Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

7shared Redirect


  • This topic is locked This topic is locked
35 replies to this topic

#1 FoolsLove

FoolsLove

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:12:57 PM

Posted 21 July 2012 - 09:32 PM

I am having the same exact problem as this person: http://www.bleepingcomputer.com/forums/topic443988.html

I've run basically the same programs he has, several times but to no avail, including Avast!. I also ran the program suggested by Noviciate, but nothing changed or was fixed, so don't know how TriedintheFire ended up having his problem fixed.

Appreciate any help! o/

DDS Log
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 7.0.6001.18000
Run by Derek at 21:00:16 on 2012-07-21
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.1.1033.18.3034.1738 [GMT -5:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\WLTRYSVC.EXE
C:\Windows\System32\bcmwltry.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\WLTRAY.EXE
C:\Windows\system32\wuauclt.exe
C:\Windows\explorer.exe
C:\Program Files\mIRC\mirc.exe
C:\Program Files\Xfire\Xfire.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
uRun: [Google Update] "c:\users\derek\appdata\local\google\update\GoogleUpdate.exe" /c
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{3E9EAC8E-B958-4467-A16E-76908CDA1537} : NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{3E9EAC8E-B958-4467-A16E-76908CDA1537} : DhcpNameServer = 192.168.1.254
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\derek\appdata\roaming\mozilla\firefox\profiles\xdmvjw21.default\
FF - plugin: c:\users\derek\appdata\local\google\update\1.3.21.115\npGoogleUpdate3.dll
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-7-21 721000]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-7-21 353688]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-7-21 21256]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-7-21 57656]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-7-21 44808]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-7-21 113120]
.
=============== Created Last 30 ================
.
2012-07-22 02:18:44 -------- d-----w- c:\windows\Panther
2012-07-22 02:18:36 -------- d-sh--w- C:\Boot
2012-07-22 02:18:19 -------- d-----w- c:\windows\system32\OEM
2012-07-22 01:42:40 -------- d-----w- c:\users\derek\appdata\local\Google
2012-07-22 01:25:33 -------- d-----w- c:\program files\CCleaner
2012-07-22 01:19:25 721000 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-07-22 01:19:24 57656 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-07-22 01:16:19 41224 ----a-w- c:\windows\avastSS.scr
2012-07-22 01:16:03 -------- d-----w- c:\programdata\AVAST Software
2012-07-22 01:16:03 -------- d-----w- c:\program files\AVAST Software
2012-07-22 01:14:06 2730536 ----a-w- c:\programdata\microsoft\windows defender\definition updates\backup\mpengine.dll
2012-07-22 01:14:03 6891424 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{9b9662f8-14d1-421c-bcf6-06162d377547}\mpengine.dll
2012-07-22 01:14:02 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-07-22 00:54:13 -------- d-----w- c:\users\derek\appdata\roaming\Xfire
2012-07-22 00:54:12 -------- d-----w- c:\programdata\Xfire
2012-07-22 00:54:11 -------- d-----w- c:\program files\Xfire
2012-07-22 00:35:52 -------- d-----w- c:\users\derek\appdata\roaming\mIRC
2012-07-22 00:35:52 -------- d-----w- c:\program files\mIRC
2012-07-22 00:28:09 -------- d-----w- c:\program files\Cisco
2012-07-22 00:27:17 -------- d-sh--w- c:\windows\Installer
2012-07-21 23:28:02 -------- d-----w- c:\users\derek\appdata\local\VirtualStore
.
==================== Find3M ====================
.
2012-06-16 00:17:24 42432 ----a-w- c:\windows\system32\xfcodec.dll
.
============= FINISH: 21:03:57.03 ===============


