Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

infected with Trojan Crypt.AQLW


  • This topic is locked This topic is locked
58 replies to this topic

#1 javagal

javagal

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:01:46 AM

Posted 01 March 2012 - 01:19 PM

Hello,

My first post to the forums can be found here;
http://www.bleepingcomputer.com/forums/topic444579.html

I have followed the instructions since that post, and the results are as follows. I should note that I have been unable to enable the Windows Firewall. Also, throughout the scans, AVG has been constantly reporting both the Trojan horse Crypt.AQLW and win32/Sirefef.ER. After each warning, I selected to ignore the warning and did not have AVG move the various .DLL files reported to be infected with the Trojans.

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.19190
Run by NIA at 14:51:29 on 2012-02-29
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\System32\WLTRYSVC.EXE
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\aestsrv.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Windows\system32\STacSV.exe
C:\PROGRA~1\TELEVI~2\bar\1.bin\64barsvc.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Program Files\AVG\AVG10\avgemcx.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\System32\ping.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\NIA\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.bing.com/
uWindow Title = Internet Explorer provided by Dell
uDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=2080628
mSearchAssistant = hxxp://toolbar.inbox.com/search/ie.aspx?tbid=80504&lng=en
mCustomizeSearch = hxxp://toolbar.inbox.com/help/sa_customize.aspx?tbid=80504
uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - c:\program files\ask.com\GenericAskToolbar.dll
uURLSearchHooks: H - No File
uURLSearchHooks: N/A: {0696f815-a3a9-490a-bb14-9ec3350b1276} - c:\program files\televisionfanatic\bar\1.bin\64SrcAs.dll
mURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: RewardsArcade: {597a9974-8cb0-4f41-b61f-ed065738a397} - c:\program files\rewardsarcade\RewardsArcade.dll
BHO: Search Assistant BHO: {5d79f641-c168-40df-a32f-bacea7509e75} - c:\program files\televisionfanatic\bar\1.bin\64SrcAs.dll
BHO: AppGraffiti: {6f6a5334-78e9-4d9b-8182-8b41ea8c39ef} - c:\progra~1\appgra~1\APPGRA~1.DLL
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\10.0.0.7\AVG Secure Search_toolbar.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
BHO: Toolbar BHO: {cb41fc95-f1b3-4797-8bb6-1012ff62abba} - c:\progra~1\televi~2\bar\1.bin\64bar.dll
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\10.0.0.7\AVG Secure Search_toolbar.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: TelevisionFanatic: {c98d5b61-b0ea-4d48-9839-1079d352d880} - c:\program files\televisionfanatic\bar\1.bin\64bar.dll
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [ECenter] c:\dell\e-center\EULALauncher.exe
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [PCMService] "c:\program files\dell\mediadirect\PCMService.exe"
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
mRun: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [<NO NAME>]
mRun: [ROC_roc_dec12] "c:\program files\avg secure search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
mRun: [TelevisionFanatic Search Scope Monitor] "c:\progra~1\televi~2\bar\1.bin\64srchmn.exe" /m=2 /w /h
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
LSP: mswsock.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{EBE5BFAE-EA45-40E9-B60D-C52590071C1B} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{EE75D087-6164-42B5-B41C-CEDC16597FCF} : DhcpNameServer = 68.87.72.134 68.87.77.134
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\10.0.6\ViProtocol.dll
Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll
Notify: igfxcui - igfxdev.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\nia\appdata\roaming\mozilla\firefox\profiles\sdwcokm2.default\
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\5.0.61118.0\npctrlui.dll
FF - plugin: c:\program files\televisionfanatic\bar\1.bin\NP64Stub.dll
FF - plugin: c:\program files\totalrecipesearch_14ei\installr\1.bin\NP14EISb.dll
.
============= SERVICES / DRIVERS ===============
.
R? AVG Security Toolbar Service;AVG Security Toolbar Service
R? CTMMOUNT;Si3114r
R? gupdate;Google Update Service (gupdate)
R? gupdatem;Google Update Service (gupdatem)
R? iksyssec;W800bus
R? MBAMSwissArmy;MBAMSwissArmy
R? symantecantibotfilter;Obvious
R? vet-filt;SE2Emdm
S? AdobeARMservice;Adobe Acrobat Update Service
S? AESTFilters;Andrea ST Filters Service
S? AVGIDSAgent;AVGIDSAgent
S? AVGIDSDriver;AVGIDSDriver
S? AVGIDSEH;AVGIDSEH
S? AVGIDSFilter;AVGIDSFilter
S? AVGIDSShim;AVGIDSShim
S? Avgldx86;AVG AVI Loader Driver
S? Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield
S? Avgrkx86;AVG Anti-Rootkit Driver
S? Avgtdix;AVG TDI Driver
S? avgwd;AVG WatchDog
S? FontCache;Windows Font Cache Service
S? IntcHdmiAddService;Intel® High Definition Audio HDMI Service
S? SBSDWSCService;SBSD Security Center Service
S? TelevisionFanaticService;TelevisionFanaticService
S? vToolbarUpdater;vToolbarUpdater
.
=============== Created Last 30 ================
.
2012-02-29 06:47:58 -------- d-s---w- C:\ComboFix
2012-02-29 05:14:10 256000 ----a-w- c:\windows\PEV.exe
2012-02-29 05:14:10 208896 ----a-w- c:\windows\MBR.exe
2012-02-29 05:14:09 98816 ----a-w- c:\windows\sed.exe
2012-02-29 05:14:09 518144 ----a-w- c:\windows\SWREG.exe
2012-02-29 00:49:47 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-02-28 23:17:38 -------- d-----w- C:\b155bac21a9609f17e0a
2012-02-25 19:29:16 -------- d-sh--w- C:\found.012
2012-02-20 00:39:11 -------- d-sh--w- C:\found.011
2012-02-16 09:04:52 -------- d-----w- C:\1a491c8233f153c8aeff09
2012-02-15 08:42:28 2044416 ----a-w- c:\windows\system32\win32k.sys
2012-02-15 08:42:24 680448 ----a-w- c:\windows\system32\msvcrt.dll
2012-02-14 11:37:38 -------- d-sh--w- C:\found.010
2012-02-12 22:26:41 -------- d-sh--w- C:\found.009
2012-02-07 03:42:49 -------- d-----w- c:\program files\TelevisionFanatic
2012-02-07 03:41:51 -------- d-----w- c:\program files\TelevisionFanaticEI
2012-02-05 15:31:39 0 --sha-w- c:\windows\system32\dds_trash_log.cmd
2012-02-02 10:15:02 -------- d-sh--w- C:\found.008
2012-02-01 07:33:07 -------- d-sh--w- C:\found.007
.
==================== Find3M ====================
.
2011-12-15 19:25:16 826880 ----a-w- c:\users\nia\appdata\roaming\AD61.tmp
2011-12-15 06:22:01 916992 ----a-w- c:\windows\system32\wininet.dll
2011-12-15 06:18:03 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-12-15 06:17:51 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-12-15 06:17:35 71680 ----a-w- c:\windows\system32\iesetup.dll
2011-12-15 06:17:35 109056 ----a-w- c:\windows\system32\iesysprep.dll
2011-12-15 05:21:27 385024 ----a-w- c:\windows\system32\html.iec
2011-12-15 04:45:13 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2011-12-15 04:43:48 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-12-12 00:32:53 826368 ----a-w- c:\users\nia\appdata\roaming\536D.tmp
2011-12-10 21:24:06 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-10 21:20:21 816640 ----a-w- c:\users\nia\appdata\roaming\20F7.tmp
.
============= FINISH: 14:58:10.23 ===============



GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-03-01 11:15:02
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 Hitachi_ rev.BBBO
Running: gmer.exe; Driver: C:\Users\NIA\AppData\Local\Temp\pwldqpow.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwOpenProcess [0xA82727A0]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateProcess [0xA8272848]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateThread [0xA82728E4]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwWriteVirtualMemory [0xA8272980]

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!KeSetEvent + 3F1 820B8B74 4 Bytes [A0, 27, 27, A8]
.text ntkrnlpa.exe!KeSetEvent + 621 820B8DA4 8 Bytes [48, 28, 27, A8, E4, 28, 27, ...]
.text ntkrnlpa.exe!KeSetEvent + 681 820B8E04 4 Bytes [80, 29, 27, A8]
? C:\Users\NIA\AppData\Local\Temp\mbr.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Windows\system32\svchost.exe[1256] ntdll.dll!NtProtectVirtualMemory 779A4BA4 5 Bytes JMP 0114000A
.text C:\Windows\system32\svchost.exe[1256] ntdll.dll!NtWriteVirtualMemory 779A54E4 5 Bytes JMP 011F000A
.text C:\Windows\system32\svchost.exe[1256] ntdll.dll!KiUserExceptionDispatcher 779A5C28 5 Bytes JMP 010F000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[3008] ntdll.dll!LdrLoadDll 77969378 5 Bytes JMP 64BD5B60 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Windows\System32\ping.exe[5232] ntdll.dll!NtCreateProcess 779A4304 5 Bytes JMP 004F000A
.text C:\Windows\System32\ping.exe[5232] ntdll.dll!NtCreateProcessEx 779A4314 5 Bytes JMP 0050000A
.text C:\Windows\System32\ping.exe[5232] ntdll.dll!NtProtectVirtualMemory 779A4BA4 5 Bytes JMP 0021000A
.text C:\Windows\System32\ping.exe[5232] ntdll.dll!NtWriteVirtualMemory 779A54E4 5 Bytes JMP 0043000A
.text C:\Windows\System32\ping.exe[5232] ntdll.dll!NtCreateUserProcess 779A5674 5 Bytes JMP 0051000A
.text C:\Windows\System32\ping.exe[5232] ntdll.dll!KiUserExceptionDispatcher 779A5C28 5 Bytes JMP 0020000A
.text C:\Windows\System32\ping.exe[5232] USER32.dll!WindowFromPoint 76FF884F 5 Bytes JMP 00CF000A
.text C:\Windows\System32\ping.exe[5232] USER32.dll!GetForegroundWindow 770032C4 5 Bytes JMP 00D4000A
.text C:\Windows\System32\ping.exe[5232] USER32.dll!GetCursorPos 77010B88 5 Bytes JMP 00CE000A
.text C:\Windows\System32\ping.exe[5232] ole32.dll!CoCreateInstance 75909F3E 5 Bytes JMP 00CD000A

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )

---- Modules - GMER 1.0.15 ----

Module (noname) (*** hidden *** ) 8AFB2000-8AFC8000 (90112 bytes)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost@netsvcs AeLookupSvc?wercplsupport?Themes?CertPropSvc?SCPolicySvc?lanmanserver?gpsvc?IKEEXT?AudioSrv?FastUserSwitchingCompatibility?Ias?Irmon?Nla?Ntmssvc?NWCWorkstation?Nwsapagent?Rasauto?Rasman?Remoteaccess?SENS?Sharedaccess?SRService?quickhealfirewall?se27nd5?ser2pl?Spsmqvsm?epstnt01?CoachAud?AsusACPI?RTL8169?hcmon?dot4usb?wlidsvc?PNDIS5?w800obex?w800mdm?uclauncherservice?CcmExec?HPFECP20?cvspydr2?avidstartup?mrvw245?pfc?winvnc4?RadProbe?nimxdfk?netsvc?oraclesnmppeerencapsulator?ati2mtaa?nvcap?s116obex?RR2Mjpeg?maya70docserver?backupexecalertserver?w810bus?ithsgt?sscdmdm?wwnetdde?netmnt?remotelyanywhere?usbaudio?s616mdm?nimdbgk?AffinegyService?A88xXBar?quickbooksdb?msmpsvc?vet-filt?cm102u32?szkg?e1000?lvckap?JiaoCap?WUSB54GCSVC?USBCCID?pdlndsdl?sysmgmthp?ghostsec?db2remotecmd?w200mgmt?nwcworkstation?entech?lexbces?zpaction?WINIO?CTERFXFX.DLL?epfw?ventrilo?adsexpb?smapint?mediamaxxlservice?smservauth?s7otranx?speakerphone?lvmvdrv?tosrfsnd?nipxirmu?xpagentserver?pcampr5?cmuda3?RR2IOMod?XTrapD12?MA8032M?USR1806V?NETw3

