Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

system check and browser redirect issues


  • This topic is locked This topic is locked
22 replies to this topic

#1 seankobuk

seankobuk

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:08:53 PM

Posted 21 March 2012 - 08:41 AM

EDIT:MOVED to Virus,Trojan and Malware Removal Logs ~~boopme

Last night I started seeing the system check virus (multiple error screens, system check fake scanner, disappearing desktop icons and programs). I did a system restore and that seemed to remove these behaviors. Then I ran unhide.exe. Next I started seeing browser redirects when clicking on google search results. I ran Mbam and it found 3 files and removed them. A second scan did not find anything. Superantispyware found many tracking cookies and they were removed. I haven't rescanned with Superantispyware. I tried uninstalling chrome but when I went to download it again the url is being redirected to multiple urls and then landing on a fake download chrome page. I've exhausted all the methods I know of and now need some assistance tracking down whatever is still infecting this pc. Thanks!

Another computer that shares my home network recently had the searchqu virus and browser redirects but that machine is now clean thanks to one of the experts here.

Below is the DDS log.

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_22
Run by Sean K at 9:17:05 on 2012-03-21
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.6055.3497 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Elantech\ETDCtrlHelper.exe
C:\Windows\System32\firefaceusb.exe
C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\System32\TotalMixFX.exe
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Reader.exe
C:\Windows\splwow64.exe
C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\REGSVR32.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe,
BHO: FDMIECookiesBHO Class: {cc59e0f9-7e43-44fa-9faa-8377850bf205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
EB: Developer Tools: {1a6fe369-f28c-4ad9-a3e6-2bcb50807cf1} - C:\Program Files (x86)\Internet Explorer\iedvtool.dll
uRun: [Google Update] "C:\Users\Sean K\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Spotify] "C:\Users\Sean K\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
mRun: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
mRun: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
mRun: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
StartupFolder: C:\Users\SEANK~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Download all with Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dlall.htm
IE: Download selected with Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dlselected.htm
IE: Download video with Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dlfvideo.htm
IE: Download with Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dllink.htm
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{9D182374-C6B3-4218-954C-B4F962CEB0EB} : DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{EBF2C8BD-1517-421C-A0FF-471E10546515} : DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{EBF2C8BD-1517-421C-A0FF-471E10546515}\74F425745435F5D4F62696C656F544566756C6F607D656E647 : DhcpNameServer = 208.67.222.222 208.67.220.220 66.152.117.198
TCP: Interfaces\{EBF2C8BD-1517-421C-A0FF-471E10546515}\7657563747 : DhcpNameServer = 208.67.222.222 208.67.220.220
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll
BHO-X64: FDMIECookiesBHO Class: {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
EB-X64: {1A6FE369-F28C-4AD9-A3E6-2BCB50807CF1} - No File
mRun-x64: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
mRun-x64: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
mRun-x64: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
mRun-x64: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
AppInit_DLLs-X64: C:\Windows\SysWOW64\nvinit.dll
Hosts: 192.168.93.14 www.flytac.test
Hosts: 192.168.1.100 jack.local
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Sean K\AppData\Roaming\Mozilla\Firefox\Profiles\lm6l5og1.default\
FF - prefs.js: browser.startup.homepage - hxxp://google.com
FF - component: C:\Program Files (x86)\Free Download Manager\Firefox\Extension\components\vmsfdmff.dll
FF - component: C:\Users\Sean K\AppData\Roaming\Mozilla\Firefox\Profiles\lm6l5og1.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}\platform\WINNT\components\ColorZilla.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Users\Sean K\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
============= SERVICES / DRIVERS ===============
.
R0 nvpciflt;nvpciflt;C:\Windows\system32\DRIVERS\nvpciflt.sys --> C:\Windows\system32\DRIVERS\nvpciflt.sys [?]
R0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);C:\Windows\system32\DRIVERS\tdrpm273.sys --> C:\Windows\system32\DRIVERS\tdrpm273.sys [?]
R1 ATKWMIACPIIO;ATKWMIACPI Driver;C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2011-5-25 17536]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]
R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672]
R2 afcdpsrv;Acronis Nonstop Backup Service;C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2012-3-20 3246040]
R2 ASMMAP64;ASMMAP64;C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-7-2 15416]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-12-17 2009704]
R3 afcdp;afcdp;C:\Windows\system32\DRIVERS\afcdp.sys --> C:\Windows\system32\DRIVERS\afcdp.sys [?]
R3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\system32\DRIVERS\asmthub3.sys --> C:\Windows\system32\DRIVERS\asmthub3.sys [?]
R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\system32\DRIVERS\asmtxhci.sys --> C:\Windows\system32\DRIVERS\asmtxhci.sys [?]
R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\system32\DRIVERS\ETD.sys --> C:\Windows\system32\DRIVERS\ETD.sys [?]
R3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETwNs64.sys --> C:\Windows\system32\DRIVERS\NETwNs64.sys [?]
R3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-2-15 158856]
S3 dmvsc;dmvsc;C:\Windows\system32\drivers\dmvsc.sys --> C:\Windows\system32\drivers\dmvsc.sys [?]
S3 firefaceu64;RME Fireface USB Audio Device;C:\Windows\system32\drivers\fireface_usb_64.sys --> C:\Windows\system32\drivers\fireface_usb_64.sys [?]
S3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2011-5-2 340240]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]
S3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUVStor.sys --> C:\Windows\system32\Drivers\RtsUVStor.sys [?]
S3 Synth3dVsc;Synth3dVsc;C:\Windows\system32\drivers\synth3dvsc.sys --> C:\Windows\system32\drivers\synth3dvsc.sys [?]
S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\system32\drivers\terminpt.sys --> C:\Windows\system32\drivers\terminpt.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 tsusbhub;tsusbhub;C:\Windows\system32\drivers\tsusbhub.sys --> C:\Windows\system32\drivers\tsusbhub.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?]
.
=============== Created Last 30 ================
.
2012-03-21 13:08:41 -------- d-----w- C:\av
2012-03-21 12:32:49 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{898802AD-06D2-4358-A021-823C51B26E61}\offreg.dll
2012-03-21 03:08:15 -------- d-----w- C:\Users\Sean K\AppData\Roaming\Malwarebytes
2012-03-21 03:08:04 -------- d-----w- C:\ProgramData\Malwarebytes
2012-03-21 03:08:03 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-03-21 03:06:54 -------- d-----w- C:\Users\Sean K\AppData\Roaming\SUPERAntiSpyware.com
2012-03-21 03:06:18 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2012-03-21 03:06:18 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2012-03-21 02:58:15 285280 ----a-w- C:\Windows\System32\drivers\afcdp.sys
2012-03-21 02:58:08 1263200 ----a-w- C:\Windows\System32\drivers\tdrpm273.sys
2012-03-21 02:58:01 943712 ----a-w- C:\Windows\System32\drivers\timntr.sys
2012-03-21 02:57:50 277088 ----a-w- C:\Windows\System32\drivers\snapman.sys
2012-03-21 02:53:15 8669240 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{898802AD-06D2-4358-A021-823C51B26E61}\mpengine.dll
2012-03-20 03:21:19 -------- d-----w- C:\Program Files (x86)\Toontrack
2012-03-17 01:47:05 -------- d-----w- C:\Program Files (x86)\PSPaudioware
2012-03-17 01:45:54 -------- d-----w- C:\Program Files\PSPaudioware
2012-03-17 01:45:11 7629824 ----a-w- C:\Windows\SysWow64\PSP preQursor.dll
2012-03-17 01:45:11 5126144 ----a-w- C:\Windows\SysWow64\PSP RetroQ.dll
2012-03-17 01:45:10 9474048 ----a-w- C:\Windows\SysWow64\PSP ClassicQex.dll
2012-03-17 01:45:10 3873792 ----a-w- C:\Windows\SysWow64\PSP ConsoleQ.dll
2012-03-17 01:45:10 3620352 ----a-w- C:\Windows\SysWow64\PSP ClassicQ.dll
2012-03-16 18:41:49 -------- d-----w- C:\Users\Sean K\AppData\Local\Apple Computer
2012-03-16 18:41:44 34152 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys
2012-03-16 18:41:44 126312 ----a-w- C:\Windows\System32\GEARAspi64.dll
2012-03-16 18:41:44 107368 ----a-w- C:\Windows\SysWow64\GEARAspi.dll
2012-03-16 18:41:24 -------- d-----w- C:\Program Files\iPod
2012-03-16 18:41:23 -------- d-----w- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2012-03-16 18:41:23 -------- d-----w- C:\Program Files\iTunes
2012-03-16 18:41:23 -------- d-----w- C:\Program Files (x86)\iTunes
2012-03-16 18:40:49 -------- d-----w- C:\Users\Sean K\AppData\Local\Apple
2012-03-16 18:40:07 -------- d-----w- C:\Program Files\Bonjour
2012-03-16 18:40:07 -------- d-----w- C:\Program Files (x86)\Bonjour
2012-03-14 13:28:31 3145728 ----a-w- C:\Windows\System32\win32k.sys
2012-03-14 13:28:31 1544192 ----a-w- C:\Windows\System32\DWrite.dll
2012-03-14 13:28:31 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-03-14 13:28:25 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-03-14 13:28:25 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-03-14 13:28:25 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-03-14 13:28:19 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-03-14 13:28:19 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-03-14 13:28:19 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-03-14 13:28:19 1112064 ----a-w- C:\Windows\System32\rdpcorets.dll
2012-03-14 13:28:19 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-03-07 03:39:52 -------- d-----w- C:\Sandbox
2012-02-29 17:46:48 -------- d-----r- C:\Program Files (x86)\Skype
2012-02-25 02:51:23 61440 ----a-w- C:\Windows\SysWow64\NI_DFD_1_5.dll
2012-02-25 02:51:23 393216 ----a-w- C:\Windows\SysWow64\NI_IRC_1_2.dll
2012-02-25 02:51:23 2045952 ----a-w- C:\Windows\SysWow64\bconvert.dll
2012-02-25 02:51:17 -------- d-----w- C:\Program Files (x86)\Native Instruments
2012-02-22 03:38:25 -------- d-----w- C:\Users\Sean K\AppData\Roaming\KORG
2012-02-22 03:37:51 -------- d-----w- C:\ProgramData\KORG
2012-02-22 03:37:50 -------- d-----w- C:\Program Files (x86)\KORG
2012-02-22 03:37:50 -------- d-----w- C:\Program Files (x86)\Common Files\KORG
.
==================== Find3M ====================
.
2012-03-11 13:10:45 1674 ----a-w- C:\Windows\SysWow64\privatedata.dll
2012-03-11 13:10:42 16 ----a-w- C:\Windows\SysWow64\msvcsv60.dll
2012-02-20 03:39:04 578560 ----a-w- C:\Program Files\uninstall.exe
2012-02-20 03:34:35 1700352 ----a-w- C:\Windows\SysWow64\gdiplus.dll
2012-02-20 03:34:35 1060864 ----a-w- C:\Windows\SysWow64\mfc71.dll
2012-02-02 04:27:10 283200 ----a-w- C:\Windows\System32\drivers\dtsoftbus01.sys
2012-01-31 17:07:13 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-01-31 12:44:20 279656 ------w- C:\Windows\System32\MpSigStub.exe
2012-01-17 17:02:08 101632 ----a-w- C:\Windows\System32\drivers\fireface_usb_64.sys
2012-01-17 17:02:06 29696 ----a-w- C:\Windows\System32\fireface_usb_asio_64.dll
2012-01-17 16:54:44 91648 ----a-w- C:\Windows\SysWow64\firefaceusb.exe
2012-01-17 16:54:44 91648 ----a-w- C:\Windows\System32\firefaceusb.exe
2012-01-17 16:54:42 83328 ----a-w- C:\Windows\System32\drivers\fireface_usb.sys
2012-01-17 16:54:40 27648 ----a-w- C:\Windows\SysWow64\fireface_usb_asio.dll
2012-01-17 16:54:40 27648 ----a-w- C:\Windows\System32\fireface_usb_asio.dll
2012-01-17 14:59:30 3686400 ----a-w- C:\Windows\System32\TotalMixFX.exe
2011-12-28 03:59:24 498688 ----a-w- C:\Windows\System32\drivers\afd.sys
.
============= FINISH: 9:24:07.55 ===============