GMER log
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-07-21 21:25:15
Windows 6.0.6001 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdePort0 TOSHIBA_MK2555GSX rev.FG000D
Running: d139qbwk.exe; Driver: C:\Users\Derek\AppData\Local\Temp\ugloapow.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0xB28A4536]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0xB28367BA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAssignProcessToJobObject [0xB28A4F52]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0xB28AFD7A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0xB28AFDC6]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0xB28AFF48]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0xB28AFCE8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0xB28AFE0A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0xB28AFD30]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateThread [0xB28A5146]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0xB28AFF02]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDebugActiveProcess [0xB28A58CA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0xB28A4584]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDuplicateObject [0xB28A8F36]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0xB283689E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0xB28A41EC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0xB28A45D2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0xB28A92A8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0xB28A6292]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0xB28AFDA4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0xB28AFDE8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0xB28AFF6C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0xB28AFD0E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenProcess [0xB28A8AAC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0xB28AFE8C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0xB28AFD58]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenThread [0xB28A8CDE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0xB28AFF26]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0xB2836A1E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0xB28A615E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueueApcThread [0xB28A5D08]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0xB28A4620]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0xB28A466E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetContextThread [0xB28A574A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0xB28A4276]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0xB28A4426]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0xB28A43CC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendProcess [0xB28A5A2C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendThread [0xB28A5B88]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0xB28A4496]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwTerminateProcess [0xB28A5468]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwTerminateThread [0xB28A55CA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0xB28A46BC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwWriteVirtualMemory [0xB28A4F96]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateThreadEx [0xB28A52CE]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xB284E744]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!KeSetTimerEx + 341 818F7995 3 Bytes [45, 8A, B2]
.text ntkrnlpa.exe!KeSetTimerEx + 364 818F79B8 4 Bytes [BA, 67, 83, B2]
.text ntkrnlpa.exe!KeSetTimerEx + 3C4 818F7A18 4 Bytes [52, 4F, 8A, B2]
.text ntkrnlpa.exe!KeSetTimerEx + 404 818F7A58 8 Bytes [7A, FD, 8A, B2, C6, FD, 8A, ...] {JP 0xffffffffffffffff; MOV DH, [EDX-0x4d75023a]}
.text ntkrnlpa.exe!KeSetTimerEx + 410 818F7A64 4 Bytes [48, FF, 8A, B2]
.text ...
PAGE ntkrnlpa.exe!ObMakeTemporaryObject 81A1E8F2 5 Bytes JMP B284B61C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 110 81A5B1B6 4 Bytes CALL B28A6959 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntkrnlpa.exe!ZwAlpcSendWaitReceivePort + 121 81A6AB0D 4 Bytes CALL B28A696F \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntkrnlpa.exe!ObInsertObject 81A87257 5 Bytes JMP B284D0FE \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 81AD2FEA 7 Bytes JMP B284E748 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
.text win32k.sys!EngCreateRectRgn + 51BF 91663F97 5 Bytes JMP B28A9D72 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngPaint + 2029 916771B9 5 Bytes JMP B28A93E4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreatePalette + 3DF2 91682B27 5 Bytes JMP B28A9E04 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + B11 9168A9F8 5 Bytes JMP B28A92DE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + EE8 9168ADCF 5 Bytes JMP B28AA7FA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCombineRgn + 3A1 9168C934 5 Bytes JMP B28A9EDE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCombineRgn + 3161 9168F6F4 5 Bytes JMP B28A96B8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngSetRectRgn + 1919 916923A4 5 Bytes JMP B28A9538 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngTransparentBlt + 65B3 9169C52D 5 Bytes JMP B28A9C2C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngTransparentBlt + 8726 9169E6A0 5 Bytes JMP B28AAB90 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngTransparentBlt + A373 916A02ED 5 Bytes JMP B28A9EF6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngTransparentBlt + B8FD 916A1877 5 Bytes JMP B28A9A52 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngUnmapFontFileFD + C733 916BBCC6 5 Bytes JMP B28A9992 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngUnmapFontFileFD + C806 916BBD99 5 Bytes JMP B28A9C58 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGradientFill + 3FB5 916DDD60 5 Bytes JMP B28AA6C0 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGradientFill + 7E1D 916E1BC8 5 Bytes JMP B28A95A8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngMulDiv + 9147 916EB4A6 5 Bytes JMP B28A9E1C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngNineGrid + 442A 916F3FA4 5 Bytes JMP B28A93FC \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngNineGrid + 9061 916F8BDB 5 Bytes JMP B28AA972 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngNineGrid + 92BD 916F8E37 5 Bytes JMP B28AAA2A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngLpkInstalled + 17 916FCEB8 5 Bytes JMP B28AA7B0 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngStretchBlt + 3828 9170D3E8 5 Bytes JMP B28AAC32 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngStrokePath + 4D58 91715B46 5 Bytes JMP B28AA76A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCopyBits + 1763 9171F585 5 Bytes JMP B28AA8C0 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!STROBJ_vEnumStart + 478A 91726003 5 Bytes JMP B28A94D4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngDeleteSemaphore + 40E 917425CC 5 Bytes JMP B28A9790 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!CLIPOBJ_bEnum + CF6 9174C3AB 5 Bytes JMP B28A9664 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngPlgBlt + 26D9 9174FEDA 5 Bytes JMP B28AAAE8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngPlgBlt + 45C5 91751DC6 5 Bytes JMP B28A9E34 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngFillPath + 30AD 9176AB47 5 Bytes JMP B28A98BC \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngFillPath + 6C63 9176E6FD 5 Bytes JMP B28A9826 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
? C:\Users\Derek\AppData\Local\Temp\aswMBR.sys The system cannot find the file specified. !
? C:\Users\Derek\AppData\Local\Temp\mbr.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Users\Derek\Downloads\d139qbwk.exe[672] ntdll.dll!LdrLoadDll 774C7933 5 Bytes JMP 001501F8
.text C:\Users\Derek\Downloads\d139qbwk.exe[672] ntdll.dll!LdrUnloadDll 774DE89C 5 Bytes JMP 001503FC
.text C:\Users\Derek\Downloads\d139qbwk.exe[672] kernel32.dll!GetBinaryTypeW + 70 75F21AE8 1 Byte [62]
.text C:\Users\Derek\Downloads\d139qbwk.exe[672] USER32.dll!SetWindowsHookExW 77057B69 5 Bytes JMP 00300804
.text C:\Users\Derek\Downloads\d139qbwk.exe[672] USER32.dll!SetWinEventHook 7705915C 5 Bytes JMP 003001F8
.text C:\Users\Derek\Downloads\d139qbwk.exe[672] USER32.dll!UnhookWinEvent 7705B702 5 Bytes JMP 003003FC
.text C:\Users\Derek\Downloads\d139qbwk.exe[672] USER32.dll!SetWindowsHookExA 7707BB0E 5 Bytes JMP 00300600
.text C:\Users\Derek\Downloads\d139qbwk.exe[672] USER32.dll!UnhookWindowsHookEx 770808BE 5 Bytes JMP 00300A08
.text C:\Users\Derek\Downloads\d139qbwk.exe[672] ADVAPI32.dll!CreateServiceW 772838FF 5 Bytes JMP 003F03FC
