Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows Secure kit infection?


  • This topic is locked This topic is locked
10 replies to this topic

#1 sh0ckker

sh0ckker

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:04:27 AM

Posted 03 March 2012 - 06:05 AM

Hi there

I was on the site isohunt.com, which i visit regularly enough without problem, when I looked back at my computer flashing with the windows secure kit screens. I tried closing the window (which had got rid of the isohunt window somehow) with the red x, as well as the query boxes that read along the lines of "do you want to scan your computer" etc. At no point did I click on any of the active buttons on the window or even on any ads which might have been on the isohunt site. I eventually shut down the chrome window by using task manager. I haven't used this computer for any websites that require login/passwords since for fear of been hacked.
My main question is have I been infected or was it a simple screen that needed to me to click on it to activate the virus? I have run scans with spybot, malwarebytes and ccleaner with no problems being detected.I am running windows 7 enterprise 64 bit.

Thanks in advance


.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Shelton at 21:52:37 on 2012-03-03
Microsoft Windows 7 Enterprise 6.1.7601.1.1252.61.1033.18.8104.5638 [GMT 11:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\atieclxx.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\ASRock\XFast LAN\spd.exe
C:\Program Files (x86)\Secunia\PSI\PSIA.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\ASRock\XFast LAN\cfosspeed.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
C:\Program Files (x86)\XFastUsb\XFastUsb.exe
C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Secunia\PSI\sua.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
uRun: [zASRockInstantBoot]
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [XFastUsb] C:\Program Files (x86)\XFastUsb\XFastUsb.exe
mRun: [THX TruStudio NB Settings] "C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe" /r
mRun: [UpdReg] C:\Windows\UpdReg.EXE
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
StartupFolder: C:\Users\Shelton\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\LOGITE~1.LNK - C:\Program Files (x86)\Common Files\logishrd\eReg\SetPoint\eReg.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\LOGITE~1.LNK - C:\Program Files\Logitech\SetPoint\SetPoint.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SECUNI~1.LNK - C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{1C1EDBE4-DCF1-4567-9A13-48BFFDDB872D} : DhcpNameServer = 192.168.2.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
AppInit_DLLs: C:\PROGRA~1\LUCIDL~1\VIRTU\x86\APPINI~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun-x64: [XFastUsb] C:\Program Files (x86)\XFastUsb\XFastUsb.exe
mRun-x64: [THX TruStudio NB Settings] "C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe" /r
mRun-x64: [UpdReg] C:\Windows\UpdReg.EXE
mRun-x64: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun-x64: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
AppInit_DLLs-X64: C:\PROGRA~1\LUCIDL~1\VIRTU\x86\APPINI~1.DLL
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]
R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]
R1 FNETURPX;FNETURPX;C:\Windows\system32\drivers\FNETURPX.SYS --> C:\Windows\system32\drivers\FNETURPX.SYS [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-4 63928]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]
R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-2-25 44768]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-2-6 13592]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-2-27 652360]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2012-2-27 1153368]
R2 Secunia PSI Agent;Secunia PSI Agent;C:\Program Files (x86)\Secunia\PSI\psia.exe [2011-10-14 994360]
R2 Secunia Update Agent;Secunia Update Agent;C:\Program Files (x86)\Secunia\PSI\sua.exe [2011-10-14 399416]
R2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-1-18 450848]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-2-6 2656280]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\system32\DRIVERS\asmthub3.sys --> C:\Windows\system32\DRIVERS\asmthub3.sys [?]
R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\system32\DRIVERS\asmtxhci.sys --> C:\Windows\system32\DRIVERS\asmtxhci.sys [?]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;C:\Windows\system32\DRIVERS\LEqdUsb.Sys --> C:\Windows\system32\DRIVERS\LEqdUsb.Sys [?]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;C:\Windows\system32\DRIVERS\LHidEqd.Sys --> C:\Windows\system32\DRIVERS\LHidEqd.Sys [?]
R3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\system32\DRIVERS\lvrs64.sys --> C:\Windows\system32\DRIVERS\lvrs64.sys [?]
R3 LVUVC64;Logitech QuickCam Pro 9000(UVC);C:\Windows\system32\DRIVERS\lvuvc64.sys --> C:\Windows\system32\DRIVERS\lvuvc64.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 MBfilt;MBfilt;C:\Windows\system32\drivers\MBfilt64.sys --> C:\Windows\system32\drivers\MBfilt64.sys [?]
R3 MEIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 PSI;PSI;C:\Windows\system32\DRIVERS\psi_mf.sys --> C:\Windows\system32\DRIVERS\psi_mf.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 VirtuWDDM;VirtuWDDM;C:\Windows\system32\DRIVERS\VirtuWDDM.sys --> C:\Windows\system32\DRIVERS\VirtuWDDM.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-2-7 136176]
S2 WLMS;Windows Licensing Monitoring Service;C:\Windows\system32\wlms\wlms.exe --> C:\Windows\system32\wlms\wlms.exe [?]
S3 FNETTBOH_305;FNETTBOH_305;C:\Windows\system32\drivers\FNETTBOH_305.SYS --> C:\Windows\system32\drivers\FNETTBOH_305.SYS [?]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-2-7 136176]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys --> C:\Windows\system32\DRIVERS\wdcsam64.sys [?]
.
=============== Created Last 30 ================
.
2012-03-02 21:23:47 8643640 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{F89E93B5-4C2D-4FFA-8A1C-FBCA9483DB15}\mpengine.dll
2012-02-28 05:38:16 -------- d-----w- C:\Program Files (x86)\SpywareBlaster
2012-02-27 09:58:24 -------- d-----w- C:\Users\Shelton\AppData\Roaming\Malwarebytes
2012-02-27 09:58:19 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-02-27 09:58:19 -------- d-----w- C:\ProgramData\Malwarebytes
2012-02-27 09:58:19 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-02-27 09:49:48 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2012-02-27 09:49:48 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2012-02-25 09:23:41 53080 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2012-02-25 05:10:02 162664 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10140.bin
2012-02-25 03:25:10 -------- d-----w- C:\Users\Shelton\AppData\Local\Western Digital
2012-02-20 07:05:36 -------- d-----w- C:\Users\Shelton\AppData\Local\ElevatedDiagnostics
2012-02-19 10:47:48 -------- d-----w- C:\Program Files (x86)\Microsoft CAPICOM 2.1.0.2
2012-02-19 10:20:13 637848 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll
2012-02-19 10:13:05 -------- d-----w- C:\Users\Shelton\AppData\Local\WindowsUpdate
2012-02-15 09:42:16 509952 ----a-w- C:\Windows\System32\ntshrui.dll
2012-02-15 09:42:16 442880 ----a-w- C:\Windows\SysWow64\ntshrui.dll
2012-02-15 09:42:13 690688 ----a-w- C:\Windows\SysWow64\msvcrt.dll
2012-02-15 09:42:13 634880 ----a-w- C:\Windows\System32\msvcrt.dll
2012-02-15 09:42:13 515584 ----a-w- C:\Windows\System32\timedate.cpl
2012-02-15 09:42:13 478720 ----a-w- C:\Windows\SysWow64\timedate.cpl
2012-02-15 09:42:12 498688 ----a-w- C:\Windows\System32\drivers\afd.sys
2012-02-15 09:42:12 3145728 ----a-w- C:\Windows\System32\win32k.sys
2012-02-08 11:05:49 0 ----a-w- C:\Windows\ativpsrm.bin
2012-02-08 11:05:15 -------- d-----w- C:\Program Files (x86)\AMD APP
2012-02-08 11:05:09 -------- d-----w- C:\Program Files (x86)\Common Files\ATI Technologies
2012-02-08 11:04:45 -------- d-----w- C:\Program Files\Common Files\ATI Technologies
2012-02-08 11:04:43 231440 ----a-w- C:\Windows\System32\drivers\AtihdW76.sys
2012-02-08 11:04:31 462848 ----a-w- C:\Windows\System32\ATIDEMGX.dll
2012-02-08 11:04:06 -------- d-----w- C:\Program Files (x86)\ATI Technologies
2012-02-08 11:03:45 -------- d-----w- C:\Program Files\ATI Technologies
