Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Win32.Sirefef.Ho infection consrv.dll


  • This topic is locked This topic is locked
42 replies to this topic

#1 StarkyD

StarkyD

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:03:47 AM

Posted 25 February 2012 - 11:08 AM

I was directed to this forum from here http://www.bleepingcomputer.com/forums/topic443998.html

Summary:
The laptop is Running Windows 7 64. The laptop was initially opening webpages on its own when going to normal sites such as Google or Yahoo. Avast discovered w32.sirefef-ho as consrv32.dll in the locations c:\windows\system32\ and c:\windows\system64. Originally I moved the to the viruschest. When I rebooted, the laptop would not boot in to Windows. I was unsure what to do, so I reverted to a restore point. The laptop would then boot up but is still infected. That is when I sought out help in the original post which is linked in the first line of this post. Avast will occasionally pop up a window that says a threat was detected, win32.DNSChanger.vj and the location is usually c:\windows\assembly\temp\u\ and will say no further action is necessary. It will ask me to do a boot time scan after it displays this warning. I have been clicking no and will continue to do this unless instructed differently.

  • I followed the steps starting at Step 6 per the request above.
  • I did not perform Step 7 due to running a 64bit OS per the instructions.
  • One set of instructions said to zip the attach.txt file and one did not mention it. It isn't very big so I did'nt zip the file. I apologize if I should have and if I need to I will do so, just let me know.

Below are the contents of dds.txt and attached is the attach.txt file.

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
Run by Diane at 10:39:36 on 2012-02-25
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4057.2539 [GMT -5:00]
.
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\DRIVERS\o2flash.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k imgsvc
c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\wbem\wmiprvse.exe
c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0401.0\mswinext.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe
C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\SysWOW64\ping.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://yahoo.com/
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: MSN Toolbar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN Toolbar\Platform\4.0.0401.0\npwinext.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
TB: MSN Toolbar: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\Program Files (x86)\MSN Toolbar\Platform\4.0.0401.0\npwinext.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
uRun: [Google Update] "C:\Users\Diane\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [SSBkgdUpdate] "C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [PaperPort PTD] "C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe"
mRun: [IndexSearch] "C:\Program Files (x86)\ScanSoft\PaperPort\IndexSearch.exe"
mRun: [PPort11reminder] "C:\Program Files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini"
mRun: [BrMfcWnd] C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
mRun: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun
mRun: [MSN Toolbar] "c:\Program Files (x86)\MSN Toolbar\Platform\4.0.0401.0\mswinext.exe"
mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
StartupFolder: C:\Users\Diane\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files (x86)\Dell\DellDock\DellDock.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
LSP: mswsock.dll
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 206.141.193.55
TCP: Interfaces\{588F1644-DF47-4B62-A29B-314C7590478E} : DhcpNameServer = 206.141.193.55
TCP: Interfaces\{588F1644-DF47-4B62-A29B-314C7590478E}\2375942554138333 : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{D8595A87-800C-4326-A60F-40C3F9F7020A} : DhcpNameServer = 216.111.202.15 216.111.202.20
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 consrv:ConServerDllInitialization,2 sxssrv,4
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO-X64: Search Helper - No File
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Skype Plug-In: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: MSN Toolbar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN Toolbar\Platform\4.0.0401.0\npwinext.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: Windows Live Toolbar Helper: {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
TB-X64: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
TB-X64: MSN Toolbar: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\Program Files (x86)\MSN Toolbar\Platform\4.0.0401.0\npwinext.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun-x64: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun-x64: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
mRun-x64: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
mRun-x64: [SSBkgdUpdate] "C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
mRun-x64: [PaperPort PTD] "C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe"
mRun-x64: [IndexSearch] "C:\Program Files (x86)\ScanSoft\PaperPort\IndexSearch.exe"
mRun-x64: [PPort11reminder] "C:\Program Files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini"
mRun-x64: [BrMfcWnd] C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
mRun-x64: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun
mRun-x64: [MSN Toolbar] "c:\Program Files (x86)\MSN Toolbar\Platform\4.0.0401.0\mswinext.exe"
mRun-x64: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
Hosts: 109.163.226.208 www.google-analytics.com.
Hosts: 109.163.226.208 ad-emea.doubleclick.net.
Hosts: 109.163.226.208 www.statcounter.com.
Hosts: 67.215.245.19 www.google-analytics.com.
Hosts: 67.215.245.19 ad-emea.doubleclick.net.
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Diane\AppData\Roaming\Mozilla\Firefox\Profiles\0d9gwrub.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=SO3TDF&PC=SUN3&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/accounts/ServiceLogin?service=mail&passive=true&rm=false&continue=https%3A%2F%2Fmail.google.com%2Fmail%2F%3Fview%3Dpu%26fs%3D1%26ui%3D2%26st%3Dchat%26shva%3D1&bsv=llya694le36z&scc=1&ltmpl=default&ltmplcache=2#inbox
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=SO3TDF&PC=SUN3&q=
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\3.0.40624.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Diane\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: C:\Users\Diane\AppData\Roaming\Move Networks\plugins\npqmp071505000011.dll
FF - plugin: C:\Users\Diane\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Diane\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]
R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]
R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-2-25 44768]
R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2008-12-18 155648]
R3 Acceler;Accelerometer Service;C:\Windows\system32\DRIVERS\Acceler.sys --> C:\Windows\system32\DRIVERS\Acceler.sys [?]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\system32\DRIVERS\CtClsFlt.sys --> C:\Windows\system32\DRIVERS\CtClsFlt.sys [?]
R3 NETw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\NETw5v64.sys --> C:\Windows\system32\DRIVERS\NETw5v64.sys [?]
R3 O2MDGRDR;O2MDGRDR;C:\Windows\system32\DRIVERS\o2mdgx64.sys --> C:\Windows\system32\DRIVERS\o2mdgx64.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-9-8 136176]
S3 BrSerIb;Brother MFC Serial Interface Driver(WDM);C:\Windows\system32\DRIVERS\BrSerIb.sys --> C:\Windows\system32\DRIVERS\BrSerIb.sys [?]
S3 BrUsbSIb;Brother MFC Serial USB Driver(WDM);C:\Windows\system32\DRIVERS\BrUsbSIb.sys --> C:\Windows\system32\DRIVERS\BrUsbSIb.sys [?]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-9-8 136176]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-02-25 13:02:25 817496 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2012-02-25 13:02:25 69976 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2012-02-25 13:02:25 53080 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2012-02-25 13:02:09 41184 ----a-w- C:\Windows\avastSS.scr
2012-02-25 05:51:45 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-02-25 02:08:41 -------- d-----w- C:\Users\Diane\AppData\Roaming\SUPERAntiSpyware.com
2012-02-25 02:08:27 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2012-02-25 02:08:27 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2012-02-25 01:57:57 476904 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
2012-02-24 22:04:27 -------- d-----we C:\Windows\system64
2012-02-19 17:20:08 -------- d-----w- C:\Windows\System32\MpEngineStore
2012-02-19 15:55:21 -------- d-----w- C:\ProgramData\AVAST Software
2012-02-19 15:55:21 -------- d-----w- C:\Program Files\AVAST Software
2012-02-15 13:47:44 479232 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcm80.dll
2012-02-15 13:47:44 43992 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozutils.dll
2012-02-15 13:47:43 626688 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcr80.dll
2012-02-15 13:47:43 548864 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcp80.dll
2012-02-14 22:56:26 509952 ----a-w- C:\Windows\System32\ntshrui.dll
2012-02-14 22:56:26 442880 ----a-w- C:\Windows\SysWow64\ntshrui.dll
2012-02-14 22:56:25 515584 ----a-w- C:\Windows\System32\timedate.cpl
2012-02-14 22:56:25 478720 ----a-w- C:\Windows\SysWow64\timedate.cpl
2012-02-14 22:56:24 3145728 ----a-w- C:\Windows\System32\win32k.sys
2012-02-14 22:56:23 498688 ----a-w- C:\Windows\System32\drivers\afd.sys
2012-02-14 22:56:21 690688 ----a-w- C:\Windows\SysWow64\msvcrt.dll
2012-02-14 22:56:21 634880 ----a-w- C:\Windows\System32\msvcrt.dll
2012-02-05 14:11:11 0 --sha-w- C:\Windows\System32\dds_trash_log.cmd
.
==================== Find3M ====================
.
2012-02-25 01:59:42 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-25 01:57:53 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2011-12-14 07:11:03 2308096 ----a-w- C:\Windows\System32\jscript9.dll
2011-12-14 07:04:30 1390080 ----a-w- C:\Windows\System32\wininet.dll
2011-12-14 07:03:38 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl
2011-12-14 06:57:28 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2011-12-14 03:04:54 1798656 ----a-w- C:\Windows\SysWow64\jscript9.dll
2011-12-14 02:57:18 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-12-14 02:56:58 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2011-12-14 02:50:04 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
.
============= FINISH: 10:40:13.52 ===============


