Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Zero.access + Eset going crazy


  • This topic is locked This topic is locked
29 replies to this topic

#1 ScottyScott

ScottyScott

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:07 PM

Posted 24 February 2012 - 04:52 PM

Hey guys so I believe I am infected with zero.access.
The reason i believe this is because my Eset Internet Security 4.0 has been going crazy with preventing files from being downloaded to my system.

I have the gmer log file however DDS WILL NOT RUN. It freezes about 3/4th the way through.

Provided i have the gmer log.

Attached Files

  • Attached File  gmer.txt   12.27KB   3 downloads


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:07 PM

Posted 28 February 2012 - 12:55 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • Please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.


The first thing I would like you to do is run this for me - http://download.bleepingcomputer.com/grinler/unhide.exe after it is complete restart the computer and continue with these steps


Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Under the Custom Scan box paste this in

    %TEMP%\smtmp\*.* /s

  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTListIt.txt in your next reply.


information and logs:

  • In your next post I need the following

  • .logs from OTL
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 ScottyScott

ScottyScott
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:07 PM

Posted 29 February 2012 - 01:41 PM

Unhide.exe didnt find a smtmp file.

OTL Log:

OTL logfile created on: 2/29/2012 1:30:50 PM - Run 1
OTL by OldTimer - Version 3.2.33.2 Folder = C:\Users\Infected System\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.46 Gb Total Physical Memory | 1.62 Gb Available Physical Memory | 65.74% Memory free
4.91 Gb Paging File | 4.03 Gb Available in Paging File | 81.94% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 59.44 Gb Total Space | 43.79 Gb Free Space | 73.66% Space Free | Partition Type: NTFS

Computer Name: INFECTEDSYSTEM | User Name: Infected System | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Infected System\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\System32\Macromed\Flash\FlashUtil11f_ActiveX.exe (Adobe Systems, Inc.)
PRC - C:\Program Files\LogMeIn\x86\ramaint.exe (LogMeIn, Inc.)
PRC - C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe (LogMeIn, Inc.)
PRC - C:\Program Files\LogMeIn\x86\LogMeIn.exe (LogMeIn, Inc.)
PRC - C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Program Files\Acronis\TrayMonitor\TrayMonitor.exe (Acronis)
PRC - C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
PRC - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)
PRC - C:\Program Files\Common Files\Acronis\Agent\agent.exe (Acronis)
PRC - C:\Program Files\Acronis\BackupAndRecovery\mms.exe (Acronis)
PRC - C:\Program Files\Common Files\Acronis\Timounter\TimounterMonitor.exe (Acronis)
PRC - C:\Program Files\ESET\ESET Smart Security\ekrn.exe (ESET)
PRC - C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)


========== Modules (No Company Name) ==========


========== Win32 Services (SafeList) ==========

SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (LMIMaint) -- C:\Program Files\LogMeIn\x86\RaMaint.exe (LogMeIn, Inc.)
SRV - (LMIGuardianSvc) -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe (LogMeIn, Inc.)
SRV - (LogMeIn) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe (LogMeIn, Inc.)
SRV - (AcrSch2Svc) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)
SRV - (AcronisAgent) -- C:\Program Files\Common Files\Acronis\Agent\agent.exe (Acronis)
SRV - (MMS) -- C:\Program Files\Acronis\BackupAndRecovery\mms.exe (Acronis)
SRV - (EhttpSrv) -- C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe (ESET)
SRV - (ekrn) -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe (ESET)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (timounter) -- C:\Windows\system32\DRIVERS\timntr.sys (Acronis)
DRV - (snapman) -- C:\Windows\system32\DRIVERS\snapman.sys (Acronis)
DRV - (LMIRfsClientNP) -- C:\Windows\System32\LMIRfsClientNP.dll (LogMeIn, Inc.)
DRV - (LMIRfsDriver) -- C:\Windows\System32\drivers\LMIRfsDriver.sys (LogMeIn, Inc.)
DRV - (LMIInfo) -- C:\Program Files\LogMeIn\x86\rainfo.sys (LogMeIn, Inc.)
DRV - (vmbus) -- C:\Windows\system32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\system32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\system32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\system32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\system32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (epfwwfp) -- C:\Windows\System32\drivers\epfwwfp.sys (ESET)
DRV - (Epfwndis) -- C:\Windows\System32\drivers\epfwndis.sys (ESET)
DRV - (epfw) -- C:\Windows\System32\drivers\epfw.sys (ESET)
DRV - (ehdrv) -- C:\Windows\System32\drivers\ehdrv.sys (ESET)
DRV - (eamonm) -- C:\Windows\System32\drivers\eamonm.sys (ESET)
DRV - (Serial) -- C:\Windows\System32\drivers\serial.sys (Brother Industries Ltd.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-158028819-936479815-826012669-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-158028819-936479815-826012669-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKU\S-1-5-21-158028819-936479815-826012669-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B3 66 3F 4B B4 F1 CC 01 [binary data]
IE - HKU\S-1-5-21-158028819-936479815-826012669-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2012/02/23 17:00:51 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2009/06/10 16:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Program Files\Common Files\Acronis\Timounter\TimounterMonitor.exe (Acronis)
O4 - HKLM..\Run: [BackupAndRecoveryMonitor.exe] C:\Program Files\Acronis\BackupAndRecovery\BackupAndRecoveryMonitor.exe (Acronis)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [TNOD UP] "C:\Program Files\TNod User & Password Finder\TNODUP.exe" /i File not found
O4 - HKLM..\Run: [TrayMonitor.exe] C:\Program Files\Acronis\TrayMonitor\TrayMonitor.exe (Acronis)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-158028819-936479815-826012669-1002..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.102 192.168.0.103
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8F77726D-9E5B-4510-A633-E67FE77741E2}: DhcpNameServer = 192.168.0.102 192.168.0.103
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKU\S-1-5-21-158028819-936479815-826012669-1000 Winlogon: Shell - (C:\Users\Infected System\AppData\Local\bd956cd5\X) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (auto_reactivate \\?\Volume{45DE37FB-482E-11E1-8C76-806E6F6E6963}\bootwiz\asrm.bin)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/02/29 13:09:49 | 000,583,680 | ---- | C] (OldTimer Tools) -- C:\Users\Infected System\Desktop\OTL.exe
[2012/02/29 13:09:39 | 000,389,024 | ---- | C] (Bleeping Computer, LLC) -- C:\Users\Infected System\Desktop\unhide.exe
[2012/02/24 14:27:11 | 000,000,000 | ---D | C] -- C:\Users\Infected System\AppData\Local\Diagnostics
[2012/02/24 11:09:12 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Infected System\Desktop\dds.scr
[2012/02/24 11:01:13 | 000,000,000 | ---D | C] -- C:\Users\Infected System\AppData\Roaming\Macromedia
[2012/02/23 17:06:47 | 000,000,000 | ---D | C] -- C:\Users\Infected System\AppData\Roaming\Adobe
[2012/02/23 17:01:20 | 000,000,000 | ---D | C] -- C:\Users\Infected System\AppData\Roaming\ESET
[2012/02/23 17:01:20 | 000,000,000 | ---D | C] -- C:\Users\Infected System\AppData\Local\ESET
[2012/02/23 17:01:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TNod User & Password Finder
[2012/02/23 17:01:18 | 000,000,000 | ---D | C] -- C:\Program Files\TNod User & Password Finder
[2012/02/23 17:00:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
[2012/02/23 17:00:51 | 000,000,000 | ---D | C] -- C:\ProgramData\ESET
[2012/02/23 17:00:51 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012/02/23 17:00:31 | 000,414,368 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/02/23 17:00:30 | 000,000,000 | ---D | C] -- C:\Windows\System32\Macromed
[2012/02/23 17:00:26 | 000,000,000 | -HSD | C] -- C:\Users\Infected System\AppData\Local\bd956cd5
[2012/02/23 16:59:15 | 001,846,232 | ---- | C] (Acronis) -- C:\Windows\System32\auto_reactivate.exe
[2012/02/22 17:50:34 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/02/22 17:50:33 | 001,798,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012/02/22 17:50:33 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/02/22 17:50:32 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/02/22 17:50:32 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/02/22 17:50:31 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/02/22 17:36:49 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\timedate.cpl
[2012/02/22 17:36:40 | 002,343,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys

========== Files - Modified Within 30 Days ==========

[2012/02/29 13:09:56 | 000,583,680 | ---- | M] (OldTimer Tools) -- C:\Users\Infected System\Desktop\OTL.exe
[2012/02/29 13:09:46 | 000,013,760 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/02/29 13:09:46 | 000,013,760 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/02/29 13:09:39 | 000,389,024 | ---- | M] (Bleeping Computer, LLC) -- C:\Users\Infected System\Desktop\unhide.exe
[2012/02/29 13:02:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/02/29 13:02:22 | 1979,092,992 | -HS- | M] () -- C:\hiberfil.sys
[2012/02/24 11:09:44 | 000,302,592 | ---- | M] () -- C:\Users\Infected System\Desktop\vneqq934.exe
[2012/02/24 11:09:12 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Infected System\Desktop\dds.scr
[2012/02/23 17:00:31 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/02/23 16:59:15 | 001,846,232 | ---- | M] (Acronis) -- C:\Windows\System32\auto_reactivate.exe
[2012/02/22 18:23:11 | 000,623,940 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/02/22 18:23:11 | 000,106,316 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/02/22 17:54:36 | 000,266,808 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

========== Files Created - No Company Name ==========

[2012/02/24 11:09:43 | 000,302,592 | ---- | C] () -- C:\Users\Infected System\Desktop\vneqq934.exe
[2012/02/22 17:31:46 | 1979,092,992 | -HS- | C] () -- C:\hiberfil.sys
[2012/01/26 23:14:31 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2012/01/26 23:14:29 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011/06/10 06:34:52 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2011/02/11 19:10:52 | 000,439,308 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2011/02/11 19:10:50 | 000,982,240 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2011/02/11 19:10:50 | 000,092,356 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
[2011/02/11 18:40:40 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2011/02/11 18:38:44 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config

========== Custom Scans ==========


< %TEMP%\smtmp\*.* /s >

< End of report >

Edited by ScottyScott, 29 February 2012 - 01:42 PM.


#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:07 PM

Posted 29 February 2012 - 04:28 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 ScottyScott

ScottyScott
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:07 PM

Posted 29 February 2012 - 06:51 PM

So far combofix has made no leeway. Its been sitting at the "This could take 10minutes" screen since 5. I will let it run over night and see where it is in the morning.
I'm posting from another system right now.

#6 ScottyScott

ScottyScott
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:07 PM

Posted 01 March 2012 - 09:59 AM

Combofix is still sitting at the same screen hasnt made any progress.

Should i let it sit longer or ...?

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:07 PM

Posted 01 March 2012 - 03:11 PM

Hello


go ahead and stop it and try it this way


  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
ComboFix /nombr
  • click ok

copy and paste the report into this topic for me to review

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 ScottyScott

ScottyScott
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:07 PM

Posted 01 March 2012 - 03:21 PM

Ending combofix has fully locked up my computer i have to do a force reboot - did a ctrl-shift-esc got nothing and did a ctrl-alt-del and got an error: "Failure to display security and shutdown options."

I'm rebooting now then ill run your command.

#9 ScottyScott

ScottyScott
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:07 PM

Posted 01 March 2012 - 03:28 PM

Combofix is just starting the stages now. I'll post the log when its finished.