Edited by boopme, 21 March 2012 - 09:38 AM.


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:53 PM

Posted 22 March 2012 - 02:59 AM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

1.Do not run any other tool untill instructed to do so!
doing so will only at best cause you unneeded worry as it finds our backups and may even list our tools
and at worst can cause conficts with our tools and lead to unforseen things to happen2.Please Do not Attach logs or put in code boxes.
besides the time it takes me to open the reports it makes it harder to find something if I need to go back to do more research and putting them in code boxes just makes them so hard to read3. After each step give me a little feedback
It does not need to be long but just something so I know how things are going it can be something like
I am still getting redirected
The computer is running as it should
Don't put things like - it is the same as before or still the same this just makes me go back and look for you last feedback as to how things are4. read every post completely before doing anything
Pay special attention to the Notes** I have put in
These are things I have found that happen allot and can be taken care of easily just by reading the Notes**

Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.


Backup any files that cannot be replaced

If you have not done it yet spend a few minutes to backup any files that cannot be replaced. Removing malware can be unpredictable and this may save you and me allot of grief later.

You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

you may want to backup the whole harddrive there is some good info in the Preparation Guide on how to make full backups and how to restore it back if something goes wrong. Read the tutorial and print it out so you will know what to do in case the unforeseen happens.

When you have the files backed up you may do the following.


Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:53 PM

Posted 24 March 2012 - 11:33 PM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#4 seankobuk

seankobuk
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:08:53 PM

Posted 26 March 2012 - 06:59 AM

Hi, sorry for the delay. I thought I had set my account to send me emails when I received a reply. I'll run the scan tonight and post the results. Thanks.

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:53 PM

Posted 26 March 2012 - 07:50 AM

very good I will see you later


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 seankobuk

seankobuk
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:08:53 PM

Posted 27 March 2012 - 01:34 PM

Ran ComboFix. Looks like it deleted a few things. Laptop seems to be running fine.


ComboFix log below:



ComboFix 12-03-26.02 - Sean K 03/26/2012 23:15:03.1.8 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.6055.4179 [GMT -4:00]
Running from: c:\users\Sean K\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Uninstall.exe
c:\programdata\~oo3iDYjqI6K1By
c:\programdata\~oo3iDYjqI6K1Byr
c:\programdata\oo3iDYjqI6K1By
c:\programdata\Roaming
c:\users\Sean K\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check
c:\windows\SysWow64\msvcsv60.dll
D:\setup.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-02-27 to 2012-03-27 )))))))))))))))))))))))))))))))
.
.
2012-03-26 22:19 . 2012-03-14 03:27 8669240 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8F57903B-33AB-4677-94F3-F1BD5F685912}\mpengine.dll
2012-03-21 16:05 . 2012-03-21 16:05 592824 ----a-w- c:\program files (x86)\Mozilla Firefox\gkmedias.dll
2012-03-21 16:05 . 2012-03-21 16:05 44472 ----a-w- c:\program files (x86)\Mozilla Firefox\mozglue.dll
2012-03-21 16:02 . 2012-03-21 16:02 -------- d-----w- C:\TDSSKiller_Quarantine
2012-03-21 13:08 . 2012-03-21 13:09 -------- d-----w- C:\av
2012-03-21 03:08 . 2012-03-21 03:08 -------- d-----w- c:\users\Sean K\AppData\Roaming\Malwarebytes
2012-03-21 03:08 . 2012-03-21 03:08 -------- d-----w- c:\programdata\Malwarebytes
2012-03-21 03:08 . 2012-03-21 03:08 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-03-21 03:06 . 2012-03-21 03:06 -------- d-----w- c:\users\Sean K\AppData\Roaming\SUPERAntiSpyware.com
2012-03-21 03:06 . 2012-03-21 03:06 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-03-21 03:06 . 2012-03-21 03:06 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-03-21 02:58 . 2012-03-21 02:58 285280 ----a-w- c:\windows\system32\drivers\afcdp.sys
2012-03-21 02:58 . 2012-03-21 02:58 1263200 ----a-w- c:\windows\system32\drivers\tdrpm273.sys
2012-03-21 02:58 . 2012-03-21 02:58 943712 ----a-w- c:\windows\system32\drivers\timntr.sys
2012-03-21 02:57 . 2012-03-21 02:57 277088 ----a-w- c:\windows\system32\drivers\snapman.sys
2012-03-21 02:57 . 2012-03-21 02:58 -------- d-----w- c:\program files (x86)\Common Files\Acronis
2012-03-21 02:57 . 2012-03-21 02:57 -------- d-----w- c:\program files (x86)\Acronis
2012-03-21 02:11 . 2012-03-21 02:39 -------- d-----w- c:\users\basic
2012-03-20 03:21 . 2012-03-20 03:21 -------- d-----w- c:\program files (x86)\Toontrack
2012-03-17 01:47 . 2012-03-21 02:34 -------- d-----w- c:\program files (x86)\PSPaudioware
2012-03-17 01:45 . 2012-03-21 02:35 -------- d-----w- c:\program files\PSPaudioware
2012-03-17 01:45 . 2012-03-17 01:45 7629824 ----a-w- c:\windows\SysWow64\PSP preQursor.dll
2012-03-17 01:45 . 2012-03-17 01:45 5126144 ----a-w- c:\windows\SysWow64\PSP RetroQ.dll
2012-03-17 01:45 . 2012-03-17 01:45 3873792 ----a-w- c:\windows\SysWow64\PSP ConsoleQ.dll
2012-03-17 01:45 . 2012-03-17 01:45 9474048 ----a-w- c:\windows\SysWow64\PSP ClassicQex.dll
2012-03-17 01:45 . 2012-03-17 01:45 3620352 ----a-w- c:\windows\SysWow64\PSP ClassicQ.dll
2012-03-16 18:41 . 2012-03-16 18:41 -------- d-----w- c:\users\Sean K\AppData\Local\Apple Computer
2012-03-16 18:41 . 2012-03-16 18:42 -------- d-----w- c:\users\Sean K\AppData\Roaming\Apple Computer
2012-03-16 18:41 . 2012-03-16 18:41 -------- dc----w- c:\windows\system32\DRVSTORE
2012-03-16 18:41 . 2009-05-18 17:17 34152 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-03-16 18:41 . 2008-04-17 16:12 126312 ----a-w- c:\windows\system32\GEARAspi64.dll
2012-03-16 18:41 . 2008-04-17 16:12 107368 ----a-w- c:\windows\SysWow64\GEARAspi.dll
2012-03-16 18:41 . 2012-03-21 02:40 -------- d-----w- c:\program files\iPod
2012-03-16 18:41 . 2012-03-21 02:40 -------- d-----w- c:\programdata\Apple Computer
2012-03-16 18:41 . 2012-03-21 02:40 -------- d-----w- c:\program files\iTunes
2012-03-16 18:41 . 2012-03-21 02:40 -------- d-----w- c:\program files (x86)\iTunes
2012-03-16 18:41 . 2012-03-21 02:35 -------- d-----w- c:\programdata\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2012-03-16 18:40 . 2012-03-16 18:40 -------- d-----w- c:\users\Sean K\AppData\Local\Apple
2012-03-16 18:40 . 2012-03-21 02:40 -------- d-----w- c:\program files (x86)\Apple Software Update
2012-03-16 18:40 . 2012-03-21 02:40 -------- d-----w- c:\program files\Common Files\Apple
2012-03-16 18:40 . 2012-03-21 02:42 -------- d-----w- c:\program files\Bonjour
2012-03-16 18:40 . 2012-03-21 02:40 -------- d-----w- c:\program files (x86)\Bonjour
2012-03-16 18:39 . 2012-03-21 02:40 -------- d-----w- c:\programdata\Apple
2012-03-16 18:39 . 2012-03-21 02:33 -------- d-----w- c:\program files (x86)\Common Files\Apple
2012-03-14 13:28 . 2012-02-10 06:36 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-03-14 13:28 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-03-14 13:28 . 2012-02-03 04:34 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-03-14 13:28 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-14 13:28 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-14 13:28 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-14 13:28 . 2012-02-17 06:38 1112064 ----a-w- c:\windows\system32\rdpcorets.dll
2012-03-14 13:28 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-14 13:28 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-03-14 13:28 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-14 13:28 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-03-07 03:39 . 2012-03-07 15:03 -------- d-----w- C:\Sandbox
2012-02-29 17:46 . 2012-03-21 02:40 -------- d-----w- c:\program files (x86)\Common Files\Skype
2012-02-29 17:46 . 2012-03-21 02:40 -------- d-----r- c:\program files (x86)\Skype
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-14 03:27 . 2012-02-08 15:02 8669240 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-02-20 03:34 . 2012-02-20 03:34 1700352 ----a-w- c:\windows\SysWow64\gdiplus.dll
2012-02-20 03:34 . 2012-02-20 03:34 1060864 ----a-w- c:\windows\SysWow64\mfc71.dll
2012-02-11 00:53 . 2012-02-11 00:54 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D0A9E40E-EC05-4A20-A43E-A16D0AF722C1}\gapaengine.dll
2012-02-03 14:46 . 2012-02-11 00:54 917840 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2012-02-02 04:27 . 2012-02-02 04:27 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-01-31 17:07 . 2011-12-17 21:02 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-01-31 12:44 . 2010-11-21 03:27 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-01-17 17:02 . 2012-02-15 23:11 101632 ----a-w- c:\windows\system32\drivers\fireface_usb_64.sys
2012-01-17 17:02 . 2012-02-15 23:11 29696 ----a-w- c:\windows\system32\fireface_usb_asio_64.dll
2012-01-17 16:54 . 2012-02-15 23:11 91648 ----a-w- c:\windows\SysWow64\firefaceusb.exe
2012-01-17 16:54 . 2012-02-15 23:11 91648 ----a-w- c:\windows\system32\firefaceusb.exe
2012-01-17 16:54 . 2012-02-15 23:11 83328 ----a-w- c:\windows\system32\drivers\fireface_usb.sys
2012-01-17 16:54 . 2012-02-15 23:11 27648 ----a-w- c:\windows\SysWow64\fireface_usb_asio.dll
2012-01-17 16:54 . 2012-02-15 23:11 27648 ----a-w- c:\windows\system32\fireface_usb_asio.dll
2012-01-17 14:59 . 2012-02-15 23:11 3686400 ----a-w- c:\windows\system32\TotalMixFX.exe
2012-01-06 05:15 . 2012-01-31 14:12 8602168 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{02FB9D62-F101-4C4C-AE85-1F259EE2FD5D}\mpengine.dll
2011-12-28 03:59 . 2012-02-15 13:48 498688 ----a-w- c:\windows\system32\drivers\afd.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Spotify"="c:\users\Sean K\AppData\Roaming\Spotify\Spotify.exe" [2012-03-17 4011184]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-02-15 17146504]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-03-07 4785536]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2010-08-17 5732992]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-10-07 170624]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-01-16 421736]
"TrueImageMonitor.exe"="c:\program files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe" [2010-12-11 5111464]
.
c:\users\Sean K\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-15 158856]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]
R3 firefaceu64;RME Fireface USB Audio Device;c:\windows\system32\drivers\fireface_usb_64.sys [x]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-05-02 340240]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUVStor.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [x]
S0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);c:\windows\system32\DRIVERS\tdrpm273.sys [x]
S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2011-05-26 17536]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 afcdpsrv;Acronis Nonstop Backup Service;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2012-03-21 3246040]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-02 15416]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-11 2009704]
S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [x]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [x]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [x]
S3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3797042551-1523936603-1168632416-1000Core.job
- c:\users\Sean K\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-22 15:58]
.
2012-03-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3797042551-1523936603-1168632416-1000UA.job
- c:\users\Sean K\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-22 15:58]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-10-21 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-10-21 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-10-21 416024]
"IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-05-02 1935120]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
"FirefaceUsbTray1"="firefaceusb.exe" [2012-01-17 91648]
"FirefaceMixTray2"="TotalMixFX.exe" [2012-01-17 3686400]
"Acronis Scheduler2 Service"="c:\program files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" [2010-12-11 358200]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Download all with Free Download Manager - file://c:\program files (x86)\Free Download Manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files (x86)\Free Download Manager\dlselected.htm
IE: Download video with Free Download Manager - file://c:\program files (x86)\Free Download Manager\dlfvideo.htm
IE: Download with Free Download Manager - file://c:\program files (x86)\Free Download Manager\dllink.htm
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
FF - ProfilePath - c:\users\Sean K\AppData\Roaming\Mozilla\Firefox\Profiles\lm6l5og1.default\
FF - prefs.js: browser.startup.homepage - hxxp://google.com
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-ETDCtrl - c:\program files (x86)\Elantech\ETDCtrl.exe
AddRemove-PSP oldTimer 1.0.8 64bit - c:\program files\uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\System32\firefaceusb.exe
c:\windows\System32\TotalMixFX.exe
.
**************************************************************************
.
Completion time: 2012-03-26 23:23:59 - machine was rebooted
ComboFix-quarantined-files.txt 2012-03-27 03:23
.
Pre-Run: 111,999,262,720 bytes free
Post-Run: 112,209,117,184 bytes free
.
- - End Of File - - B021B6719C7788D50A1DB525A0CF0D1C

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:53 PM

Posted 27 March 2012 - 05:25 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:53 PM

Posted 29 March 2012 - 11:19 PM

Hello


Just checking in on you as it has been a couple of days since I have heard from you.

Are you having any troubles or just need more time?




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 seankobuk

seankobuk
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:08:53 PM

Posted 30 March 2012 - 08:49 AM

Hello, finished second scan late last night.

Logs below.