ATTACH.TXT

Attached Files



BC AdBot (Login to Remove)

 


#2 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:03:47 AM

Posted 25 February 2012 - 11:43 AM

Hello StarkyD ,
  • Welcome to Bleeping Computer.
  • My name is fireman4it and I will be helping you with your Malware problem.

    Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
  • In the upper right hand corner of the topic you will see a button called Watch Topic.I suggest you click it and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

  • Finally, please reply using the ADD REPLY button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.
  • We need to get a little more information before we begin



1.
Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

2.

Please download Listparts64
Run the tool, click Scan and post the log (Result.txt) it makes.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#3 StarkyD

StarkyD
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:03:47 AM

Posted 25 February 2012 - 12:02 PM

Many thanks for your help with this Fireman4it. Is the aswMBR program supposed to give some sort of notification when it has finished scanning? It seemed to just be stuck on something for 5 or so minutes. After a while I just figured it was done and saved the log which is below.

aswMBR version 0.9.9.1649 Copyright© 2011 AVAST Software
Run date: 2012-02-25 11:50:25
-----------------------------
11:50:25.419 OS Version: Windows x64 6.1.7601 Service Pack 1
11:50:25.419 Number of processors: 2 586 0x170A
11:50:25.419 ComputerName: DIANE-PC UserName: Diane
11:50:27.338 Initialize success
11:50:27.791 AVAST engine defs: 12022500
11:50:43.469 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
11:50:43.469 Disk 0 Vendor: ST950042 0003 Size: 476940MB BusType: 3
11:50:43.484 Disk 0 MBR read successfully
11:50:43.484 Disk 0 MBR scan
11:50:43.500 Disk 0 Windows VISTA default MBR code
11:50:43.500 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
11:50:43.531 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 15000 MB offset 81920
11:50:43.547 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 461899 MB offset 30801920
11:50:43.578 SubSystem.Windows: C:\Windows\system32\consrv.dll **SUSPICIOUS**
11:50:43.593 Disk 0 scanning C:\Windows\system32\drivers
11:50:54.357 Service scanning
11:51:09.287 Modules scanning
11:51:09.302 Disk 0 trace - called modules:
11:51:09.333 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys
11:51:09.349 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80057a2060]
11:51:09.365 3 CLASSPNP.SYS[fffff88001ba843f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004acb050]
11:51:10.363 AVAST engine scan C:\Windows
11:51:13.436 AVAST engine scan C:\Windows\system32
11:51:23.311 File: C:\Windows\system32\consrv.dll **INFECTED** Win32:Sirefef-HO [Rtk]
11:52:53.027 File: C:\Windows\assembly\GAC_32\Desktop.ini **INFECTED** Win32:Sirefef-FQ [Drp]
11:52:54.634 File: C:\Windows\assembly\GAC_64\Desktop.ini **INFECTED** Win32:Sirefef-HO [Rtk]
11:53:47.565 File: C:\Windows\assembly\temp\U\80000004.@ **INFECTED** Win64:ZAccess-A [Trj]
11:53:48.407 AVAST engine scan C:\Windows\system32\drivers
11:53:58.999 AVAST engine scan C:\Users\Diane
11:56:30.834 Disk 0 MBR has been saved successfully to "C:\Users\Diane\Desktop\MBR.dat"
11:56:30.850 The log file has been saved successfully to "C:\Users\Diane\Desktop\aswMBR.txt"


Here is the listparts64 log.


ListParts by Farbar
Ran by Diane (administrator) on 25-02-2012 at 12:00:56
Windows 7 (X64)
Running From: C:\Users\Diane\Desktop
Language: 0409
************************************************************

========================= Memory info ======================

Percentage of memory in use: 44%
Total physical RAM: 4056.94 MB
Available physical RAM: 2243.26 MB
Total Pagefile: 8112.08 MB
Available Pagefile: 6308.21 MB
Total Virtual: 8192 MB
Available Virtual: 8191.89 MB

======================= Partitions =========================

1 Drive c: (OS) (Fixed) (Total:451.07 GB) (Free:396.26 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 465 GB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 39 MB 31 KB
Partition 2 Primary 14 GB 40 MB
Partition 3 Primary 451 GB 14 GB

Disk: 0
Partition 1
Type : DE
Hidden: Yes
Active: No

There is no volume associated with this partition.