#10 ScottyScott

ScottyScott
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:07 PM

Posted 01 March 2012 - 03:38 PM

Combofix Log:

ComboFix 12-02-29.01 - Infected System 03/01/2012 15:27:42.1.2 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.2517.1506 [GMT -5:00]
Running from: c:\users\Infected System\Desktop\ComboFix.exe
Command switches used :: /nombr
AV: ESET Smart Security 4.2 *Enabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5}
FW: ESET Personal firewall *Enabled* {F3340042-195E-BB41-42D1-CDB495BB46DE}
SP: ESET Smart Security 4.2 *Enabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Resident AV is active
.
.
.
((((((((((((((((((((((((( Files Created from 2012-02-01 to 2012-03-01 )))))))))))))))))))))))))))))))
.
.
2012-02-29 22:00 . 2009-07-14 01:15 90624 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\HPZPPWN7.DLL
2012-02-23 22:01 . 2012-02-29 18:02 -------- d-----w- c:\program files\TNod User & Password Finder
2012-02-23 22:00 . 2012-02-23 22:00 -------- d-----w- c:\program files\ESET
2012-02-23 22:00 . 2012-02-23 22:00 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-23 22:00 . 2012-02-23 22:00 -------- d-----w- c:\windows\system32\Macromed
2012-02-23 21:59 . 2012-02-23 21:59 1846232 ----a-w- c:\windows\system32\auto_reactivate.exe
2012-02-22 22:36 . 2011-12-30 05:27 478720 ----a-w- c:\windows\system32\timedate.cpl
2012-02-22 22:36 . 2011-12-16 07:52 690688 ----a-w- c:\windows\system32\msvcrt.dll
2012-02-22 22:36 . 2012-01-04 08:58 442880 ----a-w- c:\windows\system32\ntshrui.dll
2012-02-22 22:36 . 2012-01-14 03:35 2343424 ----a-w- c:\windows\system32\win32k.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-29 10:10 . 2012-01-26 23:25 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-01-27 15:02 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll
2012-01-27 01:03 . 2012-01-27 01:03 86528 ----a-w- c:\windows\system32\iesysprep.dll
2012-01-27 01:03 . 2012-01-27 01:03 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-01-27 01:03 . 2012-01-27 01:03 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-01-27 01:03 . 2012-01-27 01:03 74752 ----a-w- c:\windows\system32\iesetup.dll
2012-01-27 01:03 . 2012-01-27 01:03 63488 ----a-w- c:\windows\system32\tdc.ocx
2012-01-27 01:03 . 2012-01-27 01:03 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-01-27 01:03 . 2012-01-27 01:03 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-01-27 01:03 . 2012-01-27 01:03 367104 ----a-w- c:\windows\system32\html.iec
2012-01-27 01:03 . 2012-01-27 01:03 35840 ----a-w- c:\windows\system32\imgutil.dll
2012-01-27 01:03 . 2012-01-27 01:03 23552 ----a-w- c:\windows\system32\licmgr10.dll
2012-01-27 01:03 . 2012-01-27 01:03 161792 ----a-w- c:\windows\system32\msls31.dll
2012-01-27 01:03 . 2012-01-27 01:03 152064 ----a-w- c:\windows\system32\wextract.exe
2012-01-27 01:03 . 2012-01-27 01:03 150528 ----a-w- c:\windows\system32\iexpress.exe
2012-01-27 01:03 . 2012-01-27 01:03 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-01-27 01:03 . 2012-01-27 01:03 11776 ----a-w- c:\windows\system32\mshta.exe
2012-01-27 01:03 . 2012-01-27 01:03 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-01-27 01:03 . 2012-01-27 01:03 101888 ----a-w- c:\windows\system32\admparse.dll
2012-01-26 23:34 . 2012-01-26 23:34 2214240 ----a-w- c:\windows\system32\AutoPartNt.exe
2012-01-26 23:24 . 2012-01-26 23:24 588704 ----a-w- c:\windows\system32\drivers\timntr.sys
2012-01-26 23:22 . 2012-01-26 23:22 169344 ----a-w- c:\windows\system32\drivers\snapman.sys
2011-12-07 23:22 . 2012-01-26 23:54 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2011-12-07 23:22 . 2012-01-26 23:54 52096 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\LMIproc.dll
2011-12-07 23:22 . 2012-01-26 23:54 30592 ----a-w- c:\windows\system32\LMIport.dll
2011-12-07 23:21 . 2012-01-26 23:54 87424 ----a-w- c:\windows\system32\LMIinit.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BackupAndRecoveryMonitor.exe"="c:\program files\Acronis\BackupAndRecovery\BackupAndRecoveryMonitor.exe" [2010-04-01 1520096]
"AcronisTimounterMonitor"="c:\program files\Common Files\Acronis\Timounter\TimounterMonitor.exe" [2010-04-01 944976]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2010-04-01 382568]
"TrayMonitor.exe"="c:\program files\Acronis\TrayMonitor\TrayMonitor.exe" [2010-04-01 883664]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2011-09-16 63048]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-12 137752]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-12 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-12 172568]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2010-03-25 2145000]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0auto_reactivate \\?\Volume{45DE37FB-482E-11E1-8C76-806E6F6E6963}\bootwiz\asrm.bin
.
R2 AcronisAgent;Acronis Remote Agent Service;c:\program files\Common Files\Acronis\Agent\agent.exe [2010-04-01 1877880]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-01-27 1343400]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2010-03-25 114984]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2010-03-25 133512]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2010-03-25 810120]
S2 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2010-03-25 41312]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [2011-12-07 374152]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\RaInfo.sys [2011-09-16 12856]
S2 MMS;Acronis Managed Machine Service;c:\program files\Acronis\BackupAndRecovery\mms.exe [2010-04-01 4487384]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2011-06-10 394856]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
.
------- Supplementary Scan -------
.
TCP: DhcpNameServer = 192.168.0.102 192.168.0.103
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-TNOD UP - c:\program files\TNod User & Password Finder\TNODUP.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-03-01 15:33:35
ComboFix-quarantined-files.txt 2012-03-01 20:33
.
Pre-Run: 46,099,308,544 bytes free
Post-Run: 46,645,972,992 bytes free
.
- - End Of File - - 3D782B478D595E4FD00A1918081FD5F7

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:07 PM

Posted 01 March 2012 - 08:40 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 ScottyScott

