Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Some kind of weird issues going on-crashes etc


  • This topic is locked This topic is locked
7 replies to this topic

#1 ghunt

ghunt

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:03:00 PM

Posted 29 March 2012 - 06:08 AM

Ok, I'll try to explain this as best I can.

A couple nights ago I was on my computer and it was fine...then I got back on a couple hours later and it was all FUBAR'ed.

Firefox would crash before it would even open, and neither Spybot or Ad-Aware would open at all.

IE worked, so I re-downloaded Spybot and Ad-Aware.

I ran Spybot once, it found some problems and fixed them, then crashed, and now won't open at all. Kinda the same thing with Ad-Aware, after install I attempted to update it and it froze up and now won't open either. Additionally, I was getting a constant error (every 30 seconds or so) from Ad-Aware saying "LOADER ERROR: The procedure entry point HttpQueryInfoA could not be located in the dynamic link library WININET.dll" I went to Add/Remove Programs and uninstalled Ad-Aware and I at least got it to stop giving me that error message. I also apparently have an older version of Ad-Aware on the computer (circa 2007), but when I try to remove it, it gives me the same error as above.

Additionally...when I reboot the computer, it brings up 3 different error messages saying that QTTask.exe, Windows Defender and AIM failed to initialize.

So, I'm a little stumped as to exactly what the problem is. Firefox seems to be working more normally now most of the time but occasionally it will still tell me it has crashed before it even opens.

For the record, here is a HijackThis log I made last night before I went to bed. I'm on my work computer now so I can't do anything much til I get home this evening.

Thanks everyone.

"Logfile of HijackThis v1.97.7
Scan saved at 10:50:15 PM, on 3/28/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\brss01a.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\system32\S3tray2.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\msiexec.exe
C:\Documents and Settings\Owner\My Documents\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Comcast
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
O1 - Hosts: 87.229.126.41 www.bing.com
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [AutoTBar] C:\hp\bin\autotbar.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [VTPreset] VTPreset.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [S3TRAY2] S3tray2.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [dmcho.exe] C:\WINDOWS\system32\dmcho.exe
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [dplaysvr] C:\Documents and Settings\Owner\Application Data\dplaysvr.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [dplaysvr] C:\Documents and Settings\Owner\Application Data\dplaysvr.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: MktBrowser (HKLM)
O9 - Extra 'Tools' menuitem: MarketBrowser (HKLM)
O9 - Extra button: Yahoo! Services (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration (HKLM)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O11 - Options group: [INTERNATIONAL] International
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: www.accountonline.com
O15 - Trusted Zone: http://www.searscard.com
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
O16 - DPF: Yahoo! Fleet - http://download.games.yahoo.com/games/clients/y/fltt3_x.cab
O16 - DPF: Yahoo! Klondike Solitaire - http://yog55.games.scd.yahoo.com/yog/y/ks12_x.cab
O16 - DPF: Yahoo! MahJong - http://download.games.yahoo.com/games/clients/y/ot0_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/pote_x.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab
O16 - DPF: {2E28242B-A689-11D4-80F2-0040266CBB8D} (KXHCM10 Control) - http://125.206.34.115/kxhcm10.ocx
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1152336907109
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://download.games.yahoo.com/games/web_games/gamehouse/frenzy/SproutLauncher.cab

"

Edited by hamluis, 29 March 2012 - 06:27 AM.
Moved from XP to Malware Removal Logs.


BC AdBot (Login to Remove)

 


#2 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:04:00 PM

Posted 30 March 2012 - 05:45 PM

Please download DDS from either of these links
Hi,

Some of that log has been cut off, but there are a few things I see that we can fix right away, then run the other diagnostic scans so we can do a deeper search.

Please do the following:

  • Open HiJackThis
  • Click on Do a system scan only
  • Check the boxes next to ONLY the entries listed below (if still present):

O1 - Hosts: 87.229.126.41 www.bing.com
O4 - HKLM\..\Run: [dmcho.exe] C:\WINDOWS\system32\dmcho.exe
O4 - HKCU\..\Run: [dplaysvr] C:\Documents and Settings\Owner\Application Data\dplaysvr.exe
O4 - HKLM\..\Run: [dplaysvr] C:\Documents and Settings\Owner\Application Data\dplaysvr.exe
  • Close all windows except Hijackthis and click Fix Checked
  • Click Yes when prompted
  • Close HijackThis.



LINK 1
LINK 2

and save it to your desktop.
  • Disable any script blocking protection
  • Double click dds to run the tool.
  • When done, two DDS.txt's will open.
  • Save both reports to your desktop.
---------------------------------------------------
Please include the contents of the following in your next reply:

DDS.txt
Attach.txt.


NEXT

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • When asked if you want to download Avast's virus definitions please select Yes.
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.
  • You will also notice another file created on the desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) file. Attach that zipped file in your next reply as well

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#3 ghunt

ghunt
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:03:00 PM

Posted 02 April 2012 - 11:09 AM

Ok, I don't know how helpful this will be...

Here is my aswmbr text file. I ran DDS the other evening, it created the two log files and when I looked for them last night they were MIA and DDS would not run, it gave some error very quickly and then closed the window. Also I forgot the mbr.dat file and will get that this evening. Obviously, though, I've got some issues.

""aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-03-31 13:49:19
-----------------------------
13:49:19.546 OS Version: Windows 5.1.2600 Service Pack 3
13:49:19.546 Number of processors: 1 586 0x801
13:49:19.546 ComputerName: YOUR-RVLNHR6V8D UserName: Owner
13:49:20.078 Initialize success
13:49:26.468 AVAST engine download error: 0
13:50:07.140 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
13:50:07.156 Disk 0 Vendor: ST360012A 3.31 Size: 57241MB BusType: 3
13:50:07.171 Disk 0 MBR read successfully
13:50:07.171 Disk 0 MBR scan
13:50:07.187 Disk 0 unknown MBR code
13:50:07.187 Disk 0 Partition 1 00 0B FAT32 RECOVERY 4186 MB offset 63
13:50:07.203 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 53052 MB offset 8573040
13:50:07.218 Disk 0 scanning sectors +117225360
13:50:07.312 Disk 0 scanning C:\WINDOWS\system32\drivers
13:50:20.328 Service scanning
13:51:03.062 Modules scanning
13:52:30.265 Disk 0 trace - called modules:
13:52:30.312 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys viaide.sys
13:52:30.328 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85bffab8]
13:52:30.328 3 CLASSPNP.SYS[f74c7fd7] -> nt!IofCallDriver -> \Device\00000052[0x85b87f18]
13:52:30.328 5 ACPI.sys[f743e620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x85bb5b58]
13:52:30.328 Scan finished successfully
17:42:53.968 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Owner\Desktop\MBR.dat"
17:42:54.171 The log file has been saved successfully to "C:\Documents and Settings\Owner\Desktop\aswMBR.txt"


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-01 18:54:29
-----------------------------
18:54:29.988 OS Version: Windows 5.1.2600 Service Pack 3
18:54:29.988 Number of processors: 1 586 0x801
18:54:30.098 ComputerName: YOUR-RVLNHR6V8D UserName: Owner
18:54:46.568 Initialize success
18:54:47.850 AVAST engine defs: 12030600
18:55:30.322 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
18:55:30.322 Disk 0 Vendor: ST360012A 3.31 Size: 57241MB BusType: 3
18:55:30.354 Disk 0 MBR read successfully
18:55:30.354 Disk 0 MBR scan
18:55:30.401 Disk 0 unknown MBR code
18:55:30.447 Disk 0 Partition 1 00 0B FAT32 RECOVERY 4186 MB offset 63
18:55:30.494 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 53052 MB offset 8573040
18:55:30.557 Disk 0 scanning sectors +117225360
18:55:30.838 Disk 0 scanning C:\WINDOWS\system32\drivers
18:56:19.890 Service scanning
18:58:13.932 Modules scanning
19:00:10.224 Disk 0 trace - called modules:
19:00:10.287 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys viaide.sys
19:00:11.224 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85b85ab8]
19:00:11.240 3 CLASSPNP.SYS[f74c7fd7] -> nt!IofCallDriver -> \Device\00000056[0x85bf6f18]
19:00:11.256 5 ACPI.sys[f743e620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x85bf8418]
19:00:17.584 AVAST engine scan C:\WINDOWS
19:03:16.945 AVAST engine scan C:\WINDOWS\system32
19:05:55.273 File: C:\WINDOWS\system32\msbaij.dll **INFECTED** Win32:Trojan-gen
19:05:57.382 File: C:\WINDOWS\system32\msddlc.dll **INFECTED** Win32:Siboco-B [Trj]
19:08:12.566 File: C:\WINDOWS\system32\{14A340B2-DE5A-4B6B-9944-FB1C71C170AC}.exe **INFECTED** Win32:Adware-gen [Adw]
19:08:12.737 File: C:\WINDOWS\system32\{628086B1-7D5A-4B25-871E-3604FD025CAE}.exe **INFECTED** Win32:Adware-gen [Adw]
19:08:12.831 File: C:\WINDOWS\system32\{6A258632-EB15-4408-9066-0CD1C7BAEB32}.exe **INFECTED** Win32:Adware-gen [Adw]
19:08:13.050 File: C:\WINDOWS\system32\{7DAA7213-4039-4D38-8FC6-8E41A3C369D1}.exe **INFECTED** Win32:Adware-gen [Adw]
19:08:13.222 File: C:\WINDOWS\system32\{972919E1-D436-4850-9924-5831EFDDEC40}.exe **INFECTED** Win32:Adware-gen [Adw]
19:08:13.378 File: C:\WINDOWS\system32\{B90798EB-9304-401C-AE09-DA1B9CA9EAEF}.exe **INFECTED** Win32:Adware-gen [Adw]
19:08:13.519 File: C:\WINDOWS\system32\{C722C316-F764-486A-B2F0-10D381769D04}.exe **INFECTED** Win32:Adware-gen [Adw]
19:08:13.659 File: C:\WINDOWS\system32\{E7F61A1D-F233-44BC-B91E-2AA41D20D5E4}.exe **INFECTED** Win32:Adware-gen [Adw]
19:08:13.800 File: C:\WINDOWS\system32\{EBDA01A6-3420-4020-811A-DA462014F5B4}.exe **INFECTED** Win32:Adware-gen [Adw]
19:08:59.944 AVAST engine scan C:\WINDOWS\system32\drivers
19:09:36.213 AVAST engine scan C:\Documents and Settings\Owner
19:21:09.583 File: C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\28\5005fedc-637f786e **INFECTED** Win32:MalOb-FN [Cryp]
19:47:45.153 AVAST engine scan C:\Documents and Settings\All Users
19:52:37.514 Scan finished successfully
21:56:52.728 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Owner\Desktop\MBR.dat"
21:56:52.759 The log file has been saved successfully to "C:\Documents and Settings\Owner\Desktop\aswMBR.txt"
""

#4 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:04:00 PM

Posted 02 April 2012 - 04:52 PM

Hi,

Please do the following:

Please download TDSSKiller.zip
  • Extract it to your desktop
  • Double click TDSSKiller.exe
  • when the window opens, click on Change Parameters
  • under ”Additional options”, put a check mark in the box next to “Detect TDLFS File System”
  • click OK
  • Press Start Scan
    • If Malicious objects are found then ensure Cure is selected
    • If TDLFS File System is found then ensure Delete is selected
    • Then click Continue > Reboot now
  • Copy and paste the log in your next reply
    • A copy of the log will be saved automatically to the root of the drive (typically C:\)



NEXT



Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

  • Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#5 ghunt

ghunt
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:03:00 PM

Posted 06 April 2012 - 09:59 AM

Hi there, thanks for the help. Sorry this has taken so long, I've been busy and my computer's been running so poorly it's made all this stuff a lot harder.