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 RECOVERY NTFS Partition 14 GB Healthy System (partition with boot components)

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C OS NTFS Partition 451 GB Healthy Boot



****** End Of Log ******

#4 StarkyD

StarkyD
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:03:47 AM

Posted 25 February 2012 - 12:10 PM

I see now that aswMBR does give a notification. I had left it open and it now says it is finished. I have pasted the full log below. I am sorry.

aswMBR version 0.9.9.1649 Copyright© 2011 AVAST Software
Run date: 2012-02-25 11:50:25
-----------------------------
11:50:25.419 OS Version: Windows x64 6.1.7601 Service Pack 1
11:50:25.419 Number of processors: 2 586 0x170A
11:50:25.419 ComputerName: DIANE-PC UserName: Diane
11:50:27.338 Initialize success
11:50:27.791 AVAST engine defs: 12022500
11:50:43.469 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
11:50:43.469 Disk 0 Vendor: ST950042 0003 Size: 476940MB BusType: 3
11:50:43.484 Disk 0 MBR read successfully
11:50:43.484 Disk 0 MBR scan
11:50:43.500 Disk 0 Windows VISTA default MBR code
11:50:43.500 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
11:50:43.531 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 15000 MB offset 81920
11:50:43.547 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 461899 MB offset 30801920
11:50:43.578 SubSystem.Windows: C:\Windows\system32\consrv.dll **SUSPICIOUS**
11:50:43.593 Disk 0 scanning C:\Windows\system32\drivers
11:50:54.357 Service scanning
11:51:09.287 Modules scanning
11:51:09.302 Disk 0 trace - called modules:
11:51:09.333 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys
11:51:09.349 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80057a2060]
11:51:09.365 3 CLASSPNP.SYS[fffff88001ba843f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004acb050]
11:51:10.363 AVAST engine scan C:\Windows
11:51:13.436 AVAST engine scan C:\Windows\system32
11:51:23.311 File: C:\Windows\system32\consrv.dll **INFECTED** Win32:Sirefef-HO [Rtk]
11:52:53.027 File: C:\Windows\assembly\GAC_32\Desktop.ini **INFECTED** Win32:Sirefef-FQ [Drp]
11:52:54.634 File: C:\Windows\assembly\GAC_64\Desktop.ini **INFECTED** Win32:Sirefef-HO [Rtk]
11:53:47.565 File: C:\Windows\assembly\temp\U\80000004.@ **INFECTED** Win64:ZAccess-A [Trj]
11:53:48.407 AVAST engine scan C:\Windows\system32\drivers
11:53:58.999 AVAST engine scan C:\Users\Diane
11:56:30.834 Disk 0 MBR has been saved successfully to "C:\Users\Diane\Desktop\MBR.dat"
11:56:30.850 The log file has been saved successfully to "C:\Users\Diane\Desktop\aswMBR.txt"


aswMBR version 0.9.9.1649 Copyright© 2011 AVAST Software
Run date: 2012-02-25 11:50:25
-----------------------------
11:50:25.419 OS Version: Windows x64 6.1.7601 Service Pack 1
11:50:25.419 Number of processors: 2 586 0x170A
11:50:25.419 ComputerName: DIANE-PC UserName: Diane
11:50:27.338 Initialize success
11:50:27.791 AVAST engine defs: 12022500
11:50:43.469 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
11:50:43.469 Disk 0 Vendor: ST950042 0003 Size: 476940MB BusType: 3
11:50:43.484 Disk 0 MBR read successfully
11:50:43.484 Disk 0 MBR scan
11:50:43.500 Disk 0 Windows VISTA default MBR code
11:50:43.500 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
11:50:43.531 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 15000 MB offset 81920
11:50:43.547 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 461899 MB offset 30801920
11:50:43.578 SubSystem.Windows: C:\Windows\system32\consrv.dll **SUSPICIOUS**
11:50:43.593 Disk 0 scanning C:\Windows\system32\drivers
11:50:54.357 Service scanning
11:51:09.287 Modules scanning
11:51:09.302 Disk 0 trace - called modules:
11:51:09.333 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys
11:51:09.349 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80057a2060]
11:51:09.365 3 CLASSPNP.SYS[fffff88001ba843f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004acb050]
11:51:10.363 AVAST engine scan C:\Windows
11:51:13.436 AVAST engine scan C:\Windows\system32
11:51:23.311 File: C:\Windows\system32\consrv.dll **INFECTED** Win32:Sirefef-HO [Rtk]
11:52:53.027 File: C:\Windows\assembly\GAC_32\Desktop.ini **INFECTED** Win32:Sirefef-FQ [Drp]
11:52:54.634 File: C:\Windows\assembly\GAC_64\Desktop.ini **INFECTED** Win32:Sirefef-HO [Rtk]
11:53:47.565 File: C:\Windows\assembly\temp\U\80000004.@ **INFECTED** Win64:ZAccess-A [Trj]
11:53:48.407 AVAST engine scan C:\Windows\system32\drivers
11:53:58.999 AVAST engine scan C:\Users\Diane
11:56:30.834 Disk 0 MBR has been saved successfully to "C:\Users\Diane\Desktop\MBR.dat"
11:56:30.850 The log file has been saved successfully to "C:\Users\Diane\Desktop\aswMBR.txt"
12:01:50.680 AVAST engine scan C:\ProgramData
12:02:42.955 Scan finished successfully
12:08:36.811 Disk 0 MBR has been saved successfully to "C:\Users\Diane\Desktop\MBR.dat"
12:08:36.826 The log file has been saved successfully to "C:\Users\Diane\Desktop\aswMBR.txt"

#5 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:03:47 AM

Posted 25 February 2012 - 03:31 PM

1.
Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Note: If Cure is not an option, Skip instead, do not choose Delete unless instructed.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.



2.
Install Recovery Console and Run ComboFix

This tool is not a toy. If used the wrong way you could trash your computer. Please use only under direction of a Helper. If you decide to do so anyway, please do not blame me or ComboFix.

Download Combofix from any of the links below, and save it to your desktop.

Link 1
Link 2
  • Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are not sure how.
  • Close any open windows, including this one.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • If you did not have it installed, you will see the prompt below. Choose YES.
  • Posted Image
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Note:The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you
should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    Posted Image
  • Click on Yes, to continue scanning for malware.
  • When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).
Leave your computer alone while ComboFix is running.
ComboFix will restart your computer if malware is found; allow it to do so.


Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.


Things to include in your next reply::
TDSSKILLER log
Combofix.txt
How is your machine running now?

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#6 StarkyD

StarkyD
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:03:47 AM

Posted 25 February 2012 - 08:13 PM

Below is TDSS log. Proceeding to step 2 now.