2012-02-08 11:03:23 -------- d-----w- C:\Program Files\ATI
2012-02-08 10:34:17 -------- d-----w- C:\Users\Shelton\AppData\Local\ATI
2012-02-07 20:25:50 -------- d-----r- C:\Program Files (x86)\Skype
2012-02-07 11:28:26 -------- d-----w- C:\Windows\System32\SPReview
2012-02-07 11:28:15 -------- d-----w- C:\Windows\System32\EventProviders
2012-02-07 11:20:59 762368 ----a-w- C:\Windows\System32\sdcpl.dll
2012-02-07 11:05:50 -------- d-----w- C:\Users\Shelton\AppData\Local\Adobe
2012-02-07 10:54:14 -------- d-----w- C:\Windows\PCHEALTH
2012-02-07 10:53:22 -------- d-----w- C:\Program Files (x86)\Microsoft Visual Studio 8
2012-02-07 10:53:00 -------- d-----w- C:\Users\Shelton\AppData\Local\Microsoft Help
2012-02-07 10:49:49 -------- d-----w- C:\Program Files\CCleaner
2012-02-07 10:47:45 175616 ----a-w- C:\Windows\SysWow64\unrar.dll
2012-02-07 10:47:43 -------- d-----w- C:\Program Files (x86)\K-Lite Codec Pack
2012-02-07 10:45:40 -------- d-----w- C:\Users\Shelton\AppData\Local\Secunia PSI
2012-02-07 10:45:29 -------- d-----w- C:\Program Files (x86)\Secunia
2012-02-07 10:38:07 190992 ----a-w- C:\Windows\System32\BtCoreIf.dll
2012-02-07 10:37:51 96272 ----a-w- C:\Windows\System32\KemXML.dll
2012-02-07 10:37:51 235536 ----a-w- C:\Windows\System32\KemUtil.dll
2012-02-07 10:37:51 235536 ----a-w- C:\Windows\System32\kemutb.dll
2012-02-07 10:37:51 159248 ----a-w- C:\Windows\System32\KemWnd.dll
2012-02-07 10:35:27 -------- d-----w- C:\Users\Shelton\AppData\Local\Logitech® Webcam Software
2012-02-07 10:35:03 -------- d-----w- C:\Users\Shelton\AppData\Local\MPlayer
2012-02-07 10:34:16 567696 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-02-07 10:32:49 53248 ----a-r- C:\Users\Shelton\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2012-02-07 10:32:42 -------- d-----w- C:\Program Files (x86)\Common Files\LWS
2012-02-07 10:29:38 -------- d-----w- C:\Program Files (x86)\Phyxion.net
2012-02-07 10:25:02 -------- d-----w- C:\ProgramData\PMS
2012-02-07 10:24:54 -------- d-----w- C:\Program Files (x86)\PS3 Media Server
2012-02-07 10:23:22 -------- d-----w- C:\Users\Shelton\AppData\Local\Deployment
2012-02-07 10:23:22 -------- d-----w- C:\Users\Shelton\AppData\Local\Apps
2012-02-07 10:23:08 -------- d-----w- C:\Program Files (x86)\uTorrent
2012-02-07 10:22:29 -------- d-----w- C:\Users\Shelton\AppData\Roaming\uTorrent
2012-02-07 10:20:14 -------- d-----w- C:\Program Files (x86)\VideoLAN
2012-02-07 10:11:22 -------- d-----w- C:\Program Files (x86)\WinAce
2012-02-07 10:04:08 -------- d-----w- C:\Program Files\Microsoft Games
2012-02-07 09:57:30 31808 ----a-w- C:\Windows\System32\drivers\FNETTBOH_305.SYS
2012-02-07 08:08:36 8643640 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2012-02-07 05:45:27 -------- d-----w- C:\Windows\Panther
2012-02-07 05:45:15 -------- d-sh--w- C:\Boot
2012-02-06 11:39:37 -------- d-----w- C:\Windows\SysWow64\Wat
2012-02-06 11:39:37 -------- d-----w- C:\Windows\System32\Wat
2012-02-06 11:39:09 -------- d-----w- C:\Utilities
2012-02-06 11:38:35 1544192 ----a-w- C:\Windows\System32\DWrite.dll
2012-02-06 11:38:35 1139200 ----a-w- C:\Windows\System32\FntCache.dll
2012-02-06 11:38:35 1076736 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-02-06 11:38:34 902656 ----a-w- C:\Windows\System32\d2d1.dll
2012-02-06 11:38:34 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll
2012-02-06 11:16:45 279656 ------w- C:\Windows\System32\MpSigStub.exe
2012-02-06 11:12:55 288640 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
2012-02-06 11:11:04 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2012-02-06 11:11:04 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-02-06 11:11:02 723456 ----a-w- C:\Windows\System32\EncDec.dll
2012-02-06 11:11:02 534528 ----a-w- C:\Windows\SysWow64\EncDec.dll
2012-02-06 11:10:56 861696 ----a-w- C:\Windows\System32\oleaut32.dll
2012-02-06 11:10:56 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
2012-02-06 11:10:56 331776 ----a-w- C:\Windows\System32\oleacc.dll
2012-02-06 11:10:56 233472 ----a-w- C:\Windows\SysWow64\oleacc.dll
2012-02-06 11:10:44 90624 ----a-w- C:\Windows\System32\drivers\bowser.sys
2012-02-06 11:10:30 5561216 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-02-06 11:10:29 3967872 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-02-06 11:10:29 3912576 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-02-06 11:10:27 1731920 ----a-w- C:\Windows\System32\ntdll.dll
2012-02-06 11:10:26 1292080 ----a-w- C:\Windows\SysWow64\ntdll.dll
2012-02-06 11:10:23 77312 ----a-w- C:\Windows\System32\packager.dll
2012-02-06 11:10:23 67072 ----a-w- C:\Windows\SysWow64\packager.dll
2012-02-06 11:07:01 90112 ------w- C:\Windows\Updreg.EXE
2012-02-06 11:05:53 15936 ----a-w- C:\Windows\System32\drivers\FNETURPX.SYS
2012-02-06 11:05:53 -------- d-----w- C:\ProgramData\FNET
2012-02-06 11:05:52 -------- d-----w- C:\Program Files (x86)\XFastUsb
2012-02-06 11:05:50 -------- d-----w- C:\Program Files (x86)\ASRock Utility
2012-02-06 11:03:02 66336 ----a-w- C:\Windows\System32\drivers\VirtuWDDM.sys
2012-02-06 11:03:01 -------- d-----w- C:\Users\Shelton\Lucidlogix
2012-02-06 11:03:01 -------- d-----w- C:\Program Files\Lucidlogix Technologies
2012-02-06 11:02:47 -------- d-----w- C:\Program Files (x86)\ASM104xUSB3
2012-02-06 11:02:46 -------- d-sh--w- C:\Windows\Installer
2012-02-06 11:01:30 -------- d-----w- C:\Users\Shelton\AppData\Roaming\Intel Corporation
2012-02-06 11:00:43 8192 ----a-w- C:\Windows\System32\drivers\IntelMEFWVer.dll
2012-02-06 11:00:41 -------- d-----w- C:\Program Files (x86)\Common Files\postureAgent
2012-02-06 11:00:38 56344 ----a-w- C:\Windows\System32\drivers\HECIx64.sys
2012-02-06 11:00:25 557848 ----a-w- C:\Windows\System32\drivers\iaStor.sys
2012-02-06 10:58:57 98304 ----a-w- C:\Windows\SysWow64\iglhcp32.dll
2012-02-06 10:58:57 98304 ----a-w- C:\Windows\System32\iglhcp64.dll
2012-02-06 10:58:57 963116 ----a-w- C:\Windows\SysWow64\igkrng600.bin
2012-02-06 10:58:57 963116 ----a-w- C:\Windows\System32\igkrng600.bin
2012-02-06 10:58:57 94208 ----a-w- C:\Windows\System32\IccLibDll_x64.dll
2012-02-06 10:58:57 90112 ----a-w- C:\Windows\System32\igfxCoIn_v2372.dll
2012-02-06 10:58:57 376832 ----a-w- C:\Windows\SysWow64\iglhsip32.dll
2012-02-06 10:58:57 376832 ----a-w- C:\Windows\System32\iglhsip64.dll
2012-02-06 10:58:57 145804 ----a-w- C:\Windows\SysWow64\igcompkrng600.bin
2012-02-06 10:58:57 145804 ----a-w- C:\Windows\System32\igcompkrng600.bin
2012-02-06 10:52:54 -------- d-----w- C:\Intel
2012-02-06 10:51:30 74272 ----a-w- C:\Windows\System32\RtNicProp64.dll
2012-02-06 10:51:30 471144 ----a-w- C:\Windows\System32\drivers\Rt64win7.sys
2012-02-06 10:51:30 107552 ----a-w- C:\Windows\System32\RTNUninst64.dll
2012-02-06 10:51:27 -------- d-----w- C:\Program Files (x86)\Realtek
.
==================== Find3M ====================
.
2012-02-23 16:23:26 41184 ----a-w- C:\Windows\avastSS.scr
2012-02-23 16:12:43 817496 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2012-02-23 16:10:38 69976 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2012-02-07 20:01:59 175616 ----a-w- C:\Windows\System32\msclmd.dll
2012-02-07 20:01:59 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2012-01-17 19:44:52 540960 ----a-w- C:\Windows\SysWow64\LVUI2RC.dll
2011-12-14 07:11:03 2308096 ----a-w- C:\Windows\System32\jscript9.dll
2011-12-14 07:04:30 1390080 ----a-w- C:\Windows\System32\wininet.dll
2011-12-14 07:03:38 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl
2011-12-14 06:57:28 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2011-12-14 03:04:54 1798656 ----a-w- C:\Windows\SysWow64\jscript9.dll
2011-12-14 02:57:18 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-12-14 02:56:58 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2011-12-14 02:50:04 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-12-05 11:04:06 69632 ----a-w- C:\Windows\System32\OpenVideo64.dll
2011-12-05 11:04:00 59904 ----a-w- C:\Windows\SysWow64\OpenVideo.dll
2011-12-05 11:03:42 17580544 ----a-w- C:\Windows\System32\amdocl64.dll
2011-12-05 11:03:04 14499328 ----a-w- C:\Windows\SysWow64\amdocl.dll
2011-12-05 11:02:20 51200 ----a-w- C:\Windows\System32\OpenCL.dll
2011-12-05 11:02:16 44032 ----a-w- C:\Windows\SysWow64\OpenCL.dll
.
============= FINISH: 21:54:21.44 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 ratman

ratman

    Bleepin' gnawing at it!