---- Files - GMER 1.0.15 ----

File C:\Windows\$NtUninstallKB60278$\2040002695 0 bytes
File C:\Windows\$NtUninstallKB60278$\3241749071 0 bytes
File C:\Windows\$NtUninstallKB60278$\3241749071\@ 2048 bytes
File C:\Windows\$NtUninstallKB60278$\3241749071\bckfg.tmp 854 bytes
File C:\Windows\$NtUninstallKB60278$\3241749071\cfg.ini 375 bytes
File C:\Windows\$NtUninstallKB60278$\3241749071\Desktop.ini 4608 bytes
File C:\Windows\$NtUninstallKB60278$\3241749071\keywords 153 bytes
File C:\Windows\$NtUninstallKB60278$\3241749071\kwrd.dll 223744 bytes
File C:\Windows\$NtUninstallKB60278$\3241749071\L 0 bytes
File C:\Windows\$NtUninstallKB60278$\3241749071\L\qnbwvoto 54784 bytes
File C:\Windows\$NtUninstallKB60278$\3241749071\lsflt7.ver 5176 bytes
File C:\Windows\$NtUninstallKB60278$\3241749071\oemid 184 bytes
File C:\Windows\$NtUninstallKB60278$\3241749071\U 0 bytes
File C:\Windows\$NtUninstallKB60278$\3241749071\U\00000001.@ 2048 bytes
File C:\Windows\$NtUninstallKB60278$\3241749071\U\00000002.@ 224768 bytes
File C:\Windows\$NtUninstallKB60278$\3241749071\U\00000004.@ 1024 bytes
File C:\Windows\$NtUninstallKB60278$\3241749071\U\80000000.@ 66560 bytes
File C:\Windows\$NtUninstallKB60278$\3241749071\U\80000004.@ 12800 bytes
File C:\Windows\$NtUninstallKB60278$\3241749071\U\80000032.@ 73216 bytes
File C:\Windows\$NtUninstallKB60278$\3241749071\version 842 bytes
File C:\Windows\System32\aexnsclient.dll 5632 bytes executable
File C:\Windows\System32\aspi32.dll 5632 bytes executable
File C:\Windows\System32\bmuservice.dll 5632 bytes executable
File C:\Windows\System32\cdr4_2k.dll 5632 bytes executable
File C:\Windows\System32\clsched.dll 5632 bytes executable
File C:\Windows\System32\CTHWIUT.DLL.dll 5632 bytes executable
File C:\Windows\System32\cwafadmincontroller.dll 5632 bytes executable
File C:\Windows\System32\hf30service.dll 5632 bytes executable
File C:\Windows\System32\igateway.dll 5632 bytes executable
File C:\Windows\System32\Memctl.dll 5632 bytes executable
File C:\Windows\System32\netmnt.dll 5632 bytes executable
File C:\Windows\System32\NetTcpActivator.dll 5632 bytes executable
File C:\Windows\System32\personalsecuredriveservice.dll 5632 bytes executable
File C:\Windows\System32\qkbfiltr.dll 5632 bytes executable
File C:\Windows\System32\se58mgmt.dll 5632 bytes executable
File C:\Windows\System32\SimpTcp.dll 5632 bytes executable
File C:\Windows\System32\SNMP.dll 5632 bytes executable
File C:\Windows\System32\timounter.dll 5632 bytes executable
File C:\Windows\System32\USB11LDR.dll 5632 bytes executable
File C:\Windows\System32\usbvm321.dll 5632 bytes executable
File C:\Windows\System32\wanarp.dll 5632 bytes executable
File C:\Windows\System32\websensecommunicationagent.dll 5632 bytes executable
File C:\Windows\System32\wg6n.dll 5632 bytes executable
File C:\Windows\System32\wudfrd.dll 5632 bytes executable
File C:\Windows\System32\addfiltr.dll 5632 bytes executable

---- EOF - GMER 1.0.15 ----



The GMER took over 10 hours to finish, and it appeared to have stalled in the evening. However, I saved a report and proceed to close the program, and it indicated that it was still running, so I left it continue scanning overnight, with the Internet disabled. Leaving the Internet disabled seemed to stop the AVG warnings from appearing. In the morning, GMER reported "Warning!!! GMER has found modification caused by ROOTKIT activity". I clicked ok, and saved a new report.

While preparing this post, the computer auto rebooted several twice, due to "Windows problem... and at the bottom of the screen there was indication of "initializing crash bug report or something". Firewall remains disabled, and pop-up warnings continue from AVG. It should also be noted that in the event I will need to run more scans, AVG is only able to be disabled for a max of 15 mins., so any longer, I will probably have to uninstall it. Lastly, I have kept a list of all the .DLL files that are reported to be infected.

Thank you in advance for any help that you can offer me.

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:46 AM

Posted 02 March 2012 - 02:31 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.
  • Do not run any other tool untill instructed to do so!


Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 javagal

javagal
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:01:46 AM

Posted 02 March 2012 - 11:24 AM

Hi Gringo! Thank you so much for your quick reply and offer to help me.

Before I attempt another run of Combofix, I wonder if you saw my first post here on the forums (link included in my most recent post), that explains the results I had after trying to run this program two times. Do you suggest I try to run it again? Perhaps after uninstalling AVG (because it can only be disabled for 15 mins)? I had received a warning from Combofix the first time it was run, that AVG was still active, even after I went into the AVG settings and disabled it for the max 15 mins. as well as disabling the real time monitoring and resident shield, but I ran it anyway. Your suggestion on this would be much appreciated :)

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:46 AM

Posted 02 March 2012 - 01:58 PM

Hello

Ok lets try this, I want you to run combofix in safe mode but it is very important that when combofix reboots the computer for you to direct it back into safe mode so it can finish the scan.

Boot into Safe Mode

Reboot your computer in Safe Mode.
  • If the computer is running, shut down Windows, and then turn off the power.
  • Wait 30 seconds, and then turn the computer on.
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe Mode option is selected.
  • Press Enter. The computer then begins to start in Safe mode.
  • Login on your usual account.

after combofix has finished its scan please post the report back here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 javagal

javagal
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:01:46 AM

Posted 02 March 2012 - 05:17 PM

While in safemode, I proceeded to initiate Combofix (run as administrator). Program reported that AVG was active, although I found no way to disable it in safemode (only option was to run av scan). I proceed with running Combo fix, and received the following notices;

"Access Denied. Administration permissions need to use the selected options. Use an administrator command prompt to complete these tasks."

Program then proceeded with creating restore point, and then "scanning for infected files"...

I let it run for 20 mins...but, no other indication that it was doing anything.

I stopped Combofix.
Rebooted to regular Windows.
Uninstalled AVG.
Rebooted to safemode.
Ran Combofix, and received the same message "Access Denied". Then again, that AVG was active?? Scan then proceeded, although no indication of anything happening.
Rebooted to regular mode. Confirmed that AVG was not installed.
Ran Combofix in regular mode, but after 45 mins, it is still at the same screen "scanning for infected files, this typically doesn't take more than 10 mins...". I will leave the scan to continue until I hear back from you.

I should also mention that occasionally, I am getting windows error "trash bin is corrupt, do you want to empty", and each time, I select "yes", and error goes away.

#6 javagal

javagal
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:01:46 AM

Posted 02 March 2012 - 07:45 PM

So, I had intended on allowing the scan to continue until I heard back from you, but approx. 2 hours into the scan (with no indication that it was actually doing anything), the PC reboot (without any type of Windows error). I opted to try another scan in regular mode, but it looks like it's not doing anything ... "scanning for infected files"... and it has been at this stage for a little over an hour.