20:10:28.0296 3868 TDSS rootkit removing tool 2.7.14.0 Feb 22 2012 16:54:49
20:10:28.0654 3868 ============================================================
20:10:28.0654 3868 Current date / time: 2012/02/25 20:10:28.0654
20:10:28.0654 3868 SystemInfo:
20:10:28.0654 3868
20:10:28.0654 3868 OS Version: 6.1.7601 ServicePack: 1.0
20:10:28.0654 3868 Product type: Workstation
20:10:28.0654 3868 ComputerName: DIANE-PC
20:10:28.0654 3868 UserName: Diane
20:10:28.0654 3868 Windows directory: C:\Windows
20:10:28.0654 3868 System windows directory: C:\Windows
20:10:28.0654 3868 Running under WOW64
20:10:28.0654 3868 Processor architecture: Intel x64
20:10:28.0654 3868 Number of processors: 2
20:10:28.0654 3868 Page size: 0x1000
20:10:28.0654 3868 Boot type: Normal boot
20:10:28.0654 3868 ============================================================
20:10:29.0185 3868 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:10:29.0200 3868 \Device\Harddisk0\DR0:
20:10:29.0200 3868 MBR used
20:10:29.0200 3868 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1D4C000
20:10:29.0200 3868 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1D60000, BlocksNum 0x38625830
20:10:29.0216 3868 Initialize success
20:10:29.0216 3868 ============================================================
20:10:46.0329 4788 ============================================================
20:10:46.0329 4788 Scan started
20:10:46.0329 4788 Mode: Manual;
20:10:46.0329 4788 ============================================================
20:10:46.0860 4788 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
20:10:46.0860 4788 1394ohci - ok
20:10:46.0906 4788 Acceler (c49c56b35bfc6cda8d1fdcad2885568f) C:\Windows\system32\DRIVERS\Acceler.sys
20:10:46.0906 4788 Acceler - ok
20:10:46.0953 4788 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
20:10:46.0969 4788 ACPI - ok
20:10:47.0000 4788 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
20:10:47.0000 4788 AcpiPmi - ok
20:10:47.0078 4788 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
20:10:47.0094 4788 adp94xx - ok
20:10:47.0172 4788 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
20:10:47.0172 4788 adpahci - ok
20:10:47.0234 4788 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
20:10:47.0250 4788 adpu320 - ok
20:10:47.0343 4788 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
20:10:47.0359 4788 AFD - ok
20:10:47.0421 4788 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
20:10:47.0421 4788 agp440 - ok
20:10:47.0484 4788 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
20:10:47.0484 4788 aliide - ok
20:10:47.0515 4788 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
20:10:47.0515 4788 amdide - ok
20:10:47.0546 4788 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
20:10:47.0546 4788 AmdK8 - ok
20:10:47.0562 4788 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
20:10:47.0562 4788 AmdPPM - ok
20:10:47.0593 4788 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
20:10:47.0608 4788 amdsata - ok
20:10:47.0624 4788 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
20:10:47.0640 4788 amdsbs - ok
20:10:47.0655 4788 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
20:10:47.0655 4788 amdxata - ok
20:10:47.0733 4788 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
20:10:47.0749 4788 AppID - ok
20:10:47.0811 4788 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
20:10:47.0827 4788 arc - ok
20:10:47.0858 4788 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
20:10:47.0858 4788 arcsas - ok
20:10:47.0952 4788 aswFsBlk (c7c69ed14a7ddecaf58e3dfd1fca6d37) C:\Windows\system32\drivers\aswFsBlk.sys
20:10:47.0952 4788 aswFsBlk - ok
20:10:48.0014 4788 aswMonFlt (ad5276449159ba8d5206c6094c764249) C:\Windows\system32\drivers\aswMonFlt.sys
20:10:48.0014 4788 aswMonFlt - ok
20:10:48.0061 4788 aswRdr (1e5ca4c89227df49c5fc779e7848ae8b) C:\Windows\System32\Drivers\aswrdr2.sys
20:10:48.0061 4788 aswRdr - ok
20:10:48.0139 4788 aswSnx (45ad1ed2a0ccd582e32b10535f5c42e9) C:\Windows\system32\drivers\aswSnx.sys
20:10:48.0170 4788 aswSnx - ok
20:10:48.0232 4788 aswSP (06fd751c1b15734e57df09614602be66) C:\Windows\system32\drivers\aswSP.sys
20:10:48.0248 4788 aswSP - ok
20:10:48.0279 4788 aswTdi (bf670f65762ff8da7615d7b80914c0f8) C:\Windows\system32\drivers\aswTdi.sys
20:10:48.0295 4788 aswTdi - ok
20:10:48.0310 4788 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
20:10:48.0310 4788 AsyncMac - ok
20:10:48.0388 4788 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
20:10:48.0388 4788 atapi - ok
20:10:48.0513 4788 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
20:10:48.0513 4788 b06bdrv - ok
20:10:48.0576 4788 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
20:10:48.0591 4788 b57nd60a - ok
20:10:48.0622 4788 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
20:10:48.0622 4788 Beep - ok
20:10:48.0654 4788 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
20:10:48.0654 4788 blbdrive - ok
20:10:48.0700 4788 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
20:10:48.0700 4788 bowser - ok
20:10:48.0747 4788 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
20:10:48.0747 4788 BrFiltLo - ok
20:10:48.0763 4788 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
20:10:48.0763 4788 BrFiltUp - ok
20:10:48.0841 4788 BrSerIb (e5e9b1625a767ceb6f319c12d33eab78) C:\Windows\system32\DRIVERS\BrSerIb.sys
20:10:48.0841 4788 BrSerIb - ok
20:10:48.0888 4788 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
20:10:48.0888 4788 Brserid - ok
20:10:48.0903 4788 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
20:10:48.0903 4788 BrSerWdm - ok
20:10:48.0934 4788 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
20:10:48.0934 4788 BrUsbMdm - ok
20:10:48.0966 4788 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
20:10:48.0966 4788 BrUsbSer - ok
20:10:49.0028 4788 BrUsbSIb (d9f6b30ad93cbd165ec71fadf51df25e) C:\Windows\system32\DRIVERS\BrUsbSIb.sys
20:10:49.0044 4788 BrUsbSIb - ok
20:10:49.0059 4788 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
20:10:49.0059 4788 BTHMODEM - ok
20:10:49.0137 4788 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
20:10:49.0137 4788 cdfs - ok
20:10:49.0215 4788 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
20:10:49.0215 4788 cdrom - ok
20:10:49.0278 4788 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
20:10:49.0278 4788 circlass - ok
20:10:49.0324 4788 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
20:10:49.0340 4788 CLFS - ok
20:10:49.0465 4788 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
20:10:49.0465 4788 CmBatt - ok
20:10:49.0512 4788 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
20:10:49.0512 4788 cmdide - ok
20:10:49.0543 4788 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
20:10:49.0558 4788 CNG - ok
20:10:49.0605 4788 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
20:10:49.0605 4788 Compbatt - ok
20:10:49.0652 4788 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
20:10:49.0652 4788 CompositeBus - ok
20:10:49.0714 4788 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
20:10:49.0714 4788 crcdisk - ok
20:10:49.0808 4788 CtClsFlt (ed5cf92396a62f4c15110dcdb5e854d9) C:\Windows\system32\DRIVERS\CtClsFlt.sys
20:10:49.0808 4788 CtClsFlt - ok
20:10:49.0902 4788 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
20:10:49.0902 4788 DfsC - ok