Here is the tdsskiller log text (I re-ran it this morning because I forgot to check the "Find TDLFS File System" box...but, it said there were no threats on the original run as well):


""
10:34:51.0093 3300 TDSS rootkit removing tool 2.7.25.0 Apr 3 2012 13:42:32
10:34:52.0500 3300 ============================================================
10:34:52.0500 3300 Current date / time: 2012/04/06 10:34:52.0500
10:34:52.0500 3300 SystemInfo:
10:34:52.0500 3300
10:34:52.0500 3300 OS Version: 5.1.2600 ServicePack: 3.0
10:34:52.0500 3300 Product type: Workstation
10:34:52.0500 3300 ComputerName: YOUR-RVLNHR6V8D
10:34:52.0500 3300 UserName: Owner
10:34:52.0500 3300 Windows directory: C:\WINDOWS
10:34:52.0500 3300 System windows directory: C:\WINDOWS
10:34:52.0500 3300 Processor architecture: Intel x86
10:34:52.0500 3300 Number of processors: 1
10:34:52.0500 3300 Page size: 0x1000
10:34:52.0500 3300 Boot type: Normal boot
10:34:52.0500 3300 ============================================================
10:35:05.0671 3300 Drive \Device\Harddisk0\DR0 - Size: 0xDF99E6000 (55.90 Gb), SectorSize: 0x200, Cylinders: 0x1E49, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000054
10:35:05.0687 3300 \Device\Harddisk0\DR0:
10:35:05.0687 3300 MBR used
10:35:05.0687 3300 \Device\Harddisk0\DR0\Partition0: MBR, Type 0xB, StartLBA 0x3F, BlocksNum 0x82D031
10:35:05.0687 3300 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x82D070, BlocksNum 0x679E720
10:35:06.0546 3300 Initialize success
10:35:06.0546 3300 ============================================================
10:35:15.0593 3356 ============================================================
10:35:15.0593 3356 Scan started
10:35:15.0593 3356 Mode: Manual; TDLFS;
10:35:15.0593 3356 ============================================================
10:35:16.0125 3356 Aavmker4 (473f97edc5a5312f3665ab2921196c0c) C:\WINDOWS\system32\drivers\Aavmker4.sys
10:35:16.0140 3356 Aavmker4 - ok
10:35:16.0343 3356 Abiosdsk - ok
10:35:16.0578 3356 abp480n5 - ok
10:35:16.0906 3356 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
10:35:16.0921 3356 ACPI - ok
10:35:17.0187 3356 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
10:35:17.0187 3356 ACPIEC - ok
10:35:17.0375 3356 adpu160m - ok
10:35:17.0640 3356 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
10:35:17.0640 3356 aec - ok
10:35:17.0906 3356 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
10:35:18.0000 3356 AFD - ok
10:35:18.0562 3356 AFS2K (c685cc27a2e637f0dcb5a45e67cc6f74) C:\WINDOWS\system32\drivers\AFS2K.sys
10:35:18.0562 3356 AFS2K - ok
10:35:18.0750 3356 Aha154x - ok
10:35:19.0203 3356 aic78u2 - ok
10:35:19.0453 3356 aic78xx - ok
10:35:19.0843 3356 ALCXWDM (8d6c30e515717248e0e52b85fd7ac466) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
10:35:19.0968 3356 ALCXWDM - ok
10:35:20.0156 3356 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
10:35:20.0171 3356 Alerter - ok
10:35:20.0343 3356 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
10:35:20.0343 3356 ALG - ok
10:35:20.0562 3356 AliIde - ok
10:35:20.0828 3356 AmdK7 (8fce268cdbdd83b23419d1f35f42c7b1) C:\WINDOWS\system32\DRIVERS\amdk7.sys
10:35:20.0828 3356 AmdK7 - ok
10:35:21.0031 3356 amsint - ok
10:35:21.0171 3356 AppMgmt - ok
10:35:21.0359 3356 AresChatServer (7d57faae19135dabb22b41b304707096) C:\Program Files\Ares\chatServer.exe
10:35:21.0406 3356 AresChatServer - ok
10:35:21.0640 3356 asc - ok
10:35:22.0031 3356 asc3350p - ok
10:35:22.0265 3356 asc3550 - ok
10:35:22.0531 3356 aspnet_state (a986fcfdac587e68478db51547b90800) C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
10:35:22.0578 3356 aspnet_state - ok
10:35:22.0843 3356 aswFsBlk (0ae43c6c411254049279c2ee55630f95) C:\WINDOWS\system32\drivers\aswFsBlk.sys
10:35:22.0859 3356 aswFsBlk - ok
10:35:23.0109 3356 aswMon2 (8c30b7ddd2f1d8d138ebe40345af2b11) C:\WINDOWS\system32\drivers\aswMon2.sys
10:35:23.0125 3356 aswMon2 - ok
10:35:23.0359 3356 AswRdr (da12626fd9a67f4e917e2f2fbe1e1764) C:\WINDOWS\system32\drivers\AswRdr.sys
10:35:23.0359 3356 AswRdr - ok
10:35:23.0609 3356 aswSnx (dcb199b967375753b5019ec15f008f53) C:\WINDOWS\system32\drivers\aswSnx.sys
10:35:23.0671 3356 aswSnx - ok
10:35:23.0953 3356 aswSP (b32873e5a1443c0a1e322266e203bf10) C:\WINDOWS\system32\drivers\aswSP.sys
10:35:24.0000 3356 aswSP - ok
10:35:24.0265 3356 aswTdi (6ff544175a9180c5d88534d3d9c9a9f7) C:\WINDOWS\system32\drivers\aswTdi.sys
10:35:24.0265 3356 aswTdi - ok
10:35:24.0484 3356 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
10:35:24.0515 3356 AsyncMac - ok
10:35:24.0781 3356 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
10:35:24.0796 3356 atapi - ok
10:35:24.0984 3356 Atdisk - ok
10:35:25.0234 3356 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
10:35:25.0234 3356 Atmarpc - ok
10:35:25.0437 3356 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
10:35:25.0437 3356 AudioSrv - ok
10:35:25.0687 3356 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
10:35:25.0703 3356 audstub - ok
10:35:25.0859 3356 avast! Antivirus (4041d31508a2a084dfb42c595854090f) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
10:35:25.0859 3356 avast! Antivirus - ok
10:35:26.0140 3356 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
10:35:26.0156 3356 Beep - ok
10:35:26.0359 3356 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
10:35:26.0593 3356 BITS - ok
10:35:26.0859 3356 brfilt (4ba311473e0d8557827e6f2fe33a8095) C:\WINDOWS\system32\Drivers\Brfilt.sys
10:35:26.0906 3356 brfilt - ok
10:35:27.0093 3356 Brother XP spl Service (d3facb34fff5db91adb70987838f8ba7) C:\WINDOWS\System32\brsvc01a.exe
10:35:27.0109 3356 Brother XP spl Service - ok
10:35:27.0312 3356 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
10:35:27.0328 3356 Browser - ok