I believe the trash can error comes about, just after a reboot.

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:46 AM

Posted 02 March 2012 - 08:14 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 javagal

javagal
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:01:46 AM

Posted 02 March 2012 - 09:39 PM

I seemed to have no problems with these two scans, although I'm not totally certain the aswMBR was finished, as it gave no indication of it. After saving it's log file, the program also put an MBR,dat file on the desktop as well. If it looks like the log is not complete, please let me know and I will run it again.

By the way, I have not been able to get a successful scan with Combofix.

Here are the results of the two scans;

20:02:00.0042 3572 TDSS rootkit removing tool 2.7.18.0 Mar 2 2012 09:40:07
20:02:00.0525 3572 ============================================================
20:02:00.0525 3572 Current date / time: 2012/03/02 20:02:00.0525
20:02:00.0525 3572 SystemInfo:
20:02:00.0525 3572
20:02:00.0525 3572 OS Version: 6.0.6002 ServicePack: 2.0
20:02:00.0525 3572 Product type: Workstation
20:02:00.0525 3572 ComputerName: NIA-PC
20:02:00.0525 3572 UserName: NIA
20:02:00.0525 3572 Windows directory: C:\Windows
20:02:00.0525 3572 System windows directory: C:\Windows
20:02:00.0525 3572 Processor architecture: Intel x86
20:02:00.0525 3572 Number of processors: 1
20:02:00.0525 3572 Page size: 0x1000
20:02:00.0525 3572 Boot type: Normal boot
20:02:00.0525 3572 ============================================================
20:02:01.0617 3572 Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
20:02:01.0617 3572 \Device\Harddisk0\DR0:
20:02:01.0617 3572 MBR used
20:02:01.0617 3572 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1388000
20:02:01.0617 3572 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x139C000, BlocksNum 0x7C730A8
20:02:02.0054 3572 Initialize success
20:02:02.0054 3572 ============================================================
20:02:28.0278 3232 ============================================================
20:02:28.0278 3232 Scan started
20:02:28.0278 3232 Mode: Manual;
20:02:28.0278 3232 ============================================================
20:02:29.0338 3232 328ba5fc - ok
20:02:29.0448 3232 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
20:02:29.0448 3232 ACPI - ok
20:02:29.0557 3232 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
20:02:29.0572 3232 adp94xx - ok
20:02:29.0697 3232 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
20:02:29.0697 3232 adpahci - ok
20:02:29.0791 3232 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
20:02:29.0791 3232 adpu160m - ok
20:02:29.0822 3232 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
20:02:29.0822 3232 adpu320 - ok
20:02:29.0994 3232 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
20:02:30.0009 3232 AFD - ok
20:02:30.0103 3232 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
20:02:30.0103 3232 agp440 - ok
20:02:30.0150 3232 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
20:02:30.0150 3232 aic78xx - ok
20:02:30.0352 3232 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
20:02:30.0352 3232 aliide - ok
20:02:30.0571 3232 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
20:02:30.0571 3232 amdagp - ok
20:02:30.0602 3232 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
20:02:30.0602 3232 amdide - ok
20:02:30.0649 3232 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
20:02:30.0649 3232 AmdK7 - ok
20:02:30.0774 3232 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
20:02:30.0774 3232 AmdK8 - ok
20:02:30.0836 3232 ApfiltrService (a80230bd04f0b8bf05185b369bb1cbb8) C:\Windows\system32\DRIVERS\Apfiltr.sys
20:02:30.0836 3232 ApfiltrService - ok
20:02:30.0883 3232 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
20:02:30.0898 3232 arc - ok
20:02:30.0930 3232 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
20:02:30.0930 3232 arcsas - ok
20:02:31.0117 3232 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
20:02:31.0117 3232 AsyncMac - ok
20:02:31.0148 3232 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
20:02:31.0148 3232 atapi - ok
20:02:31.0210 3232 BCM42RLY - ok
20:02:31.0288 3232 BCM43XX (cdf7f28ffd693b1b4137845dd1ef1ccc) C:\Windows\system32\DRIVERS\bcmwl6.sys
20:02:31.0320 3232 BCM43XX - ok
20:02:31.0507 3232 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
20:02:31.0522 3232 Beep - ok
20:02:31.0569 3232 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
20:02:31.0569 3232 blbdrive - ok
20:02:31.0616 3232 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
20:02:31.0616 3232 bowser - ok
20:02:31.0772 3232 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
20:02:31.0772 3232 BrFiltLo - ok
20:02:31.0803 3232 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
20:02:31.0803 3232 BrFiltUp - ok
20:02:31.0866 3232 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
20:02:31.0866 3232 Brserid - ok
20:02:31.0912 3232 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
20:02:31.0912 3232 BrSerWdm - ok
20:02:32.0022 3232 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
20:02:32.0022 3232 BrUsbMdm - ok
20:02:32.0115 3232 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
20:02:32.0115 3232 BrUsbSer - ok
20:02:32.0209 3232 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
20:02:32.0209 3232 BTHMODEM - ok
20:02:32.0302 3232 catchme - ok
20:02:32.0427 3232 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
20:02:32.0443 3232 cdfs - ok
20:02:32.0505 3232 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
20:02:32.0505 3232 cdrom - ok
20:02:32.0552 3232 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
20:02:32.0568 3232 circlass - ok
20:02:32.0692 3232 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
20:02:32.0708 3232 CLFS - ok
20:02:32.0864 3232 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
20:02:32.0864 3232 CmBatt - ok
20:02:32.0911 3232 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
20:02:32.0911 3232 cmdide - ok
20:02:33.0004 3232 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
20:02:33.0004 3232 Compbatt - ok
20:02:33.0176 3232 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
20:02:33.0176 3232 crcdisk - ok
20:02:33.0223 3232 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
20:02:33.0223 3232 Crusoe - ok
20:02:33.0488 3232 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
20:02:33.0488 3232 DfsC - ok
20:02:33.0660 3232 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
20:02:33.0660 3232 disk - ok
20:02:33.0800 3232 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
20:02:33.0800 3232 drmkaud - ok
20:02:33.0878 3232 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
20:02:33.0894 3232 DXGKrnl - ok
20:02:34.0065 3232 e1express (908ed85b7806e8af3af5e9b74f7809d4) C:\Windows\system32\DRIVERS\e1e6032.sys
20:02:34.0065 3232 e1express - ok
20:02:34.0112 3232 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
20:02:34.0112 3232 E1G60 - ok
20:02:34.0206 3232 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
20:02:34.0206 3232 Ecache - ok
20:02:34.0455 3232 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
20:02:34.0486 3232 elxstor - ok
20:02:34.0549 3232 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
20:02:34.0549 3232 ErrDev - ok
20:02:34.0783 3232 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
20:02:34.0783 3232 exfat - ok
20:02:34.0861 3232 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
20:02:34.0861 3232 fastfat - ok
20:02:34.0908 3232 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
20:02:34.0908 3232 fdc - ok
20:02:35.0079 3232 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
20:02:35.0079 3232 FileInfo - ok
20:02:35.0110 3232 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
20:02:35.0110 3232 Filetrace - ok
20:02:35.0157 3232 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
20:02:35.0157 3232 flpydisk - ok
20:02:35.0204 3232 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
20:02:35.0220 3232 FltMgr - ok
20:02:35.0360 3232 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
20:02:35.0360 3232 Fs_Rec - ok
20:02:35.0407 3232 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
20:02:35.0407 3232 gagp30kx - ok
20:02:35.0547 3232 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
20:02:35.0563 3232 HDAudBus - ok
20:02:35.0719 3232 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
20:02:35.0719 3232 HidBth - ok
20:02:35.0750 3232 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
20:02:35.0750 3232 HidIr - ok
20:02:35.0828 3232 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
20:02:35.0828 3232 HidUsb - ok
20:02:36.0000 3232 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
20:02:36.0000 3232 HpCISSs - ok
20:02:36.0078 3232 HSF_DPV (e9e589c9ab799f52e18f057635a2b362) C:\Windows\system32\DRIVERS\HSX_DPV.sys
20:02:36.0093 3232 HSF_DPV - ok
20:02:36.0249 3232 HSXHWAZL (7845d2385f4dc7dfb3ccaf0c2fa4948e) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
20:02:36.0249 3232 HSXHWAZL - ok
20:02:36.0327 3232 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
20:02:36.0343 3232 HTTP - ok
20:02:36.0499 3232 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
20:02:36.0499 3232 i2omp - ok
20:02:36.0546 3232 i8042prt (a33d35e459f09e2971c1b31b1c292a8c) C:\Windows\system32\DRIVERS\i8042prt.sys
20:02:36.0546 3232 i8042prt ( Virus.Win32.ZAccess.k ) - infected