.text C:\Users\Derek\Downloads\d139qbwk.exe[672] ADVAPI32.dll!DeleteService 77283BEE 5 Bytes JMP 003F0600
.text C:\Users\Derek\Downloads\d139qbwk.exe[672] ADVAPI32.dll!SetServiceObjectSecurity 772C66A9 5 Bytes JMP 003F1014
.text C:\Users\Derek\Downloads\d139qbwk.exe[672] ADVAPI32.dll!ChangeServiceConfigA 772C67A9 5 Bytes JMP 003F0804
.text C:\Users\Derek\Downloads\d139qbwk.exe[672] ADVAPI32.dll!ChangeServiceConfigW 772C6951 5 Bytes JMP 003F0A08
.text C:\Users\Derek\Downloads\d139qbwk.exe[672] ADVAPI32.dll!ChangeServiceConfig2A 772C6A69 5 Bytes JMP 003F0C0C
.text C:\Users\Derek\Downloads\d139qbwk.exe[672] ADVAPI32.dll!ChangeServiceConfig2W 772C6BB1 5 Bytes JMP 003F0E10
.text C:\Users\Derek\Downloads\d139qbwk.exe[672] ADVAPI32.dll!CreateServiceA 772C6C71 5 Bytes JMP 003F01F8
.text C:\Windows\system32\svchost.exe[1016] ntdll.dll!NtWriteFile 774F9278 5 Bytes JMP 00013E2E
.text C:\Windows\system32\svchost.exe[1016] kernel32.dll!SetUnhandledExceptionFilter 75EF6E2D 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}
.text C:\Windows\system32\svchost.exe[1016] USER32.dll!GetForegroundWindow 7705E697 5 Bytes JMP 0001482C
.text C:\Windows\system32\svchost.exe[1016] USER32.dll!IsWindowVisible 77070CDC 5 Bytes JMP 00014853
.text C:\Windows\system32\svchost.exe[1016] USER32.dll!GetCursorPos 77070F5E 5 Bytes JMP 0001477D
.text C:\Windows\system32\svchost.exe[1016] USER32.dll!WindowFromPoint 77083ADE 5 Bytes JMP 000147CC
.text C:\Windows\system32\svchost.exe[1016] USER32.dll!MessageBoxIndirectW 770AD56B 6 Bytes [33, C0, 40, C2, 04, 00] {XOR EAX, EAX; INC EAX; RET 0x4}
.text C:\Windows\system32\svchost.exe[1016] WS2_32.dll!GetAddrInfoW 75D23D12 5 Bytes JMP 00014719
.text C:\Windows\system32\svchost.exe[1016] ole32.dll!CoGetClassObject 75D86120 5 Bytes JMP 00014887
.text C:\Windows\system32\svchost.exe[1016] ole32.dll!CoCreateInstance 75D9E188 5 Bytes JMP 000148B1
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[1492] kernel32.dll!GetBinaryTypeW + 70 75F21AE8 1 Byte [62]
.text C:\Program Files\Xfire\Xfire.exe[3416] kernel32.dll!CreateProcessA 75ED1C36 5 Bytes JMP 04D29904 C:\Program Files\Xfire\xfire_toucan_45547.dll (Xfire Toucan DLL/Xfire Inc.)
.text C:\Program Files\Xfire\Xfire.exe[3416] kernel32.dll!CreateThread 75F146C8 5 Bytes JMP 04D291AE C:\Program Files\Xfire\xfire_toucan_45547.dll (Xfire Toucan DLL/Xfire Inc.)
.text C:\Program Files\Xfire\Xfire.exe[3416] GDI32.dll!BitBlt 771A6CE7 5 Bytes JMP 04D28B45 C:\Program Files\Xfire\xfire_toucan_45547.dll (Xfire Toucan DLL/Xfire Inc.)
.text C:\Program Files\Xfire\Xfire.exe[3416] USER32.dll!InvalidateRgn 77058009 5 Bytes JMP 04D28D76 C:\Program Files\Xfire\xfire_toucan_45547.dll (Xfire Toucan DLL/Xfire Inc.)
.text C:\Program Files\Xfire\Xfire.exe[3416] USER32.dll!SetForegroundWindow 7705B5F5 5 Bytes JMP 04D294AB C:\Program Files\Xfire\xfire_toucan_45547.dll (Xfire Toucan DLL/Xfire Inc.)
.text C:\Program Files\Xfire\Xfire.exe[3416] USER32.dll!SetCapture 7705C057 5 Bytes JMP 04D28E2D C:\Program Files\Xfire\xfire_toucan_45547.dll (Xfire Toucan DLL/Xfire Inc.)
.text C:\Program Files\Xfire\Xfire.exe[3416] USER32.dll!SetFocus 7705C5EF 5 Bytes JMP 04D28C0E C:\Program Files\Xfire\xfire_toucan_45547.dll (Xfire Toucan DLL/Xfire Inc.)
.text C:\Program Files\Xfire\Xfire.exe[3416] USER32.dll!RegisterClassA 7705FD9A 5 Bytes JMP 04D290FD C:\Program Files\Xfire\xfire_toucan_45547.dll (Xfire Toucan DLL/Xfire Inc.)
.text C:\Program Files\Xfire\Xfire.exe[3416] USER32.dll!SetWindowPos 770621FE 5 Bytes JMP 04D293E8 C:\Program Files\Xfire\xfire_toucan_45547.dll (Xfire Toucan DLL/Xfire Inc.)
.text C:\Program Files\Xfire\Xfire.exe[3416] USER32.dll!CreateWindowExW 77063D67 5 Bytes JMP 04D2955C C:\Program Files\Xfire\xfire_toucan_45547.dll (Xfire Toucan DLL/Xfire Inc.)
.text C:\Program Files\Xfire\Xfire.exe[3416] USER32.dll!GetDC 77069562 5 Bytes JMP 04D289E9 C:\Program Files\Xfire\xfire_toucan_45547.dll (Xfire Toucan DLL/Xfire Inc.)
.text C:\Program Files\Xfire\Xfire.exe[3416] USER32.dll!BeginPaint 7706A0C9 5 Bytes JMP 04D2894D C:\Program Files\Xfire\xfire_toucan_45547.dll (Xfire Toucan DLL/Xfire Inc.)
.text C:\Program Files\Xfire\Xfire.exe[3416] USER32.dll!RedrawWindow 7706A113 5 Bytes JMP 04D29043 C:\Program Files\Xfire\xfire_toucan_45547.dll (Xfire Toucan DLL/Xfire Inc.)
.text C:\Program Files\Xfire\Xfire.exe[3416] USER32.dll!ReleaseDC 7707079D 5 Bytes JMP 04D28A91 C:\Program Files\Xfire\xfire_toucan_45547.dll (Xfire Toucan DLL/Xfire Inc.)
.text C:\Program Files\Xfire\Xfire.exe[3416] USER32.dll!IsWindowVisible 77070CDC 7 Bytes JMP 04D2962E C:\Program Files\Xfire\xfire_toucan_45547.dll (Xfire Toucan DLL/Xfire Inc.)
.text C:\Program Files\Xfire\Xfire.exe[3416] USER32.dll!InvalidateRect 77070E61 5 Bytes JMP 04D28CBF C:\Program Files\Xfire\xfire_toucan_45547.dll (Xfire Toucan DLL/Xfire Inc.)
.text C:\Program Files\Xfire\Xfire.exe[3416] USER32.dll!GetCursorPos 77070F5E 5 Bytes JMP 04D28EDE C:\Program Files\Xfire\xfire_toucan_45547.dll (Xfire Toucan DLL/Xfire Inc.)
.text C:\Program Files\Xfire\Xfire.exe[3416] USER32.dll!TrackPopupMenu 77071417 5 Bytes JMP 04D29841 C:\Program Files\Xfire\xfire_toucan_45547.dll (Xfire Toucan DLL/Xfire Inc.)
.text C:\Program Files\Xfire\Xfire.exe[3416] USER32.dll!DialogBoxParamW 77071FD5 5 Bytes JMP 04D2926E C:\Program Files\Xfire\xfire_toucan_45547.dll (Xfire Toucan DLL/Xfire Inc.)
.text C:\Program Files\Xfire\Xfire.exe[3416] USER32.dll!CreateDialogParamW 77081C58 5 Bytes JMP 04D2932B C:\Program Files\Xfire\xfire_toucan_45547.dll (Xfire Toucan DLL/Xfire Inc.)
.text C:\Program Files\Xfire\Xfire.exe[3416] USER32.dll!WindowFromPoint 77083ADE 5 Bytes JMP 04D28F8F C:\Program Files\Xfire\xfire_toucan_45547.dll (Xfire Toucan DLL/Xfire Inc.)
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[3692] kernel32.dll!SetUnhandledExceptionFilter 75EF6E2D 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[3692] kernel32.dll!GetBinaryTypeW + 70 75F21AE8 1 Byte [62]
.text C:\Program Files\Mozilla Firefox\firefox.exe[3744] ntdll.dll!LdrLoadDll 774C7933 5 Bytes JMP 677AB52A C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3744] ntdll.dll!LdrUnloadDll 774DE89C 5 Bytes JMP 000503FC
.text C:\Program Files\Mozilla Firefox\firefox.exe[3744] kernel32.dll!LoadLibraryW 75EF361F 5 Bytes JMP 1003AEA8 C:\Program Files\Xfire\xfire_toucan_45547.dll (Xfire Toucan DLL/Xfire Inc.)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3744] kernel32.dll!LoadLibraryA 75EF9491 5 Bytes JMP 1003ADA0 C:\Program Files\Xfire\xfire_toucan_45547.dll (Xfire Toucan DLL/Xfire Inc.)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3744] kernel32.dll!LockResource + C 75F17F2B 7 Bytes JMP 67A5B6D2 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3744] kernel32.dll!VirtualAllocEx + 54 75F1B86A 7 Bytes JMP 67A5B6F5 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3744] kernel32.dll!GetBinaryTypeW + 70 75F21AE8 1 Byte [62]
.text C:\Program Files\Mozilla Firefox\firefox.exe[3744] USER32.dll!SetWindowsHookExW 77057B69 5 Bytes JMP 008D0804
.text C:\Program Files\Mozilla Firefox\firefox.exe[3744] USER32.dll!SetWinEventHook 7705915C 5 Bytes JMP 008D01F8
.text C:\Program Files\Mozilla Firefox\firefox.exe[3744] USER32.dll!UnhookWinEvent 7705B702 5 Bytes JMP 008D03FC
.text C:\Program Files\Mozilla Firefox\firefox.exe[3744] USER32.dll!GetWindowInfo 77060560 5 Bytes JMP 67932BD4 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3744] USER32.dll!SetWindowsHookExA 7707BB0E 5 Bytes JMP 008D0600
.text C:\Program Files\Mozilla Firefox\firefox.exe[3744] USER32.dll!UnhookWindowsHookEx 770808BE 5 Bytes JMP 008D0A08
.text C:\Program Files\Mozilla Firefox\firefox.exe[3744] GDI32.dll!StretchDIBits + 179 771A75BB 7 Bytes JMP 67A5B653 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3744] ADVAPI32.dll!CreateServiceW 772838FF 5 Bytes JMP 008E03FC
.text C:\Program Files\Mozilla Firefox\firefox.exe[3744] ADVAPI32.dll!DeleteService 77283BEE 5 Bytes JMP 008E0600
.text C:\Program Files\Mozilla Firefox\firefox.exe[3744] ADVAPI32.dll!SetServiceObjectSecurity 772C66A9 5 Bytes JMP 008E1014
.text C:\Program Files\Mozilla Firefox\firefox.exe[3744] ADVAPI32.dll!ChangeServiceConfigA 772C67A9 5 Bytes JMP 008E0804
.text C:\Program Files\Mozilla Firefox\firefox.exe[3744] ADVAPI32.dll!ChangeServiceConfigW 772C6951 5 Bytes JMP 008E0A08
.text C:\Program Files\Mozilla Firefox\firefox.exe[3744] ADVAPI32.dll!ChangeServiceConfig2A 772C6A69 5 Bytes JMP 008E0C0C
.text C:\Program Files\Mozilla Firefox\firefox.exe[3744] ADVAPI32.dll!ChangeServiceConfig2W 772C6BB1 5 Bytes JMP 008E0E10
.text C:\Program Files\Mozilla Firefox\firefox.exe[3744] ADVAPI32.dll!CreateServiceA 772C6C71 5 Bytes JMP 008E01F8