20:10:49.0948 4788 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
20:10:49.0948 4788 discache - ok
20:10:50.0026 4788 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
20:10:50.0026 4788 Disk - ok
20:10:50.0089 4788 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
20:10:50.0089 4788 drmkaud - ok
20:10:50.0136 4788 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
20:10:50.0167 4788 DXGKrnl - ok
20:10:50.0292 4788 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
20:10:50.0385 4788 ebdrv - ok
20:10:50.0432 4788 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
20:10:50.0432 4788 elxstor - ok
20:10:50.0463 4788 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
20:10:50.0479 4788 ErrDev - ok
20:10:50.0510 4788 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
20:10:50.0510 4788 exfat - ok
20:10:50.0541 4788 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
20:10:50.0557 4788 fastfat - ok
20:10:50.0572 4788 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
20:10:50.0588 4788 fdc - ok
20:10:50.0635 4788 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
20:10:50.0635 4788 FileInfo - ok
20:10:50.0666 4788 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
20:10:50.0682 4788 Filetrace - ok
20:10:50.0697 4788 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
20:10:50.0697 4788 flpydisk - ok
20:10:50.0744 4788 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
20:10:50.0744 4788 FltMgr - ok
20:10:50.0775 4788 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
20:10:50.0775 4788 FsDepends - ok
20:10:50.0791 4788 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
20:10:50.0806 4788 Fs_Rec - ok
20:10:50.0838 4788 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
20:10:50.0853 4788 fvevol - ok
20:10:50.0900 4788 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
20:10:50.0916 4788 gagp30kx - ok
20:10:51.0040 4788 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
20:10:51.0040 4788 hcw85cir - ok
20:10:51.0087 4788 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
20:10:51.0103 4788 HdAudAddService - ok
20:10:51.0165 4788 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
20:10:51.0165 4788 HDAudBus - ok
20:10:51.0196 4788 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
20:10:51.0196 4788 HidBatt - ok
20:10:51.0212 4788 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
20:10:51.0212 4788 HidBth - ok
20:10:51.0243 4788 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
20:10:51.0243 4788 HidIr - ok
20:10:51.0321 4788 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
20:10:51.0321 4788 HidUsb - ok
20:10:51.0384 4788 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
20:10:51.0384 4788 HpSAMD - ok
20:10:51.0430 4788 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
20:10:51.0462 4788 HTTP - ok
20:10:51.0493 4788 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
20:10:51.0508 4788 hwpolicy - ok
20:10:51.0571 4788 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
20:10:51.0571 4788 i8042prt - ok
20:10:51.0649 4788 iaStor (1d004cb1da6323b1f55caef7f94b61d9) C:\Windows\system32\DRIVERS\iaStor.sys
20:10:51.0664 4788 iaStor - ok
20:10:51.0696 4788 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
20:10:51.0696 4788 iaStorV - ok
20:10:51.0976 4788 igfx (677aa5991026a65ada128c4b59cf2bad) C:\Windows\system32\DRIVERS\igdkmd64.sys
20:10:52.0226 4788 igfx - ok
20:10:52.0257 4788 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
20:10:52.0257 4788 iirsp - ok
20:10:52.0320 4788 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
20:10:52.0320 4788 intelide - ok
20:10:52.0382 4788 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
20:10:52.0382 4788 intelppm - ok
20:10:52.0413 4788 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:10:52.0429 4788 IpFilterDriver - ok
20:10:52.0444 4788 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
20:10:52.0444 4788 IPMIDRV - ok
20:10:52.0476 4788 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
20:10:52.0476 4788 IPNAT - ok
20:10:52.0522 4788 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
20:10:52.0538 4788 IRENUM - ok
20:10:52.0554 4788 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
20:10:52.0554 4788 isapnp - ok
20:10:52.0585 4788 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
20:10:52.0600 4788 iScsiPrt - ok
20:10:52.0632 4788 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
20:10:52.0632 4788 kbdclass - ok
20:10:52.0663 4788 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
20:10:52.0663 4788 kbdhid - ok
20:10:52.0694 4788 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
20:10:52.0710 4788 KSecDD - ok
20:10:52.0756 4788 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
20:10:52.0756 4788 KSecPkg - ok
20:10:52.0772 4788 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
20:10:52.0772 4788 ksthunk - ok
20:10:52.0850 4788 LHidFilt (97caaa9fd47af67e590552c34ce2d9b1) C:\Windows\system32\DRIVERS\LHidFilt.Sys
20:10:52.0850 4788 LHidFilt - ok
20:10:52.0912 4788 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
20:10:52.0912 4788 lltdio - ok
20:10:52.0944 4788 LMouFilt (1a3c49b3edba8f8faf49ad5679813321) C:\Windows\system32\DRIVERS\LMouFilt.Sys
20:10:52.0959 4788 LMouFilt - ok
20:10:53.0006 4788 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
20:10:53.0022 4788 LSI_FC - ok
20:10:53.0037 4788 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
20:10:53.0037 4788 LSI_SAS - ok
20:10:53.0068 4788 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
20:10:53.0068 4788 LSI_SAS2 - ok
20:10:53.0084 4788 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
20:10:53.0084 4788 LSI_SCSI - ok
20:10:53.0131 4788 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
20:10:53.0131 4788 luafv - ok
20:10:53.0146 4788 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
20:10:53.0162 4788 megasas - ok
20:10:53.0178 4788 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
20:10:53.0193 4788 MegaSR - ok
20:10:53.0209 4788 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
20:10:53.0224 4788 Modem - ok
20:10:53.0240 4788 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
20:10:53.0240 4788 monitor - ok
20:10:53.0287 4788 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
20:10:53.0287 4788 mouclass - ok
20:10:53.0349 4788 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
20:10:53.0349 4788 mouhid - ok
20:10:53.0396 4788 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
20:10:53.0396 4788 mountmgr - ok
20:10:53.0427 4788 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
20:10:53.0443 4788 mpio - ok
20:10:53.0474 4788 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
20:10:53.0474 4788 mpsdrv - ok
20:10:53.0536 4788 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
20:10:53.0536 4788 MRxDAV - ok
20:10:53.0568 4788 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
20:10:53.0583 4788 mrxsmb - ok
20:10:53.0614 4788 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:10:53.0630 4788 mrxsmb10 - ok
20:10:53.0661 4788 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:10:53.0677 4788 mrxsmb20 - ok
20:10:53.0724 4788 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
20:10:53.0724 4788 msahci - ok
20:10:53.0755 4788 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
20:10:53.0770 4788 msdsm - ok