23:38:52.0237 5200 TDSS rootkit removing tool 2.7.21.0 Mar 21 2012 09:06:51
23:38:52.0247 5200 ============================================================
23:38:52.0247 5200 Current date / time: 2012/03/28 23:38:52.0247
23:38:52.0247 5200 SystemInfo:
23:38:52.0247 5200
23:38:52.0247 5200 OS Version: 6.1.7601 ServicePack: 1.0
23:38:52.0247 5200 Product type: Workstation
23:38:52.0247 5200 ComputerName: SEANK-LAPTOP
23:38:52.0247 5200 UserName: Sean K
23:38:52.0247 5200 Windows directory: C:\Windows
23:38:52.0247 5200 System windows directory: C:\Windows
23:38:52.0247 5200 Running under WOW64
23:38:52.0247 5200 Processor architecture: Intel x64
23:38:52.0247 5200 Number of processors: 8
23:38:52.0247 5200 Page size: 0x1000
23:38:52.0247 5200 Boot type: Normal boot
23:38:52.0247 5200 ============================================================
23:38:53.0089 5200 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
23:38:53.0089 5200 \Device\Harddisk0\DR0:
23:38:53.0089 5200 MBR used
23:38:53.0089 5200 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3200800, BlocksNum 0x1749C000
23:38:53.0129 5200 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1A69D000, BlocksNum 0x1FCE4030
23:38:53.0179 5200 Initialize success
23:38:53.0179 5200 ============================================================
23:39:33.0335 4376 ============================================================
23:39:33.0335 4376 Scan started
23:39:33.0335 4376 Mode: Manual;
23:39:33.0335 4376 ============================================================
23:39:34.0069 4376 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
23:39:34.0084 4376 1394ohci - ok
23:39:34.0100 4376 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
23:39:34.0100 4376 ACPI - ok
23:39:34.0115 4376 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
23:39:34.0115 4376 AcpiPmi - ok
23:39:34.0147 4376 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
23:39:34.0147 4376 adp94xx - ok
23:39:34.0162 4376 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
23:39:34.0178 4376 adpahci - ok
23:39:34.0193 4376 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
23:39:34.0193 4376 adpu320 - ok
23:39:34.0225 4376 afcdp (ae1fce2cd1e99bea89183ba8cd320872) C:\Windows\system32\DRIVERS\afcdp.sys
23:39:34.0225 4376 afcdp - ok
23:39:34.0271 4376 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
23:39:34.0287 4376 AFD - ok
23:39:34.0303 4376 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
23:39:34.0303 4376 agp440 - ok
23:39:34.0318 4376 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
23:39:34.0318 4376 aliide - ok
23:39:34.0334 4376 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
23:39:34.0334 4376 amdide - ok
23:39:34.0349 4376 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
23:39:34.0349 4376 AmdK8 - ok
23:39:34.0349 4376 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
23:39:34.0349 4376 AmdPPM - ok
23:39:34.0365 4376 amdsata (6ec6d772eae38dc17c14aed9b178d24b) C:\Windows\system32\drivers\amdsata.sys
23:39:34.0365 4376 amdsata - ok
23:39:34.0381 4376 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
23:39:34.0396 4376 amdsbs - ok
23:39:34.0412 4376 amdxata (1142a21db581a84ea5597b03a26ebaa0) C:\Windows\system32\drivers\amdxata.sys
23:39:34.0412 4376 amdxata - ok
23:39:34.0427 4376 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
23:39:34.0427 4376 AppID - ok
23:39:34.0459 4376 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
23:39:34.0459 4376 arc - ok
23:39:34.0474 4376 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
23:39:34.0474 4376 arcsas - ok
23:39:34.0537 4376 ASMMAP64 (4c016fd76ed5c05e84ca8cab77993961) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys
23:39:34.0537 4376 ASMMAP64 - ok
23:39:34.0583 4376 asmthub3 (0aa7a996792fb0287b33a57a8093ae44) C:\Windows\system32\DRIVERS\asmthub3.sys
23:39:34.0583 4376 asmthub3 - ok
23:39:34.0599 4376 asmtxhci (125dc3abf5bfccfe82ad17d078e0b9ec) C:\Windows\system32\DRIVERS\asmtxhci.sys
23:39:34.0599 4376 asmtxhci - ok
23:39:34.0615 4376 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
23:39:34.0615 4376 AsyncMac - ok
23:39:34.0630 4376 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
23:39:34.0630 4376 atapi - ok
23:39:34.0677 4376 ATKWMIACPIIO (ac31727f9946e9009480708e4d1b9986) C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys
23:39:34.0677 4376 ATKWMIACPIIO - ok
23:39:34.0708 4376 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
23:39:34.0708 4376 b06bdrv - ok
23:39:34.0739 4376 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
23:39:34.0739 4376 b57nd60a - ok
23:39:34.0755 4376 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
23:39:34.0755 4376 Beep - ok
23:39:34.0786 4376 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
23:39:34.0786 4376 blbdrive - ok
23:39:34.0802 4376 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
23:39:34.0802 4376 bowser - ok
23:39:34.0817 4376 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
23:39:34.0817 4376 BrFiltLo - ok
23:39:34.0833 4376 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
23:39:34.0833 4376 BrFiltUp - ok
23:39:34.0849 4376 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
23:39:34.0849 4376 BridgeMP - ok
23:39:34.0864 4376 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
23:39:34.0864 4376 Brserid - ok
23:39:34.0880 4376 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
23:39:34.0880 4376 BrSerWdm - ok
23:39:34.0880 4376 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
23:39:34.0880 4376 BrUsbMdm - ok
23:39:34.0895 4376 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
23:39:34.0895 4376 BrUsbSer - ok
23:39:34.0895 4376 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
23:39:34.0895 4376 BTHMODEM - ok
23:39:34.0911 4376 catchme - ok
23:39:34.0927 4376 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
23:39:34.0927 4376 cdfs - ok
23:39:34.0958 4376 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
23:39:34.0958 4376 cdrom - ok
23:39:34.0973 4376 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
23:39:34.0973 4376 circlass - ok
23:39:35.0005 4376 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
23:39:35.0005 4376 CLFS - ok
23:39:35.0036 4376 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
23:39:35.0036 4376 CmBatt - ok
23:39:35.0051 4376 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
23:39:35.0067 4376 cmdide - ok
23:39:35.0098 4376 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
23:39:35.0098 4376 CNG - ok
23:39:35.0145 4376 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
23:39:35.0145 4376 Compbatt - ok
23:39:35.0161 4376 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys
23:39:35.0161 4376 CompositeBus - ok
23:39:35.0176 4376 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
23:39:35.0176 4376 crcdisk - ok
23:39:35.0223 4376 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
23:39:35.0223 4376 CSC - ok
23:39:35.0270 4376 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
23:39:35.0270 4376 DfsC - ok
23:39:35.0285 4376 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
23:39:35.0285 4376 discache - ok
23:39:35.0317 4376 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
23:39:35.0317 4376 Disk - ok
23:39:35.0332 4376 dmvsc (5db085a8a6600be6401f2b24eecb5415) C:\Windows\system32\drivers\dmvsc.sys
23:39:35.0348 4376 dmvsc - ok
23:39:35.0363 4376 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
23:39:35.0363 4376 drmkaud - ok
23:39:35.0441 4376 dtsoftbus01 (46571ed73ae84469dca53081d33cf3c8) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
23:39:35.0441 4376 dtsoftbus01 - ok
23:39:35.0473 4376 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
23:39:35.0473 4376 DXGKrnl - ok
23:39:35.0535 4376 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
23:39:35.0582 4376 ebdrv - ok
23:39:35.0613 4376 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
23:39:35.0629 4376 elxstor - ok
23:39:35.0644 4376 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
23:39:35.0644 4376 ErrDev - ok
23:39:35.0660 4376 ETD (b73181411523d264ad7bec35b84716ab) C:\Windows\system32\DRIVERS\ETD.sys
23:39:35.0660 4376 ETD - ok
23:39:35.0691 4376 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
23:39:35.0691 4376 exfat - ok
23:39:35.0707 4376 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
23:39:35.0707 4376 fastfat - ok
23:39:35.0722 4376 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
23:39:35.0722 4376 fdc - ok
23:39:35.0738 4376 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
23:39:35.0738 4376 FileInfo - ok
23:39:35.0753 4376 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
23:39:35.0753 4376 Filetrace - ok
23:39:35.0769 4376 firefaceu64 (4ed6f4012ecdad6a869e82715f03c682) C:\Windows\system32\drivers\fireface_usb_64.sys
23:39:35.0769 4376 firefaceu64 - ok
23:39:35.0785 4376 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
23:39:35.0785 4376 flpydisk - ok
23:39:35.0800 4376 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
23:39:35.0800 4376 FltMgr - ok
23:39:35.0816 4376 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
23:39:35.0816 4376 FsDepends - ok
23:39:35.0831 4376 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
23:39:35.0831 4376 Fs_Rec - ok
23:39:35.0847 4376 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
23:39:35.0847 4376 fvevol - ok
23:39:35.0863 4376 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
23:39:35.0863 4376 gagp30kx - ok
23:39:35.0894 4376 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
23:39:35.0894 4376 GEARAspiWDM - ok
23:39:35.0909 4376 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
23:39:35.0909 4376 hcw85cir - ok
23:39:35.0956 4376 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
23:39:35.0956 4376 HdAudAddService - ok
23:39:35.0987 4376 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
23:39:35.0987 4376 HDAudBus - ok
23:39:35.0987 4376 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
23:39:35.0987 4376 HidBatt - ok
23:39:36.0003 4376 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
23:39:36.0003 4376 HidBth - ok
23:39:36.0019 4376 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
23:39:36.0019 4376 HidIr - ok
23:39:36.0097 4376 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
23:39:36.0128 4376 HidUsb - ok
23:39:36.0175 4376 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
23:39:36.0175 4376 HpSAMD - ok
23:39:36.0206 4376 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
23:39:36.0206 4376 HTTP - ok
23:39:36.0221 4376 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
23:39:36.0221 4376 hwpolicy - ok
23:39:36.0237 4376 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
23:39:36.0237 4376 i8042prt - ok
23:39:36.0268 4376 iaStorV (3df4395a7cf8b7a72a5f4606366b8c2d) C:\Windows\system32\drivers\iaStorV.sys
23:39:36.0284 4376 iaStorV - ok
23:39:36.0471 4376 igfx (0089b53f1befd34b7d8ca4ab021335fa) C:\Windows\system32\DRIVERS\igdkmd64.sys
23:39:36.0627 4376 igfx - ok
23:39:36.0643 4376 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
23:39:36.0643 4376 iirsp - ok
23:39:36.0658 4376 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
23:39:36.0658 4376 intelide - ok
23:39:36.0689 4376 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
23:39:36.0689 4376 intelppm - ok
23:39:36.0705 4376 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
23:39:36.0705 4376 IpFilterDriver - ok
23:39:36.0721 4376 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
23:39:36.0721 4376 IPMIDRV - ok
23:39:36.0736 4376 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
23:39:36.0736 4376 IPNAT - ok
23:39:36.0783 4376 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
23:39:36.0783 4376 IRENUM - ok
23:39:36.0799 4376 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
23:39:36.0799 4376 isapnp - ok
23:39:36.0814 4376 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
23:39:36.0814 4376 iScsiPrt - ok
23:39:36.0845 4376 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
23:39:36.0845 4376 kbdclass - ok
23:39:36.0877 4376 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
23:39:36.0892 4376 kbdhid - ok
23:39:36.0923 4376 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
23:39:36.0923 4376 KSecDD - ok
23:39:36.0939 4376 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
23:39:36.0939 4376 KSecPkg - ok
23:39:36.0955 4376 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
23:39:36.0955 4376 ksthunk - ok
23:39:36.0986 4376 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
23:39:36.0986 4376 lltdio - ok
23:39:37.0001 4376 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
23:39:37.0001 4376 LSI_FC - ok
23:39:37.0033 4376 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
23:39:37.0033 4376 LSI_SAS - ok
23:39:37.0048 4376 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
23:39:37.0048 4376 LSI_SAS2 - ok
23:39:37.0064 4376 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
23:39:37.0064 4376 LSI_SCSI - ok
23:39:37.0079 4376 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
23:39:37.0079 4376 luafv - ok
23:39:37.0095 4376 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
23:39:37.0095 4376 megasas - ok
23:39:37.0126 4376 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
23:39:37.0126 4376 MegaSR - ok
23:39:37.0157 4376 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
23:39:37.0157 4376 Modem - ok
23:39:37.0204 4376 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
23:39:37.0204 4376 monitor - ok
23:39:37.0220 4376 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
23:39:37.0220 4376 mouclass - ok
23:39:37.0220 4376 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
23:39:37.0220 4376 mouhid - ok
23:39:37.0235 4376 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
23:39:37.0235 4376 mountmgr - ok
23:39:37.0267 4376 MpFilter (c177a7ebf5e8a0b596f618870516cab8) C:\Windows\system32\DRIVERS\MpFilter.sys
23:39:37.0267 4376 MpFilter - ok
23:39:37.0282 4376 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
23:39:37.0298 4376 mpio - ok
23:39:37.0313 4376 MpNWMon (8fbf6b31fe8af1833d93c5913d5b4d55) C:\Windows\system32\DRIVERS\MpNWMon.sys
23:39:37.0313 4376 MpNWMon - ok
23:39:37.0329 4376 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
23:39:37.0329 4376 mpsdrv - ok
23:39:37.0345 4376 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
23:39:37.0360 4376 MRxDAV - ok
23:39:37.0376 4376 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
23:39:37.0376 4376 mrxsmb - ok
23:39:37.0391 4376 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
23:39:37.0391 4376 mrxsmb10 - ok
23:39:37.0423 4376 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
23:39:37.0423 4376 mrxsmb20 - ok
23:39:37.0438 4376 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
23:39:37.0438 4376 msahci - ok
23:39:37.0454 4376 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
23:39:37.0454 4376 msdsm - ok
23:39:37.0469 4376 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
23:39:37.0469 4376 Msfs - ok
23:39:37.0485 4376 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
23:39:37.0485 4376 mshidkmdf - ok
23:39:37.0501 4376 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
23:39:37.0501 4376 msisadrv - ok
23:39:37.0532 4376 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
23:39:37.0532 4376 MSKSSRV - ok
23:39:37.0579 4376 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
23:39:37.0579 4376 MSPCLOCK - ok
23:39:37.0594 4376 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
23:39:37.0594 4376 MSPQM - ok
23:39:37.0610 4376 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
23:39:37.0610 4376 MsRPC - ok
23:39:37.0625 4376 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
23:39:37.0625 4376 mssmbios - ok
23:39:37.0688 4376 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
23:39:37.0688 4376 MSTEE - ok
