsc.sys **INFECTED** Win32:Aluroot-B [Rtk]
23:30:34.673 Disk 0 trace - called modules:
23:30:34.688 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS PCIIDEX.SYS msahci.sys
23:30:34.704 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8593a2e0]
23:30:34.704 3 CLASSPNP.SYS[8cb8259e] -> nt!IofCallDriver -> [0x85947730]
23:30:34.719 5 ACPI.sys[8c5af3d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x85943610]
23:30:36.404 AVAST engine scan C:\
23:51:27.638 File: C:\Qoobox\Quarantine\C\Windows\system32\Drivers\tdx.sys.vir **INFECTED** Win32:Sirefef-JQ [Trj]
00:16:57.528 File: C:\Windows\System32\drivers\dfsc.sys **INFECTED** Win32:Aluroot-B [Rtk]
01:09:30.665 Scan finished successfully
01:52:25.325 Disk 0 MBR has been saved successfully to "C:\Users\Daniel\Desktop\MBR.dat"
01:52:25.325 The log file has been saved successfully to "C:\Users\Daniel\Desktop\aswMBR.txt"

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:57 AM

Posted 23 February 2012 - 09:37 AM

SystemLook:

Please download SystemLook from one of the links below and save it to your Desktop.

Download Mirror #1
Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
:filefind
dfsc.sys
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 hungrydragon

hungrydragon
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:57 AM

Posted 23 February 2012 - 12:09 PM

SystemLook 30.07.11 by jpshortstuff
Log created at 11:07 on 23/02/2012 by Daniel
Administrator - Elevation successful

========== filefind ==========

Searching for "dfsc.sys"
C:\Windows\System32\drivers\dfsc.sys --a---- 78336 bytes [19:15 08/07/2011] [08:42 20/11/2010] 1BA7C1909F8374302DC422A4C4D3BC2A
C:\Windows\winsxs\x86_microsoft-windows-dfsclient_31bf3856ad364e35_6.1.7600.16385_none_87708401476f7a4f\dfsc.sys --a---- 78336 bytes [23:14 13/07/2009] [23:14 13/07/2009] 8E09E52EE2E3CEB199EF3DD99CF9E3FB
C:\Windows\winsxs\x86_microsoft-windows-dfsclient_31bf3856ad364e35_6.1.7600.16804_none_87c60c95472f7333\dfsc.sys --a---- 78336 bytes [22:56 07/07/2011] [02:33 27/04/2011] 83D1ECEA8FAAE75604C0FA49AC7AD996
C:\Windows\winsxs\x86_microsoft-windows-dfsclient_31bf3856ad364e35_6.1.7600.20953_none_8818997a6076855b\dfsc.sys --a---- 78336 bytes [22:56 07/07/2011] [02:24 27/04/2011] 886E8C1608146CC355DDD455F5C8DD87

-= EOF =-

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:57 AM

Posted 23 February 2012 - 12:16 PM

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

FCopy::
C:\Windows\winsxs\x86_microsoft-windows-dfsclient_31bf3856ad364e35_6.1.7600.16385_none_87708401476f7a4f\dfsc.sys | C:\Windows\System32\drivers\dfsc.sys

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 hungrydragon

hungrydragon
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:57 AM

Posted 23 February 2012 - 02:17 PM

my computer keeps trying to install roxio media creator 7 even though I'm not doing anything to it I hit cancel and a waning pops up. I forgot to write down what the warning said, but I'll be sure to take it down the next time it happens.