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)
Device \FileSystem\fastfat \FatCdrom aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

Device \FileSystem\fastfat \Fat aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 sector 00: rootkit-like behavior

---- Files - GMER 1.0.15 ----

File C:\avast! sandbox 0 bytes
File C:\avast! sandbox\snx_rhive 262144 bytes
File C:\avast! sandbox\snx_rhive.LOG1 13312 bytes
File C:\avast! sandbox\snx_rhive.LOG2 0 bytes
File C:\avast! sandbox\snx_rhive{99b54df2-d393-11e1-9f11-a89b0637f8ba}.TM.blf 65536 bytes
File C:\avast! sandbox\snx_rhive{99b54df2-d393-11e1-9f11-a89b0637f8ba}.TMContainer00000000000000000001.regtrans-ms 524288 bytes
File C:\avast! sandbox\snx_rhive{99b54df2-d393-11e1-9f11-a89b0637f8ba}.TMContainer00000000000000000002.regtrans-ms 524288 bytes

---- EOF - GMER 1.0.15 ----


aswMBR log
aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-21 20:46:23
-----------------------------
20:46:23.459 OS Version: Windows 6.0.6001 Service Pack 1
20:46:23.459 Number of processors: 2 586 0x170A
20:46:23.459 ComputerName: DEREK-PC UserName: Derek
20:46:34.613 Initialize success
20:46:34.878 AVAST engine defs: 12072101
20:46:47.202 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
20:46:47.202 Disk 0 Vendor: TOSHIBA_MK2555GSX FG000D Size: 238475MB BusType: 3
20:46:47.202 Disk 0 MBR read successfully
20:46:47.218 Disk 0 MBR scan
20:46:47.218 Disk 0 Windows VISTA default MBR code
20:46:47.218 Disk 0 MBR hidden
20:46:47.233 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
20:46:47.264 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 15000 MB offset 81920
20:46:47.311 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 223434 MB offset 30801920
20:46:47.327 Disk 0 scanning sectors +488395120
20:46:47.420 Disk 0 scanning C:\Windows\system32\drivers
20:46:52.662 Service scanning
20:47:30.398 Modules scanning
20:47:54.391 Disk 0 trace - called modules:
20:47:54.422 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x86d404b1]<<
20:47:54.422 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x866f0ac8]
20:47:54.438 3 CLASSPNP.SYS[823aa745] -> nt!IofCallDriver -> [0x86cbbd78]
20:47:54.454 \Driver\atapi[0x86d07cb0] -> IRP_MJ_CREATE -> 0x86d404b1
20:47:55.421 AVAST engine scan C:\Windows
20:47:56.700 AVAST engine scan C:\Windows\system32
20:48:48.008 AVAST engine scan C:\Windows\system32\drivers
20:48:51.518 AVAST engine scan C:\Users\Derek
20:49:22.144 AVAST engine scan C:\ProgramData
20:49:29.788 Scan finished successfully
20:50:32.343 Disk 0 MBR has been saved successfully to "C:\Users\Derek\Documents\MBR.dat"
20:50:32.343 The log file has been saved successfully to "C:\Users\Derek\Documents\aswMBR.txt"

Edited by FoolsLove, 21 July 2012 - 09:33 PM.


BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,769 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:57 PM

Posted 26 July 2012 - 09:35 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/461831 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows, you should not bother creating a GMER log.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:57 PM

Posted 27 July 2012 - 12:35 AM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#4 FoolsLove

FoolsLove
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:12:57 PM

Posted 27 July 2012 - 03:45 AM

Unfortunately, I can't give you the log from ComboFix. I ran it 4 different times, and every time it was running, after "stage 3 complete" (or something similar), I got BSOD'd.

As far as other problems go; http://www.bleepingcomputer.com/forums/topic462570.html/page__p__2780857#entry2780857

I wasn't sure if the two problems were related or not, so I made separate thread. I also have some other weird issues. Whenever I log out of my gmail account, I get a "404 Not Found" page. Also, I'm unable to connect to some FTPs, while I can connect to others.