10:35:27.0562 3356 BrSerWDM (791ef93168dcf057715493d607e37983) C:\WINDOWS\system32\Drivers\BrSerWdm.sys
10:35:27.0609 3356 BrSerWDM - ok
10:35:27.0875 3356 BrUsbMdm (37e2d0b12ddf536cd64af6eb3b580ef8) C:\WINDOWS\system32\Drivers\BrUsbMdm.sys
10:35:27.0921 3356 BrUsbMdm - ok
10:35:28.0140 3356 BrUsbScn (1c5f014048e5b2748c1a8ad297c50b6f) C:\WINDOWS\system32\Drivers\BrUsbScn.sys
10:35:28.0156 3356 BrUsbScn - ok
10:35:28.0406 3356 BVRPMPR5 (248dfa5762dde38dfddbbd44149e9d7a) C:\WINDOWS\system32\drivers\BVRPMPR5.SYS
10:35:28.0453 3356 BVRPMPR5 - ok
10:35:28.0671 3356 CA561 (50ded7c73e0fb40693edab8cad7c46e7) C:\WINDOWS\system32\Drivers\SPCA561.SYS
10:35:28.0703 3356 CA561 - ok
10:35:28.0765 3356 catchme - ok
10:35:29.0000 3356 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
10:35:29.0046 3356 cbidf2k - ok
10:35:29.0578 3356 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
10:35:29.0625 3356 CCDECODE - ok
10:35:29.0828 3356 cd20xrnt - ok
10:35:30.0093 3356 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
10:35:30.0093 3356 Cdaudio - ok
10:35:30.0453 3356 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
10:35:30.0453 3356 Cdfs - ok
10:35:30.0687 3356 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
10:35:30.0687 3356 Cdrom - ok
10:35:30.0875 3356 Changer - ok
10:35:31.0093 3356 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
10:35:31.0140 3356 CiSvc - ok
10:35:31.0328 3356 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
10:35:31.0390 3356 ClipSrv - ok
10:35:31.0578 3356 CmdIde - ok
10:35:31.0734 3356 COMSysApp - ok
10:35:32.0031 3356 Cpqarray - ok
10:35:32.0218 3356 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
10:35:32.0234 3356 CryptSvc - ok
10:35:32.0421 3356 dac2w2k - ok
10:35:32.0640 3356 dac960nt - ok
10:35:32.0875 3356 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
10:35:32.0906 3356 DcomLaunch - ok
10:35:33.0171 3356 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
10:35:33.0171 3356 Dhcp - ok
10:35:33.0421 3356 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
10:35:33.0468 3356 Disk - ok
10:35:33.0625 3356 dmadmin - ok
10:35:33.0937 3356 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
10:35:33.0984 3356 dmboot - ok
10:35:34.0218 3356 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
10:35:34.0234 3356 dmio - ok
10:35:34.0468 3356 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
10:35:34.0484 3356 dmload - ok
10:35:34.0671 3356 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
10:35:34.0718 3356 dmserver - ok
10:35:34.0921 3356 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
10:35:34.0937 3356 DMusic - ok
10:35:35.0140 3356 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
10:35:35.0156 3356 Dnscache - ok
10:35:35.0390 3356 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
10:35:35.0421 3356 Dot3svc - ok
10:35:35.0625 3356 dpti2o - ok
10:35:35.0875 3356 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
10:35:35.0890 3356 drmkaud - ok
10:35:36.0125 3356 drvmcdb (b4cba593c540ff2a1ab7c0761c9ede16) C:\WINDOWS\system32\DRIVERS\drvmcdb.sys
10:35:36.0187 3356 drvmcdb - ok
10:35:36.0421 3356 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
10:35:36.0453 3356 EapHost - ok
10:35:36.0656 3356 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
10:35:36.0656 3356 ERSvc - ok
10:35:36.0859 3356 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
10:35:36.0890 3356 Eventlog - ok
10:35:37.0109 3356 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\System32\es.dll
10:35:37.0156 3356 EventSystem - ok
10:35:37.0421 3356 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
10:35:37.0421 3356 Fastfat - ok
10:35:37.0656 3356 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
10:35:37.0687 3356 FastUserSwitchingCompatibility - ok
10:35:37.0906 3356 Fax (e97d6a8684466df94ff3bc24fb787a07) C:\WINDOWS\system32\fxssvc.exe
10:35:37.0937 3356 Fax - ok
10:35:38.0203 3356 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
10:35:38.0203 3356 Fdc - ok
10:35:38.0515 3356 FETND5BV (cfc4cc73c903152a23e1db28eaba1f03) C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys
10:35:38.0531 3356 FETND5BV - ok
10:35:39.0031 3356 FETNDIS (b9604c86f449a2a80b28c234008e2d73) C:\WINDOWS\system32\DRIVERS\fetnd5b.sys
10:35:39.0046 3356 FETNDIS - ok
10:35:39.0265 3356 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
10:35:39.0281 3356 Fips - ok
10:35:39.0515 3356 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
10:35:39.0531 3356 Flpydisk - ok
10:35:39.0796 3356 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
10:35:39.0828 3356 FltMgr - ok
10:35:40.0062 3356 Freedom (e59fabd452ee948c638154ec2a493130) C:\WINDOWS\system32\DRIVERS\FREEDOM.SYS
10:35:40.0125 3356 Freedom - ok
10:35:40.0359 3356 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
10:35:40.0375 3356 Fs_Rec - ok
10:35:40.0625 3356 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
10:35:40.0671 3356 Ftdisk - ok
10:35:40.0921 3356 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
10:35:40.0921 3356 Gpc - ok
10:35:41.0140 3356 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
10:35:41.0140 3356 helpsvc - ok
10:35:41.0312 3356 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
10:35:41.0328 3356 HidServ - ok
10:35:41.0593 3356 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
10:35:41.0640 3356 HidUsb - ok
10:35:41.0843 3356 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
10:35:41.0906 3356 hkmsvc - ok
10:35:42.0093 3356 hpn - ok
10:35:42.0359 3356 HPZid412 (5faba4775d4c61e55ec669d643ffc71f) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
10:35:42.0406 3356 HPZid412 - ok
10:35:42.0625 3356 HPZipr12 (a3c43980ee1f1beac778b44ea65dbdd4) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
10:35:42.0671 3356 HPZipr12 - ok