20:02:36.0546 3232 i8042prt - detected Virus.Win32.ZAccess.k (0)
20:02:36.0608 3232 iaStor (997e8f5939f2d12cd9f2e6b395724c16) C:\Windows\system32\drivers\iastor.sys
20:02:36.0608 3232 iaStor - ok
20:02:36.0764 3232 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
20:02:36.0764 3232 iaStorV - ok
20:02:36.0904 3232 igfx (c134e69ce901422d1f2d7ea8d69098fe) C:\Windows\system32\DRIVERS\igdkmd32.sys
20:02:36.0936 3232 igfx - ok
20:02:37.0092 3232 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
20:02:37.0092 3232 iirsp - ok
20:02:37.0154 3232 IntcHdmiAddService (98d303ccb3415e9202e82043b37d66dc) C:\Windows\system32\drivers\IntcHdmi.sys
20:02:37.0154 3232 IntcHdmiAddService - ok
20:02:37.0185 3232 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\DRIVERS\intelide.sys
20:02:37.0185 3232 intelide - ok
20:02:37.0404 3232 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
20:02:37.0404 3232 intelppm - ok
20:02:37.0450 3232 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:02:37.0450 3232 IpFilterDriver - ok
20:02:37.0482 3232 IpInIp - ok
20:02:37.0513 3232 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
20:02:37.0513 3232 IPMIDRV - ok
20:02:37.0684 3232 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
20:02:37.0684 3232 IPNAT - ok
20:02:37.0731 3232 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
20:02:37.0731 3232 IRENUM - ok
20:02:37.0778 3232 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
20:02:37.0778 3232 isapnp - ok
20:02:37.0840 3232 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
20:02:37.0840 3232 iScsiPrt - ok
20:02:37.0996 3232 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
20:02:37.0996 3232 iteatapi - ok
20:02:38.0043 3232 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
20:02:38.0043 3232 iteraid - ok
20:02:38.0090 3232 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
20:02:38.0090 3232 kbdclass - ok
20:02:38.0121 3232 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\DRIVERS\kbdhid.sys
20:02:38.0121 3232 kbdhid - ok
20:02:38.0308 3232 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
20:02:38.0324 3232 KSecDD - ok
20:02:38.0558 3232 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
20:02:38.0558 3232 lltdio - ok
20:02:38.0636 3232 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
20:02:38.0636 3232 LSI_FC - ok
20:02:38.0698 3232 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
20:02:38.0698 3232 LSI_SAS - ok
20:02:38.0745 3232 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
20:02:38.0745 3232 LSI_SCSI - ok
20:02:38.0901 3232 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
20:02:38.0917 3232 luafv - ok
20:02:39.0010 3232 MBAMSwissArmy (0db7527db188c7d967a37bb51bbf3963) C:\Windows\system32\drivers\mbamswissarmy.sys
20:02:39.0010 3232 MBAMSwissArmy - ok
20:02:39.0198 3232 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
20:02:39.0198 3232 mdmxsdk - ok
20:02:39.0276 3232 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
20:02:39.0276 3232 megasas - ok
20:02:39.0322 3232 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
20:02:39.0322 3232 MegaSR - ok
20:02:39.0494 3232 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
20:02:39.0494 3232 Modem - ok
20:02:39.0525 3232 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
20:02:39.0525 3232 monitor - ok
20:02:39.0588 3232 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
20:02:39.0588 3232 mouclass - ok
20:02:39.0619 3232 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
20:02:39.0634 3232 mouhid - ok
20:02:39.0666 3232 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
20:02:39.0681 3232 MountMgr - ok
20:02:39.0822 3232 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
20:02:39.0837 3232 mpio - ok
20:02:39.0868 3232 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
20:02:39.0868 3232 mpsdrv - ok
20:02:39.0915 3232 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
20:02:39.0915 3232 Mraid35x - ok
20:02:39.0978 3232 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
20:02:39.0978 3232 MRxDAV - ok
20:02:40.0165 3232 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
20:02:40.0180 3232 mrxsmb - ok
20:02:40.0227 3232 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:02:40.0227 3232 mrxsmb10 - ok
20:02:40.0274 3232 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:02:40.0290 3232 mrxsmb20 - ok
20:02:40.0461 3232 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
20:02:40.0461 3232 msahci - ok
20:02:40.0508 3232 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
20:02:40.0508 3232 msdsm - ok
20:02:40.0555 3232 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
20:02:40.0555 3232 Msfs - ok
20:02:40.0602 3232 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
20:02:40.0602 3232 msisadrv - ok
20:02:40.0695 3232 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
20:02:40.0695 3232 MSKSSRV - ok
20:02:40.0804 3232 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
20:02:40.0804 3232 MSPCLOCK - ok
20:02:40.0851 3232 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
20:02:40.0851 3232 MSPQM - ok
20:02:40.0898 3232 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
20:02:40.0898 3232 MsRPC - ok
20:02:41.0007 3232 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
20:02:41.0007 3232 mssmbios - ok
20:02:41.0132 3232 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
20:02:41.0132 3232 MSTEE - ok
20:02:41.0257 3232 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
20:02:41.0257 3232 Mup - ok
20:02:41.0366 3232 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
20:02:41.0366 3232 NativeWifiP - ok
20:02:41.0428 3232 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
20:02:41.0444 3232 NDIS - ok
20:02:41.0553 3232 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
20:02:41.0553 3232 NdisTapi - ok
20:02:41.0616 3232 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
20:02:41.0616 3232 Ndisuio - ok
20:02:41.0678 3232 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
20:02:41.0678 3232 NdisWan - ok
20:02:41.0803 3232 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
20:02:41.0803 3232 NDProxy - ok
20:02:41.0865 3232 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
20:02:41.0865 3232 NetBIOS - ok
20:02:41.0928 3232 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
20:02:41.0928 3232 netbt - ok
20:02:42.0115 3232 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
20:02:42.0115 3232 nfrd960 - ok
20:02:42.0224 3232 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
20:02:42.0224 3232 Npfs - ok
20:02:42.0380 3232 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
20:02:42.0380 3232 nsiproxy - ok
20:02:42.0505 3232 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
20:02:42.0520 3232 Ntfs - ok
20:02:42.0676 3232 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
20:02:42.0676 3232 ntrigdigi - ok
20:02:42.0723 3232 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
20:02:42.0723 3232 Null - ok
20:02:42.0770 3232 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
20:02:42.0786 3232 nvraid - ok
20:02:42.0817 3232 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
20:02:42.0817 3232 nvstor - ok
20:02:42.0864 3232 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
20:02:42.0879 3232 nv_agp - ok
20:02:43.0004 3232 NwlnkFlt - ok
20:02:43.0035 3232 NwlnkFwd - ok
20:02:43.0113 3232 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
20:02:43.0113 3232 ohci1394 - ok
20:02:43.0238 3232 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
20:02:43.0254 3232 Parport - ok
20:02:43.0394 3232 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
20:02:43.0410 3232 partmgr - ok
20:02:43.0441 3232 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
20:02:43.0441 3232 Parvdm - ok
20:02:43.0488 3232 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
20:02:43.0503 3232 pci - ok
20:02:43.0690 3232 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
20:02:43.0690 3232 pciide - ok
20:02:43.0737 3232 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
20:02:43.0753 3232 pcmcia - ok
20:02:43.0815 3232 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
20:02:43.0831 3232 PEAUTH - ok
20:02:44.0065 3232 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
20:02:44.0065 3232 PptpMiniport - ok
20:02:44.0158 3232 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
20:02:44.0158 3232 Processor - ok
20:02:44.0205 3232 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
20:02:44.0205 3232 PSched - ok
20:02:44.0346 3232 PxHelp20 (03e0fe281823ba64b3782f5b38950e73) C:\Windows\system32\Drivers\PxHelp20.sys
20:02:44.0346 3232 PxHelp20 - ok
20:02:44.0439 3232 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
20:02:44.0470 3232 ql2300 - ok
20:02:44.0611 3232 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
20:02:44.0626 3232 ql40xx - ok
20:02:44.0720 3232 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
20:02:44.0720 3232 QWAVEdrv - ok
20:02:44.0954 3232 R300 (e642b131fb74caf4bb8a014f31113142) C:\Windows\system32\DRIVERS\atikmdag.sys
20:02:45.0032 3232 R300 - ok
20:02:45.0219 3232 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
20:02:45.0219 3232 RasAcd - ok
20:02:45.0282 3232 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
20:02:45.0282 3232 Rasl2tp - ok
20:02:45.0360 3232 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
20:02:45.0360 3232 RasPppoe - ok