ScottyScott
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:07 PM

Posted 02 March 2012 - 10:16 AM

TDSSKILLER log:
10:14:38.0395 2132 TDSS rootkit removing tool 2.7.18.0 Mar 2 2012 09:40:07
10:14:38.0660 2132 ============================================================
10:14:38.0660 2132 Current date / time: 2012/03/02 10:14:38.0660
10:14:38.0660 2132 SystemInfo:
10:14:38.0660 2132
10:14:38.0660 2132 OS Version: 6.1.7601 ServicePack: 1.0
10:14:38.0660 2132 Product type: Workstation
10:14:38.0660 2132 ComputerName: INFECTEDSYSTEM
10:14:38.0660 2132 UserName: Infected System
10:14:38.0660 2132 Windows directory: C:\Windows
10:14:38.0660 2132 System windows directory: C:\Windows
10:14:38.0660 2132 Processor architecture: Intel x86
10:14:38.0660 2132 Number of processors: 2
10:14:38.0660 2132 Page size: 0x1000
10:14:38.0660 2132 Boot type: Normal boot
10:14:38.0660 2132 ============================================================
10:14:39.0237 2132 Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
10:14:39.0237 2132 \Device\Harddisk0\DR0:
10:14:39.0237 2132 MBR used
10:14:39.0237 2132 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xA20000
10:14:39.0237 2132 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xA20800, BlocksNum 0x76E2800
10:14:39.0377 2132 Initialize success
10:14:39.0377 2132 ============================================================
10:14:42.0170 4652 ============================================================
10:14:42.0170 4652 Scan started
10:14:42.0170 4652 Mode: Manual; SigCheck; TDLFS;
10:14:42.0170 4652 ============================================================
10:14:43.0153 4652 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
10:14:43.0215 4652 1394ohci - ok
10:14:43.0277 4652 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
10:14:43.0293 4652 ACPI - ok
10:14:43.0340 4652 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
10:14:43.0387 4652 AcpiPmi - ok
10:14:43.0527 4652 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
10:14:43.0543 4652 adp94xx - ok
10:14:43.0605 4652 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
10:14:43.0621 4652 adpahci - ok
10:14:43.0652 4652 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
10:14:43.0683 4652 adpu320 - ok
10:14:43.0745 4652 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
10:14:43.0761 4652 AFD - ok
10:14:43.0808 4652 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
10:14:43.0808 4652 agp440 - ok
10:14:43.0855 4652 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
10:14:43.0870 4652 aic78xx - ok
10:14:43.0933 4652 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
10:14:43.0948 4652 aliide - ok
10:14:43.0995 4652 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
10:14:43.0995 4652 amdagp - ok
10:14:44.0011 4652 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
10:14:44.0026 4652 amdide - ok
10:14:44.0073 4652 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
10:14:44.0073 4652 AmdK8 - ok
10:14:44.0089 4652 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
10:14:44.0120 4652 AmdPPM - ok
10:14:44.0260 4652 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
10:14:44.0260 4652 amdsata - ok
10:14:44.0307 4652 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
10:14:44.0323 4652 amdsbs - ok
10:14:44.0354 4652 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
10:14:44.0369 4652 amdxata - ok
10:14:44.0416 4652 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
10:14:44.0510 4652 AppID - ok
10:14:44.0635 4652 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
10:14:44.0635 4652 arc - ok
10:14:44.0697 4652 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
10:14:44.0713 4652 arcsas - ok
10:14:44.0744 4652 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
10:14:44.0775 4652 AsyncMac - ok
10:14:44.0806 4652 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
10:14:44.0822 4652 atapi - ok
10:14:44.0884 4652 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
10:14:44.0915 4652 b06bdrv - ok
10:14:44.0962 4652 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
10:14:44.0993 4652 b57nd60x - ok
10:14:45.0040 4652 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
10:14:45.0071 4652 Beep - ok
10:14:45.0118 4652 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
10:14:45.0149 4652 blbdrive - ok
10:14:45.0196 4652 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
10:14:45.0212 4652 bowser - ok
10:14:45.0259 4652 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
10:14:45.0321 4652 BrFiltLo - ok
10:14:45.0368 4652 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
10:14:45.0383 4652 BrFiltUp - ok
10:14:45.0430 4652 BridgeMP (77361d72a04f18809d0efb6cceb74d4b) C:\Windows\system32\DRIVERS\bridge.sys
10:14:45.0446 4652 BridgeMP - ok
10:14:45.0493 4652 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
10:14:45.0508 4652 Brserid - ok
10:14:45.0539 4652 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
10:14:45.0555 4652 BrSerWdm - ok
10:14:45.0571 4652 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
10:14:45.0586 4652 BrUsbMdm - ok
10:14:45.0602 4652 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
10:14:45.0617 4652 BrUsbSer - ok
10:14:45.0633 4652 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
10:14:45.0649 4652 BTHMODEM - ok
10:14:45.0742 4652 catchme - ok
10:14:45.0836 4652 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
10:14:45.0883 4652 cdfs - ok
10:14:45.0945 4652 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\drivers\cdrom.sys
10:14:45.0992 4652 cdrom - ok
10:14:46.0101 4652 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
10:14:46.0117 4652 circlass - ok
10:14:46.0148 4652 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
10:14:46.0163 4652 CLFS - ok
10:14:46.0273 4652 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
10:14:46.0304 4652 CmBatt - ok
10:14:46.0351 4652 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
10:14:46.0351 4652 cmdide - ok
10:14:46.0444 4652 CNG (6427525d76f61d0c519b008d3680e8e7) C:\Windows\system32\Drivers\cng.sys
10:14:46.0460 4652 CNG - ok
10:14:46.0507 4652 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
10:14:46.0522 4652 Compbatt - ok
10:14:46.0569 4652 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
10:14:46.0585 4652 CompositeBus - ok
10:14:46.0631 4652 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
10:14:46.0631 4652 crcdisk - ok
10:14:46.0694 4652 CSC (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys
10:14:46.0709 4652 CSC - ok
10:14:46.0787 4652 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
10:14:46.0819 4652 DfsC - ok
10:14:46.0865 4652 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
10:14:46.0897 4652 discache - ok
10:14:46.0943 4652 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
10:14:46.0943 4652 Disk - ok
10:14:47.0006 4652 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
10:14:47.0021 4652 drmkaud - ok
10:14:47.0068 4652 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
10:14:47.0193 4652 DXGKrnl - ok
10:14:47.0255 4652 eamonm (6e0feb052e30b30a2e99a8bef6725220) C:\Windows\system32\DRIVERS\eamonm.sys
10:14:47.0271 4652 eamonm - ok
10:14:47.0396 4652 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
10:14:47.0505 4652 ebdrv - ok
10:14:47.0614 4652 ehdrv (a6823c79f80c1a76ab7f3f1f425e524c) C:\Windows\system32\DRIVERS\ehdrv.sys