10:35:42.0906 3356 HPZius12 (2906949bd4e206f2bb0dd1896ce9f66f) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
10:35:43.0015 3356 HPZius12 - ok
10:35:43.0859 3356 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
10:35:44.0234 3356 HTTP - ok
10:35:45.0031 3356 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
10:35:45.0187 3356 HTTPFilter - ok
10:35:45.0812 3356 i2omgmt - ok
10:35:46.0531 3356 i2omp - ok
10:35:47.0093 3356 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
10:35:47.0203 3356 i8042prt - ok
10:35:47.0750 3356 ialm (ba8a1050e0df758b02cdfbd11f6b4464) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
10:35:47.0890 3356 ialm - ok
10:35:48.0515 3356 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
10:35:48.0515 3356 Imapi - ok
10:35:49.0000 3356 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
10:35:49.0265 3356 ImapiService - ok
10:35:49.0906 3356 ini910u - ok
10:35:50.0546 3356 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\System32\DRIVERS\intelide.sys
10:35:50.0562 3356 IntelIde - ok
10:35:51.0125 3356 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
10:35:51.0218 3356 ip6fw - ok
10:35:51.0843 3356 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
10:35:51.0953 3356 IpFilterDriver - ok
10:35:52.0562 3356 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
10:35:52.0578 3356 IpInIp - ok
10:35:53.0203 3356 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
10:35:53.0265 3356 IpNat - ok
10:35:53.0843 3356 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
10:35:53.0953 3356 IPSec - ok
10:35:54.0578 3356 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
10:35:54.0625 3356 IRENUM - ok
10:35:55.0234 3356 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
10:35:55.0312 3356 isapnp - ok
10:35:55.0734 3356 JavaQuickStarterService (381b25dc8e958d905b33130d500bbf29) C:\Program Files\Java\jre6\bin\jqs.exe
10:35:55.0843 3356 JavaQuickStarterService - ok
10:35:56.0296 3356 kakuhxrt - ok
10:35:56.0875 3356 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
10:35:56.0953 3356 Kbdclass - ok
10:35:57.0453 3356 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
10:35:57.0531 3356 kbdhid - ok
10:35:58.0046 3356 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
10:35:58.0156 3356 kmixer - ok
10:35:58.0734 3356 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
10:35:58.0875 3356 KSecDD - ok
10:35:59.0375 3356 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
10:35:59.0500 3356 lanmanserver - ok
10:35:59.0984 3356 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
10:36:00.0078 3356 lanmanworkstation - ok
10:36:00.0234 3356 Lavasoft Kernexplorer - ok
10:36:00.0640 3356 lbrtfdc - ok
10:36:01.0109 3356 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
10:36:01.0125 3356 LmHosts - ok
10:36:01.0578 3356 ltmodem5 (fa2ed4a054360f3f873c15420f1f19cc) C:\WINDOWS\system32\DRIVERS\ltmdmnt.sys
10:36:01.0656 3356 ltmodem5 - ok
10:36:01.0875 3356 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
10:36:01.0937 3356 Messenger - ok
10:36:02.0171 3356 mf (a7da20ab18a1bdae28b0f349e57da0d1) C:\WINDOWS\system32\DRIVERS\mf.sys
10:36:02.0187 3356 mf - ok
10:36:02.0437 3356 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
10:36:02.0437 3356 mnmdd - ok
10:36:02.0609 3356 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\System32\mnmsrvc.exe
10:36:02.0640 3356 mnmsrvc - ok
10:36:02.0875 3356 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
10:36:02.0890 3356 Modem - ok
10:36:03.0140 3356 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
10:36:03.0156 3356 Mouclass - ok
10:36:03.0390 3356 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
10:36:03.0390 3356 mouhid - ok
10:36:03.0640 3356 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
10:36:03.0640 3356 MountMgr - ok
10:36:03.0843 3356 mraid35x - ok
10:36:04.0093 3356 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
10:36:04.0109 3356 MRxDAV - ok
10:36:04.0390 3356 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
10:36:04.0421 3356 MRxSmb - ok
10:36:04.0625 3356 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\System32\msdtc.exe
10:36:04.0671 3356 MSDTC - ok
10:36:04.0906 3356 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
10:36:04.0906 3356 Msfs - ok
10:36:05.0062 3356 MSIServer - ok
10:36:05.0312 3356 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
10:36:05.0359 3356 MSKSSRV - ok
10:36:05.0640 3356 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
10:36:05.0640 3356 MSPCLOCK - ok
10:36:05.0890 3356 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
10:36:05.0890 3356 MSPQM - ok
10:36:06.0109 3356 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
10:36:06.0109 3356 mssmbios - ok
10:36:06.0328 3356 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
10:36:06.0343 3356 MSTEE - ok
10:36:06.0578 3356 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
10:36:06.0625 3356 Mup - ok
10:36:06.0890 3356 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
10:36:06.0921 3356 NABTSFEC - ok
10:36:07.0140 3356 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
10:36:07.0203 3356 napagent - ok
10:36:07.0468 3356 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
10:36:07.0468 3356 NDIS - ok
10:36:07.0734 3356 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
10:36:07.0750 3356 NdisIP - ok
10:36:08.0000 3356 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
10:36:08.0000 3356 NdisTapi - ok
10:36:08.0250 3356 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
10:36:08.0250 3356 Ndisuio - ok
10:36:08.0453 3356 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
10:36:08.0468 3356 NdisWan - ok
10:36:08.0703 3356 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
10:36:08.0718 3356 NDProxy - ok
10:36:08.0937 3356 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