ComboFix 12-02-22.01 - Daniel 02/23/2012 12:50:51.5.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3582.2246 [GMT -6:00]
Running from: c:\users\Daniel\Desktop\ComboFix.exe
Command switches used :: c:\users\Daniel\Desktop\CFScript.txt
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
--------------- FCopy ---------------
.
c:\windows\winsxs\x86_microsoft-windows-dfsclient_31bf3856ad364e35_6.1.7600.16385_none_87708401476f7a4f\dfsc.sys --> c:\windows\System32\drivers\dfsc.sys
.
((((((((((((((((((((((((( Files Created from 2012-01-23 to 2012-02-23 )))))))))))))))))))))))))))))))
.
.
2012-02-23 19:00 . 2012-02-23 19:00 -------- d-----w- c:\users\LogMeInRemoteUser\AppData\Local\temp
2012-02-23 19:00 . 2012-02-23 19:00 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-02-22 16:05 . 2012-02-23 19:00 -------- d-----w- c:\users\Daniel\AppData\Local\temp
2012-02-22 15:04 . 2010-11-20 08:39 74752 ----a-w- c:\windows\system32\drivers\tdx.sys
2012-02-20 02:04 . 2012-02-20 02:04 388096 ----a-r- c:\users\Daniel\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-02-20 02:04 . 2012-02-20 02:04 -------- d-----w- c:\program files\Trend Micro
2012-02-20 00:38 . 2012-02-20 00:38 -------- d-----w- c:\program files\MALWAREBYTES ANTI-MALWARE
2012-02-19 22:11 . 2012-02-19 22:11 -------- d-----w- c:\users\Daniel\AppData\Roaming\Malwarebytes
2012-02-19 22:11 . 2012-02-20 01:55 -------- d-----w- c:\programdata\Malwarebytes
2012-02-19 22:11 . 2011-12-10 21:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-19 22:11 . 2012-02-19 22:11 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-02-15 17:51 . 2011-12-30 05:27 478720 ----a-w- c:\windows\system32\timedate.cpl
2012-02-15 17:50 . 2011-12-16 07:52 690688 ----a-w- c:\windows\system32\msvcrt.dll
2012-02-15 17:50 . 2012-01-04 08:58 442880 ----a-w- c:\windows\system32\ntshrui.dll
2012-02-15 17:43 . 2012-01-14 03:35 2343424 ----a-w- c:\windows\system32\win32k.sys
2012-02-13 18:34 . 2012-02-13 23:31 -------- d-----w- C:\sh4ldr
2012-02-13 18:34 . 2012-02-13 18:34 -------- d-----w- c:\program files\Enigma Software Group
2012-02-13 18:33 . 2012-02-13 23:31 -------- d-----w- c:\windows\4E0C6314A8B84026AC15084E8B63AFB5.TMP
2012-02-11 05:37 . 2012-02-11 05:37 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin7.dll
2012-02-11 05:37 . 2012-02-11 05:37 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin6.dll
2012-02-11 05:37 . 2012-02-11 05:37 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2012-02-11 05:37 . 2012-02-11 05:37 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2012-02-11 05:37 . 2012-02-11 05:37 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2012-02-11 05:37 . 2012-02-11 05:37 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2012-02-11 05:37 . 2012-02-11 05:37 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll
2012-02-05 20:44 . 2012-02-22 14:43 0 --sha-w- c:\windows\system32\dds_trash_log.cmd
2012-02-02 23:32 . 2012-02-14 00:12 -------- d-----w- c:\users\Daniel\AppData\Roaming\PrimoPDF
2012-02-02 23:30 . 2011-02-28 22:37 180624 ----a-w- c:\windows\system32\Primomonnt.dll
2012-02-02 23:30 . 2012-02-02 23:30 -------- d-----w- c:\program files\Nitro PDF
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-20 17:36 . 2010-04-20 15:20 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-02-17 22:04 . 2011-06-04 05:26 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2010-11-20 144384]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-14 1348904]
"RtHDVCpl"="RtHDVCpl.exe" [2008-04-08 6037504]
"Skytel"="Skytel.exe" [2007-11-21 1826816]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]
"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2009-03-09 55160]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2009-08-05 738616]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-08-31 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2010-11-04 1246544]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2009-07-20 20:28 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Logitech SetPoint.lnk
backup=c:\windows\pss\Logitech SetPoint.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-03-30 04:59 937920 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-08-31 01:57 40368 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Camera Assistant Software]
2008-04-29 18:33 417792 ----a-w- c:\program files\Camera Assistant Software for Toshiba\traybar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Pro Agent]
2010-04-15 08:17 427328 ----a-w- c:\program files\DAEMON Tools Pro\DTAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2006-12-11 04:52 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-10-24 20:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
2005-03-01 23:52 1695744 ----a-w- c:\program files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2011-10-13 19:45 19550344 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmoothView]
2009-07-28 22:00 460088 ----a-w- c:\program files\TOSHIBA\SmoothView\SmoothView.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2011-09-06 22:57 1242448 ----a-w- c:\program files\Steam\steam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-01-18 20:02 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPwrMain]
2009-08-21 17:29 476512 ----a-w- c:\program files\TOSHIBA\Power Saver\TPwrMain.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2011-04-28 14:16 399736 ----a-w- c:\program files\uTorrent\uTorrent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirtualCloneDrive]
2009-06-17 11:44 85160 ----a-w- c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2009-07-14 01:14 65024 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
.
R1 jswpslwf;JumpStart Wireless Filter Driver;c:\windows\system32\DRIVERS\jswpslwf.sys [2008-04-29 20384]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-06-11 136176]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [x]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\RaInfo.sys [x]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-06-11 136176]
R3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\Jumpstart\jswpsapi.exe [2008-04-16 954368]
R3 SVRPEDRV;SVRPEDRV;c:\windows\System32\sysprep\PEDrv.sys [2008-01-18 9216]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-04-13 1343400]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-07-05 721904]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [2011-07-11 23120]
S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [2011-09-13 32592]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [2011-10-07 230608]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [2011-07-11 295248]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-08-18 176128]
S2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [2010-01-08 380928]
S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [2011-08-02 192776]
S2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [2008-04-17 40960]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [2011-07-11 134736]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [2011-07-11 24272]
S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\AVGIDSShim.Sys [2011-10-04 16720]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2006-11-20 7168]
S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\Drivers\LEqdUsb.Sys [2009-06-17 40720]
S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\Drivers\LHidEqd.Sys [2009-06-17 10384]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-12-10 20464]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2011-06-10 394856]
S3 SmartFaceVWatchSrv;SmartFaceVWatchSrv;c:\program files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe [2008-04-25 73728]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - UDFReadr
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
NETSVCS REQUIRES REPAIRS - current entries shown
AeLookupSvc
CertPropSvc
SCPolicySvc
lanmanserver
gpsvc
IKEEXT
AudioSrv
FastUserSwitchingCompatibility
Ias
Irmon
Nla
Ntmssvc
NWCWorkstation
Nwsapagent
Rasauto
Rasman
Remoteaccess
SENS
Sharedaccess
SRService
Tapisrv
Wmi
WmdmPmSp
PCASp50
SE2Dmdm
atinevxx
se59bus
aamqdispatcher
pgfilter
mediaviewer
pdagent
sp_clamsrv
AcronisOSSReinstallSvc
vtserver
CA561
uphclean
ROCKEYNT
delldmi
deventagent
tsp
pdrframe
LXARScan
CTSBLFX.DLL
DCamUSBMke2
USIUDF
WmUsbHid
vncdrv
psimsvc
InterBaseGuardian
wg6n
SMCB000
sfilter
dlaudfam
symantecantibotshim
AlKernel
USB_RNDIS_XP
pageserver
symsnap
pxfhmdfl
HWIONT
beatjammusicstreamingserver
marvinbus
oracle_load_balancer_60_server-forms6i
brmfrmps
vhidmini
btnhnd
EQDRV5
ahcix86s
tfsnopio
{85ccb53b-23d8-4e73-b1b7-9ddb71827d9b}
UMAXPCLS
hpn
dlabmfsm
erecoveryservice
nvax
thinkpadmodemservice
ppmoucls
teefer
paamsrv
mxssvr
mpservice
SilverLink
LVRS
mafwboot
stylexpservice
zebrceb
GT890x
elosystemservice
spupdsvc
incdfs
asuskeyboardservice
freebsd
avgarcln
z525obex
LPCFilter
toside
epson_pm_rpcv2_02
dxdebug
stac97
msmpsvc
e100b
TermService
wuauserv
BITS
ShellHWDetection
LogonHours
PCAudit
helpsvc
uploadmgr
nqcbclvu
iphlpsvc
seclogon
AppInfo
msiscsi
MMCSS
wercplsupport
EapHost
ProfSvc
schedule
hkmsvc
SessionEnv
winmgmt
browser
Themes
BDESVC
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-11 17:23]
.
2012-02-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-11 17:23]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.1.1
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Toshiba\IVP\Services\Software Upgrades\Swupdtmr]
@DACL=(02 0000)
@SACL=
"STATE"=dword:00000003
"TMH"=dword:01cbc66e
"TML"=dword:6880231a
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-02-23 13:04:15
ComboFix-quarantined-files.txt 2012-02-23 19:04
ComboFix2.txt 2012-02-22 23:17
ComboFix3.txt 2012-02-22 22:28
ComboFix4.txt 2012-02-22 15:31
.
Pre-Run: 100,223,811,584 bytes free
Post-Run: 100,020,674,560 bytes free
.
- - End Of File - - 760840067FE3A015E20387533CBB93EC