23:39:37.0703 4376 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
23:39:37.0703 4376 MTConfig - ok
23:39:37.0719 4376 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
23:39:37.0719 4376 Mup - ok
23:39:37.0781 4376 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
23:39:37.0781 4376 NativeWifiP - ok
23:39:37.0813 4376 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
23:39:37.0828 4376 NDIS - ok
23:39:37.0844 4376 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
23:39:37.0844 4376 NdisCap - ok
23:39:37.0875 4376 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
23:39:37.0875 4376 NdisTapi - ok
23:39:37.0891 4376 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
23:39:37.0891 4376 Ndisuio - ok
23:39:37.0922 4376 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
23:39:37.0922 4376 NdisWan - ok
23:39:37.0937 4376 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
23:39:37.0953 4376 NDProxy - ok
23:39:37.0969 4376 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
23:39:37.0969 4376 NetBIOS - ok
23:39:37.0984 4376 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
23:39:37.0984 4376 NetBT - ok
23:39:38.0109 4376 NETwNs64 (ac69618de5bcce8747c9ab0aae1003c1) C:\Windows\system32\DRIVERS\NETwNs64.sys
23:39:38.0234 4376 NETwNs64 - ok
23:39:38.0265 4376 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
23:39:38.0265 4376 nfrd960 - ok
23:39:38.0281 4376 NisDrv (5f7d72cbcdd025af1f38fdeee5646968) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
23:39:38.0281 4376 NisDrv - ok
23:39:38.0312 4376 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
23:39:38.0312 4376 Npfs - ok
23:39:38.0327 4376 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
23:39:38.0327 4376 nsiproxy - ok
23:39:38.0359 4376 Ntfs (05d78aa5cb5f3f5c31160bdb955d0b7c) C:\Windows\system32\drivers\Ntfs.sys
23:39:38.0390 4376 Ntfs - ok
23:39:38.0405 4376 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
23:39:38.0405 4376 Null - ok
23:39:38.0608 4376 nvlddmkm (07ca1d99512ee5ef99e954a13f3bffa8) C:\Windows\system32\DRIVERS\nvlddmkm.sys
23:39:38.0655 4376 nvlddmkm - ok
23:39:38.0671 4376 nvpciflt (a8db9ebd9887a9820dbc1878f0301ee7) C:\Windows\system32\DRIVERS\nvpciflt.sys
23:39:38.0671 4376 nvpciflt - ok
23:39:38.0702 4376 nvraid (5d9fd91f3d38dc9da01e3cb5fa89cd48) C:\Windows\system32\drivers\nvraid.sys
23:39:38.0702 4376 nvraid - ok
23:39:38.0717 4376 nvstor (f7cd50fe7139f07e77da8ac8033d1832) C:\Windows\system32\drivers\nvstor.sys
23:39:38.0717 4376 nvstor - ok
23:39:38.0764 4376 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
23:39:38.0764 4376 nv_agp - ok
23:39:38.0780 4376 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
23:39:38.0780 4376 ohci1394 - ok
23:39:38.0811 4376 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
23:39:38.0811 4376 Parport - ok
23:39:38.0827 4376 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
23:39:38.0827 4376 partmgr - ok
23:39:38.0842 4376 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
23:39:38.0858 4376 pci - ok
23:39:38.0873 4376 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
23:39:38.0873 4376 pciide - ok
23:39:38.0873 4376 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
23:39:38.0873 4376 pcmcia - ok
23:39:38.0905 4376 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
23:39:38.0905 4376 pcw - ok
23:39:38.0920 4376 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
23:39:38.0936 4376 PEAUTH - ok
23:39:38.0967 4376 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
23:39:38.0967 4376 PptpMiniport - ok
23:39:38.0983 4376 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
23:39:38.0983 4376 Processor - ok
23:39:39.0014 4376 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
23:39:39.0014 4376 Psched - ok
23:39:39.0045 4376 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
23:39:39.0076 4376 ql2300 - ok
23:39:39.0092 4376 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
23:39:39.0092 4376 ql40xx - ok
23:39:39.0107 4376 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
23:39:39.0107 4376 QWAVEdrv - ok
23:39:39.0123 4376 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
23:39:39.0139 4376 RasAcd - ok
23:39:39.0154 4376 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
23:39:39.0154 4376 RasAgileVpn - ok
23:39:39.0185 4376 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
23:39:39.0185 4376 Rasl2tp - ok
23:39:39.0201 4376 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
23:39:39.0201 4376 RasPppoe - ok
23:39:39.0217 4376 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
23:39:39.0217 4376 RasSstp - ok
23:39:39.0232 4376 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
23:39:39.0232 4376 rdbss - ok
23:39:39.0248 4376 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
23:39:39.0248 4376 rdpbus - ok
23:39:39.0310 4376 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
23:39:39.0310 4376 RDPCDD - ok
23:39:39.0341 4376 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
23:39:39.0341 4376 RDPDR - ok
23:39:39.0357 4376 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
23:39:39.0357 4376 RDPENCDD - ok
23:39:39.0373 4376 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
23:39:39.0373 4376 RDPREFMP - ok
23:39:39.0404 4376 RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys
23:39:39.0404 4376 RdpVideoMiniport - ok
23:39:39.0435 4376 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
23:39:39.0435 4376 RDPWD - ok
23:39:39.0466 4376 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
23:39:39.0466 4376 rdyboost - ok
23:39:39.0513 4376 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
23:39:39.0513 4376 rspndr - ok
23:39:39.0544 4376 RSUSBVSTOR (e57fac2cdb73f06586ed2ed310b80932) C:\Windows\system32\Drivers\RtsUVStor.sys
23:39:39.0544 4376 RSUSBVSTOR - ok
23:39:39.0591 4376 RTL8167 (6d3c7e7d82d3dc92dc2a8b0df9f20f8a) C:\Windows\system32\DRIVERS\Rt64win7.sys
23:39:39.0591 4376 RTL8167 - ok
23:39:39.0607 4376 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
23:39:39.0622 4376 s3cap - ok
23:39:39.0669 4376 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
23:39:39.0669 4376 SASDIFSV - ok
23:39:39.0685 4376 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
23:39:39.0685 4376 SASKUTIL - ok
23:39:39.0700 4376 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
23:39:39.0700 4376 sbp2port - ok
23:39:39.0716 4376 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
23:39:39.0716 4376 scfilter - ok
23:39:39.0747 4376 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
23:39:39.0747 4376 secdrv - ok
23:39:39.0778 4376 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
23:39:39.0778 4376 Serenum - ok
23:39:39.0809 4376 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
23:39:39.0809 4376 Serial - ok
23:39:39.0809 4376 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
23:39:39.0825 4376 sermouse - ok
23:39:39.0825 4376 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
23:39:39.0825 4376 sffdisk - ok
23:39:39.0841 4376 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
23:39:39.0841 4376 sffp_mmc - ok
23:39:39.0856 4376 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
23:39:39.0856 4376 sffp_sd - ok
23:39:39.0856 4376 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
23:39:39.0856 4376 sfloppy - ok
23:39:39.0887 4376 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
23:39:39.0887 4376 SiSRaid2 - ok
23:39:39.0903 4376 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
23:39:39.0919 4376 SiSRaid4 - ok
23:39:39.0965 4376 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
23:39:39.0965 4376 Smb - ok
23:39:39.0997 4376 snapman (b2c19ae46c5a109679b4fb38058df05a) C:\Windows\system32\DRIVERS\snapman.sys
23:39:39.0997 4376 snapman - ok
23:39:40.0012 4376 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
23:39:40.0012 4376 spldr - ok
23:39:40.0043 4376 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
23:39:40.0043 4376 srv - ok
23:39:40.0075 4376 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
23:39:40.0075 4376 srv2 - ok
23:39:40.0090 4376 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
23:39:40.0090 4376 srvnet - ok
23:39:40.0106 4376 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
23:39:40.0106 4376 stexstor - ok
23:39:40.0137 4376 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
23:39:40.0137 4376 storflt - ok
23:39:40.0153 4376 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
23:39:40.0153 4376 storvsc - ok
23:39:40.0168 4376 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
23:39:40.0168 4376 swenum - ok
23:39:40.0199 4376 Synth3dVsc (c3a39c4079305480972d29c44b868c78) C:\Windows\system32\drivers\synth3dvsc.sys
23:39:40.0199 4376 Synth3dVsc - ok
23:39:40.0246 4376 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
23:39:40.0277 4376 Tcpip - ok
23:39:40.0324 4376 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
23:39:40.0340 4376 TCPIP6 - ok
23:39:40.0340 4376 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
23:39:40.0355 4376 tcpipreg - ok
23:39:40.0355 4376 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
23:39:40.0371 4376 TDPIPE - ok
23:39:40.0418 4376 tdrpman273 (99527d49ee0a96fc25537c61b270a372) C:\Windows\system32\DRIVERS\tdrpm273.sys
23:39:40.0433 4376 tdrpman273 - ok
23:39:40.0465 4376 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
23:39:40.0465 4376 TDTCP - ok
23:39:40.0496 4376 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
23:39:40.0496 4376 tdx - ok
23:39:40.0512 4376 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys
23:39:40.0512 4376 TermDD - ok
23:39:40.0527 4376 terminpt (2b5bdff688ec9871d7ec5837833374e9) C:\Windows\system32\drivers\terminpt.sys
23:39:40.0527 4376 terminpt - ok
23:39:40.0558 4376 timounter (2c1caf5563548a15515eab07d2a069c6) C:\Windows\system32\DRIVERS\timntr.sys
23:39:40.0574 4376 timounter - ok
23:39:40.0590 4376 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
23:39:40.0590 4376 tssecsrv - ok
23:39:40.0621 4376 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
23:39:40.0621 4376 TsUsbFlt - ok
23:39:40.0636 4376 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
23:39:40.0636 4376 TsUsbGD - ok
23:39:40.0652 4376 tsusbhub (e1748d04ae40118b62bc18ac86032192) C:\Windows\system32\drivers\tsusbhub.sys
23:39:40.0652 4376 tsusbhub - ok
23:39:40.0699 4376 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
23:39:40.0699 4376 tunnel - ok
23:39:40.0714 4376 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
23:39:40.0714 4376 uagp35 - ok
23:39:40.0730 4376 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
23:39:40.0730 4376 udfs - ok
23:39:40.0761 4376 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
23:39:40.0761 4376 uliagpkx - ok
23:39:40.0792 4376 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
23:39:40.0792 4376 umbus - ok
23:39:40.0824 4376 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
23:39:40.0824 4376 UmPass - ok
23:39:40.0855 4376 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
23:39:40.0855 4376 USBAAPL64 - ok
23:39:40.0886 4376 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
23:39:40.0886 4376 usbaudio - ok
23:39:40.0902 4376 usbccgp (481dff26b4dca8f4cbac1f7dce1d6829) C:\Windows\system32\DRIVERS\usbccgp.sys
23:39:40.0902 4376 usbccgp - ok
23:39:40.0933 4376 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
23:39:40.0933 4376 usbcir - ok
23:39:40.0948 4376 usbehci (74ee782b1d9c241efe425565854c661c) C:\Windows\system32\DRIVERS\usbehci.sys
23:39:40.0948 4376 usbehci - ok
23:39:40.0964 4376 usbhub (dc96bd9ccb8403251bcf25047573558e) C:\Windows\system32\DRIVERS\usbhub.sys
23:39:40.0980 4376 usbhub - ok
23:39:40.0995 4376 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\drivers\usbohci.sys
23:39:40.0995 4376 usbohci - ok
23:39:41.0011 4376 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\drivers\usbprint.sys
23:39:41.0011 4376 usbprint - ok
23:39:41.0042 4376 USBSTOR (d76510cfa0fc09023077f22c2f979d86) C:\Windows\system32\DRIVERS\USBSTOR.SYS
23:39:41.0042 4376 USBSTOR - ok
23:39:41.0058 4376 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\drivers\usbuhci.sys
23:39:41.0058 4376 usbuhci - ok
23:39:41.0089 4376 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
23:39:41.0104 4376 usbvideo - ok
23:39:41.0120 4376 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
23:39:41.0120 4376 vdrvroot - ok
23:39:41.0136 4376 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
23:39:41.0136 4376 vga - ok
23:39:41.0151 4376 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
23:39:41.0151 4376 VgaSave - ok
23:39:41.0229 4376 VGPU - ok
23:39:41.0323 4376 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
23:39:41.0323 4376 vhdmp - ok
23:39:41.0338 4376 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
23:39:41.0338 4376 viaide - ok
23:39:41.0370 4376 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
23:39:41.0370 4376 vmbus - ok
23:39:41.0401 4376 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
23:39:41.0401 4376 VMBusHID - ok
23:39:41.0416 4376 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
23:39:41.0416 4376 volmgr - ok
23:39:41.0432 4376 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
23:39:41.0448 4376 volmgrx - ok
23:39:41.0463 4376 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
23:39:41.0463 4376 volsnap - ok
23:39:41.0479 4376 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
23:39:41.0479 4376 vsmraid - ok
23:39:41.0494 4376 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
23:39:41.0510 4376 vwifibus - ok
23:39:41.0526 4376 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
23:39:41.0526 4376 vwififlt - ok
23:39:41.0541 4376 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
23:39:41.0541 4376 vwifimp - ok
23:39:41.0572 4376 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
23:39:41.0572 4376 WacomPen - ok
23:39:41.0604 4376 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
23:39:41.0604 4376 WANARP - ok
23:39:41.0604 4376 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
23:39:41.0604 4376 Wanarpv6 - ok
23:39:41.0635 4376 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
23:39:41.0635 4376 Wd - ok
23:39:41.0666 4376 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
23:39:41.0666 4376 Wdf01000 - ok
23:39:41.0682 4376 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
23:39:41.0682 4376 WfpLwf - ok
23:39:41.0713 4376 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
23:39:41.0713 4376 WIMMount - ok
23:39:41.0744 4376 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
23:39:41.0760 4376 WinUsb - ok
23:39:41.0775 4376 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
23:39:41.0775 4376 WmiAcpi - ok
23:39:41.0806 4376 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
23:39:41.0806 4376 ws2ifsl - ok
23:39:41.0838 4376 WSDPrintDevice (8d918b1db190a4d9b1753a66fa8c96e8) C:\Windows\system32\DRIVERS\WSDPrint.sys
23:39:41.0838 4376 WSDPrintDevice - ok
23:39:41.0853 4376 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
23:39:41.0853 4376 WudfPf - ok
23:39:41.0884 4376 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
23:39:41.0884 4376 WUDFRd - ok
23:39:41.0916 4376 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
23:39:42.0118 4376 \Device\Harddisk0\DR0 - ok
23:39:42.0118 4376 Boot (0x1200) (82e1800634ab6e8b6d40b0bc0ea02eea) \Device\Harddisk0\DR0\Partition0
23:39:42.0118 4376 \Device\Harddisk0\DR0\Partition0 - ok
23:39:42.0134 4376 Boot (0x1200) (9d9ee0401b9f8c58e405d21e11d69303) \Device\Harddisk0\DR0\Partition1
23:39:42.0134 4376 \Device\Harddisk0\DR0\Partition1 - ok
23:39:42.0134 4376 ============================================================
23:39:42.0134 4376 Scan finished
23:39:42.0134 4376 ============================================================
23:39:42.0134 6100 Detected object count: 0
23:39:42.0150 6100 Actual detected object count: 0




aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-03-29 20:45:25
-----------------------------
20:45:25.833 OS Version: Windows x64 6.1.7601 Service Pack 1
20:45:25.833 Number of processors: 8 586 0x2A07
20:45:25.833 ComputerName: SEANK-LAPTOP UserName: Sean K
20:45:27.658 Initialize success
20:46:28.592 AVAST engine defs: 12032901
20:47:44.943 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
20:47:44.943 Disk 0 Vendor: WDC_WD5000BPKT-80PK4T0 01.01A01 Size: 476940MB BusType: 11
20:47:44.958 Disk 0 MBR read successfully
20:47:44.958 Disk 0 MBR scan
20:47:44.974 Disk 0 Windows XP default MBR code
20:47:44.989 Disk 0 Partition 1 00 1C Hidd FAT32 LBA MSDOS5.0 25600 MB offset 2048
20:47:45.005 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 190776 MB offset 52430848
20:47:45.005 Disk 0 Partition - 00 0F Extended LBA 260562 MB offset 443140096
20:47:45.036 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 260552 MB offset 443142144
20:47:45.067 Disk 0 scanning C:\Windows\system32\drivers
20:47:50.964 Service scanning
20:48:03.912 Modules scanning
20:48:03.912 Disk 0 trace - called modules:
20:48:03.943 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
20:48:03.943 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80068e0790]
20:48:03.943 3 CLASSPNP.SYS[fffff8800148c43f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80062f2060]
20:48:05.457 AVAST engine scan C:\Windows
20:48:07.750 AVAST engine scan C:\Windows\system32
20:49:24.330 AVAST engine scan C:\Windows\system32\drivers
20:49:31.460 AVAST engine scan C:\Users\Sean K
20:53:35.740 AVAST engine scan C:\ProgramData
20:54:05.973 Scan finished successfully
20:54:41.588 Disk 0 MBR has been saved successfully to "C:\Users\Sean K\Desktop\MBR.dat"
20:54:41.588 The log file has been saved successfully to "C:\Users\Sean K\Desktop\aswMBR.txt"