  • Malware Response Team
  • 1,799 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Scotland
  • Local time:07:27 PM

Posted 04 March 2012 - 06:01 PM

Hello sh0ckker,

My name is ratman and and I will be helping you with your computer problems.

Before we begin, I would like to make a few things clear so that we can fix your problem as efficiently as possible:

  • Be sure to follow all my instructions carefully! If there is anything you don't understand, don't hesitate to ask.
  • Please do not do anything or perform other steps unless I have asked you to do so.
  • Please make sure you post all logs I ask you to, and make sure that the entire log gets posted.

====================================================================================

Going over your logs I noticed that you have uTorrent installed.
  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
It is pretty much certain that if you continue to use P2P programs, you will get infected again.
I would recommend that you uninstall uTorrent, however that choice is up to you. If you choose to remove these programs, you can do so via Start > Control Panel > Add/Remove Programs.

If you wish to keep it, please do not use it until your computer is cleaned.

====================================================================================

Please download ComboFix from here:

Link


* IMPORTANT !!! Save ComboFix.exe to your Desktop.

  • Disable your AntiVirus and AntiSpyware applications including Firewalls, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.
  • Right click on ComboFix icon and run as admin then follow the prompts.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

====================================================================================

I'd like you to run a scan with aswMBR
Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

====================================================================================

In your next reply, please copy/paste the contents of the following:
  • C:\Combofix.txt
  • aswMBR Log

Edited by ratman, 04 March 2012 - 06:08 PM.

regards, ratman

a proud member of:
Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM

If I have helped and you would like to show your appreciation you may Posted Image to the cause.



#3 sh0ckker

sh0ckker
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:04:27 AM

Posted 05 March 2012 - 06:48 AM

Hey there,

I could run the combofix fine but it kept saying aswmbr is not a valid win32 program and wouldn't let me run it. I have 64 bit windows if thats the problem? Combofix log below:


ComboFix 12-03-04.02 - Shelton 05/03/2012 22:30:14.1.4 - x64
Microsoft Windows 7 Enterprise 6.1.7601.1.1252.61.1033.18.8104.6751 [GMT 11:00]
Running from: c:\users\Shelton\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2012-02-05 to 2012-03-05 )))))))))))))))))))))))))))))))
.
.
2012-03-05 11:32 . 2012-03-05 11:32 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-04 09:02 . 2012-03-04 09:03 -------- d-----w- c:\program files (x86)\PS3 Media Server
2012-03-02 21:23 . 2012-02-08 07:13 8643640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F89E93B5-4C2D-4FFA-8A1C-FBCA9483DB15}\mpengine.dll
2012-02-28 05:38 . 2012-02-28 05:39 -------- d-----w- c:\program files (x86)\SpywareBlaster
2012-02-27 09:58 . 2012-02-27 09:58 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-02-27 09:58 . 2012-02-27 09:58 -------- d-----w- c:\programdata\Malwarebytes
2012-02-27 09:58 . 2011-12-10 04:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-27 09:54 . 2012-02-27 09:54 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2012-02-27 09:49 . 2012-02-27 10:16 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2012-02-27 09:49 . 2012-02-27 10:16 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-02-25 09:23 . 2012-02-23 16:11 53080 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-02-25 05:10 . 2012-02-25 05:10 162664 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10140.bin
2012-02-20 10:34 . 2012-02-21 05:04 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2012-02-19 10:47 . 2012-02-19 10:47 -------- d-----w- c:\program files (x86)\Microsoft CAPICOM 2.1.0.2
2012-02-19 10:46 . 2012-02-19 10:46 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2012-02-19 10:20 . 2012-02-19 10:20 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-02-19 10:20 . 2012-02-19 10:20 637848 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-02-19 10:20 . 2012-02-19 10:20 -------- d-----w- c:\program files (x86)\Java
2012-02-15 09:42 . 2012-01-04 10:44 509952 ----a-w- c:\windows\system32\ntshrui.dll
2012-02-15 09:42 . 2012-01-04 08:58 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
2012-02-15 09:42 . 2011-12-30 06:26 515584 ----a-w- c:\windows\system32\timedate.cpl
2012-02-15 09:42 . 2011-12-30 05:27 478720 ----a-w- c:\windows\SysWow64\timedate.cpl
2012-02-15 09:42 . 2011-12-16 08:46 634880 ----a-w- c:\windows\system32\msvcrt.dll
2012-02-15 09:42 . 2011-12-16 07:52 690688 ----a-w- c:\windows\SysWow64\msvcrt.dll
2012-02-15 09:42 . 2012-01-14 04:06 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-02-15 09:42 . 2011-12-28 03:59 498688 ----a-w- c:\windows\system32\drivers\afd.sys
2012-02-08 11:05 . 2012-02-08 11:05 -------- d-----w- c:\programdata\ATI
2012-02-08 11:05 . 2012-02-08 11:05 0 ----a-w- c:\windows\ativpsrm.bin
2012-02-08 11:05 . 2012-02-08 11:05 -------- d-----w- c:\program files (x86)\AMD APP
2012-02-08 11:05 . 2012-02-08 11:05 -------- d-----w- c:\program files (x86)\Common Files\ATI Technologies
2012-02-08 11:04 . 2012-02-08 11:04 -------- d-----w- c:\program files\Common Files\ATI Technologies
2012-02-08 11:04 . 2011-06-06 22:07 231440 ----a-w- c:\windows\system32\drivers\AtihdW76.sys
2012-02-08 11:04 . 2011-07-28 21:36 462848 ----a-w- c:\windows\system32\ATIDEMGX.dll
2012-02-08 11:04 . 2012-02-08 11:05 -------- d-----w- c:\program files (x86)\ATI Technologies
2012-02-08 11:03 . 2012-02-08 11:04 -------- d-----w- c:\program files\ATI Technologies
2012-02-08 11:03 . 2012-02-08 11:03 -------- d-----w- c:\program files\ATI
2012-02-07 20:25 . 2012-02-07 20:25 -------- d-----w- c:\program files (x86)\Common Files\Skype
2012-02-07 20:25 . 2012-02-07 20:25 -------- d-----r- c:\program files (x86)\Skype
2012-02-07 11:28 . 2012-02-07 11:28 -------- d-----w- c:\windows\system32\SPReview
2012-02-07 11:28 . 2012-02-07 11:28 -------- d-----w- c:\windows\system32\EventProviders
2012-02-07 11:20 . 2010-11-20 13:33 155008 ----a-w- c:\windows\system32\drivers\mpio.sys
2012-02-07 10:57 . 2012-02-07 10:57 -------- d-----w- c:\program files\Common Files\Adobe
2012-02-07 10:54 . 2012-02-19 10:47 -------- d-----w- c:\program files (x86)\Microsoft Works
2012-02-07 10:54 . 2012-02-07 10:54 -------- d-----w- c:\windows\PCHEALTH
2012-02-07 10:53 . 2012-02-07 10:53 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 8
2012-02-07 10:52 . 2012-02-20 10:55 -------- d-----w- c:\programdata\Microsoft Help
2012-02-07 10:52 . 2012-02-07 10:52 -------- d-----r- C:\MSOCache
2012-02-07 10:49 . 2012-02-27 10:10 -------- d-----w- c:\program files\CCleaner
2012-02-07 10:47 . 2011-03-02 11:43 175616 ----a-w- c:\windows\SysWow64\unrar.dll
2012-02-07 10:47 . 2012-02-07 10:47 -------- d-----w- c:\program files (x86)\K-Lite Codec Pack
2012-02-07 10:45 . 2012-02-07 10:45 -------- d-----w- c:\program files (x86)\Secunia
2012-02-07 10:38 . 2009-07-20 01:33 190992 ----a-w- c:\windows\system32\BtCoreIf.dll
2012-02-07 10:37 . 2009-07-20 01:35 96272 ----a-w- c:\windows\system32\KemXML.dll
2012-02-07 10:37 . 2009-07-20 01:34 159248 ----a-w- c:\windows\system32\KemWnd.dll
2012-02-07 10:37 . 2009-07-20 01:34 235536 ----a-w- c:\windows\system32\KemUtil.dll
2012-02-07 10:37 . 2009-07-20 01:34 235536 ----a-w- c:\windows\system32\kemutb.dll
2012-02-07 10:36 . 2012-02-07 10:36 -------- d-----w- c:\program files\Logitech
2012-02-07 10:34 . 2012-02-19 10:20 567696 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-02-07 10:32 . 2012-02-07 10:41 -------- d-----w- c:\programdata\Logitech
2012-02-07 10:32 . 2012-02-07 10:32 -------- d-----w- c:\program files (x86)\Common Files\LWS
2012-02-07 10:32 . 2012-02-07 10:40 -------- d-----w- c:\programdata\LogiShrd
2012-02-07 10:32 . 2012-02-07 10:32 -------- d-----w- c:\program files (x86)\Logitech
2012-02-07 10:32 . 2012-02-07 20:25 -------- d-----w- c:\programdata\Skype
2012-02-07 10:29 . 2012-02-07 10:29 -------- d-----w- c:\program files (x86)\Phyxion.net
2012-02-07 10:25 . 2012-02-07 10:35 -------- d-----w- c:\programdata\PMS
2012-02-07 10:20 . 2012-02-07 10:20 -------- d-----w- c:\program files (x86)\VideoLAN
2012-02-07 10:11 . 2012-02-07 10:12 -------- d-----w- c:\program files (x86)\WinAce
2012-02-07 10:04 . 2012-02-07 10:04 -------- d-----w- c:\program files\Microsoft Games
2012-02-07 10:03 . 2012-02-23 16:23 258520 ----a-w- c:\windows\system32\aswBoot.exe
2012-02-07 10:03 . 2012-02-23 16:12 817496 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-02-07 10:03 . 2012-02-23 16:12 335704 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-02-07 10:03 . 2012-02-23 16:10 59224 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-02-07 10:03 . 2012-02-23 16:10 69976 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-02-07 10:03 . 2012-02-23 16:10 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-02-07 10:03 . 2012-02-11 01:15 -------- d-----w- c:\program files (x86)\Google
2012-02-07 10:03 . 2011-11-28 17:52 42328 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-02-07 10:03 . 2012-02-23 16:23 41184 ----a-w- c:\windows\avastSS.scr
2012-02-07 10:03 . 2012-02-23 16:23 201352 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-02-07 10:03 . 2012-02-07 10:03 -------- d-----w- c:\programdata\AVAST Software
2012-02-07 10:03 . 2012-02-07 10:03 -------- d-----w- c:\program files\AVAST Software
2012-02-07 09:58 . 2012-02-20 11:27 -------- d-----w- c:\program files\Common Files\logishrd
2012-02-07 09:58 . 2012-02-20 11:27 -------- d-----w- c:\program files (x86)\Common Files\logishrd
2012-02-07 09:57 . 2012-02-07 09:57 31808 ----a-w- c:\windows\system32\drivers\FNETTBOH_305.SYS
2012-02-07 05:45 . 2012-02-07 11:10 -------- d-----w- c:\windows\Panther
2012-02-07 05:45 . 2012-02-07 20:04 -------- d-----w- C:\Boot
2012-02-06 20:50 . 2012-02-06 20:50 -------- d-----w- c:\windows\SysWow64\Macromed
2012-02-06 20:50 . 2012-02-06 20:50 -------- d-----w- c:\windows\system32\Macromed
2012-02-06 11:52 . 2012-02-07 10:54 -------- d-----w- c:\program files (x86)\Microsoft.NET
2012-02-06 11:39 . 2012-02-06 11:39 -------- d-----w- c:\windows\SysWow64\Wat
2012-02-06 11:39 . 2012-02-06 11:39 -------- d-----w- c:\windows\system32\Wat
2012-02-06 11:39 . 2012-02-16 10:59 -------- d-----w- C:\Utilities
2012-02-06 11:38 . 2011-02-19 12:05 1139200 ----a-w- c:\windows\system32\FntCache.dll
2012-02-06 11:38 . 2011-02-19 12:04 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-02-06 11:38 . 2011-02-19 06:30 1076736 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-02-06 11:38 . 2011-02-19 12:04 902656 ----a-w- c:\windows\system32\d2d1.dll
2012-02-06 11:38 . 2011-02-19 06:30 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
2012-02-06 11:37 . 2012-02-06 11:37 -------- d-----w- c:\programdata\Intel
2012-02-06 11:16 . 2012-01-28 18:10 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-02-06 11:12 . 2011-09-29 16:29 1923952 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-02-06 11:11 . 2011-11-05 05:32 2048 ----a-w- c:\windows\system32\tzres.dll
2012-02-06 11:11 . 2011-11-05 04:26 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-02-06 11:11 . 2011-10-15 06:31 723456 ----a-w- c:\windows\system32\EncDec.dll
2012-02-06 11:11 . 2011-10-15 05:38 534528 ----a-w- c:\windows\SysWow64\EncDec.dll
2012-02-06 11:10 . 2011-08-27 05:37 861696 ----a-w- c:\windows\system32\oleaut32.dll
2012-02-06 11:10 . 2011-08-27 05:37 331776 ----a-w- c:\windows\system32\oleacc.dll
2012-02-06 11:10 . 2011-08-27 04:26 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
2012-02-06 11:10 . 2011-08-27 04:26 233472 ----a-w- c:\windows\SysWow64\oleacc.dll
2012-02-06 11:10 . 2011-02-23 04:55 90624 ----a-w- c:\windows\system32\drivers\bowser.sys
2012-02-06 11:10 . 2011-06-23 05:43 5561216 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-02-06 11:10 . 2011-06-23 04:33 3967872 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-02-06 11:10 . 2011-06-23 04:33 3912576 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-02-06 11:10 . 2011-11-17 06:41 1731920 ----a-w- c:\windows\system32\ntdll.dll
2012-02-06 11:10 . 2011-11-17 05:38 1292080 ----a-w- c:\windows\SysWow64\ntdll.dll
2012-02-06 11:10 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll
2012-02-06 11:10 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll
2012-02-06 11:07 . 2000-05-10 14:00 90112 ------w- c:\windows\Updreg.EXE
2012-02-06 11:05 . 2012-02-06 11:05 15936 ----a-w- c:\windows\system32\drivers\FNETURPX.SYS
2012-02-06 11:05 . 2012-02-06 11:05 -------- d-----w- c:\programdata\FNET
2012-02-06 11:05 . 2012-02-06 11:05 -------- d-----w- c:\program files (x86)\XFastUsb
2012-02-06 11:05 . 2012-02-06 11:05 -------- d-----w- c:\program files (x86)\ASRock Utility
2012-02-06 11:03 . 2011-07-07 05:05 66336 ----a-w- c:\windows\system32\drivers\VirtuWDDM.sys
2012-02-06 11:03 . 2012-02-06 11:03 -------- d-----w- c:\program files\Lucidlogix Technologies
2012-02-06 11:02 . 2012-02-06 11:02 -------- d-----w- c:\program files (x86)\ASM104xUSB3
2012-02-06 11:02 . 2012-02-27 09:55 -------- d-sh--w- c:\windows\Installer
2012-02-06 11:00 . 2011-02-22 00:59 8192 ----a-w- c:\windows\system32\drivers\IntelMEFWVer.dll
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-07 20:01 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2012-02-07 20:01 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2012-01-17 19:44 . 2012-01-17 19:44 540960 ----a-w- c:\windows\SysWow64\LVUI2RC.dll
2012-01-17 19:44 . 2012-01-17 19:44 545056 ----a-w- c:\windows\SysWow64\LVUI2.dll
2012-01-17 19:44 . 2012-01-17 19:44 561440 ----a-w- c:\windows\system32\LVUIRC64.dll
2012-01-17 19:44 . 2012-01-17 19:44 4865568 ----a-w- c:\windows\system32\drivers\lvuvc64.sys
2012-01-17 19:44 . 2012-01-17 19:44 769312 ----a-w- c:\windows\system32\LVUI64.dll
2012-01-17 19:44 . 2012-01-17 19:44 351136 ----a-w- c:\windows\system32\drivers\lvrs64.sys
2012-01-17 19:44 . 2012-01-17 19:44 307488 ----a-w- c:\windows\SysWow64\lvcodec2.dll
2012-01-17 19:44 . 2012-01-17 19:44 263456 ----a-w- c:\windows\system32\lvco13311044.dll
2012-01-17 19:44 . 2012-01-17 19:44 176416 ----a-w- c:\windows\system32\lvcod64.dll
2012-01-17 19:44 . 2012-01-17 19:44 336408 ----a-w- c:\windows\SysWow64\DevManagerCore.dll
2012-01-17 19:44 . 2012-01-17 19:44 336408 ----a-w- c:\windows\system32\DevManagerCore.dll
2012-01-17 19:44 . 2012-01-17 19:44 10920984 ----a-w- c:\windows\SysWow64\LogiDPP.dll
2012-01-17 19:44 . 2012-01-17 19:44 10920984 ----a-w- c:\windows\system32\LogiDPP.dll
2012-01-17 19:44 . 2012-01-17 19:44 104472 ----a-w- c:\windows\SysWow64\LogiDPPApp.exe
2012-01-17 19:44 . 2012-01-17 19:44 104472 ----a-w- c:\windows\system32\LogiDPPApp.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-05-19 284440]
"XFastUsb"="c:\program files (x86)\XFastUsb\XFastUsb.exe" [2012-02-06 4942336]
"THX TruStudio NB Settings"="c:\program files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe" [2011-05-19 909824]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-10 90112]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-02-23 4031368]
"LWS"="c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2011-11-11 205336]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-07-28 336384]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
c:\users\Shelton\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech . Product Registration.lnk - c:\program files (x86)\Common Files\logishrd\eReg\SetPoint\eReg.exe [2008-11-7 517384]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2012-2-7 1207312]
Secunia PSI Tray.lnk - c:\program files (x86)\Secunia\PSI\psi_tray.exe [2011-10-14 291896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\LUCIDL~1\VIRTU\x86\appinit_dll.dll
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-07 136176]
R2 WLMS;Windows Licensing Monitoring Service;c:\windows\system32\wlms\wlms.exe [x]
R3 FNETTBOH_305;FNETTBOH_305;c:\windows\system32\drivers\FNETTBOH_305.SYS [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-07 136176]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 FNETURPX;FNETURPX;c:\windows\system32\drivers\FNETURPX.SYS [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-05-19 13592]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe [2011-10-14 994360]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe [2011-10-14 399416]
S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-01-17 450848]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-02-22 2656280]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [x]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys [x]
S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\DRIVERS\LHidEqd.Sys [x]
S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [x]
S3 LVUVC64;Logitech QuickCam Pro 9000(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys [x]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 VirtuWDDM;VirtuWDDM;c:\windows\system32\DRIVERS\VirtuWDDM.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-07 10:03]
.
2012-03-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-07 10:03]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-02-23 16:23 135408 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-06-09 11860072]
"XFast LAN"="c:\program files\ASRock\XFast LAN\cFosSpeed.exe" [2011-07-04 1441152]
"THXCfg64"="c:\windows\system32\RunDLL32.exe" [2009-07-14 45568]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-08-31 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-08-31 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-08-31 416024]
"Logitech Download Assistant"="c:\windows\system32\rundll32.exe" [2009-07-14 45568]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 130576]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=c:\progra~1\LUCIDL~1\VIRTU\appinit_dll.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-zASRockInstantBoot - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2012-03-05 22:37:47 - machine was rebooted
ComboFix-quarantined-files.txt 2012-03-05 11:37
.
Pre-Run: 77,367,664,640 bytes free
Post-Run: 76,634,501,120 bytes free
.
- - End Of File - - 5BFE7EF30BC71093BF5A897E3BBE698C

#4 ratman

ratman

    Bleepin' gnawing at it!