20:10:53.0817 4788 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
20:10:53.0833 4788 Msfs - ok
20:10:53.0880 4788 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
20:10:53.0880 4788 mshidkmdf - ok
20:10:53.0895 4788 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
20:10:53.0895 4788 msisadrv - ok
20:10:53.0958 4788 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
20:10:53.0958 4788 MSKSSRV - ok
20:10:54.0036 4788 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
20:10:54.0036 4788 MSPCLOCK - ok
20:10:54.0051 4788 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
20:10:54.0067 4788 MSPQM - ok
20:10:54.0098 4788 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
20:10:54.0114 4788 MsRPC - ok
20:10:54.0145 4788 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
20:10:54.0145 4788 mssmbios - ok
20:10:54.0160 4788 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
20:10:54.0176 4788 MSTEE - ok
20:10:54.0192 4788 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
20:10:54.0192 4788 MTConfig - ok
20:10:54.0223 4788 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
20:10:54.0223 4788 Mup - ok
20:10:54.0301 4788 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
20:10:54.0301 4788 NativeWifiP - ok
20:10:54.0394 4788 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
20:10:54.0410 4788 NDIS - ok
20:10:54.0441 4788 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
20:10:54.0441 4788 NdisCap - ok
20:10:54.0519 4788 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
20:10:54.0519 4788 NdisTapi - ok
20:10:54.0582 4788 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
20:10:54.0582 4788 Ndisuio - ok
20:10:54.0628 4788 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
20:10:54.0628 4788 NdisWan - ok
20:10:54.0675 4788 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
20:10:54.0675 4788 NDProxy - ok
20:10:54.0706 4788 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
20:10:54.0706 4788 NetBIOS - ok
20:10:54.0738 4788 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
20:10:54.0738 4788 NetBT - ok
20:10:54.0925 4788 NETw5v64 (705283c02177809ca9fa7cc58a4f1e77) C:\Windows\system32\DRIVERS\NETw5v64.sys
20:10:55.0050 4788 NETw5v64 - ok
20:10:55.0096 4788 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
20:10:55.0096 4788 nfrd960 - ok
20:10:55.0159 4788 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
20:10:55.0159 4788 Npfs - ok
20:10:55.0190 4788 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
20:10:55.0190 4788 nsiproxy - ok
20:10:55.0252 4788 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
20:10:55.0330 4788 Ntfs - ok
20:10:55.0377 4788 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
20:10:55.0377 4788 Null - ok
20:10:55.0455 4788 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
20:10:55.0455 4788 nvraid - ok
20:10:55.0486 4788 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
20:10:55.0502 4788 nvstor - ok
20:10:55.0518 4788 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
20:10:55.0518 4788 nv_agp - ok
20:10:55.0580 4788 O2MDGRDR (1b2e099223f16aab166e9602f7a5ecd4) C:\Windows\system32\DRIVERS\o2mdgx64.sys
20:10:55.0580 4788 O2MDGRDR - ok
20:10:55.0658 4788 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
20:10:55.0658 4788 ohci1394 - ok
20:10:55.0689 4788 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
20:10:55.0705 4788 Parport - ok
20:10:55.0736 4788 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
20:10:55.0736 4788 partmgr - ok
20:10:55.0767 4788 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
20:10:55.0767 4788 pci - ok
20:10:55.0783 4788 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
20:10:55.0798 4788 pciide - ok
20:10:55.0814 4788 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
20:10:55.0830 4788 pcmcia - ok
20:10:55.0861 4788 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
20:10:55.0861 4788 pcw - ok
20:10:55.0892 4788 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
20:10:55.0923 4788 PEAUTH - ok
20:10:56.0017 4788 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
20:10:56.0017 4788 PptpMiniport - ok
20:10:56.0032 4788 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
20:10:56.0048 4788 Processor - ok
20:10:56.0126 4788 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
20:10:56.0126 4788 Psched - ok
20:10:56.0204 4788 PxHlpa64 (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys
20:10:56.0204 4788 PxHlpa64 - ok
20:10:56.0251 4788 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
20:10:56.0298 4788 ql2300 - ok
20:10:56.0313 4788 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
20:10:56.0313 4788 ql40xx - ok
20:10:56.0344 4788 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
20:10:56.0344 4788 QWAVEdrv - ok
20:10:56.0360 4788 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
20:10:56.0376 4788 RasAcd - ok
20:10:56.0438 4788 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
20:10:56.0438 4788 RasAgileVpn - ok
20:10:56.0469 4788 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
20:10:56.0485 4788 Rasl2tp - ok
20:10:56.0500 4788 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
20:10:56.0500 4788 RasPppoe - ok
20:10:56.0547 4788 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
20:10:56.0547 4788 RasSstp - ok
20:10:56.0594 4788 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
20:10:56.0610 4788 rdbss - ok
20:10:56.0625 4788 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
20:10:56.0625 4788 rdpbus - ok
20:10:56.0656 4788 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
20:10:56.0656 4788 RDPCDD - ok
20:10:56.0719 4788 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
20:10:56.0719 4788 RDPENCDD - ok
20:10:56.0734 4788 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
20:10:56.0750 4788 RDPREFMP - ok
20:10:56.0781 4788 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
20:10:56.0797 4788 RDPWD - ok
20:10:56.0828 4788 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
20:10:56.0828 4788 rdyboost - ok
20:10:56.0922 4788 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
20:10:56.0922 4788 rspndr - ok
20:10:56.0984 4788 RTL8167 (b49dc435ae3695bac5623dd94b05732d) C:\Windows\system32\DRIVERS\Rt64win7.sys
20:10:57.0000 4788 RTL8167 - ok
20:10:57.0078 4788 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
20:10:57.0078 4788 SASDIFSV - ok
20:10:57.0093 4788 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
20:10:57.0093 4788 SASKUTIL - ok
20:10:57.0140 4788 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
20:10:57.0140 4788 sbp2port - ok
20:10:57.0187 4788 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
20:10:57.0187 4788 scfilter - ok
20:10:57.0249 4788 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\drivers\sdbus.sys
20:10:57.0249 4788 sdbus - ok
20:10:57.0327 4788 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
20:10:57.0327 4788 secdrv - ok
20:10:57.0374 4788 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
20:10:57.0374 4788 Serenum - ok
20:10:57.0452 4788 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
20:10:57.0452 4788 Serial - ok
20:10:57.0483 4788 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
20:10:57.0483 4788 sermouse - ok
20:10:57.0530 4788 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
20:10:57.0530 4788 sffdisk - ok