20:02:45.0469 3232 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
20:02:45.0484 3232 RasSstp - ok
20:02:45.0562 3232 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
20:02:45.0562 3232 rdbss - ok
20:02:45.0609 3232 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
20:02:45.0609 3232 RDPCDD - ok
20:02:45.0734 3232 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
20:02:45.0750 3232 rdpdr - ok
20:02:45.0796 3232 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
20:02:45.0796 3232 RDPENCDD - ok
20:02:45.0968 3232 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
20:02:45.0968 3232 RDPWD - ok
20:02:46.0062 3232 rimmptsk (355aac141b214bef1dbc1483afd9bd50) C:\Windows\system32\DRIVERS\rimmptsk.sys
20:02:46.0062 3232 rimmptsk - ok
20:02:46.0093 3232 rimsptsk (a4216c71dd4f60b26418ccfd99cd0815) C:\Windows\system32\DRIVERS\rimsptsk.sys
20:02:46.0093 3232 rimsptsk - ok
20:02:46.0218 3232 rismxdp (d231b577024aa324af13a42f3a807d10) C:\Windows\system32\DRIVERS\rixdptsk.sys
20:02:46.0218 3232 rismxdp - ok
20:02:46.0358 3232 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
20:02:46.0358 3232 rspndr - ok
20:02:46.0498 3232 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
20:02:46.0498 3232 sbp2port - ok
20:02:46.0654 3232 sdbus (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys
20:02:46.0670 3232 sdbus - ok
20:02:46.0857 3232 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
20:02:46.0857 3232 secdrv - ok
20:02:47.0029 3232 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
20:02:47.0029 3232 Serenum - ok
20:02:47.0107 3232 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
20:02:47.0122 3232 Serial - ok
20:02:47.0200 3232 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
20:02:47.0200 3232 sermouse - ok
20:02:47.0263 3232 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
20:02:47.0263 3232 sffdisk - ok
20:02:47.0372 3232 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
20:02:47.0372 3232 sffp_mmc - ok
20:02:47.0450 3232 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
20:02:47.0450 3232 sffp_sd - ok
20:02:47.0481 3232 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
20:02:47.0481 3232 sfloppy - ok
20:02:47.0653 3232 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
20:02:47.0653 3232 sisagp - ok
20:02:47.0731 3232 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
20:02:47.0731 3232 SiSRaid2 - ok
20:02:47.0762 3232 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
20:02:47.0762 3232 SiSRaid4 - ok
20:02:47.0902 3232 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
20:02:47.0902 3232 Smb - ok
20:02:48.0090 3232 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
20:02:48.0090 3232 spldr - ok
20:02:48.0261 3232 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
20:02:48.0277 3232 srv - ok
20:02:48.0433 3232 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
20:02:48.0448 3232 srv2 - ok
20:02:48.0542 3232 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
20:02:48.0542 3232 srvnet - ok
20:02:48.0776 3232 STHDA (6a2a5e809c2c0178326d92b19ee4aad3) C:\Windows\system32\drivers\stwrt.sys
20:02:48.0776 3232 STHDA - ok
20:02:48.0963 3232 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
20:02:48.0979 3232 swenum - ok
20:02:49.0072 3232 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
20:02:49.0072 3232 Symc8xx - ok
20:02:49.0104 3232 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
20:02:49.0104 3232 Sym_hi - ok
20:02:49.0275 3232 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
20:02:49.0275 3232 Sym_u3 - ok
20:02:49.0384 3232 Tcpip (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
20:02:49.0400 3232 Tcpip - ok
20:02:49.0603 3232 Tcpip6 (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
20:02:49.0618 3232 Tcpip6 - ok
20:02:49.0759 3232 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
20:02:49.0774 3232 tcpipreg - ok
20:02:49.0837 3232 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
20:02:49.0837 3232 TDPIPE - ok
20:02:49.0899 3232 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
20:02:49.0899 3232 TDTCP - ok
20:02:50.0055 3232 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
20:02:50.0055 3232 tdx - ok
20:02:50.0102 3232 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
20:02:50.0102 3232 TermDD - ok
20:02:50.0211 3232 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
20:02:50.0211 3232 tssecsrv - ok
20:02:50.0383 3232 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
20:02:50.0398 3232 tunmp - ok
20:02:50.0414 3232 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
20:02:50.0414 3232 tunnel - ok
20:02:50.0461 3232 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
20:02:50.0461 3232 uagp35 - ok
20:02:50.0539 3232 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
20:02:50.0539 3232 udfs - ok
20:02:50.0726 3232 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
20:02:50.0726 3232 uliagpkx - ok
20:02:50.0757 3232 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
20:02:50.0773 3232 uliahci - ok
20:02:50.0804 3232 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
20:02:50.0804 3232 UlSata - ok
20:02:50.0851 3232 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
20:02:50.0851 3232 ulsata2 - ok
20:02:51.0054 3232 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
20:02:51.0054 3232 umbus - ok
20:02:51.0132 3232 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
20:02:51.0132 3232 usbccgp - ok
20:02:51.0210 3232 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
20:02:51.0210 3232 usbcir - ok
20:02:51.0256 3232 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
20:02:51.0256 3232 usbehci - ok
20:02:51.0412 3232 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
20:02:51.0412 3232 usbhub - ok
20:02:51.0475 3232 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
20:02:51.0475 3232 usbohci - ok
20:02:51.0537 3232 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
20:02:51.0537 3232 usbprint - ok
20:02:51.0568 3232 USBSTOR - ok
20:02:51.0615 3232 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
20:02:51.0615 3232 usbuhci - ok
20:02:51.0787 3232 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
20:02:51.0787 3232 vga - ok
20:02:51.0818 3232 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
20:02:51.0818 3232 VgaSave - ok
20:02:51.0865 3232 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
20:02:51.0865 3232 viaagp - ok
20:02:51.0896 3232 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
20:02:51.0896 3232 ViaC7 - ok
20:02:51.0912 3232 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
20:02:51.0912 3232 viaide - ok
20:02:52.0083 3232 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
20:02:52.0083 3232 volmgr - ok
20:02:52.0146 3232 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
20:02:52.0146 3232 volmgrx - ok
20:02:52.0224 3232 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
20:02:52.0224 3232 volsnap - ok
20:02:52.0380 3232 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
20:02:52.0380 3232 vsmraid - ok
20:02:52.0489 3232 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
20:02:52.0489 3232 WacomPen - ok
20:02:52.0536 3232 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
20:02:52.0536 3232 Wanarp - ok
20:02:52.0536 3232 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
20:02:52.0536 3232 Wanarpv6 - ok
20:02:52.0598 3232 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
20:02:52.0598 3232 Wd - ok
20:02:52.0785 3232 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
20:02:52.0785 3232 Wdf01000 - ok
20:02:52.0988 3232 winachsf (4daca8f07537d4d7e3534bb99294aa26) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
20:02:53.0004 3232 winachsf - ok
20:02:53.0316 3232 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
20:02:53.0316 3232 WmiAcpi - ok
20:02:53.0440 3232 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
20:02:53.0440 3232 ws2ifsl - ok
20:02:53.0550 3232 XAudio (5a7ff9a18ff6d7e0527fe3abf9204ef8) C:\Windows\system32\DRIVERS\xaudio.sys
20:02:53.0550 3232 XAudio - ok
20:02:53.0768 3232 yukonwlh (04e268adfc81964c49dc0c082d520f7e) C:\Windows\system32\DRIVERS\yk60x86.sys
20:02:53.0768 3232 yukonwlh - ok
20:02:53.0846 3232 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
20:02:53.0893 3232 \Device\Harddisk0\DR0 - ok
20:02:53.0940 3232 Boot (0x1200) (1c87bb41b794aa77b498067de1159056) \Device\Harddisk0\DR0\Partition0
20:02:53.0940 3232 \Device\Harddisk0\DR0\Partition0 - ok
20:02:53.0955 3232 Boot (0x1200) (42192aa0e20861c98d41283e78a32509) \Device\Harddisk0\DR0\Partition1
20:02:53.0955 3232 \Device\Harddisk0\DR0\Partition1 - ok
20:02:53.0955 3232 ============================================================
20:02:53.0955 3232 Scan finished
20:02:53.0955 3232 ============================================================
20:02:53.0971 2552 Detected object count: 1
20:02:53.0971 2552 Actual detected object count: 1
20:03:45.0763 2552 C:\Windows\system32\DRIVERS\i8042prt.sys - copied to quarantine
20:03:45.0778 2552 VerifyFileNameVersionInfo: GetFileVersionInfoSizeW(C:\Windows\system32\drivers\i8042prt.sys) error 1813
20:03:59.0943 2552 Backup copy not found, trying to cure infected file..
20:03:59.0990 2552 Cure success, using it..
20:04:00.0006 2552 C:\Windows\system32\DRIVERS\i8042prt.sys - will be cured on reboot
20:04:06.0121 2552 i8042prt ( Virus.Win32.ZAccess.k ) - User select action: Cure
20:04:33.0468 1280 Deinitialize success