10:14:47.0614 4652 ehdrv - ok
10:14:47.0692 4652 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
10:14:47.0692 4652 elxstor - ok
10:14:47.0755 4652 epfw (c5c747ba9de4a5e3505e55cf1a1691d6) C:\Windows\system32\DRIVERS\epfw.sys
10:14:47.0755 4652 epfw - ok
10:14:47.0801 4652 Epfwndis (032ee036530a5cfb2c403ab42107f9e1) C:\Windows\system32\DRIVERS\Epfwndis.sys
10:14:47.0801 4652 Epfwndis - ok
10:14:47.0848 4652 epfwwfp (8f8cb0d4eed77cc5333fe62c31d8ac8f) C:\Windows\system32\DRIVERS\epfwwfp.sys
10:14:47.0864 4652 epfwwfp - ok
10:14:47.0911 4652 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
10:14:47.0926 4652 ErrDev - ok
10:14:47.0973 4652 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
10:14:48.0004 4652 exfat - ok
10:14:48.0035 4652 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
10:14:48.0067 4652 fastfat - ok
10:14:48.0098 4652 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
10:14:48.0129 4652 fdc - ok
10:14:48.0176 4652 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
10:14:48.0176 4652 FileInfo - ok
10:14:48.0207 4652 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
10:14:48.0223 4652 Filetrace - ok
10:14:48.0254 4652 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
10:14:48.0269 4652 flpydisk - ok
10:14:48.0301 4652 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
10:14:48.0332 4652 FltMgr - ok
10:14:48.0379 4652 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
10:14:48.0394 4652 FsDepends - ok
10:14:48.0472 4652 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
10:14:48.0488 4652 Fs_Rec - ok
10:14:48.0550 4652 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
10:14:48.0566 4652 fvevol - ok
10:14:48.0613 4652 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
10:14:48.0628 4652 gagp30kx - ok
10:14:48.0659 4652 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
10:14:48.0675 4652 hcw85cir - ok
10:14:48.0737 4652 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
10:14:48.0753 4652 HdAudAddService - ok
10:14:48.0800 4652 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
10:14:48.0831 4652 HDAudBus - ok
10:14:48.0862 4652 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
10:14:48.0878 4652 HidBatt - ok
10:14:48.0909 4652 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
10:14:48.0940 4652 HidBth - ok
10:14:48.0971 4652 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
10:14:48.0987 4652 HidIr - ok
10:14:49.0081 4652 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys
10:14:49.0096 4652 HidUsb - ok
10:14:49.0127 4652 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
10:14:49.0143 4652 HpSAMD - ok
10:14:49.0205 4652 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
10:14:49.0377 4652 HTTP - ok
10:14:49.0471 4652 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
10:14:49.0486 4652 hwpolicy - ok
10:14:49.0549 4652 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
10:14:49.0611 4652 i8042prt - ok
10:14:49.0720 4652 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
10:14:49.0720 4652 iaStorV - ok
10:14:49.0954 4652 igfx (dce0b53570703cce580d066f89ef58cd) C:\Windows\system32\DRIVERS\igdkmd32.sys
10:14:50.0235 4652 igfx - ok
10:14:50.0313 4652 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
10:14:50.0329 4652 iirsp - ok
10:14:50.0391 4652 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
10:14:50.0407 4652 intelide - ok
10:14:50.0438 4652 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
10:14:50.0469 4652 intelppm - ok
10:14:50.0500 4652 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
10:14:50.0578 4652 IpFilterDriver - ok
10:14:50.0641 4652 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
10:14:50.0672 4652 IPMIDRV - ok
10:14:50.0703 4652 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
10:14:50.0765 4652 IPNAT - ok
10:14:50.0797 4652 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
10:14:50.0828 4652 IRENUM - ok
10:14:50.0890 4652 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
10:14:50.0937 4652 isapnp - ok
10:14:50.0999 4652 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
10:14:51.0031 4652 iScsiPrt - ok
10:14:51.0093 4652 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
10:14:51.0093 4652 kbdclass - ok
10:14:51.0171 4652 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\DRIVERS\kbdhid.sys
10:14:51.0202 4652 kbdhid - ok
10:14:51.0249 4652 KSecDD (f4647bb23db9038a7536cf6b68f4207f) C:\Windows\system32\Drivers\ksecdd.sys
10:14:51.0265 4652 KSecDD - ok
10:14:51.0280 4652 KSecPkg (e73cae53bbb72ba26918492c6b4c229d) C:\Windows\system32\Drivers\ksecpkg.sys
10:14:51.0296 4652 KSecPkg - ok
10:14:51.0421 4652 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
10:14:51.0436 4652 lltdio - ok
10:14:51.0514 4652 LMIInfo (4f69faaabb7db0d43e327c0b6aab40fc) C:\Program Files\LogMeIn\x86\RaInfo.sys
10:14:51.0514 4652 LMIInfo - ok
10:14:51.0608 4652 lmimirr (4477689e2d8ae6b78ba34c9af4cc1ed1) C:\Windows\system32\DRIVERS\lmimirr.sys
10:14:51.0623 4652 lmimirr - ok
10:14:51.0655 4652 LMIRfsClientNP - ok
10:14:51.0701 4652 LMIRfsDriver (3faa563ddf853320f90259d455a01d79) C:\Windows\system32\drivers\LMIRfsDriver.sys
10:14:51.0701 4652 LMIRfsDriver - ok
10:14:51.0764 4652 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
10:14:51.0779 4652 LSI_FC - ok
10:14:51.0795 4652 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
10:14:51.0811 4652 LSI_SAS - ok
10:14:51.0842 4652 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
10:14:51.0873 4652 LSI_SAS2 - ok
10:14:51.0935 4652 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
10:14:51.0967 4652 LSI_SCSI - ok
10:14:52.0029 4652 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
10:14:52.0060 4652 luafv - ok
10:14:52.0107 4652 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
10:14:52.0123 4652 megasas - ok
10:14:52.0279 4652 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
10:14:52.0294 4652 MegaSR - ok
10:14:52.0403 4652 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
10:14:52.0435 4652 Modem - ok
10:14:52.0513 4652 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
10:14:52.0528 4652 monitor - ok
10:14:52.0559 4652 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
10:14:52.0575 4652 mouclass - ok
10:14:52.0637 4652 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
10:14:52.0684 4652 mouhid - ok
10:14:52.0731 4652 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
10:14:52.0747 4652 mountmgr - ok
10:14:52.0809 4652 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
10:14:52.0856 4652 mpio - ok
10:14:52.0903 4652 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
10:14:52.0949 4652 mpsdrv - ok
10:14:53.0027 4652 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
10:14:53.0074 4652 MRxDAV - ok
10:14:53.0121 4652 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
10:14:53.0137 4652 mrxsmb - ok
10:14:53.0183 4652 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
10:14:53.0199 4652 mrxsmb10 - ok
10:14:53.0246 4652 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
10:14:53.0261 4652 mrxsmb20 - ok
10:14:53.0308 4652 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
10:14:53.0324 4652 msahci - ok
10:14:53.0386 4652 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
10:14:53.0402 4652 msdsm - ok
10:14:53.0449 4652 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
10:14:53.0480 4652 Msfs - ok