20:10:57.0546 4788 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
20:10:57.0546 4788 sffp_mmc - ok
20:10:57.0577 4788 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\DRIVERS\sffp_sd.sys
20:10:57.0577 4788 sffp_sd - ok
20:10:57.0624 4788 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
20:10:57.0624 4788 sfloppy - ok
20:10:57.0686 4788 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
20:10:57.0702 4788 SiSRaid2 - ok
20:10:57.0702 4788 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
20:10:57.0717 4788 SiSRaid4 - ok
20:10:57.0764 4788 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
20:10:57.0780 4788 Smb - ok
20:10:57.0842 4788 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
20:10:57.0842 4788 spldr - ok
20:10:57.0920 4788 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
20:10:57.0951 4788 srv - ok
20:10:57.0998 4788 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
20:10:57.0998 4788 srv2 - ok
20:10:58.0045 4788 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
20:10:58.0045 4788 srvnet - ok
20:10:58.0123 4788 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
20:10:58.0123 4788 stexstor - ok
20:10:58.0170 4788 STHDA (02e784fa49032f84964db90a3ed81890) C:\Windows\system32\DRIVERS\stwrt64.sys
20:10:58.0170 4788 STHDA - ok
20:10:58.0248 4788 StillCam (decacb6921ded1a38642642685d77dac) C:\Windows\system32\DRIVERS\serscan.sys
20:10:58.0248 4788 StillCam - ok
20:10:58.0310 4788 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
20:10:58.0310 4788 swenum - ok
20:10:58.0388 4788 SynTP (1657b7442d5ce30533f5c4317716b468) C:\Windows\system32\DRIVERS\SynTP.sys
20:10:58.0388 4788 SynTP - ok
20:10:58.0497 4788 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
20:10:58.0528 4788 Tcpip - ok
20:10:58.0575 4788 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
20:10:58.0606 4788 TCPIP6 - ok
20:10:58.0638 4788 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
20:10:58.0638 4788 tcpipreg - ok
20:10:58.0669 4788 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
20:10:58.0684 4788 TDPIPE - ok
20:10:58.0700 4788 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
20:10:58.0700 4788 TDTCP - ok
20:10:58.0747 4788 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
20:10:58.0747 4788 tdx - ok
20:10:58.0762 4788 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
20:10:58.0762 4788 TermDD - ok
20:10:58.0856 4788 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
20:10:58.0856 4788 tssecsrv - ok
20:10:58.0918 4788 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
20:10:58.0934 4788 TsUsbFlt - ok
20:10:58.0981 4788 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
20:10:58.0981 4788 tunnel - ok
20:10:59.0012 4788 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
20:10:59.0012 4788 uagp35 - ok
20:10:59.0043 4788 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
20:10:59.0059 4788 udfs - ok
20:10:59.0106 4788 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
20:10:59.0106 4788 uliagpkx - ok
20:10:59.0121 4788 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
20:10:59.0121 4788 umbus - ok
20:10:59.0152 4788 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
20:10:59.0152 4788 UmPass - ok
20:10:59.0184 4788 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
20:10:59.0199 4788 usbccgp - ok
20:10:59.0246 4788 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
20:10:59.0262 4788 usbcir - ok
20:10:59.0277 4788 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
20:10:59.0308 4788 usbehci - ok
20:10:59.0355 4788 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
20:10:59.0371 4788 usbhub - ok
20:10:59.0433 4788 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
20:10:59.0433 4788 usbohci - ok
20:10:59.0496 4788 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
20:10:59.0511 4788 usbprint - ok
20:10:59.0527 4788 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
20:10:59.0542 4788 usbscan - ok
20:10:59.0558 4788 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\drivers\USBSTOR.SYS
20:10:59.0558 4788 USBSTOR - ok
20:10:59.0589 4788 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys
20:10:59.0589 4788 usbuhci - ok
20:10:59.0652 4788 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
20:10:59.0667 4788 usbvideo - ok
20:10:59.0698 4788 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
20:10:59.0698 4788 vdrvroot - ok
20:10:59.0730 4788 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
20:10:59.0730 4788 vga - ok
20:10:59.0745 4788 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
20:10:59.0761 4788 VgaSave - ok
20:10:59.0792 4788 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
20:10:59.0792 4788 vhdmp - ok
20:10:59.0808 4788 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
20:10:59.0823 4788 viaide - ok
20:10:59.0839 4788 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
20:10:59.0839 4788 volmgr - ok
20:10:59.0886 4788 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
20:10:59.0886 4788 volmgrx - ok
20:10:59.0917 4788 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
20:10:59.0932 4788 volsnap - ok
20:10:59.0995 4788 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
20:10:59.0995 4788 vsmraid - ok
20:11:00.0026 4788 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
20:11:00.0026 4788 vwifibus - ok
20:11:00.0057 4788 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
20:11:00.0057 4788 WacomPen - ok
20:11:00.0088 4788 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
20:11:00.0088 4788 WANARP - ok
20:11:00.0088 4788 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
20:11:00.0088 4788 Wanarpv6 - ok
20:11:00.0135 4788 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
20:11:00.0135 4788 Wd - ok
20:11:00.0182 4788 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
20:11:00.0198 4788 Wdf01000 - ok
20:11:00.0276 4788 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
20:11:00.0291 4788 WfpLwf - ok
20:11:00.0307 4788 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
20:11:00.0322 4788 WIMMount - ok
20:11:00.0416 4788 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
20:11:00.0416 4788 WinUsb - ok
20:11:00.0494 4788 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
20:11:00.0494 4788 WmiAcpi - ok
20:11:00.0572 4788 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
20:11:00.0572 4788 ws2ifsl - ok
20:11:00.0634 4788 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
20:11:00.0634 4788 WudfPf - ok
20:11:00.0697 4788 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
20:11:00.0697 4788 WUDFRd - ok
20:11:00.0759 4788 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
20:11:00.0837 4788 \Device\Harddisk0\DR0 - ok
20:11:00.0853 4788 Boot (0x1200) (aa9b45ed383fd9f78e999b30c395633f) \Device\Harddisk0\DR0\Partition0
20:11:00.0853 4788 \Device\Harddisk0\DR0\Partition0 - ok
20:11:00.0868 4788 Boot (0x1200) (110eea37d5b2173e97661172845d2da6) \Device\Harddisk0\DR0\Partition1
20:11:00.0868 4788 \Device\Harddisk0\DR0\Partition1 - ok
20:11:00.0868 4788 ============================================================
20:11:00.0868 4788 Scan finished
20:11:00.0868 4788 ============================================================
20:11:00.0884 1740 Detected object count: 0
20:11:00.0884 1740 Actual detected object count: 0
20:11:23.0364 4932 Deinitialize success