10:36:08.0937 3356 NetBIOS - ok
10:36:09.0218 3356 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
10:36:09.0375 3356 NetBT - ok
10:36:10.0203 3356 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
10:36:10.0312 3356 NetDDE - ok
10:36:10.0375 3356 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
10:36:10.0406 3356 NetDDEdsdm - ok
10:36:10.0921 3356 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
10:36:10.0953 3356 Netlogon - ok
10:36:11.0484 3356 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
10:36:11.0640 3356 Netman - ok
10:36:12.0171 3356 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
10:36:12.0312 3356 Nla - ok
10:36:12.0890 3356 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
10:36:12.0984 3356 Npfs - ok
10:36:13.0765 3356 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
10:36:14.0171 3356 Ntfs - ok
10:36:14.0656 3356 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\System32\lsass.exe
10:36:14.0656 3356 NtLmSsp - ok
10:36:14.0890 3356 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
10:36:14.0921 3356 NtmsSvc - ok
10:36:15.0140 3356 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
10:36:15.0156 3356 Null - ok
10:36:15.0484 3356 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
10:36:15.0593 3356 nv - ok
10:36:15.0781 3356 NVSvc (c933159f6c63a866a8002bc3cb71f426) C:\WINDOWS\System32\nvsvc32.exe
10:36:15.0781 3356 NVSvc - ok
10:36:16.0031 3356 nv_agp (db36442c20793c53b4128eb85f9a3d32) C:\WINDOWS\system32\DRIVERS\nv_agp.sys
10:36:16.0062 3356 nv_agp - ok
10:36:16.0312 3356 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
10:36:16.0328 3356 NwlnkFlt - ok
10:36:16.0578 3356 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
10:36:16.0609 3356 NwlnkFwd - ok
10:36:16.0828 3356 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
10:36:16.0828 3356 Parport - ok
10:36:17.0078 3356 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
10:36:17.0078 3356 PartMgr - ok
10:36:17.0328 3356 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
10:36:17.0328 3356 ParVdm - ok
10:36:17.0593 3356 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
10:36:17.0640 3356 PCI - ok
10:36:17.0828 3356 PCIDump - ok
10:36:18.0078 3356 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\System32\DRIVERS\pciide.sys
10:36:18.0109 3356 PCIIde - ok
10:36:18.0359 3356 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
10:36:18.0359 3356 Pcmcia - ok
10:36:18.0593 3356 PDCOMP - ok
10:36:18.0796 3356 PDFRAME - ok
10:36:19.0015 3356 PDRELI - ok
10:36:19.0250 3356 PDRFRAME - ok
10:36:19.0468 3356 perc2 - ok
10:36:19.0687 3356 perc2hib - ok
10:36:20.0000 3356 pfc (da86016f0672ada925f589ede715f185) C:\WINDOWS\system32\drivers\pfc.sys
10:36:20.0000 3356 pfc - ok
10:36:20.0234 3356 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
10:36:20.0250 3356 PlugPlay - ok
10:36:20.0421 3356 Pml Driver HPZ12 (2d091a99624fb9e7eef0a86d872ec0c3) C:\WINDOWS\System32\HPZipm12.exe
10:36:20.0453 3356 Pml Driver HPZ12 - ok
10:36:20.0828 3356 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
10:36:20.0843 3356 PolicyAgent - ok
10:36:21.0312 3356 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
10:36:21.0328 3356 PptpMiniport - ok
10:36:21.0921 3356 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
10:36:21.0921 3356 Processor - ok
10:36:22.0296 3356 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
10:36:22.0312 3356 ProtectedStorage - ok
10:36:22.0843 3356 Ps2 (bffdb363485501a38f0bca83aec810db) C:\WINDOWS\system32\DRIVERS\PS2.sys
10:36:22.0921 3356 Ps2 - ok
10:36:23.0171 3356 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
10:36:23.0171 3356 PSched - ok
10:36:23.0421 3356 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
10:36:23.0421 3356 Ptilink - ok
10:36:23.0656 3356 PxHelp20 (8948c3f19a69808610c39db2a8c5f1c7) C:\WINDOWS\system32\DRIVERS\PxHelp20.sys
10:36:23.0656 3356 PxHelp20 - ok
10:36:23.0890 3356 ql1080 - ok
10:36:24.0140 3356 Ql10wnt - ok
10:36:24.0359 3356 ql12160 - ok
10:36:24.0593 3356 ql1240 - ok
10:36:25.0000 3356 ql1280 - ok
10:36:25.0250 3356 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
10:36:25.0250 3356 RasAcd - ok
10:36:25.0437 3356 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
10:36:25.0453 3356 RasAuto - ok
10:36:25.0687 3356 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
10:36:25.0687 3356 Rasl2tp - ok
10:36:25.0953 3356 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
10:36:25.0968 3356 RasMan - ok
10:36:26.0218 3356 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
10:36:26.0234 3356 RasPppoe - ok
10:36:26.0484 3356 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
10:36:26.0484 3356 Raspti - ok
10:36:26.0718 3356 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
10:36:26.0734 3356 Rdbss - ok
10:36:27.0031 3356 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
10:36:27.0031 3356 RDPCDD - ok
10:36:27.0296 3356 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
10:36:27.0359 3356 RDPWD - ok
10:36:27.0625 3356 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
10:36:27.0671 3356 RDSessMgr - ok
10:36:27.0968 3356 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
10:36:27.0968 3356 redbook - ok
10:36:28.0187 3356 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
10:36:28.0203 3356 RemoteAccess - ok
10:36:28.0406 3356 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\System32\locator.exe
10:36:28.0437 3356 RpcLocator - ok
10:36:28.0640 3356 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
10:36:28.0656 3356 RpcSs - ok
10:36:28.0937 3356 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\System32\rsvp.exe
10:36:29.0031 3356 RSVP - ok
10:36:29.0281 3356 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
10:36:29.0328 3356 rtl8139 - ok