  • Malware Response Team
  • 1,799 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Scotland
  • Local time:07:27 PM

Posted 05 March 2012 - 07:10 AM

Hello sh0ckker,

...it kept saying aswmbr is not a valid win32 program and wouldn't let me run it. I have 64 bit windows if thats the problem?

Hm, aswMBR should run ok on 64 bit machines.
Let's try something else:

I want you to run TDSSKiller:

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
Be sure to download TDSSKiller.exe (v2.5.9.0) from Kaspersky's website and not TDSSKiller.zip which appears to be an older version 2.3.2.2 of the tool.
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.

===================================================================================

Please run another scan with MalwareBytes (please ensure virus definitions are up to date) and post copy of log in next reply

====================================================================================



In your next reply, please copy/paste the contents of the following:
  • TDSSKiller Log
  • MBAM.Log
How is your machine behaving now?

regards, ratman

a proud member of:
Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM

If I have helped and you would like to show your appreciation you may Posted Image to the cause.



#5 sh0ckker

sh0ckker
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:04:27 AM

Posted 05 March 2012 - 05:00 PM

My machine is behaving relatively normally, avast has a notification saying that i am unprotected due to its firewall not being on, however I have windows firewall and my router firewall running. I might change back to avg after this problem is fixed.



08:05:01.0260 5392 TDSS rootkit removing tool 2.7.19.0 Mar 5 2012 11:23:39
08:05:02.0103 5392 ============================================================
08:05:02.0103 5392 Current date / time: 2012/03/06 08:05:02.0103
08:05:02.0103 5392 SystemInfo:
08:05:02.0103 5392
08:05:02.0103 5392 OS Version: 6.1.7601 ServicePack: 1.0
08:05:02.0103 5392 Product type: Workstation
08:05:02.0103 5392 ComputerName: SHELTON-PC
08:05:02.0103 5392 UserName: Shelton
08:05:02.0103 5392 Windows directory: C:\Windows
08:05:02.0103 5392 System windows directory: C:\Windows
08:05:02.0103 5392 Running under WOW64
08:05:02.0103 5392 Processor architecture: Intel x64
08:05:02.0103 5392 Number of processors: 4
08:05:02.0103 5392 Page size: 0x1000
08:05:02.0103 5392 Boot type: Normal boot
08:05:02.0103 5392 ============================================================
08:05:02.0228 5392 Drive \Device\Harddisk0\DR0 - Size: 0x1DCF856000 (119.24 Gb), SectorSize: 0x200, Cylinders: 0x3CCE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
08:05:02.0493 5392 Drive \Device\Harddisk1\DR1 - Size: 0x1D1C1116000 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
08:05:02.0508 5392 \Device\Harddisk0\DR0:
08:05:02.0508 5392 MBR used
08:05:02.0508 5392 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xEE7B000
08:05:02.0508 5392 \Device\Harddisk1\DR1:
08:05:02.0508 5392 MBR used
08:05:02.0508 5392 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x61A80000
08:05:02.0508 5392 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x61A80800, BlocksNum 0x87387000
08:05:02.0555 5392 Initialize success
08:05:02.0555 5392 ============================================================
08:05:15.0956 4400 ============================================================
08:05:15.0956 4400 Scan started
08:05:15.0956 4400 Mode: Manual;
08:05:15.0956 4400 ============================================================
08:05:16.0127 4400 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
08:05:16.0143 4400 1394ohci - ok
08:05:16.0143 4400 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
08:05:16.0158 4400 ACPI - ok
08:05:16.0158 4400 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
08:05:16.0158 4400 AcpiPmi - ok
08:05:16.0190 4400 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
08:05:16.0190 4400 adp94xx - ok
08:05:16.0205 4400 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
08:05:16.0205 4400 adpahci - ok
08:05:16.0221 4400 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
08:05:16.0221 4400 adpu320 - ok
08:05:16.0252 4400 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
08:05:16.0252 4400 AFD - ok
08:05:16.0268 4400 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
08:05:16.0268 4400 agp440 - ok
08:05:16.0283 4400 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
08:05:16.0283 4400 aliide - ok
08:05:16.0299 4400 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
08:05:16.0299 4400 amdide - ok
08:05:16.0314 4400 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
08:05:16.0314 4400 AmdK8 - ok
08:05:16.0392 4400 amdkmdag (5b03217859b014b090cb5060c1d96875) C:\Windows\system32\DRIVERS\atikmdag.sys
08:05:16.0455 4400 amdkmdag - ok
08:05:16.0455 4400 amdkmdap (35d2184a99ad4cd5d17284d6c9f382c9) C:\Windows\system32\DRIVERS\atikmpag.sys
08:05:16.0470 4400 amdkmdap - ok
08:05:16.0470 4400 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
08:05:16.0470 4400 AmdPPM - ok
08:05:16.0486 4400 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
08:05:16.0486 4400 amdsata - ok
08:05:16.0502 4400 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
08:05:16.0502 4400 amdsbs - ok
08:05:16.0517 4400 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
08:05:16.0517 4400 amdxata - ok
08:05:16.0533 4400 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
08:05:16.0533 4400 AppID - ok
08:05:16.0548 4400 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
08:05:16.0548 4400 arc - ok
08:05:16.0564 4400 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
08:05:16.0564 4400 arcsas - ok
08:05:16.0580 4400 asmthub3 (6fe3237c1177e66437e7ad0e8ac1a6e5) C:\Windows\system32\DRIVERS\asmthub3.sys
08:05:16.0580 4400 asmthub3 - ok
08:05:16.0580 4400 asmtxhci (c4043e39a2abbc56581ca25df161e9f7) C:\Windows\system32\DRIVERS\asmtxhci.sys
08:05:16.0595 4400 asmtxhci - ok
08:05:16.0595 4400 aswFsBlk (c7c69ed14a7ddecaf58e3dfd1fca6d37) C:\Windows\system32\drivers\aswFsBlk.sys
08:05:16.0595 4400 aswFsBlk - ok
08:05:16.0611 4400 aswMonFlt (ad5276449159ba8d5206c6094c764249) C:\Windows\system32\drivers\aswMonFlt.sys
08:05:16.0611 4400 aswMonFlt - ok
08:05:16.0626 4400 aswRdr (1e5ca4c89227df49c5fc779e7848ae8b) C:\Windows\System32\Drivers\aswrdr2.sys
08:05:16.0626 4400 aswRdr - ok
08:05:16.0642 4400 aswSnx (45ad1ed2a0ccd582e32b10535f5c42e9) C:\Windows\system32\drivers\aswSnx.sys
08:05:16.0658 4400 aswSnx - ok
08:05:16.0658 4400 aswSP (06fd751c1b15734e57df09614602be66) C:\Windows\system32\drivers\aswSP.sys
08:05:16.0673 4400 aswSP - ok
08:05:16.0673 4400 aswTdi (bf670f65762ff8da7615d7b80914c0f8) C:\Windows\system32\drivers\aswTdi.sys
08:05:16.0673 4400 aswTdi - ok
08:05:16.0689 4400 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
08:05:16.0689 4400 AsyncMac - ok
08:05:16.0704 4400 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
08:05:16.0704 4400 atapi - ok
08:05:16.0720 4400 AtiHDAudioService (dbb487d09f56c674430ac454fd8bcab9) C:\Windows\system32\drivers\AtihdW76.sys
08:05:16.0720 4400 AtiHDAudioService - ok
08:05:16.0751 4400 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
08:05:16.0751 4400 b06bdrv - ok
08:05:16.0767 4400 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
08:05:16.0767 4400 b57nd60a - ok
08:05:16.0782 4400 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
08:05:16.0782 4400 Beep - ok
08:05:16.0798 4400 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
08:05:16.0798 4400 blbdrive - ok
08:05:16.0814 4400 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
08:05:16.0814 4400 bowser - ok
08:05:16.0829 4400 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
08:05:16.0829 4400 BrFiltLo - ok
08:05:16.0845 4400 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
08:05:16.0845 4400 BrFiltUp - ok
08:05:16.0860 4400 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
08:05:16.0860 4400 BridgeMP - ok
08:05:16.0876 4400 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
08:05:16.0876 4400 Brserid - ok
08:05:16.0892 4400 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
08:05:16.0892 4400 BrSerWdm - ok
08:05:16.0907 4400 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
08:05:16.0907 4400 BrUsbMdm - ok
08:05:16.0907 4400 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
08:05:16.0907 4400 BrUsbSer - ok
08:05:16.0923 4400 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
08:05:16.0923 4400 BTHMODEM - ok
08:05:16.0938 4400 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
08:05:16.0938 4400 cdfs - ok
08:05:16.0954 4400 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
08:05:16.0954 4400 cdrom - ok
08:05:16.0985 4400 cFosSpeed (33b82cf69e41b38a2ec0c3cabde80d6e) C:\Windows\system32\DRIVERS\cfosspeed6.sys
08:05:17.0001 4400 cFosSpeed - ok
08:05:17.0001 4400 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
08:05:17.0016 4400 circlass - ok
08:05:17.0016 4400 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
08:05:17.0032 4400 CLFS - ok
08:05:17.0048 4400 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
08:05:17.0048 4400 CmBatt - ok
08:05:17.0048 4400 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
08:05:17.0048 4400 cmdide - ok
08:05:17.0079 4400 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
08:05:17.0079 4400 CNG - ok
08:05:17.0094 4400 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
08:05:17.0094 4400 Compbatt - ok
08:05:17.0094 4400 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
08:05:17.0110 4400 CompositeBus - ok
08:05:17.0110 4400 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
08:05:17.0110 4400 crcdisk - ok
08:05:17.0141 4400 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
08:05:17.0141 4400 CSC - ok
08:05:17.0157 4400 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
08:05:17.0157 4400 DfsC - ok
08:05:17.0172 4400 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
08:05:17.0172 4400 discache - ok
08:05:17.0188 4400 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
08:05:17.0188 4400 Disk - ok
08:05:17.0204 4400 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
08:05:17.0204 4400 drmkaud - ok
08:05:17.0219 4400 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
08:05:17.0219 4400 DXGKrnl - ok
08:05:17.0266 4400 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
08:05:17.0282 4400 ebdrv - ok
08:05:17.0297 4400 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
08:05:17.0313 4400 elxstor - ok
08:05:17.0313 4400 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
08:05:17.0313 4400 ErrDev - ok
08:05:17.0344 4400 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
08:05:17.0344 4400 exfat - ok
08:05:17.0360 4400 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
08:05:17.0360 4400 fastfat - ok
08:05:17.0375 4400 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
08:05:17.0375 4400 fdc - ok
08:05:17.0391 4400 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
08:05:17.0391 4400 FileInfo - ok
08:05:17.0406 4400 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
08:05:17.0406 4400 Filetrace - ok