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:53 PM

Posted 30 March 2012 - 04:58 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:53 PM

Posted 01 April 2012 - 11:24 PM

Hello


Just checking in on you as it has been a couple of days since I have heard from you.

Are you having any troubles or just need more time?




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 seankobuk

seankobuk
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:08:53 PM

Posted 02 April 2012 - 08:48 AM

Here's the latest combofix log. Sorry for the delay.



ComboFix 12-03-26.02 - Sean K 04/01/2012 23:49:57.2.8 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.6055.4277 [GMT -4:00]
Running from: c:\users\Sean K\Desktop\ComboFix.exe
Command switches used :: c:\users\Sean K\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
- REDUCED FUNCTIONALITY MODE -
.
.
((((((((((((((((((((((((( Files Created from 2012-03-02 to 2012-04-02 )))))))))))))))))))))))))))))))
.
.
2012-04-02 03:50 . 2012-04-02 03:50 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-04-02 03:50 . 2012-04-02 03:50 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-02 00:56 . 2012-03-14 03:27 8669240 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4AA445B4-29B7-4ABE-BC3B-5FC052C102BE}\mpengine.dll
2012-03-30 22:17 . 2012-03-30 22:17 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-03-28 01:53 . 2012-03-28 01:53 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-03-28 01:53 . 2012-03-28 01:53 -------- d-----w- c:\program files (x86)\Java
2012-03-21 16:05 . 2012-03-21 16:05 592824 ----a-w- c:\program files (x86)\Mozilla Firefox\gkmedias.dll
2012-03-21 16:05 . 2012-03-21 16:05 44472 ----a-w- c:\program files (x86)\Mozilla Firefox\mozglue.dll
2012-03-21 16:02 . 2012-03-21 16:02 -------- d-----w- C:\TDSSKiller_Quarantine
2012-03-21 13:08 . 2012-03-21 13:09 -------- d-----w- C:\av
2012-03-21 03:08 . 2012-03-21 03:08 -------- d-----w- c:\users\Sean K\AppData\Roaming\Malwarebytes
2012-03-21 03:08 . 2012-03-21 03:08 -------- d-----w- c:\programdata\Malwarebytes
2012-03-21 03:08 . 2012-03-21 03:08 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-03-21 03:06 . 2012-03-21 03:06 -------- d-----w- c:\users\Sean K\AppData\Roaming\SUPERAntiSpyware.com
2012-03-21 03:06 . 2012-03-21 03:06 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-03-21 03:06 . 2012-03-21 03:06 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-03-21 02:58 . 2012-03-21 02:58 285280 ----a-w- c:\windows\system32\drivers\afcdp.sys
2012-03-21 02:58 . 2012-03-21 02:58 1263200 ----a-w- c:\windows\system32\drivers\tdrpm273.sys
2012-03-21 02:58 . 2012-03-21 02:58 943712 ----a-w- c:\windows\system32\drivers\timntr.sys
2012-03-21 02:57 . 2012-03-21 02:57 277088 ----a-w- c:\windows\system32\drivers\snapman.sys
2012-03-21 02:57 . 2012-03-21 02:58 -------- d-----w- c:\program files (x86)\Common Files\Acronis
2012-03-21 02:57 . 2012-03-21 02:57 -------- d-----w- c:\program files (x86)\Acronis
2012-03-21 02:11 . 2012-03-21 02:39 -------- d-----w- c:\users\basic
2012-03-20 03:21 . 2012-03-20 03:21 -------- d-----w- c:\program files (x86)\Toontrack
2012-03-17 01:47 . 2012-03-21 02:34 -------- d-----w- c:\program files (x86)\PSPaudioware
2012-03-17 01:45 . 2012-03-21 02:35 -------- d-----w- c:\program files\PSPaudioware
2012-03-17 01:45 . 2012-03-17 01:45 7629824 ----a-w- c:\windows\SysWow64\PSP preQursor.dll
2012-03-17 01:45 . 2012-03-17 01:45 5126144 ----a-w- c:\windows\SysWow64\PSP RetroQ.dll
2012-03-17 01:45 . 2012-03-17 01:45 3873792 ----a-w- c:\windows\SysWow64\PSP ConsoleQ.dll
2012-03-17 01:45 . 2012-03-17 01:45 9474048 ----a-w- c:\windows\SysWow64\PSP ClassicQex.dll
2012-03-17 01:45 . 2012-03-17 01:45 3620352 ----a-w- c:\windows\SysWow64\PSP ClassicQ.dll
2012-03-16 18:41 . 2012-03-16 18:41 -------- d-----w- c:\users\Sean K\AppData\Local\Apple Computer
2012-03-16 18:41 . 2012-03-16 18:42 -------- d-----w- c:\users\Sean K\AppData\Roaming\Apple Computer
2012-03-16 18:41 . 2012-03-16 18:41 -------- dc----w- c:\windows\system32\DRVSTORE
2012-03-16 18:41 . 2009-05-18 17:17 34152 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-03-16 18:41 . 2008-04-17 16:12 126312 ----a-w- c:\windows\system32\GEARAspi64.dll
2012-03-16 18:41 . 2008-04-17 16:12 107368 ----a-w- c:\windows\SysWow64\GEARAspi.dll
2012-03-16 18:41 . 2012-03-21 02:40 -------- d-----w- c:\program files\iPod
2012-03-16 18:41 . 2012-03-21 02:40 -------- d-----w- c:\programdata\Apple Computer
2012-03-16 18:41 . 2012-03-21 02:40 -------- d-----w- c:\program files\iTunes
2012-03-16 18:41 . 2012-03-21 02:40 -------- d-----w- c:\program files (x86)\iTunes
2012-03-16 18:41 . 2012-03-21 02:35 -------- d-----w- c:\programdata\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2012-03-16 18:40 . 2012-03-16 18:40 -------- d-----w- c:\users\Sean K\AppData\Local\Apple
2012-03-16 18:40 . 2012-03-21 02:40 -------- d-----w- c:\program files (x86)\Apple Software Update
2012-03-16 18:40 . 2012-03-21 02:40 -------- d-----w- c:\program files\Common Files\Apple
2012-03-16 18:40 . 2012-03-21 02:42 -------- d-----w- c:\program files\Bonjour
2012-03-16 18:40 . 2012-03-21 02:40 -------- d-----w- c:\program files (x86)\Bonjour
2012-03-16 18:39 . 2012-03-21 02:40 -------- d-----w- c:\programdata\Apple
2012-03-16 18:39 . 2012-03-21 02:33 -------- d-----w- c:\program files (x86)\Common Files\Apple
2012-03-14 13:28 . 2012-02-10 06:36 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-03-14 13:28 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-03-14 13:28 . 2012-02-03 04:34 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-03-14 13:28 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-14 13:28 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-14 13:28 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-14 13:28 . 2012-02-17 06:38 1112064 ----a-w- c:\windows\system32\rdpcorets.dll
2012-03-14 13:28 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-14 13:28 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-03-14 13:28 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-14 13:28 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-03-07 03:39 . 2012-03-07 15:03 -------- d-----w- C:\Sandbox
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-30 22:17 . 2011-12-20 01:57 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-28 01:53 . 2011-12-17 21:02 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-03-14 03:27 . 2012-02-08 15:02 8669240 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-02-20 03:34 . 2012-02-20 03:34 1700352 ----a-w- c:\windows\SysWow64\gdiplus.dll
2012-02-20 03:34 . 2012-02-20 03:34 1060864 ----a-w- c:\windows\SysWow64\mfc71.dll
2012-02-11 00:53 . 2012-02-11 00:54 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D0A9E40E-EC05-4A20-A43E-A16D0AF722C1}\gapaengine.dll
2012-02-03 14:46 . 2012-02-11 00:54 917840 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2012-02-02 04:27 . 2012-02-02 04:27 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-01-31 12:44 . 2010-11-21 03:27 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-01-17 17:02 . 2012-02-15 23:11 101632 ----a-w- c:\windows\system32\drivers\fireface_usb_64.sys
2012-01-17 17:02 . 2012-02-15 23:11 29696 ----a-w- c:\windows\system32\fireface_usb_asio_64.dll
2012-01-17 16:54 . 2012-02-15 23:11 91648 ----a-w- c:\windows\SysWow64\firefaceusb.exe
2012-01-17 16:54 . 2012-02-15 23:11 91648 ----a-w- c:\windows\system32\firefaceusb.exe
2012-01-17 16:54 . 2012-02-15 23:11 83328 ----a-w- c:\windows\system32\drivers\fireface_usb.sys
2012-01-17 16:54 . 2012-02-15 23:11 27648 ----a-w- c:\windows\SysWow64\fireface_usb_asio.dll
2012-01-17 16:54 . 2012-02-15 23:11 27648 ----a-w- c:\windows\system32\fireface_usb_asio.dll
2012-01-17 14:59 . 2012-02-15 23:11 3686400 ----a-w- c:\windows\system32\TotalMixFX.exe
2012-01-06 05:15 . 2012-01-31 14:12 8602168 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{02FB9D62-F101-4C4C-AE85-1F259EE2FD5D}\mpengine.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-03-27_03.21.32 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-11-21 03:09 . 2012-03-30 22:14 39544 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-03-30 22:34 33940 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-12-17 18:33 . 2012-03-30 22:16 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-12-17 18:33 . 2012-03-21 06:19 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-12-17 18:33 . 2012-03-30 22:16 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-12-17 18:33 . 2012-03-21 06:19 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-03-21 06:19 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-03-30 22:16 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-12-17 16:35 . 2012-03-30 22:34 9526 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3797042551-1523936603-1168632416-1000_UserData.bin
+ 2012-04-02 03:51 . 2012-04-02 03:51 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-03-27 03:20 . 2012-03-27 03:20 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-04-02 03:51 . 2012-04-02 03:51 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-03-27 03:20 . 2012-03-27 03:20 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-03-30 22:17 . 2012-03-30 22:17 353440 c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_2_202_228_Plugin.exe
+ 2012-03-30 22:17 . 2012-03-30 22:17 253600 c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
+ 2012-03-28 01:53 . 2012-03-28 01:53 157472 c:\windows\SysWOW64\javaws.exe
+ 2012-03-28 01:53 . 2012-03-28 01:53 149280 c:\windows\SysWOW64\javaw.exe
+ 2012-03-28 01:53 . 2012-03-28 01:53 149280 c:\windows\SysWOW64\java.exe
+ 2011-12-29 02:18 . 2012-03-30 12:21 158940 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S4.bin
+ 2011-12-20 13:57 . 2012-03-27 12:43 273414 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2009-07-14 02:36 . 2012-03-27 02:37 617460 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-03-30 22:38 617460 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-03-30 22:38 104702 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-03-27 02:37 104702 c:\windows\system32\perfc009.dat
+ 2012-03-30 22:17 . 2012-03-30 22:17 630432 c:\windows\system32\Macromed\Flash\FlashUtil64_11_2_202_228_Plugin.exe
+ 2009-07-14 05:01 . 2012-04-02 03:50 774660 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-03-27 03:20 774660 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-03-28 01:53 . 2012-03-28 01:53 207360 c:\windows\Installer\73f543.msi
- 2012-02-29 17:46 . 2012-02-29 17:46 371272 c:\windows\Installer\{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}\SkypeIcon.exe
+ 2012-03-30 22:18 . 2012-03-30 22:18 371272 c:\windows\Installer\{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}\SkypeIcon.exe
+ 2012-03-30 22:17 . 2012-03-30 22:17 8797344 c:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_228.dll
+ 2012-03-21 02:18 . 2012-03-30 22:31 1451496 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3797042551-1523936603-1168632416-1004-8192.dat
+ 2012-03-30 22:17 . 2012-03-30 22:17 11588768 c:\windows\system32\Macromed\Flash\NPSWF64_11_2_202_228.dll
+ 2011-12-17 16:56 . 2012-04-02 03:50 21344732 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3797042551-1523936603-1168632416-1000-12288.dat
+ 2012-03-28 01:52 . 2012-03-28 01:52 12938752 c:\windows\Installer\73f533.msi
+ 2012-03-30 22:17 . 2012-03-30 22:17 18984960 c:\windows\Installer\4b8db.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Spotify"="c:\users\Sean K\AppData\Roaming\Spotify\Spotify.exe" [2012-03-17 4011184]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-02-29 17148552]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-03-07 4785536]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2010-08-17 5732992]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-10-07 170624]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-01-16 421736]
"TrueImageMonitor.exe"="c:\program files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe" [2010-12-11 5111464]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
c:\users\Sean K\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-11 2009704]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 253600]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]
R3 firefaceu64;RME Fireface USB Audio Device;c:\windows\system32\drivers\fireface_usb_64.sys [x]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-05-02 340240]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUVStor.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [x]
S0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);c:\windows\system32\DRIVERS\tdrpm273.sys [x]
S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2011-05-26 17536]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 afcdpsrv;Acronis Nonstop Backup Service;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2012-03-21 3246040]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-02 15416]
S2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-15 158856]
S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [x]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [x]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [x]
S3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 22:17]
.
2012-04-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3797042551-1523936603-1168632416-1000Core.job
- c:\users\Sean K\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-22 15:58]
.
2012-04-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3797042551-1523936603-1168632416-1000UA.job
- c:\users\Sean K\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-22 15:58]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-10-21 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-10-21 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-10-21 416024]
"IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-05-02 1935120]
"ETDCtrl"="c:\program files (x86)\Elantech\ETDCtrl.exe" [BU]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
"FirefaceUsbTray1"="firefaceusb.exe" [2012-01-17 91648]
"FirefaceMixTray2"="TotalMixFX.exe" [2012-01-17 3686400]
"Acronis Scheduler2 Service"="c:\program files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" [2010-12-11 358200]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Download all with Free Download Manager - file://c:\program files (x86)\Free Download Manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files (x86)\Free Download Manager\dlselected.htm
IE: Download video with Free Download Manager - file://c:\program files (x86)\Free Download Manager\dlfvideo.htm
IE: Download with Free Download Manager - file://c:\program files (x86)\Free Download Manager\dllink.htm
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
FF - ProfilePath - c:\users\Sean K\AppData\Roaming\Mozilla\Firefox\Profiles\lm6l5og1.default\
FF - prefs.js: browser.startup.homepage - hxxp://google.com
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
c:\windows\System32\firefaceusb.exe
c:\windows\System32\TotalMixFX.exe
c:\program files (x86)\OpenOffice.org 3\program\soffice.exe
c:\program files (x86)\OpenOffice.org 3\program\soffice.bin
.
**************************************************************************
.
Completion time: 2012-04-01 23:54:14 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-02 03:54
ComboFix2.txt 2012-03-27 03:23
.
Pre-Run: 112,576,557,056 bytes free
Post-Run: 112,617,168,896 bytes free
.
- - End Of File - - 792FCDCB98B23FBA753489866CC56FCC