10:14:53.0527 4652 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
10:14:53.0558 4652 mshidkmdf - ok
10:14:53.0620 4652 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
10:14:53.0636 4652 msisadrv - ok
10:14:53.0698 4652 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
10:14:53.0729 4652 MSKSSRV - ok
10:14:53.0792 4652 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
10:14:53.0823 4652 MSPCLOCK - ok
10:14:53.0854 4652 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
10:14:53.0885 4652 MSPQM - ok
10:14:53.0948 4652 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
10:14:53.0963 4652 MsRPC - ok
10:14:54.0010 4652 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
10:14:54.0010 4652 mssmbios - ok
10:14:54.0073 4652 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
10:14:54.0104 4652 MSTEE - ok
10:14:54.0119 4652 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
10:14:54.0151 4652 MTConfig - ok
10:14:54.0197 4652 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
10:14:54.0213 4652 Mup - ok
10:14:54.0275 4652 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
10:14:54.0322 4652 NativeWifiP - ok
10:14:54.0400 4652 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
10:14:54.0431 4652 NDIS - ok
10:14:54.0525 4652 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
10:14:54.0572 4652 NdisCap - ok
10:14:54.0634 4652 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
10:14:54.0681 4652 NdisTapi - ok
10:14:54.0728 4652 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
10:14:54.0775 4652 Ndisuio - ok
10:14:54.0821 4652 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
10:14:54.0868 4652 NdisWan - ok
10:14:54.0915 4652 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
10:14:54.0962 4652 NDProxy - ok
10:14:55.0024 4652 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
10:14:55.0040 4652 NetBIOS - ok
10:14:55.0102 4652 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
10:14:55.0133 4652 NetBT - ok
10:14:55.0211 4652 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
10:14:55.0211 4652 nfrd960 - ok
10:14:55.0258 4652 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
10:14:55.0305 4652 Npfs - ok
10:14:55.0352 4652 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
10:14:55.0399 4652 nsiproxy - ok
10:14:55.0461 4652 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
10:14:55.0508 4652 Ntfs - ok
10:14:55.0539 4652 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
10:14:55.0586 4652 Null - ok
10:14:55.0648 4652 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
10:14:55.0664 4652 nvraid - ok
10:14:55.0711 4652 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
10:14:55.0726 4652 nvstor - ok
10:14:55.0757 4652 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
10:14:55.0773 4652 nv_agp - ok
10:14:55.0820 4652 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
10:14:55.0851 4652 ohci1394 - ok
10:14:55.0960 4652 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
10:14:55.0991 4652 Parport - ok
10:14:56.0054 4652 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys
10:14:56.0069 4652 partmgr - ok
10:14:56.0101 4652 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
10:14:56.0116 4652 Parvdm - ok
10:14:56.0163 4652 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
10:14:56.0179 4652 pci - ok
10:14:56.0257 4652 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
10:14:56.0288 4652 pciide - ok
10:14:56.0366 4652 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
10:14:56.0381 4652 pcmcia - ok
10:14:56.0413 4652 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
10:14:56.0428 4652 pcw - ok
10:14:56.0475 4652 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
10:14:56.0506 4652 PEAUTH - ok
10:14:56.0569 4652 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
10:14:56.0600 4652 PptpMiniport - ok
10:14:56.0662 4652 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
10:14:56.0693 4652 Processor - ok
10:14:56.0771 4652 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
10:14:56.0818 4652 Psched - ok
10:14:56.0865 4652 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
10:14:56.0912 4652 ql2300 - ok
10:14:56.0959 4652 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
10:14:56.0974 4652 ql40xx - ok
10:14:57.0021 4652 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
10:14:57.0052 4652 QWAVEdrv - ok
10:14:57.0068 4652 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
10:14:57.0115 4652 RasAcd - ok
10:14:57.0161 4652 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
10:14:57.0193 4652 RasAgileVpn - ok
10:14:57.0255 4652 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
10:14:57.0302 4652 Rasl2tp - ok
10:14:57.0349 4652 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
10:14:57.0395 4652 RasPppoe - ok
10:14:57.0473 4652 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
10:14:57.0520 4652 RasSstp - ok
10:14:57.0583 4652 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
10:14:57.0614 4652 rdbss - ok
10:14:57.0676 4652 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
10:14:57.0692 4652 rdpbus - ok
10:14:57.0754 4652 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
10:14:57.0801 4652 RDPCDD - ok
10:14:57.0879 4652 RDPDR (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys
10:14:57.0910 4652 RDPDR - ok
10:14:57.0973 4652 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
10:14:58.0019 4652 RDPENCDD - ok
10:14:58.0066 4652 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
10:14:58.0113 4652 RDPREFMP - ok
10:14:58.0191 4652 RdpVideoMiniport (68a0387f58e226deee23d9715955572a) C:\Windows\system32\drivers\rdpvideominiport.sys
10:14:58.0207 4652 RdpVideoMiniport - ok
10:14:58.0285 4652 RDPWD (288b06960d78428ff89e811632684e20) C:\Windows\system32\drivers\RDPWD.sys
10:14:58.0331 4652 RDPWD - ok
10:14:58.0394 4652 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
10:14:58.0409 4652 rdyboost - ok
10:14:58.0472 4652 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
10:14:58.0519 4652 rspndr - ok
10:14:58.0565 4652 RTL8167 (5283b9a27ff230f2ff70d92451ff409a) C:\Windows\system32\DRIVERS\Rt86win7.sys
10:14:58.0581 4652 RTL8167 - ok
10:14:58.0643 4652 s3cap (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys
10:14:58.0675 4652 s3cap - ok
10:14:58.0721 4652 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
10:14:58.0721 4652 sbp2port - ok
10:14:58.0784 4652 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
10:14:58.0815 4652 scfilter - ok
10:14:58.0862 4652 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
10:14:58.0893 4652 secdrv - ok
10:14:58.0940 4652 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
10:14:58.0955 4652 Serenum - ok
10:14:59.0018 4652 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
10:14:59.0049 4652 Serial - ok
10:14:59.0096 4652 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
10:14:59.0127 4652 sermouse - ok
10:14:59.0205 4652 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
10:14:59.0236 4652 sffdisk - ok
10:14:59.0267 4652 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
10:14:59.0299 4652 sffp_mmc - ok
10:14:59.0314 4652 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
10:14:59.0345 4652 sffp_sd - ok
10:14:59.0377 4652 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
10:14:59.0392 4652 sfloppy - ok
10:14:59.0564 4652 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