08:05:17.0406 4400 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
08:05:17.0406 4400 flpydisk - ok
08:05:17.0422 4400 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
08:05:17.0438 4400 FltMgr - ok
08:05:17.0438 4400 FNETTBOH_305 (fe95ae537b41a7e2f4cfe353064dc4af) C:\Windows\system32\drivers\FNETTBOH_305.SYS
08:05:17.0438 4400 FNETTBOH_305 - ok
08:05:17.0453 4400 FNETURPX (7c3c4b4c951ec1bdfd4f769d05e2cc68) C:\Windows\system32\drivers\FNETURPX.SYS
08:05:17.0453 4400 FNETURPX - ok
08:05:17.0469 4400 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
08:05:17.0469 4400 FsDepends - ok
08:05:17.0484 4400 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
08:05:17.0484 4400 Fs_Rec - ok
08:05:17.0500 4400 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
08:05:17.0500 4400 fvevol - ok
08:05:17.0516 4400 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
08:05:17.0516 4400 gagp30kx - ok
08:05:17.0531 4400 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
08:05:17.0531 4400 hcw85cir - ok
08:05:17.0547 4400 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
08:05:17.0547 4400 HdAudAddService - ok
08:05:17.0562 4400 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
08:05:17.0562 4400 HDAudBus - ok
08:05:17.0578 4400 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
08:05:17.0578 4400 HidBatt - ok
08:05:17.0594 4400 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
08:05:17.0594 4400 HidBth - ok
08:05:17.0609 4400 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
08:05:17.0609 4400 HidIr - ok
08:05:17.0625 4400 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
08:05:17.0625 4400 HidUsb - ok
08:05:17.0640 4400 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
08:05:17.0640 4400 HpSAMD - ok
08:05:17.0656 4400 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
08:05:17.0656 4400 HTTP - ok
08:05:17.0672 4400 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
08:05:17.0672 4400 hwpolicy - ok
08:05:17.0687 4400 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
08:05:17.0687 4400 i8042prt - ok
08:05:17.0703 4400 iaStor (2fdaec4b02729c48c0fd1b0b4695995b) C:\Windows\system32\DRIVERS\iaStor.sys
08:05:17.0703 4400 iaStor - ok
08:05:17.0718 4400 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
08:05:17.0734 4400 iaStorV - ok
08:05:17.0828 4400 igfx (0d1b8c64bdf0e5cdc523a1409ffb5ef0) C:\Windows\system32\DRIVERS\igdkmd64.sys
08:05:17.0890 4400 igfx - ok
08:05:17.0906 4400 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
08:05:17.0906 4400 iirsp - ok
08:05:17.0937 4400 IntcAzAudAddService (718a4008ee5da174400396b27509ef82) C:\Windows\system32\drivers\RTKVHD64.sys
08:05:17.0952 4400 IntcAzAudAddService - ok
08:05:17.0968 4400 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
08:05:17.0968 4400 intelide - ok
08:05:17.0984 4400 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
08:05:17.0984 4400 intelppm - ok
08:05:17.0999 4400 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
08:05:17.0999 4400 IpFilterDriver - ok
08:05:18.0015 4400 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
08:05:18.0015 4400 IPMIDRV - ok
08:05:18.0030 4400 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
08:05:18.0030 4400 IPNAT - ok
08:05:18.0030 4400 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
08:05:18.0030 4400 IRENUM - ok
08:05:18.0046 4400 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
08:05:18.0046 4400 isapnp - ok
08:05:18.0062 4400 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
08:05:18.0062 4400 iScsiPrt - ok
08:05:18.0077 4400 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
08:05:18.0077 4400 kbdclass - ok
08:05:18.0093 4400 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
08:05:18.0093 4400 kbdhid - ok
08:05:18.0108 4400 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
08:05:18.0108 4400 KSecDD - ok
08:05:18.0124 4400 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
08:05:18.0124 4400 KSecPkg - ok
08:05:18.0140 4400 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
08:05:18.0140 4400 ksthunk - ok
08:05:18.0155 4400 LEqdUsb (becbd7cd46776b8739ee18061f45a581) C:\Windows\system32\DRIVERS\LEqdUsb.Sys
08:05:18.0155 4400 LEqdUsb - ok
08:05:18.0171 4400 LHidEqd (21d6bd7d62c270059eb8e2b1d4095880) C:\Windows\system32\DRIVERS\LHidEqd.Sys
08:05:18.0171 4400 LHidEqd - ok
08:05:18.0186 4400 LHidFilt (b6552d382ff070b4ed34cbd6737277c0) C:\Windows\system32\DRIVERS\LHidFilt.Sys
08:05:18.0186 4400 LHidFilt - ok
08:05:18.0186 4400 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
08:05:18.0186 4400 lltdio - ok
08:05:18.0202 4400 LMouFilt (73c1f563ab73d459dffe682d66476558) C:\Windows\system32\DRIVERS\LMouFilt.Sys
08:05:18.0202 4400 LMouFilt - ok
08:05:18.0218 4400 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
08:05:18.0233 4400 LSI_FC - ok
08:05:18.0233 4400 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
08:05:18.0233 4400 LSI_SAS - ok
08:05:18.0249 4400 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
08:05:18.0249 4400 LSI_SAS2 - ok
08:05:18.0264 4400 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
08:05:18.0264 4400 LSI_SCSI - ok
08:05:18.0280 4400 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
08:05:18.0280 4400 luafv - ok
08:05:18.0296 4400 LVRS64 (0c85b2b6fb74b36a251792d45e0ef860) C:\Windows\system32\DRIVERS\lvrs64.sys
08:05:18.0296 4400 LVRS64 - ok
08:05:18.0342 4400 LVUVC64 (ff3a488924b0032b1a9ca6948c1fa9e8) C:\Windows\system32\DRIVERS\lvuvc64.sys
08:05:18.0358 4400 LVUVC64 - ok
08:05:18.0374 4400 MBAMProtector (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys
08:05:18.0374 4400 MBAMProtector - ok
08:05:18.0389 4400 MBfilt (8ff2d95cba49b405c5de27039ff0bf35) C:\Windows\system32\drivers\MBfilt64.sys
08:05:18.0389 4400 MBfilt - ok
08:05:18.0405 4400 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
08:05:18.0405 4400 megasas - ok
08:05:18.0420 4400 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
08:05:18.0420 4400 MegaSR - ok
08:05:18.0436 4400 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys
08:05:18.0436 4400 MEIx64 - ok
08:05:18.0452 4400 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
08:05:18.0452 4400 Modem - ok
08:05:18.0467 4400 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
08:05:18.0467 4400 monitor - ok
08:05:18.0467 4400 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
08:05:18.0467 4400 mouclass - ok
08:05:18.0483 4400 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
08:05:18.0483 4400 mouhid - ok
08:05:18.0498 4400 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
08:05:18.0498 4400 mountmgr - ok
08:05:18.0514 4400 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
08:05:18.0514 4400 mpio - ok
08:05:18.0530 4400 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
08:05:18.0530 4400 mpsdrv - ok
08:05:18.0545 4400 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
08:05:18.0545 4400 MRxDAV - ok
08:05:18.0561 4400 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
08:05:18.0561 4400 mrxsmb - ok
08:05:18.0576 4400 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
08:05:18.0576 4400 mrxsmb10 - ok
08:05:18.0576 4400 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
08:05:18.0592 4400 mrxsmb20 - ok
08:05:18.0592 4400 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
08:05:18.0592 4400 msahci - ok
08:05:18.0608 4400 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
08:05:18.0608 4400 msdsm - ok
08:05:18.0623 4400 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
08:05:18.0623 4400 Msfs - ok
08:05:18.0639 4400 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
08:05:18.0639 4400 mshidkmdf - ok
08:05:18.0654 4400 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
08:05:18.0654 4400 msisadrv - ok
08:05:18.0670 4400 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
08:05:18.0670 4400 MSKSSRV - ok
08:05:18.0686 4400 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
08:05:18.0686 4400 MSPCLOCK - ok
08:05:18.0701 4400 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
08:05:18.0701 4400 MSPQM - ok
08:05:18.0717 4400 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
08:05:18.0717 4400 MsRPC - ok
08:05:18.0732 4400 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
08:05:18.0732 4400 mssmbios - ok
08:05:18.0748 4400 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
08:05:18.0748 4400 MSTEE - ok
08:05:18.0748 4400 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
08:05:18.0748 4400 MTConfig - ok
08:05:18.0764 4400 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
08:05:18.0764 4400 Mup - ok
08:05:18.0779 4400 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
08:05:18.0795 4400 NativeWifiP - ok
08:05:18.0810 4400 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
08:05:18.0826 4400 NDIS - ok
08:05:18.0842 4400 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
08:05:18.0842 4400 NdisCap - ok
08:05:18.0857 4400 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
08:05:18.0857 4400 NdisTapi - ok
08:05:18.0857 4400 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
08:05:18.0873 4400 Ndisuio - ok
08:05:18.0873 4400 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
08:05:18.0873 4400 NdisWan - ok
08:05:18.0888 4400 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
08:05:18.0888 4400 NDProxy - ok
08:05:18.0904 4400 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
08:05:18.0904 4400 NetBIOS - ok
08:05:18.0920 4400 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
08:05:18.0920 4400 NetBT - ok
08:05:18.0935 4400 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
08:05:18.0951 4400 nfrd960 - ok
08:05:18.0951 4400 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
08:05:18.0951 4400 Npfs - ok
08:05:18.0966 4400 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
08:05:18.0966 4400 nsiproxy - ok
08:05:18.0998 4400 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
08:05:19.0013 4400 Ntfs - ok
08:05:19.0029 4400 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
08:05:19.0029 4400 Null - ok
08:05:19.0044 4400 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
08:05:19.0044 4400 nvraid - ok
08:05:19.0060 4400 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
08:05:19.0060 4400 nvstor - ok
08:05:19.0076 4400 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
08:05:19.0076 4400 nv_agp - ok
08:05:19.0091 4400 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
08:05:19.0091 4400 ohci1394 - ok
08:05:19.0107 4400 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
08:05:19.0107 4400 Parport - ok
08:05:19.0122 4400 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
08:05:19.0122 4400 partmgr - ok
08:05:19.0138 4400 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
08:05:19.0138 4400 pci - ok
08:05:19.0154 4400 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
08:05:19.0154 4400 pciide - ok
08:05:19.0154 4400 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
08:05:19.0169 4400 pcmcia - ok
08:05:19.0169 4400 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
08:05:19.0185 4400 pcw - ok
08:05:19.0200 4400 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
08:05:19.0200 4400 PEAUTH - ok