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:53 PM

Posted 02 April 2012 - 09:00 AM

Hello

I would like to see a report that combofix makes.

extra combofix report

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\Add-Remove Programs.txt
  • click ok

copy and paste the report into this topic for me to review

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 seankobuk

seankobuk
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:08:53 PM

Posted 03 April 2012 - 08:20 AM

Acronis True Image Home
AcusticaAudio Nebula3
Addictive Drums
Adobe AIR
Adobe Community Help
Adobe Illustrator CS5.1
Adobe Photoshop CS4
Any Video Converter 3.3.2
Apple Application Support
Apple Software Update
ASIO4ALL
Asmedia ASM104x USB 3.0 Host Controller Driver
ATK Package
DAEMON Tools Lite
Drush
FileZilla Client 3.5.3
Foxit Reader 5.1
Free Download Manager 3.0
Free M4a to MP3 Converter 7.0
Google Chrome
HeidiSQL 6.0
Intel PROSet Wireless
Java Auto Updater
Java™ 6 Update 31
KORG Legacy Collection - ANALOG EDITION 2007
Malwarebytes Anti-Malware version 1.60.1.1000
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFCLOC_x86
MozBackup 1.5.1
Mozilla Firefox 11.0 (x86 en-US)
Mozilla Thunderbird (8.0)
Native Instruments Abbey Road Modern Drums
Native Instruments Battery 3
Native Instruments Kontakt 5
Native Instruments Service Center
OpenOffice.org 3.3
PCM Native Reverb VST Plug-in
PDF Settings CS5
PSP oldTimer 1.0.8 64bit
PSP sQuad 1.5.1 32bit
PSP sQuad 1.5.1 64bit
Realtek Ethernet Controller Driver
Realtek USB 2.0 Reader Driver
REAPER
RME DIGICheck
Ruby 1.9.3-p0
SampleMoog
Shred 1.06
Skype™ 5.8
Softube FET Compressor VST RTAS v1.0.3
Softube Passive-Active Pack VST RTAS v1.0.2
Softube Spring Reverb VST RTAS v1.0.4
Softube Tube-Tech CL 1B VST RTAS v1.0.3
Softube Tube-Tech PE 1C VST RTAS v1.0.1
Softube Tube Delay VST RTAS v1.0.5
Sonalksis Plug-in Manager 3.00
Spotify
Steinberg Cubase v4.1.3
VLC media player 1.1.11
WinSCP 4.3.5

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:53 PM

Posted 03 April 2012 - 10:30 PM

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users