#7 StarkyD

StarkyD
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:03:47 AM

Posted 25 February 2012 - 09:01 PM

I ran combofix per your instructions with anti virus off. It said it was deleted some files and folders. C:Windows\system64 was one of them but the only thing I noticed only becaused it alarmed me.

It rebooted and now a blue window is up that reads.

Preparing Log Report.

Do not run any programs until ComboFix has finished.

pevFind,.by Billy O'Meal III, version 1.5.6 ComboFix Edition. Syntax Error.
Pass LEGAL for license information. Built Sat Jun 25 23:20:28 2011

There is a blinking cursor and the end. It has bee sitting her for some time. I am writing this from my phone because I am too.nervous to do anything else.

#8 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:03:47 AM

Posted 25 February 2012 - 09:29 PM

Go ahead and restart your computer and see if it produces a log. If it doesn't look and see if C:\Combofix.txt is there. this is the log.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#9 StarkyD

StarkyD
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:03:47 AM

Posted 25 February 2012 - 10:00 PM

Rebooted and found the log. Pasted below. Maybe its just me but it seems like it is running better already.



ComboFix 12-02-25.02 - Diane 02/25/2012 20:25:56.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4057.2621 [GMT -5:00]
Running from: C:\Users\Diane\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Users\Diane\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Restore
C:\Users\Diane\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Restore\Uninstall System Restore.lnk
C:\Windows\assembly\GAC_32\Desktop.ini
C:\Windows\assembly\GAC_64\Desktop.ini
C:\Windows\assembly\temp\@
C:\Windows\assembly\temp\cfg.ini
C:\Windows\system32\consrv.dll
C:\Windows\System64


((((((((((((((((((((((((( Files Created from 2012-01-26 to 2012-02-26 )))))))))))))))))))))))))))))))


.


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2012-02-25 01:59:42 . 2011-09-08 21:32:54 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-25 01:57:53 . 2010-05-06 19:15:09 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-09-08 21:32:50 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 23:10:28 35696]
"PDVDDXSrv"="C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-06-25 02:19:50 140520]
"Dell Webcam Central"="C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 22:21:38 409744]
"Desktop Disc Tool"="C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-06-19 03:46:24 494064]
"DellSupportCenter"="C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 14:59:08 206064]
"SSBkgdUpdate"="C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 13:03:38 210472]
"PaperPort PTD"="C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe" [2008-07-10 03:07:00 29984]
"IndexSearch"="C:\Program Files (x86)\ScanSoft\PaperPort\IndexSearch.exe" [2008-07-10 03:05:10 46368]
"PPort11reminder"="C:\Program Files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-08-31 13:01:58 328992]
"BrMfcWnd"="C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe" [2009-08-03 15:50:22 1167360]
"ControlCenter3"="C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 14:26:54 114688]
"MSN Toolbar"="c:\Program Files (x86)\MSN Toolbar\Platform\4.0.0401.0\mswinext.exe" [2010-02-12 15:02:08 240992]
"Microsoft Default Manager"="C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 15:12:14 288080]
"QuickTime Task"="C:\Program Files (x86)\QuickTime\QTTask.exe" [2010-09-08 15:17:42 421888]
"SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 19:02:04 254696]
"avast"="C:\Program Files\AVAST Software\Avast\avastUI.exe" [2012-02-23 16:23:24 4031368]

C:\Users\Diane\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - C:\Program Files\Dell\DellDock\DellDock.exe [2009-6-30 1316192]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2009-12-31 1041920]
McAfee Security Scan Plus.lnk - C:\Program Files (x86)\McAfee Security Scan\2.1.121\SSScheduler.exe [N/A]

C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - C:\Program Files\Dell\DellDock\DellDock.exe [2009-6-30 1316192]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 17:16:28 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 18:27:14 138576]
R2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-09-08 21:32:41 136176]
R3 BrSerIb;Brother MFC Serial Interface Driver(WDM);C:\Windows\system32\DRIVERS\BrSerIb.sys [x]
R3 BrUsbSIb;Brother MFC Serial USB Driver(WDM);C:\Windows\system32\DRIVERS\BrUsbSIb.sys [x]
R3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-09-08 21:32:41 136176]
R3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe [x]
S0 PxHlpa64;PxHlpa64;C:\Windows\System32\Drivers\PxHlpa64.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 16:26:56 14928]
S1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 21:55:18 12368]
S2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 23:38:04 140672]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;C:\Windows\system32\drivers\aswMonFlt.sys [x]
S2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2008-12-18 20:05:28 155648]
S3 Acceler;Accelerometer Service;C:\Windows\system32\DRIVERS\Acceler.sys [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\system32\DRIVERS\CtClsFlt.sys [x]
S3 NETw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\NETw5v64.sys [x]
S3 O2MDGRDR;O2MDGRDR;C:\Windows\system32\DRIVERS\o2mdgx64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys [x]


--- Other Services/Drivers In Memory ---

*NewlyCreated* - WS2IFSL

Contents of the 'Scheduled Tasks' folder

#10 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:03:47 AM

Posted 25 February 2012 - 11:46 PM

Hello,

It looks like the main infection is gone. Lets run a couple other scanners to make sure.



1.
Please download Malwarebytes Anti-Malware and save it to your desktop.
  • Important!! When you save the mbam-setup file, rename it to something random (such as 123abc.exe) before beginning the download.
Malwarebytes may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

  • Make sure you are connected to the Internet and double-click on the renamed file to install the application.
    For instructions with screenshots, please refer to this Guide.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • Malwarebytes will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • Under the Scanner tab, make sure the "Perform Quick Scan" option is selected.
  • Click on the Scan button.
  • When finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box, then click the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked and then click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
  • Exit Malwarebytes when done.
Note: If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.



2.
I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image
      icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.


Things to include in your next reply::
MBAM log
Eset log
How is your machine running now?

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#11 StarkyD

StarkyD
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:03:47 AM

Posted 26 February 2012 - 08:18 AM

Here's the first log. Note: As it was running Avast brought up a Trojan Horse blocked notice. It is reporting the file 80000004.$ in the Original location of c:\windows\assembly\temp\u as being infected with Win64:ZAccess-A[Trj]. After looking in the virus chest I see that it has popped up quite a few times. I have not done anything with this except for Avast automatically moving it in to the viruschest. Anyways, I'll perform Step 2 now but just wanted to alert you to this and try and be as helpful as I can.



Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.02.26.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Diane :: DIANE-PC [administrator]

2/26/2012 8:05:46 AM
mbam-log-2012-02-26 (08-05-46).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 187739
Time elapsed: 3 minute(s),

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#12 StarkyD

StarkyD
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:03:47 AM

Posted 26 February 2012 - 09:37 AM

Below is the ESET log. Avast popped up a warning concerning win32.DNSChanger a couple of time while this was running.

C:\Qoobox\Quarantine\C\Windows\assembly\GAC_32\Desktop.ini.vir Win32/Sirefef.DN trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Windows\assembly\GAC_64\Desktop.ini.vir Win64/Sirefef.G trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Windows\System32\consrv.dll.vir Win64/Sirefef.G trojan cleaned by deleting - quarantined
C:\Users\Diane\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\R419IH5B\giftrewardzcenter_com[1].htm HTML/ScrInject.B.Gen virus deleted - quarantined
C:\Users\Diane\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\25ab7459-5c1f031d Java/TrojanDownloader.OpenStream.NCO trojan deleted - quarantined
Operating memory a variant of Win32/Sirefef.DN trojan

#13 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:03:47 AM

Posted 26 February 2012 - 02:34 PM

Hello,


Please run Combofix again and posts its log. Do you have a Windows 7 Installation discs?

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#14 StarkyD

StarkyD
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:03:47 AM

Posted 26 February 2012 - 04:28 PM

I ran comofix again. It did not have the same issue as last time. After the log popped up, I tried to open FireFox but was given an error. I rebooted and now it won't boot Windows. I get a windows error recovery screen and my options are launch startup repair or start windows normally.

I do not have a Windows 7 install disc.

#15 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:03:47 AM

Posted 26 February 2012 - 05:20 PM

Hello,

Try rebooting a couple of times. If that don't work Go ahead and try startup repair.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users