08:05:19.0232 4400 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
08:05:19.0232 4400 PptpMiniport - ok
08:05:19.0247 4400 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
08:05:19.0247 4400 Processor - ok
08:05:19.0263 4400 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
08:05:19.0263 4400 Psched - ok
08:05:19.0278 4400 PSI (fb46e9a827a8799ebd7bfa9128c91f37) C:\Windows\system32\DRIVERS\psi_mf.sys
08:05:19.0278 4400 PSI - ok
08:05:19.0294 4400 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
08:05:19.0310 4400 ql2300 - ok
08:05:19.0325 4400 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
08:05:19.0325 4400 ql40xx - ok
08:05:19.0341 4400 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
08:05:19.0341 4400 QWAVEdrv - ok
08:05:19.0356 4400 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
08:05:19.0356 4400 RasAcd - ok
08:05:19.0372 4400 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
08:05:19.0372 4400 RasAgileVpn - ok
08:05:19.0388 4400 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
08:05:19.0388 4400 Rasl2tp - ok
08:05:19.0403 4400 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
08:05:19.0403 4400 RasPppoe - ok
08:05:19.0419 4400 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
08:05:19.0419 4400 RasSstp - ok
08:05:19.0434 4400 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
08:05:19.0434 4400 rdbss - ok
08:05:19.0450 4400 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
08:05:19.0450 4400 rdpbus - ok
08:05:19.0466 4400 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
08:05:19.0466 4400 RDPCDD - ok
08:05:19.0481 4400 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
08:05:19.0481 4400 RDPDR - ok
08:05:19.0481 4400 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
08:05:19.0497 4400 RDPENCDD - ok
08:05:19.0497 4400 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
08:05:19.0497 4400 RDPREFMP - ok
08:05:19.0512 4400 RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys
08:05:19.0512 4400 RdpVideoMiniport - ok
08:05:19.0528 4400 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
08:05:19.0544 4400 RDPWD - ok
08:05:19.0544 4400 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
08:05:19.0559 4400 rdyboost - ok
08:05:19.0575 4400 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
08:05:19.0575 4400 rspndr - ok
08:05:19.0590 4400 RTL8167 (f4c374b1c46de294b573bb43723ac3f6) C:\Windows\system32\DRIVERS\Rt64win7.sys
08:05:19.0590 4400 RTL8167 - ok
08:05:19.0606 4400 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
08:05:19.0606 4400 s3cap - ok
08:05:19.0622 4400 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
08:05:19.0622 4400 sbp2port - ok
08:05:19.0637 4400 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
08:05:19.0637 4400 scfilter - ok
08:05:19.0653 4400 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
08:05:19.0653 4400 secdrv - ok
08:05:19.0668 4400 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
08:05:19.0668 4400 Serenum - ok
08:05:19.0684 4400 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
08:05:19.0684 4400 Serial - ok
08:05:19.0700 4400 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
08:05:19.0700 4400 sermouse - ok
08:05:19.0715 4400 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
08:05:19.0715 4400 sffdisk - ok
08:05:19.0731 4400 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
08:05:19.0731 4400 sffp_mmc - ok
08:05:19.0746 4400 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
08:05:19.0746 4400 sffp_sd - ok
08:05:19.0762 4400 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
08:05:19.0762 4400 sfloppy - ok
08:05:19.0778 4400 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
08:05:19.0778 4400 SiSRaid2 - ok
08:05:19.0793 4400 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
08:05:19.0793 4400 SiSRaid4 - ok
08:05:19.0809 4400 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
08:05:19.0809 4400 Smb - ok
08:05:19.0824 4400 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
08:05:19.0824 4400 spldr - ok
08:05:19.0840 4400 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
08:05:19.0856 4400 srv - ok
08:05:19.0856 4400 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
08:05:19.0871 4400 srv2 - ok
08:05:19.0887 4400 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
08:05:19.0887 4400 srvnet - ok
08:05:19.0902 4400 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
08:05:19.0902 4400 stexstor - ok
08:05:19.0918 4400 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
08:05:19.0918 4400 storflt - ok
08:05:19.0934 4400 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
08:05:19.0934 4400 storvsc - ok
08:05:19.0949 4400 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
08:05:19.0949 4400 swenum - ok
08:05:19.0949 4400 Synth3dVsc - ok
08:05:19.0980 4400 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
08:05:19.0996 4400 Tcpip - ok
08:05:20.0027 4400 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
08:05:20.0027 4400 TCPIP6 - ok
08:05:20.0043 4400 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
08:05:20.0058 4400 tcpipreg - ok
08:05:20.0074 4400 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
08:05:20.0074 4400 TDPIPE - ok
08:05:20.0074 4400 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
08:05:20.0090 4400 TDTCP - ok
08:05:20.0090 4400 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
08:05:20.0105 4400 tdx - ok
08:05:20.0105 4400 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
08:05:20.0121 4400 TermDD - ok
08:05:20.0136 4400 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
08:05:20.0136 4400 tssecsrv - ok
08:05:20.0152 4400 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
08:05:20.0152 4400 TsUsbFlt - ok
08:05:20.0168 4400 tsusbhub - ok
08:05:20.0183 4400 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
08:05:20.0183 4400 tunnel - ok
08:05:20.0199 4400 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
08:05:20.0199 4400 uagp35 - ok
08:05:20.0214 4400 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
08:05:20.0214 4400 udfs - ok
08:05:20.0230 4400 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
08:05:20.0230 4400 uliagpkx - ok
08:05:20.0246 4400 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
08:05:20.0246 4400 umbus - ok
08:05:20.0261 4400 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
08:05:20.0261 4400 UmPass - ok
08:05:20.0277 4400 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
08:05:20.0277 4400 usbaudio - ok
08:05:20.0292 4400 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
08:05:20.0292 4400 usbccgp - ok
08:05:20.0308 4400 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
08:05:20.0308 4400 usbcir - ok
08:05:20.0324 4400 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
08:05:20.0324 4400 usbehci - ok
08:05:20.0339 4400 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
08:05:20.0339 4400 usbhub - ok
08:05:20.0355 4400 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
08:05:20.0355 4400 usbohci - ok
08:05:20.0370 4400 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
08:05:20.0370 4400 usbprint - ok
08:05:20.0386 4400 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
08:05:20.0386 4400 usbscan - ok
08:05:20.0402 4400 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
08:05:20.0402 4400 USBSTOR - ok
08:05:20.0417 4400 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
08:05:20.0417 4400 usbuhci - ok
08:05:20.0433 4400 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
08:05:20.0433 4400 vdrvroot - ok
08:05:20.0448 4400 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
08:05:20.0448 4400 vga - ok
08:05:20.0448 4400 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
08:05:20.0464 4400 VgaSave - ok
08:05:20.0464 4400 VGPU - ok
08:05:20.0480 4400 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
08:05:20.0480 4400 vhdmp - ok
08:05:20.0495 4400 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
08:05:20.0495 4400 viaide - ok
08:05:20.0511 4400 VirtuWDDM (d7d9e7c0c64350259c355efe37ad9ce6) C:\Windows\system32\DRIVERS\VirtuWDDM.sys
08:05:20.0511 4400 VirtuWDDM - ok
08:05:20.0526 4400 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
08:05:20.0526 4400 vmbus - ok
08:05:20.0542 4400 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
08:05:20.0542 4400 VMBusHID - ok
08:05:20.0558 4400 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
08:05:20.0558 4400 volmgr - ok
08:05:20.0573 4400 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
08:05:20.0573 4400 volmgrx - ok
08:05:20.0589 4400 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
08:05:20.0589 4400 volsnap - ok
08:05:20.0604 4400 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
08:05:20.0604 4400 vsmraid - ok
08:05:20.0620 4400 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
08:05:20.0620 4400 vwifibus - ok
08:05:20.0636 4400 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
08:05:20.0636 4400 WacomPen - ok
08:05:20.0651 4400 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
08:05:20.0651 4400 WANARP - ok
08:05:20.0651 4400 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
08:05:20.0651 4400 Wanarpv6 - ok
08:05:20.0682 4400 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
08:05:20.0682 4400 Wd - ok
08:05:20.0682 4400 WDC_SAM (a3d04ebf5227886029b4532f20d026f7) C:\Windows\system32\DRIVERS\wdcsam64.sys
08:05:20.0698 4400 WDC_SAM - ok
08:05:20.0714 4400 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
08:05:20.0714 4400 Wdf01000 - ok
08:05:20.0729 4400 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
08:05:20.0729 4400 WfpLwf - ok
08:05:20.0745 4400 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
08:05:20.0745 4400 WIMMount - ok
08:05:20.0776 4400 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
08:05:20.0776 4400 WmiAcpi - ok
08:05:20.0792 4400 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
08:05:20.0792 4400 ws2ifsl - ok
08:05:20.0823 4400 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
08:05:20.0823 4400 WudfPf - ok
08:05:20.0838 4400 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
08:05:20.0838 4400 WUDFRd - ok
08:05:20.0838 4400 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
08:05:20.0838 4400 \Device\Harddisk0\DR0 - ok
08:05:20.0838 4400 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1
08:05:20.0916 4400 \Device\Harddisk1\DR1 - ok
08:05:20.0932 4400 Boot (0x1200) (47ea6ab89dbe1f0b5d42e8b11f48791e) \Device\Harddisk0\DR0\Partition0
08:05:20.0932 4400 \Device\Harddisk0\DR0\Partition0 - ok
08:05:20.0932 4400 Boot (0x1200) (e13284340eb19232879bb18d8bdb708e) \Device\Harddisk1\DR1\Partition0
08:05:20.0932 4400 \Device\Harddisk1\DR1\Partition0 - ok
08:05:20.0932 4400 Boot (0x1200) (5de02161fbb5cb4db8287c9dc16b90b5) \Device\Harddisk1\DR1\Partition1
08:05:20.0932 4400 \Device\Harddisk1\DR1\Partition1 - ok
08:05:20.0932 4400 ============================================================
08:05:20.0932 4400 Scan finished
08:05:20.0932 4400 ============================================================
08:05:20.0948 1304 Detected object count: 0
08:05:20.0948 1304 Actual detected object count: 0
08:06:53.0646 3208 Deinitialize success