Security Check Document:
Results of screen317's Security Check version 0.99.43
Windows Vista Service Pack 1 x86 (UAC is disabled!)
Out of date service pack!!
Internet Explorer 7 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Disabled!
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.62.0.1300
CCleaner
Adobe Flash Player 11.3.300.265
Mozilla Firefox (14.0.1)
Google Chrome 20.0.1132.57
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 6 % Defragment your hard drive soon!
````````````````````End of Log``````````````````````

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:57 PM

Posted 27 July 2012 - 02:09 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 FoolsLove

FoolsLove
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:12:57 PM

Posted 27 July 2012 - 07:28 PM

It appears some of my problems have been resolved by running tdss/asw. I no longer have any issue with gmail and google, but I'm still unable to connect to certain FTP servers.

tdsskiller

19:11:43.0196 2880 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
19:11:43.0626 2880 ============================================================
19:11:43.0626 2880 Current date / time: 2012/07/27 19:11:43.0626
19:11:43.0626 2880 SystemInfo:
19:11:43.0626 2880
19:11:43.0626 2880 OS Version: 6.0.6001 ServicePack: 1.0
19:11:43.0626 2880 Product type: Workstation
19:11:43.0626 2880 ComputerName: DEREK-PC
19:11:43.0626 2880 UserName: Derek
19:11:43.0626 2880 Windows directory: C:\Windows
19:11:43.0626 2880 System windows directory: C:\Windows
19:11:43.0626 2880 Processor architecture: Intel x86
19:11:43.0626 2880 Number of processors: 2
19:11:43.0626 2880 Page size: 0x1000
19:11:43.0626 2880 Boot type: Normal boot
19:11:43.0626 2880 ============================================================
19:11:44.0725 2880 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
19:11:44.0756 2880 ============================================================
19:11:44.0756 2880 \Device\Harddisk0\DR0:
19:11:44.0756 2880 MBR partitions:
19:11:44.0756 2880 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1D4C000
19:11:44.0756 2880 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1D60000, BlocksNum 0x1B465170
19:11:44.0756 2880 ============================================================
19:11:44.0803 2880 C: <-> \Device\Harddisk0\DR0\Partition1
19:11:44.0865 2880 D: <-> \Device\Harddisk0\DR0\Partition0
19:11:44.0865 2880 ============================================================
19:11:44.0865 2880 Initialize success
19:11:44.0865 2880 ============================================================
19:11:46.0613 2192 ============================================================
19:11:46.0613 2192 Scan started
19:11:46.0613 2192 Mode: Manual;
19:11:46.0613 2192 ============================================================
19:11:47.0564 2192 ACPI (fcb8c7210f0135e24c6580f7f649c73c) C:\Windows\system32\drivers\acpi.sys
19:11:47.0564 2192 ACPI - ok
19:11:47.0658 2192 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
19:11:47.0673 2192 adp94xx - ok
19:11:47.0705 2192 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
19:11:47.0705 2192 adpahci - ok
19:11:47.0720 2192 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
19:11:47.0720 2192 adpu160m - ok
19:11:47.0923 2192 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
19:11:47.0923 2192 adpu320 - ok
19:11:47.0970 2192 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
19:11:47.0970 2192 AeLookupSvc - ok
19:11:48.0017 2192 AFD (763e172a55177e478cb419f88fd0ba03) C:\Windows\system32\drivers\afd.sys
19:11:48.0017 2192 AFD - ok
19:11:48.0063 2192 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
19:11:48.0063 2192 agp440 - ok
19:11:48.0110 2192 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
19:11:48.0110 2192 aic78xx - ok
19:11:48.0141 2192 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
19:11:48.0141 2192 ALG - ok
19:11:48.0173 2192 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
19:11:48.0173 2192 aliide - ok
19:11:48.0188 2192 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
19:11:48.0188 2192 amdagp - ok
19:11:48.0204 2192 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
19:11:48.0204 2192 amdide - ok
19:11:48.0219 2192 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
19:11:48.0219 2192 AmdK7 - ok
19:11:48.0251 2192 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
19:11:48.0251 2192 AmdK8 - ok
19:11:48.0391 2192 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
19:11:48.0407 2192 Appinfo - ok
19:11:48.0625 2192 Apple Mobile Device (f401929ee0cc92bfe7f15161ca535383) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
19:11:48.0656 2192 Apple Mobile Device - ok
19:11:48.0734 2192 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
19:11:48.0734 2192 arc - ok
19:11:48.0797 2192 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
19:11:48.0797 2192 arcsas - ok
19:11:49.0233 2192 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
19:11:49.0233 2192 aspnet_state - ok
19:11:49.0280 2192 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
19:11:49.0280 2192 AsyncMac - ok
19:11:49.0296 2192 atapi (2d9c903dc76a66813d350a562de40ed9) C:\Windows\system32\drivers\atapi.sys
19:11:49.0296 2192 atapi - ok
19:11:49.0358 2192 AudioEndpointBuilder (42076e29aafa0830a2c5d4e310f58dd1) C:\Windows\System32\Audiosrv.dll
19:11:49.0358 2192 AudioEndpointBuilder - ok
19:11:49.0374 2192 Audiosrv (42076e29aafa0830a2c5d4e310f58dd1) C:\Windows\System32\Audiosrv.dll
19:11:49.0374 2192 Audiosrv - ok
19:11:49.0405 2192 BCM42RLY (423c7b87e886ac93d22936ea82665f83) C:\Windows\system32\drivers\BCM42RLY.sys
19:11:49.0405 2192 BCM42RLY - ok
19:11:49.0608 2192 BCM43XX (41a70777e892c3dea606758366566a77) C:\Windows\system32\DRIVERS\bcmwl6.sys
19:11:49.0623 2192 BCM43XX - ok
19:11:49.0670 2192 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
19:11:49.0686 2192 Beep - ok
19:11:49.0842 2192 BFE (8582e233c346aefe759833e8a30dd697) C:\Windows\System32\bfe.dll
19:11:49.0857 2192 BFE - ok
19:11:49.0998 2192 BITS (02ed7b4dbc2a3232a389106da7515c3d) C:\Windows\System32\qmgr.dll
19:11:50.0029 2192 BITS - ok
19:11:50.0045 2192 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
19:11:50.0045 2192 blbdrive - ok
19:11:50.0201 2192 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
19:11:50.0201 2192 Bonjour Service - ok
19:11:50.0247 2192 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys
19:11:50.0247 2192 bowser - ok
19:11:50.0279 2192 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
19:11:50.0279 2192 BrFiltLo - ok
19:11:50.0310 2192 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
19:11:50.0310 2192 BrFiltUp - ok
19:11:50.0341 2192 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
19:11:50.0357 2192 Browser - ok
19:11:50.0559 2192 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
19:11:50.0559 2192 Brserid - ok