aswMBR version 0.9.9.1649 Copyright© 2011 AVAST Software
Run date: 2012-03-02 20:11:36
-----------------------------
20:11:36.512 OS Version: Windows 6.0.6002 Service Pack 2
20:11:36.512 Number of processors: 1 586 0x1601
20:11:36.512 ComputerName: NIA-PC UserName: NIA
20:11:38.587 Initialize success
20:15:06.086 AVAST engine defs: 12030201
20:15:29.003 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
20:15:29.065 Disk 0 Vendor: Hitachi_ BBBO Size: 76319MB BusType: 3
20:15:29.096 Disk 0 MBR read successfully
20:15:29.205 Disk 0 MBR scan
20:15:29.283 Disk 0 Windows VISTA default MBR code
20:15:29.315 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
20:15:29.502 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 10000 MB offset 81920
20:15:29.611 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 63718 MB offset 20561920
20:15:29.736 Disk 0 Partition - 00 0F Extended LBA 2559 MB offset 151058432
20:15:29.845 Disk 0 Partition 4 00 DD MSDOS5.0 2558 MB offset 151060480
20:15:29.985 Disk 0 scanning sectors +156299264
20:15:30.266 Disk 0 scanning C:\Windows\system32\drivers
20:15:44.712 File: C:\Windows\system32\drivers\netbt.sys **INFECTED** Win32:Sirefef-JQ [Trj]
20:15:55.632 Disk 0 trace - called modules:
20:15:55.679 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xa7163fc0]<<
20:15:55.679 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85712ac8]
20:15:55.694 3 CLASSPNP.SYS[8679d8b3] -> nt!IofCallDriver -> [0x83f2cc08]
20:15:55.694 \Driver\00006376[0x83f2a2d0] -> IRP_MJ_CREATE -> 0xa7163fc0
20:16:00.093 AVAST engine scan C:\Windows
20:16:07.987 AVAST engine scan C:\Windows\system32
20:23:17.221 AVAST engine scan C:\Windows\system32\drivers
20:23:35.504 File: C:\Windows\system32\drivers\netbt.sys **INFECTED** Win32:Sirefef-JQ [Trj]
20:23:43.398 AVAST engine scan C:\Users\NIA
20:26:57.337 Disk 0 MBR has been saved successfully to "C:\Users\NIA\Desktop\MBR.dat"
20:26:57.384 The log file has been saved successfully to "C:\Users\NIA\Desktop\aswMBR.txt"