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:57 AM

Posted 23 February 2012 - 03:10 PM

Go ahead and let roxio do what it is going to do and let me know how the computer is doing now


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 hungrydragon

hungrydragon
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:57 AM

Posted 23 February 2012 - 04:49 PM

it actually hasn't popped up since I ran that last combofix

#14 hungrydragon

hungrydragon
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:57 AM

Posted 23 February 2012 - 04:51 PM

wow, just ran another scan with avg an was able to remove virus finally, Thanks!

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:57 AM

Posted 23 February 2012 - 08:32 PM

Hello

:P2P Warning!:

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
Once upon a time, P2P file sharing was fairly safe. That is no longer true. P2P programs form a direct conduit on to your computer, their security measures are easily circumvented and malware writers are increasingly exploiting them to spread their wares on to your computer. Further to that, if your P2P program is not configured correctly, your computer may be sharing more files than you realise. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.

FBI Cyber Education Letter
File sharing infects 500,000 computers
USAToday
infoworld


These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

µTorrent
Adobe Reader 8.3.1
DAEMON Tools Toolbar
Java™ 6 Update 30
Java™ 6 Update 6
Search Settings v1.2.3
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.

Update Adobe Reader

Recently there have been vulnerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

If you don't like Adobe Reader (53 MB), you can download Foxit PDF Reader(7 MB) from here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.

Note: When installing FoxitReader, be careful not to install anything to do with AskBar.
[/list]

Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

TFC(Temp File Cleaner):

  • Please download TFC to your desktop,
  • Save any unsaved work. TFC will close all open application windows.
  • Double-click TFC.exe to run the program.
  • If prompted, click "Yes" to reboot.
Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. Only if needed will you be prompted to reboot.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users