19:11:50.0606 2192 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
19:11:50.0606 2192 BrSerWdm - ok
19:11:50.0637 2192 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
19:11:50.0637 2192 BrUsbMdm - ok
19:11:50.0637 2192 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
19:11:50.0637 2192 BrUsbSer - ok
19:11:50.0700 2192 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
19:11:50.0700 2192 BTHMODEM - ok
19:11:50.0747 2192 catchme - ok
19:11:50.0793 2192 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
19:11:50.0793 2192 cdfs - ok
19:11:50.0856 2192 cdrom (1ec25cea0de6ac4718bf89f9e1778b57) C:\Windows\system32\DRIVERS\cdrom.sys
19:11:50.0856 2192 cdrom - ok
19:11:50.0934 2192 CertPropSvc (87c2d0377b23e2d8a41093c2f5fb1a5b) C:\Windows\System32\certprop.dll
19:11:50.0934 2192 CertPropSvc - ok
19:11:50.0965 2192 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
19:11:50.0965 2192 circlass - ok
19:11:50.0981 2192 CLFS (465745561c832b29f7c48b488aab3842) C:\Windows\system32\CLFS.sys
19:11:50.0996 2192 CLFS - ok
19:11:51.0105 2192 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:11:51.0121 2192 clr_optimization_v2.0.50727_32 - ok
19:11:51.0402 2192 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:11:51.0402 2192 clr_optimization_v4.0.30319_32 - ok
19:11:51.0464 2192 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
19:11:51.0464 2192 CmBatt - ok
19:11:51.0495 2192 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
19:11:51.0495 2192 cmdide - ok
19:11:51.0511 2192 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
19:11:51.0511 2192 Compbatt - ok
19:11:51.0511 2192 COMSysApp - ok
19:11:51.0527 2192 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
19:11:51.0527 2192 crcdisk - ok
19:11:51.0558 2192 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
19:11:51.0558 2192 Crusoe - ok
19:11:51.0636 2192 CryptSvc (6de363f9f99334514c46aec02d3e3678) C:\Windows\system32\cryptsvc.dll
19:11:51.0636 2192 CryptSvc - ok
19:11:51.0745 2192 DcomLaunch (33fb1f0193ee2051067441492d56113c) C:\Windows\system32\rpcss.dll
19:11:51.0745 2192 DcomLaunch - ok
19:11:51.0823 2192 DfsC (9e635ae5e8ad93e2b5989e2e23679f97) C:\Windows\system32\Drivers\dfsc.sys
19:11:51.0823 2192 DfsC - ok
19:11:52.0151 2192 DFSR (fa3463f25f9cc9c3bcf1e7912feff099) C:\Windows\system32\DFSR.exe
19:11:52.0197 2192 DFSR - ok
19:11:52.0416 2192 Dhcp (43a988a9c10333476cb5fb667cbd629d) C:\Windows\System32\dhcpcsvc.dll
19:11:52.0416 2192 Dhcp - ok
19:11:52.0494 2192 disk (64109e623abd6955c8fb110b592e68b7) C:\Windows\system32\drivers\disk.sys
19:11:52.0494 2192 disk - ok
19:11:52.0525 2192 Dnscache (f5a0f1da1ed8b429597e71d27d976e31) C:\Windows\System32\dnsrslvr.dll
19:11:52.0525 2192 Dnscache - ok
19:11:52.0556 2192 dot3svc (5af620a08c614e24206b79e8153cf1a8) C:\Windows\System32\dot3svc.dll
19:11:52.0556 2192 dot3svc - ok
19:11:52.0619 2192 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
19:11:52.0619 2192 DPS - ok
19:11:52.0665 2192 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
19:11:52.0665 2192 drmkaud - ok
19:11:52.0775 2192 DXGKrnl (f8bf50a8d862f8cc089080bec509bca6) C:\Windows\System32\drivers\dxgkrnl.sys
19:11:52.0790 2192 DXGKrnl - ok
19:11:52.0821 2192 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
19:11:52.0837 2192 E1G60 - ok
19:11:52.0853 2192 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
19:11:52.0868 2192 EapHost - ok
19:11:52.0899 2192 Ecache (dd2cd259d83d8b72c02c5f2331ff9d68) C:\Windows\system32\drivers\ecache.sys
19:11:52.0899 2192 Ecache - ok
19:11:53.0102 2192 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
19:11:53.0102 2192 elxstor - ok
19:11:53.0196 2192 EMDMgmt (ba4e96d951ddad6ac3af3c91d4ac68bf) C:\Windows\system32\emdmgmt.dll
19:11:53.0211 2192 EMDMgmt - ok
19:11:53.0211 2192 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
19:11:53.0211 2192 ErrDev - ok
19:11:53.0321 2192 EventSystem (f4bf4fa769db51b106d2b4b35256988b) C:\Windows\system32\es.dll
19:11:53.0321 2192 EventSystem - ok
19:11:53.0367 2192 exfat (0d858eb20589a34efb25695acaa6aa2d) C:\Windows\system32\drivers\exfat.sys
19:11:53.0367 2192 exfat - ok
19:11:53.0414 2192 fastfat (3c489390c2e2064563727752af8eab9e) C:\Windows\system32\drivers\fastfat.sys
19:11:53.0414 2192 fastfat - ok
19:11:53.0430 2192 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
19:11:53.0430 2192 fdc - ok
19:11:53.0461 2192 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
19:11:53.0461 2192 fdPHost - ok
19:11:53.0477 2192 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
19:11:53.0477 2192 FDResPub - ok
19:11:53.0492 2192 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
19:11:53.0492 2192 FileInfo - ok
19:11:53.0523 2192 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
19:11:53.0523 2192 Filetrace - ok
19:11:53.0539 2192 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
19:11:53.0539 2192 flpydisk - ok
19:11:53.0555 2192 FltMgr (05ea53afe985443011e36dab07343b46) C:\Windows\system32\drivers\fltmgr.sys
19:11:53.0570 2192 FltMgr - ok
19:11:53.0664 2192 FontCache3.0.0.0 (c9be08664611ddaf98e2331e9288b00b) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
19:11:53.0664 2192 FontCache3.0.0.0 - ok
19:11:53.0726 2192 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
19:11:53.0726 2192 Fs_Rec - ok
19:11:53.0757 2192 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
19:11:53.0757 2192 gagp30kx - ok
19:11:53.0789 2192 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
19:11:53.0789 2192 GEARAspiWDM - ok
19:11:53.0867 2192 gpsvc (d9f1113d9401185245573350712f92fc) C:\Windows\System32\gpsvc.dll
19:11:53.0867 2192 gpsvc - ok
19:11:53.0929 2192 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
19:11:53.0929 2192 HdAudAddService - ok
19:11:53.0976 2192 HDAudBus (c87b1ee051c0464491c1a7b03fa0bc99) C:\Windows\system32\DRIVERS\HDAudBus.sys
19:11:53.0976 2192 HDAudBus - ok
19:11:53.0991 2192 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
19:11:53.0991 2192 HidBth - ok
19:11:53.0991 2192 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
19:11:53.0991 2192 HidIr - ok
19:11:54.0023 2192 hidserv (8fa640195279ace21bea91396a0054fc) C:\Windows\System32\hidserv.dll
19:11:54.0038 2192 hidserv - ok
19:11:54.0054 2192 HidUsb (854ca287ab7faf949617a788306d967e) C:\Windows\system32\DRIVERS\hidusb.sys
19:11:54.0054 2192 HidUsb - ok
19:11:54.0069 2192 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
19:11:54.0069 2192 hkmsvc - ok
19:11:54.0085 2192 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
19:11:54.0085 2192 HpCISSs - ok
19:11:54.0116 2192 HTTP (406c027c18e98a396faa1963dad5ff70) C:\Windows\system32\drivers\HTTP.sys
19:11:54.0132 2192 HTTP - ok
19:11:54.0147 2192 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
19:11:54.0147 2192 i2omp - ok
19:11:54.0179 2192 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
19:11:54.0179 2192 i8042prt - ok
19:11:54.0210 2192 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