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:46 AM

Posted 02 March 2012 - 09:46 PM

SystemLook:

Please download SystemLook from one of the links below and save it to your Desktop.

Download Mirror #1
Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
:filefind
netbt.sys
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 javagal

javagal
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:01:46 AM

Posted 02 March 2012 - 10:04 PM

Here is the log;

SystemLook 30.07.11 by jpshortstuff
Log created at 20:53 on 02/03/2012 by NIA
Administrator - Elevation successful

========== filefind ==========

Searching for "netbt.sys"
C:\Windows\System32\drivers\netbt.sys --a---- 185856 bytes [05:24 29/10/2009] [04:45 11/04/2009] 4AED5198B132079D9495FF0E70EAAF62
C:\Windows\winsxs\x86_microsoft-windows-netbt_31bf3856ad364e35_6.0.6001.18000_none_6064c861f7442765\netbt.sys --a---- 184320 bytes [02:24 21/01/2008] [02:24 21/01/2008] 7C5FEE5B1C5728507CD96FB4A13E7A02
C:\Windows\winsxs\x86_microsoft-windows-netbt_31bf3856ad364e35_6.0.6002.18005_none_6250416df465f2b1\netbt.sys --a---- 185856 bytes [05:24 29/10/2009] [04:45 11/04/2009] 4AED5198B132079D9495FF0E70EAAF62

-= EOF =-

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:46 AM

Posted 02 March 2012 - 10:07 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

FCopy::
C:\Windows\winsxs\x86_microsoft-windows-netbt_31bf3856ad364e35_6.0.6001.18000_none_6064c861f7442765\netbt.sys | C:\Windows\System32\drivers\netbt.sys 

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 javagal

javagal
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:01:46 AM

Posted 02 March 2012 - 11:22 PM

Hello Gringo :)

After applying the script to the Combofix icon, Combofix ran as adminstrator, but it still appeared stalled at "Scanning for infected files..". I stopped the scan after 20 min.
I am still unable to enable Windows Firewall. "Security Center can't turn on Windows Firewall"... clicked to start manually; "Windows Firewall was unable to make the requested updates".
Rebooted PC
Checked firewall again, still cannot enable.
Ran as administrator.. Combofix. Stopped scan after 30 mins, as it still didn't move past, "Scanning for infected files..."
I'm not getting any Trojan warnings, as I had uninstalled AVG.
I have not yet attempted to apply any available Windows Updates.

Do you have any other suggestions?

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:46 AM

Posted 02 March 2012 - 11:36 PM

Download both the registry files

http://www.mediafire.com/?317ea53a883288d

http://www.mediafire.com/?z6aw8j7997qa7j9

Launch and import them to registry

Restart your PC

Now,open RUN and type

regedit and click ok

go to

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE

Right click on it-permissions

Click on ADD and type

Everyone and click ok

Now Click on Everyone

Below you have permission for users

Select full control and click ok

Now,open RUN and type

services.msc and click ok

start base filtering engine service and then windows firewall service
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 javagal

javagal
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:01:46 AM

Posted 03 March 2012 - 12:56 AM

I read your reply on another computer and came to the sick one to download the registry files. However, it took about 5 minutes just to get to this site... constant redirects and popups. Even though I was clicking on the intended site, BC, browser was taking me to other ad sites, as well as other tabs opening on their own to ad sites.

I have downloaded the registry files now, and will be back to post results :)

#15 javagal

javagal
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:01:46 AM

Posted 03 March 2012 - 01:37 AM

Ok, sorry for the delay, I couldn't get the .reg files to merge with the registry...they were opening in notepad. So, I had to temporarily have notepad files open with the Reg., then I switched it back, so that notepad files would open ok.

I followed the rest of your instructions, and was able to enable the firewall! While I was in the Security Center, I turned on Windows Defender, and received the following error; Error found: code 0x80096001.

Do you suggest I reinstall AVG, to see if I get more Trojan warnings? Due to the constant browser redirects, I assume this PC still has some bugs.

Also, I noticed the exact point in which the trash bin is reported to be corrupt and I'm asked if I want to empty it... it's just before Combofix creates a restore point and backs up the Reg. Should I continue to try to run Combofix?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users