Malwarebytes Anti-Malware (Trial) 1.60.1.1000
www.malwarebytes.org

Database version: v2012.03.05.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Shelton :: SHELTON-PC [administrator]

Protection: Enabled

6/03/2012 8:12:50 AM
mbam-log-2012-03-06 (08-12-50).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 429502
Time elapsed: 26 minute(s), 49 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#6 ratman

ratman

    Bleepin' gnawing at it!


  • Malware Response Team
  • 1,799 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Scotland
  • Local time:07:27 PM

Posted 05 March 2012 - 07:48 PM

Hello sh0ckker,

...avast has a notification saying that i am unprotected due to its firewall not being on, however I have windows firewall and my router firewall running.

You are protected by your router firewall. If the Avast notification is a problem I would try uninstall using Avast Uninstall Utility and reinstalling Avast.

Things are looking good here.

I'd like us to scan your machine with ESET OnlineScan
  • Right click on the following link and open ESET OnlineScan in a new window.ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


In your next reply, please copy/paste the contents of the following:
  • ESETScan
How is your machine running now? Are you having any issues?

regards, ratman

a proud member of:
Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM

If I have helped and you would like to show your appreciation you may Posted Image to the cause.



#7 sh0ckker

sh0ckker
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:04:27 AM

Posted 06 March 2012 - 03:52 AM

Hi Ratman,

I ran eset scanner and it finished with "no threats found" and did not give me an option of making a text file to paste, just went straight to a screen offering the product to purchase or 30 day trial.

In regards to my computer, i haven't had any issues that i would consider unusual, I have just been spooked by the possibility that something dangerous may have inserted itself within the computer without my knowledge and with the possibility that it would not be found using the conventional scanning products I mentioned at the start (ccleaner, malwarebytes, spybot in addition to avast and windows own preventative measures).

I also have 2 other computers (in addition to this infected one) attached to the same network, would these have the possibility of infection, being connected?
I also visited isohunt (not learning my lesson!) after the current computer got the screen of windows secure kit 201? and this second computer (laptop) also briefly showed the same thing, I managed to close the window before anything came up on screen. I saw the web address suddenly change and closed down immediately. Should I follow the same procedure you have walked me through with the laptop as well?

My question is-is the virus/malware/spyware/infection already on the computer when these screens come up or is the website (in this case isohunt) someway infected? And so does the computer user have to click on the "fake" webpage (windows secure kit in this instant) to activate the infection?

Thanks again for all of your assistance

#8 ratman

ratman

    Bleepin' gnawing at it!


  • Malware Response Team
  • 1,799 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Scotland
  • Local time:07:27 PM

Posted 06 March 2012 - 07:14 AM

Hello sh0ckker,

I also have 2 other computers (in addition to this infected one) attached to the same network, would these have the possibility of infection, being connected?

As it would appear that no infection has been found, nothing malicious will have been transferred at this time. As a rule of thumb, in finding a malware problem with a networked pc - isolate it from the network asap.

Should I follow the same procedure you have walked me through with the laptop as well?

I would just run a scan with your AV software, MBAM and ESET. If any symptoms arise start another topic here. Please Never run ComboFix without supervision of Malware Response Team member. This is a very powerful tool which if used inappropriately could render a machine totally useless.

My question is-is the virus/malware/spyware/infection already on the computer when these screens come up or is the website (in this case isohunt) someway infected?

In this case it would appear that the website is affected and you were not as you closed the window immediately.

=======================================================================================

Good work - your computer is clean :thumbsup:

Just a couple of housekeeping tasks now.

We need to delete ComboFix:

Please rename ComboFix.exe (right click ComboFix and select Rename) to Uninstall.exe and double click on it.

====================================================================================

Except for Malwarebytes, you can simply delete all other tools we used as they don't un-install.


Things to do to stay safe:

  • Make sure Windows Updates (including Internet Explorer) are current. Follow instructions here
  • Run Malwarebytes "Quick scan" once in a week to assure safety of your computer.
  • Download and install Secunia Personal Software Inspector (PSI): The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.
  • When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.
  • Read How did I get infected?, With steps so it does not happen again!

Happy and safe surfing!


Can you reply to say whether you have any more issues or not. If not we can close this topic.
regards, ratman

a proud member of:
Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM

If I have helped and you would like to show your appreciation you may Posted Image to the cause.



#9 sh0ckker

sh0ckker
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:04:27 AM

Posted 07 March 2012 - 06:47 AM

Thanks ratman for your assistance, computer seems all back to normal. Will take a look at all of the other information you have provided.

Regards.

#10 ratman

ratman

    Bleepin' gnawing at it!


  • Malware Response Team
  • 1,799 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Scotland
  • Local time:07:27 PM

Posted 07 March 2012 - 07:17 AM

You are welcome :thumbup2:
regards, ratman

a proud member of:
Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM

If I have helped and you would like to show your appreciation you may Posted Image to the cause.



#11 ratman

ratman

    Bleepin' gnawing at it!


  • Malware Response Team
  • 1,799 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Scotland
  • Local time:07:27 PM

Posted 07 March 2012 - 07:17 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
regards, ratman

a proud member of:
Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM

If I have helped and you would like to show your appreciation you may Posted Image to the cause.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users