19:11:54.0210 2192 iaStorV - ok
19:11:54.0350 2192 idsvc (7b630acaed64fef0c3e1cf255cb56686) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
19:11:54.0350 2192 idsvc - ok
19:11:54.0818 2192 igfx (938753888eaddb29d4b3754139ec19e8) C:\Windows\system32\DRIVERS\igdkmd32.sys
19:11:54.0834 2192 igfx - ok
19:11:54.0974 2192 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
19:11:54.0974 2192 iirsp - ok
19:11:55.0037 2192 IKEEXT (a3bc480a2bf8aa8e4dabd2d5dce0afac) C:\Windows\System32\ikeext.dll
19:11:55.0037 2192 IKEEXT - ok
19:11:55.0083 2192 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
19:11:55.0083 2192 intelide - ok
19:11:55.0099 2192 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
19:11:55.0099 2192 intelppm - ok
19:11:55.0130 2192 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
19:11:55.0130 2192 IPBusEnum - ok
19:11:55.0146 2192 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:11:55.0146 2192 IpFilterDriver - ok
19:11:55.0177 2192 iphlpsvc (cad416b8a4309b5e1ce75425381e7d2f) C:\Windows\System32\iphlpsvc.dll
19:11:55.0177 2192 iphlpsvc - ok
19:11:55.0177 2192 IpInIp - ok
19:11:55.0193 2192 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
19:11:55.0193 2192 IPMIDRV - ok
19:11:55.0224 2192 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
19:11:55.0224 2192 IPNAT - ok
19:11:55.0333 2192 iPod Service (e6be7a41a28d8f2db174957454d32448) C:\Program Files\iPod\bin\iPodService.exe
19:11:55.0333 2192 iPod Service - ok
19:11:55.0349 2192 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
19:11:55.0349 2192 IRENUM - ok
19:11:55.0395 2192 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
19:11:55.0395 2192 isapnp - ok
19:11:55.0411 2192 iScsiPrt (f247eec28317f6c739c16de420097301) C:\Windows\system32\DRIVERS\msiscsi.sys
19:11:55.0411 2192 iScsiPrt - ok
19:11:55.0442 2192 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
19:11:55.0442 2192 iteatapi - ok
19:11:55.0458 2192 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
19:11:55.0458 2192 iteraid - ok
19:11:55.0489 2192 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
19:11:55.0489 2192 kbdclass - ok
19:11:55.0505 2192 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\DRIVERS\kbdhid.sys
19:11:55.0505 2192 kbdhid - ok
19:11:55.0551 2192 KeyIso (dcf733788c7d088d814e5f80eb4b3e0f) C:\Windows\system32\lsass.exe
19:11:55.0551 2192 KeyIso - ok
19:11:55.0629 2192 KSecDD (5367dc846cae9639b899bfd13b97a8c9) C:\Windows\system32\Drivers\ksecdd.sys
19:11:55.0629 2192 KSecDD - ok
19:11:55.0692 2192 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
19:11:55.0692 2192 KtmRm - ok
19:11:55.0723 2192 LanmanServer (05ce901a4472b3fbf9407c94ad1db693) C:\Windows\System32\srvsvc.dll
19:11:55.0739 2192 LanmanServer - ok
19:11:55.0832 2192 LanmanWorkstation (dec1a338b86c5d582c25c40836dd76c3) C:\Windows\System32\wkssvc.dll
19:11:55.0848 2192 LanmanWorkstation - ok
19:11:55.0863 2192 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
19:11:55.0863 2192 lltdio - ok
19:11:55.0895 2192 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
19:11:55.0910 2192 lltdsvc - ok
19:11:55.0926 2192 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
19:11:55.0926 2192 lmhosts - ok
19:11:55.0957 2192 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
19:11:55.0957 2192 LSI_FC - ok
19:11:55.0957 2192 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
19:11:55.0957 2192 LSI_SAS - ok
19:11:55.0988 2192 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
19:11:55.0988 2192 LSI_SCSI - ok
19:11:56.0004 2192 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
19:11:56.0004 2192 luafv - ok
19:11:56.0019 2192 MBAMProtector (6dfe7f2e8e8a337263aa5c92a215f161) C:\Windows\system32\drivers\mbam.sys
19:11:56.0019 2192 MBAMProtector - ok
19:11:56.0144 2192 MBAMService (43683e970f008c93c9429ef428147a54) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
19:11:56.0160 2192 MBAMService - ok
19:11:56.0191 2192 MBAMSwissArmy (0db7527db188c7d967a37bb51bbf3963) C:\Windows\system32\drivers\mbamswissarmy.sys
19:11:56.0191 2192 MBAMSwissArmy - ok
19:11:56.0222 2192 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
19:11:56.0222 2192 megasas - ok
19:11:56.0269 2192 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
19:11:56.0269 2192 MegaSR - ok
19:11:56.0300 2192 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
19:11:56.0300 2192 MMCSS - ok
19:11:56.0316 2192 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
19:11:56.0316 2192 Modem - ok
19:11:56.0347 2192 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
19:11:56.0347 2192 monitor - ok
19:11:56.0378 2192 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
19:11:56.0378 2192 mouclass - ok
19:11:56.0378 2192 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
19:11:56.0378 2192 mouhid - ok
19:11:56.0394 2192 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
19:11:56.0394 2192 MountMgr - ok
19:11:56.0472 2192 MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
19:11:56.0472 2192 MozillaMaintenance - ok
19:11:56.0519 2192 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
19:11:56.0519 2192 mpio - ok
19:11:56.0534 2192 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
19:11:56.0534 2192 mpsdrv - ok
19:11:56.0581 2192 MpsSvc (d1639ba315b0d79dec49a4b0e1fb929b) C:\Windows\system32\mpssvc.dll
19:11:56.0581 2192 MpsSvc - ok
19:11:56.0628 2192 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
19:11:56.0628 2192 Mraid35x - ok
19:11:56.0643 2192 MRxDAV (ae3de84536b6799d2267443cec8edbb9) C:\Windows\system32\drivers\mrxdav.sys
19:11:56.0643 2192 MRxDAV - ok
19:11:56.0675 2192 mrxsmb (c4ad205530888404e2b5fc8d9319b119) C:\Windows\system32\DRIVERS\mrxsmb.sys
19:11:56.0675 2192 mrxsmb - ok
19:11:56.0690 2192 mrxsmb10 (67e55ced3fc143c82a8197988bfc1f9a) C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:11:56.0690 2192 mrxsmb10 - ok
19:11:56.0690 2192 mrxsmb20 (3268b8c3fa92bfc086355c39b45e9cc9) C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:11:56.0706 2192 mrxsmb20 - ok
19:11:56.0706 2192 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
19:11:56.0706 2192 msahci - ok
19:11:56.0721 2192 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
19:11:56.0721 2192 msdsm - ok
19:11:56.0784 2192 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
19:11:56.0799 2192 MSDTC - ok
19:11:56.0862 2192 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
19:11:56.0862 2192 Msfs - ok
19:11:56.0893 2192 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
19:11:56.0893 2192 msisadrv - ok
19:11:56.0940 2192 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
19:11:56.0955 2192 MSiSCSI - ok
19:11:56.0955 2192 msiserver - ok
19:11:56.0987 2192 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
19:11:56.0987 2192 MSKSSRV - ok
19:11:57.0002 2192 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
19:11:57.0002 2192 MSPCLOCK - ok