10:14:59.0579 4652 sisagp - ok
10:14:59.0751 4652 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
10:14:59.0767 4652 SiSRaid2 - ok
10:14:59.0845 4652 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
10:14:59.0860 4652 SiSRaid4 - ok
10:14:59.0891 4652 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
10:14:59.0938 4652 Smb - ok
10:15:00.0001 4652 snapman (2e625a4d7de2aa1b08bf8681246d6134) C:\Windows\system32\DRIVERS\snapman.sys
10:15:00.0016 4652 snapman - ok
10:15:00.0047 4652 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
10:15:00.0063 4652 spldr - ok
10:15:00.0125 4652 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
10:15:00.0141 4652 srv - ok
10:15:00.0188 4652 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
10:15:00.0219 4652 srv2 - ok
10:15:00.0266 4652 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
10:15:00.0281 4652 srvnet - ok
10:15:00.0328 4652 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
10:15:00.0328 4652 stexstor - ok
10:15:00.0375 4652 storflt (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys
10:15:00.0391 4652 storflt - ok
10:15:00.0437 4652 storvsc (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys
10:15:00.0453 4652 storvsc - ok
10:15:00.0531 4652 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
10:15:00.0547 4652 swenum - ok
10:15:00.0609 4652 Synth3dVsc - ok
10:15:00.0734 4652 Tcpip (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\drivers\tcpip.sys
10:15:00.0796 4652 Tcpip - ok
10:15:00.0859 4652 TCPIP6 (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\DRIVERS\tcpip.sys
10:15:00.0890 4652 TCPIP6 - ok
10:15:00.0952 4652 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
10:15:00.0983 4652 tcpipreg - ok
10:15:01.0030 4652 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
10:15:01.0061 4652 TDPIPE - ok
10:15:01.0108 4652 TDTCP (2c10395baa4847f83042813c515cc289) C:\Windows\system32\drivers\tdtcp.sys
10:15:01.0155 4652 TDTCP - ok
10:15:01.0202 4652 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
10:15:01.0233 4652 tdx - ok
10:15:01.0295 4652 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
10:15:01.0311 4652 TermDD - ok
10:15:01.0358 4652 timounter (1dcf2395cf531057a698c0b6af2b87c1) C:\Windows\system32\DRIVERS\timntr.sys
10:15:01.0389 4652 timounter - ok
10:15:01.0451 4652 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
10:15:01.0498 4652 tssecsrv - ok
10:15:01.0561 4652 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
10:15:01.0592 4652 TsUsbFlt - ok
10:15:01.0639 4652 tsusbhub - ok
10:15:01.0701 4652 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
10:15:01.0748 4652 tunnel - ok
10:15:01.0795 4652 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
10:15:01.0795 4652 uagp35 - ok
10:15:01.0841 4652 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
10:15:01.0904 4652 udfs - ok
10:15:01.0982 4652 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
10:15:01.0982 4652 uliagpkx - ok
10:15:02.0060 4652 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys
10:15:02.0075 4652 umbus - ok
10:15:02.0107 4652 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
10:15:02.0153 4652 UmPass - ok
10:15:02.0216 4652 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
10:15:02.0247 4652 usbccgp - ok
10:15:02.0294 4652 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
10:15:02.0309 4652 usbcir - ok
10:15:02.0356 4652 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys
10:15:02.0387 4652 usbehci - ok
10:15:02.0419 4652 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
10:15:02.0434 4652 usbhub - ok
10:15:02.0450 4652 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\drivers\usbohci.sys
10:15:02.0465 4652 usbohci - ok
10:15:02.0497 4652 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
10:15:02.0543 4652 usbprint - ok
10:15:02.0575 4652 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\drivers\USBSTOR.SYS
10:15:02.0637 4652 USBSTOR - ok
10:15:02.0653 4652 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\DRIVERS\usbuhci.sys
10:15:02.0684 4652 usbuhci - ok
10:15:02.0731 4652 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
10:15:02.0731 4652 vdrvroot - ok
10:15:02.0777 4652 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
10:15:02.0793 4652 vga - ok
10:15:02.0824 4652 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
10:15:02.0871 4652 VgaSave - ok
10:15:02.0887 4652 VGPU - ok
10:15:02.0965 4652 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
10:15:02.0980 4652 vhdmp - ok
10:15:03.0027 4652 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
10:15:03.0043 4652 viaagp - ok
10:15:03.0074 4652 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
10:15:03.0089 4652 ViaC7 - ok
10:15:03.0121 4652 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
10:15:03.0136 4652 viaide - ok
10:15:03.0167 4652 vmbus (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys
10:15:03.0183 4652 vmbus - ok
10:15:03.0214 4652 VMBusHID (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys
10:15:03.0230 4652 VMBusHID - ok
10:15:03.0261 4652 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
10:15:03.0277 4652 volmgr - ok
10:15:03.0323 4652 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
10:15:03.0355 4652 volmgrx - ok
10:15:03.0417 4652 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
10:15:03.0433 4652 volsnap - ok
10:15:03.0479 4652 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
10:15:03.0511 4652 vsmraid - ok
10:15:03.0573 4652 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
10:15:03.0604 4652 vwifibus - ok
10:15:03.0635 4652 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
10:15:03.0667 4652 WacomPen - ok
10:15:03.0713 4652 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
10:15:03.0776 4652 WANARP - ok
10:15:03.0791 4652 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
10:15:03.0807 4652 Wanarpv6 - ok
10:15:03.0869 4652 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
10:15:03.0885 4652 Wd - ok
10:15:03.0932 4652 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
10:15:03.0947 4652 Wdf01000 - ok
10:15:04.0025 4652 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
10:15:04.0072 4652 WfpLwf - ok
10:15:04.0103 4652 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
10:15:04.0119 4652 WIMMount - ok
10:15:04.0197 4652 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
10:15:04.0213 4652 WmiAcpi - ok
10:15:04.0259 4652 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
10:15:04.0275 4652 ws2ifsl - ok
10:15:04.0337 4652 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
10:15:04.0384 4652 WudfPf - ok
10:15:04.0431 4652 MBR (0x1B8) (540f149987eda7325cbcbd022a5c4243) \Device\Harddisk0\DR0
10:15:04.0540 4652 \Device\Harddisk0\DR0 - ok
10:15:04.0571 4652 Boot (0x1200) (521095d5de6dff644283d0e574922aa7) \Device\Harddisk0\DR0\Partition0
10:15:04.0571 4652 \Device\Harddisk0\DR0\Partition0 - ok
10:15:04.0587 4652 Boot (0x1200) (9512b0a20db2a9fa3036d75ce61377df) \Device\Harddisk0\DR0\Partition1
10:15:04.0587 4652 \Device\Harddisk0\DR0\Partition1 - ok
10:15:04.0587 4652 ============================================================
10:15:04.0587 4652 Scan finished
10:15:04.0587 4652 ============================================================
10:15:04.0587 4972 Detected object count: 0
10:15:04.0587 4972 Actual detected object count: 0