10:36:29.0562 3356 S3Psddr (5ac35ae969a729227522e972885e3aa7) C:\WINDOWS\system32\DRIVERS\s3gnbm.sys
10:36:29.0562 3356 S3Psddr - ok
10:36:29.0750 3356 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
10:36:29.0765 3356 SamSs - ok
10:36:30.0015 3356 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
10:36:30.0031 3356 SCardSvr - ok
10:36:30.0281 3356 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
10:36:30.0296 3356 Schedule - ok
10:36:30.0562 3356 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
10:36:30.0578 3356 Secdrv - ok
10:36:31.0078 3356 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
10:36:31.0093 3356 seclogon - ok
10:36:31.0296 3356 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
10:36:31.0312 3356 SENS - ok
10:36:31.0593 3356 Serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
10:36:31.0609 3356 Serenum - ok
10:36:32.0031 3356 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
10:36:32.0031 3356 Serial - ok
10:36:32.0250 3356 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
10:36:32.0250 3356 Sfloppy - ok
10:36:32.0500 3356 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
10:36:32.0546 3356 SharedAccess - ok
10:36:32.0796 3356 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
10:36:32.0812 3356 ShellHWDetection - ok
10:36:33.0125 3356 Simbad - ok
10:36:33.0500 3356 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
10:36:33.0546 3356 SLIP - ok
10:36:33.0812 3356 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
10:36:33.0890 3356 SONYPVU1 - ok
10:36:34.0093 3356 Sparrow - ok
10:36:34.0343 3356 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
10:36:34.0343 3356 splitter - ok
10:36:34.0531 3356 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
10:36:34.0562 3356 Spooler - ok
10:36:34.0890 3356 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
10:36:34.0984 3356 sr - ok
10:36:35.0328 3356 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
10:36:35.0359 3356 srservice - ok
10:36:35.0671 3356 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
10:36:35.0687 3356 Srv - ok
10:36:35.0968 3356 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
10:36:35.0984 3356 SSDPSRV - ok
10:36:36.0203 3356 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
10:36:36.0234 3356 stisvc - ok
10:36:36.0468 3356 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
10:36:36.0468 3356 streamip - ok
10:36:36.0703 3356 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
10:36:36.0703 3356 swenum - ok
10:36:36.0984 3356 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
10:36:37.0000 3356 swmidi - ok
10:36:37.0156 3356 SwPrv - ok
10:36:37.0421 3356 symc810 - ok
10:36:37.0656 3356 symc8xx - ok
10:36:38.0359 3356 SymWSC (67c5af84809468061121fbcbecb19285) C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
10:36:38.0515 3356 SymWSC - ok
10:36:38.0828 3356 sym_hi - ok
10:36:39.0265 3356 sym_u3 - ok
10:36:40.0187 3356 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
10:36:40.0187 3356 sysaudio - ok
10:36:40.0609 3356 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
10:36:40.0734 3356 SysmonLog - ok
10:36:41.0265 3356 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
10:36:41.0437 3356 TapiSrv - ok
10:36:41.0765 3356 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
10:36:41.0906 3356 Tcpip - ok
10:36:42.0281 3356 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
10:36:42.0312 3356 TDPIPE - ok
10:36:42.0531 3356 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
10:36:42.0562 3356 TDTCP - ok
10:36:42.0781 3356 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
10:36:42.0812 3356 TermDD - ok
10:36:43.0046 3356 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
10:36:43.0093 3356 TermService - ok
10:36:43.0312 3356 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
10:36:43.0328 3356 Themes - ok
10:36:43.0609 3356 TosIde - ok
10:36:43.0812 3356 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
10:36:43.0843 3356 TrkWks - ok
10:36:44.0250 3356 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
10:36:44.0359 3356 Udfs - ok
10:36:44.0765 3356 ultra - ok
10:36:45.0500 3356 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
10:36:45.0593 3356 Update - ok
10:36:46.0046 3356 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
10:36:46.0187 3356 upnphost - ok
10:36:46.0593 3356 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
10:36:46.0703 3356 UPS - ok
10:36:47.0359 3356 usbbus (153722a7c13f39f2d622a6865a9f0e5f) C:\WINDOWS\system32\DRIVERS\lgusbbus.sys
10:36:47.0468 3356 usbbus - ok
10:36:48.0031 3356 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
10:36:48.0031 3356 usbccgp - ok
10:36:48.0390 3356 UsbDiag (76f4a87b58cf94d0fa3a8dd8a94ae27e) C:\WINDOWS\system32\DRIVERS\lgusbdiag.sys
10:36:48.0437 3356 UsbDiag - ok
10:36:48.0687 3356 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
10:36:48.0687 3356 usbehci - ok
10:36:48.0906 3356 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
10:36:48.0906 3356 usbhub - ok
10:36:49.0140 3356 USBModem (8d74ed44788d93133ffe4f116331fe35) C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys
10:36:49.0187 3356 USBModem - ok
10:36:49.0765 3356 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
10:36:49.0765 3356 usbohci - ok
10:36:50.0000 3356 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
10:36:50.0015 3356 usbprint - ok
10:36:50.0218 3356 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
10:36:50.0218 3356 usbscan - ok
10:36:50.0468 3356 usbser (1c888b000c2f9492f4b15b5b6b84873e) C:\WINDOWS\system32\DRIVERS\usbser.sys
10:36:50.0484 3356 usbser - ok
10:36:50.0687 3356 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
10:36:50.0703 3356 USBSTOR - ok
10:36:50.0937 3356 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
10:36:50.0937 3356 usbuhci - ok
10:36:51.0187 3356 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
10:36:51.0218 3356 VgaSave - ok
10:36:51.0484 3356 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
10:36:51.0500 3356 viaagp - ok
10:36:51.0718 3356 viaagp1 (f76ea9ae8d32ec50159795d29674465e) C:\WINDOWS\system32\DRIVERS\viaagp1.sys
10:36:51.0812 3356 viaagp1 - ok
10:36:52.0156 3356 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
10:36:52.0171 3356 ViaIde - ok
10:36:52.0421 3356 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
10:36:52.0437 3356 VolSnap - ok
10:36:52.0640 3356 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
10:36:52.0671 3356 VSS - ok
10:36:52.0890 3356 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
10:36:52.0921 3356 W32Time - ok
10:36:53.0187 3356 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
10:36:53.0203 3356 Wanarp - ok
10:36:53.0437 3356 WDICA - ok
10:36:53.0671 3356 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
10:36:53.0687 3356 wdmaud - ok
10:36:53.0875 3356 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
10:36:53.0906 3356 WebClient - ok
10:36:54.0062 3356 WinDefend (f45dd1e1365d857dd08bc23563370d0e) C:\Program Files\Windows Defender\MsMpEng.exe
10:36:54.0062 3356 WinDefend - ok
10:36:54.0312 3356 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
10:36:54.0312 3356 winmgmt - ok
10:36:54.0562 3356 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
10:36:54.0578 3356 WmdmPmSN - ok
10:36:54.0921 3356 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\System32\wbem\wmiapsrv.exe
10:36:54.0921 3356 WmiApSrv - ok
10:36:55.0140 3356 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
10:36:55.0234 3356 WMPNetworkSvc - ok
10:36:55.0578 3356 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
10:36:55.0578 3356 WS2IFSL - ok
10:36:55.0796 3356 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
10:36:55.0812 3356 wscsvc - ok
10:36:56.0062 3356 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
10:36:56.0062 3356 WSTCODEC - ok
10:36:56.0250 3356 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
10:36:56.0296 3356 wuauserv - ok
10:36:56.0546 3356 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
10:36:56.0640 3356 WudfPf - ok
10:36:57.0156 3356 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
10:36:57.0218 3356 WudfRd - ok
10:36:57.0578 3356 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
10:36:57.0625 3356 WudfSvc - ok
10:36:57.0859 3356 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
10:36:57.0937 3356 WZCSVC - ok
10:36:58.0140 3356 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
10:36:58.0187 3356 xmlprov - ok
10:36:58.0359 3356 YahooAUService (dd0042f0c3b606a6a8b92d49afb18ad6) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
10:36:58.0453 3356 YahooAUService - ok
10:36:58.0734 3356 {6080A529-897E-4629-A488-ABA0C29B635E} (7829319b296adc8a3bd99f4824effda9) C:\WINDOWS\system32\drivers\ialmsbw.sys
10:36:58.0734 3356 {6080A529-897E-4629-A488-ABA0C29B635E} - ok
10:36:59.0000 3356 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} (b8c99f314372be1425468d844ce45cee) C:\WINDOWS\system32\drivers\ialmkchw.sys
10:36:59.0015 3356 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} - ok
10:36:59.0046 3356 MBR (0x1B8) (24bf22b59c30b9b11e1af62cfc3c418e) \Device\Harddisk0\DR0
10:36:59.0187 3356 \Device\Harddisk0\DR0 - ok
10:36:59.0265 3356 Boot (0x1200) (00813a263d5ebced7632ab0a7df310b4) \Device\Harddisk0\DR0\Partition0
10:36:59.0265 3356 \Device\Harddisk0\DR0\Partition0 - ok
10:36:59.0312 3356 Boot (0x1200) (e75e904000c905c80848a9486bf94f56) \Device\Harddisk0\DR0\Partition1
10:36:59.0312 3356 \Device\Harddisk0\DR0\Partition1 - ok
10:36:59.0328 3356 ============================================================
10:36:59.0328 3356 Scan finished
10:36:59.0328 3356 ============================================================
10:36:59.0406 3348 Detected object count: 0
10:36:59.0406 3348 Actual detected object count: 0
10:37:05.0093 3288 Deinitialize success
""

#6 ghunt

ghunt
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:03:00 PM

Posted 06 April 2012 - 10:01 AM

Combofix log is attached to this post...thought I might be able to paste it in but it's too long.

Attached Files



#7 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:04:00 PM

Posted 06 April 2012 - 10:29 AM

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
  • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

File::
c:\windows\system32\drivers\kakuhxrt.sys

Driver::
kakuhxrt

ClearJavaCache::

Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"


Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

Posted Image
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix may request an update; please allow it.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you.
  • Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.


NEXT


Please download Malwarebytes' Anti-Malware
  • Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected. <-- very important
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT


Go here to run an online scanner from ESET.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activeX control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan completes, press the LIST OF THREATS FOUND button
  • Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
  • Include the contents of this report in your next reply.
  • Press the BACK button.
  • Press Finish


NEXT

Please advise how the computer is running now and if there are any outstanding issues

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#8 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:04:00 PM

Posted 13 April 2012 - 07:30 PM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users