aswMBR log:

aswMBR version 0.9.9.1649 Copyright© 2011 AVAST Software
Run date: 2012-03-02 10:16:27
-----------------------------
10:16:27.276 OS Version: Windows 6.1.7601 Service Pack 1
10:16:27.276 Number of processors: 2 586 0x170A
10:16:27.276 ComputerName: INFECTEDSYSTEM UserName:
10:16:27.728 Initialize success
10:17:04.368 AVAST engine defs: 12030200
10:17:23.057 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1
10:17:23.072 Disk 0 Vendor: ST380815AS 3.CHH Size: 76319MB BusType: 3
10:17:23.088 Disk 0 MBR read successfully
10:17:23.088 Disk 0 MBR scan
10:17:23.119 Disk 0 unknown MBR code
10:17:23.135 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 5184 MB offset 2048
10:17:23.150 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 60869 MB offset 10618880
10:17:23.150 Disk 0 Partition - 00 05 Extended 10265 MB offset 135278592
10:17:23.228 Disk 0 Partition 3 00 BC BOOTWIZ0 10263 MB offset 135280640
10:17:23.228 Disk 0 scanning sectors +156301488
10:17:23.790 Disk 0 scanning C:\Windows\system32\drivers
10:17:35.521 Service scanning
10:17:59.842 Modules scanning
10:18:04.725 Disk 0 trace - called modules:
10:18:04.740 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS intelide.sys PCIIDEX.SYS atapi.sys
10:18:04.740 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85bae9b0]
10:18:04.740 3 CLASSPNP.SYS[8a1c859e] -> nt!IofCallDriver -> [0x856f0918]
10:18:04.756 5 ACPI.sys[8989e3d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-1[0x85adf030]
10:18:05.083 AVAST engine scan C:\Windows
10:18:06.831 AVAST engine scan C:\Windows\system32
10:20:22.785 AVAST engine scan C:\Windows\system32\drivers
10:20:35.312 AVAST engine scan C:\Users\Infected System
10:20:35.842 File: C:\Users\Infected System\AppData\Local\bd956cd5\U\800000cb.@ **INFECTED** Win32:Sirefef-AO [Rtk]
10:22:05.953 Disk 0 MBR has been saved successfully to "C:\Users\Infected System\Desktop\MBR.dat"
10:22:05.953 The log file has been saved successfully to "C:\Users\Infected System\Desktop\aswMBR.txt"

Edited by ScottyScott, 02 March 2012 - 10:23 AM.


#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:07 PM

Posted 02 March 2012 - 02:41 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

KillAll::

Folder::
C:\Users\Infected System\AppData\Local\bd956cd5\U

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 ScottyScott

ScottyScott
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:07 PM

Posted 02 March 2012 - 05:17 PM

So far combofix is still sitting at the "10 minutes screen" again and seems to be making no progress.
Once 7pm(est) hits i have no access to this system until Monday just so you know.

Edited by ScottyScott, 02 March 2012 - 05:18 PM.


#15 ScottyScott

ScottyScott
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:07 PM

Posted 02 March 2012 - 06:15 PM

I exited combofix and tried re-executing your suggested script. It still is hanging will no progress.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users