19:11:57.0033 2192 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
19:11:57.0033 2192 MSPQM - ok
19:11:57.0065 2192 MsRPC (b5614aecb05a9340aa0fb55bf561cc63) C:\Windows\system32\drivers\MsRPC.sys
19:11:57.0065 2192 MsRPC - ok
19:11:57.0096 2192 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
19:11:57.0096 2192 mssmbios - ok
19:11:57.0127 2192 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
19:11:57.0127 2192 MSTEE - ok
19:11:57.0127 2192 Mup (6dfd1d322de55b0b7db7d21b90bec49c) C:\Windows\system32\Drivers\mup.sys
19:11:57.0143 2192 Mup - ok
19:11:57.0189 2192 napagent (c43b25863fbd65b6d2a142af3ae320ca) C:\Windows\system32\qagentRT.dll
19:11:57.0189 2192 napagent - ok
19:11:57.0221 2192 NativeWifiP (dd721f8635191132992e7ceaa3c43c84) C:\Windows\system32\DRIVERS\nwifi.sys
19:11:57.0221 2192 NativeWifiP - ok
19:11:57.0283 2192 NDIS (9bdc71790fa08f0a0b5f10462b1bd0b1) C:\Windows\system32\drivers\ndis.sys
19:11:57.0299 2192 NDIS - ok
19:11:57.0299 2192 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
19:11:57.0299 2192 NdisTapi - ok
19:11:57.0330 2192 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
19:11:57.0330 2192 Ndisuio - ok
19:11:57.0345 2192 NdisWan (3d14c3b3496f88890d431e8aa022a411) C:\Windows\system32\DRIVERS\ndiswan.sys
19:11:57.0345 2192 NdisWan - ok
19:11:57.0361 2192 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
19:11:57.0361 2192 NDProxy - ok
19:11:57.0377 2192 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
19:11:57.0392 2192 NetBIOS - ok
19:11:57.0470 2192 netbt (7c5fee5b1c5728507cd96fb4a13e7a02) C:\Windows\system32\DRIVERS\netbt.sys
19:11:57.0470 2192 netbt - ok
19:11:57.0501 2192 Netlogon (dcf733788c7d088d814e5f80eb4b3e0f) C:\Windows\system32\lsass.exe
19:11:57.0501 2192 Netlogon - ok
19:11:57.0533 2192 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
19:11:57.0533 2192 Netman - ok
19:11:57.0767 2192 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
19:11:57.0782 2192 NetMsmqActivator - ok
19:11:57.0782 2192 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
19:11:57.0782 2192 NetPipeActivator - ok
19:11:57.0829 2192 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
19:11:57.0829 2192 netprofm - ok
19:11:57.0829 2192 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
19:11:57.0829 2192 NetTcpActivator - ok
19:11:57.0845 2192 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
19:11:57.0845 2192 NetTcpPortSharing - ok
19:11:57.0907 2192 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
19:11:57.0907 2192 nfrd960 - ok
19:11:57.0938 2192 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
19:11:57.0938 2192 NlaSvc - ok
19:11:57.0954 2192 Npfs (ecb5003f484f9ed6c608d6d6c7886cbb) C:\Windows\system32\drivers\Npfs.sys
19:11:57.0954 2192 Npfs - ok
19:11:57.0985 2192 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
19:11:57.0985 2192 nsi - ok
19:11:58.0016 2192 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
19:11:58.0016 2192 nsiproxy - ok
19:11:58.0281 2192 Ntfs (b4effe29eb4f15538fd8a9681108492d) C:\Windows\system32\drivers\Ntfs.sys
19:11:58.0297 2192 Ntfs - ok
19:11:58.0313 2192 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
19:11:58.0313 2192 ntrigdigi - ok
19:11:58.0328 2192 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
19:11:58.0328 2192 Null - ok
19:11:58.0359 2192 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
19:11:58.0359 2192 nvraid - ok
19:11:58.0375 2192 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
19:11:58.0375 2192 nvstor - ok
19:11:58.0406 2192 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
19:11:58.0406 2192 nv_agp - ok
19:11:58.0422 2192 NwlnkFlt - ok
19:11:58.0422 2192 NwlnkFwd - ok
19:11:58.0437 2192 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
19:11:58.0437 2192 ohci1394 - ok
19:11:58.0515 2192 p2pimsvc (5de1a3972fd3112c75eb17bdcf454169) C:\Windows\system32\p2psvc.dll
19:11:58.0515 2192 p2pimsvc - ok
19:11:58.0531 2192 p2psvc (5de1a3972fd3112c75eb17bdcf454169) C:\Windows\system32\p2psvc.dll
19:11:58.0531 2192 p2psvc - ok
19:11:58.0547 2192 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
19:11:58.0547 2192 Parport - ok
19:11:58.0578 2192 partmgr (3b38467e7c3daed009dfe359e17f139f) C:\Windows\system32\drivers\partmgr.sys
19:11:58.0578 2192 partmgr - ok
19:11:58.0593 2192 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
19:11:58.0593 2192 Parvdm - ok
19:11:58.0625 2192 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
19:11:58.0625 2192 PcaSvc - ok
19:11:58.0671 2192 pci (01b94418deb235dff777cc80076354b4) C:\Windows\system32\drivers\pci.sys
19:11:58.0671 2192 pci - ok
19:11:58.0703 2192 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
19:11:58.0703 2192 pciide - ok
19:11:58.0765 2192 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
19:11:58.0765 2192 pcmcia - ok
19:11:58.0890 2192 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
19:11:58.0890 2192 PEAUTH - ok
19:11:59.0186 2192 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
19:11:59.0233 2192 pla - ok
19:11:59.0389 2192 PlugPlay (78f975cb6d18265be6f492edb2d7bc7b) C:\Windows\system32\umpnpmgr.dll
19:11:59.0405 2192 PlugPlay - ok
19:11:59.0498 2192 PNRPAutoReg (5de1a3972fd3112c75eb17bdcf454169) C:\Windows\system32\p2psvc.dll
19:11:59.0498 2192 PNRPAutoReg - ok
19:11:59.0498 2192 PNRPsvc (5de1a3972fd3112c75eb17bdcf454169) C:\Windows\system32\p2psvc.dll
19:11:59.0514 2192 PNRPsvc - ok
19:11:59.0592 2192 PolicyAgent (017fb87911583b00da1581f07cb7e7f2) C:\Windows\System32\ipsecsvc.dll
19:11:59.0592 2192 PolicyAgent - ok
19:11:59.0670 2192 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
19:11:59.0670 2192 PptpMiniport - ok
19:11:59.0701 2192 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
19:11:59.0701 2192 Processor - ok
19:11:59.0810 2192 ProfSvc (b627e4fc8585e8843c5905d4d3587a90) C:\Windows\system32\profsvc.dll
19:11:59.0810 2192 ProfSvc - ok
19:11:59.0841 2192 ProtectedStorage (dcf733788c7d088d814e5f80eb4b3e0f) C:\Windows\system32\lsass.exe
19:11:59.0841 2192 ProtectedStorage - ok
19:11:59.0904 2192 PSched (a114cfe308c24b8235b03cfdffe11e99) C:\Windows\system32\DRIVERS\pacer.sys
19:11:59.0904 2192 PSched - ok
19:12:00.0060 2192 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
19:12:00.0075 2192 ql2300 - ok
19:12:00.0075 2192 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
19:12:00.0075 2192 ql40xx - ok
19:12:00.0153 2192 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
19:12:00.0153 2192 QWAVE - ok
19:12:00.0185 2192 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
19:12:00.0185 2192 QWAVEdrv - ok
19:12:00.0185 2192 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
19:12:00.0185 2192 RasAcd - ok
19:12:00.0231 2192 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
19:12:00.0247 2192 RasAuto - ok
19:12:00.0263 2192 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
19:12:00.0263 2192 Rasl2tp - ok
19:12:00.0294 2192 RasMan (6e7c284fc5c4ec07ad164d93810385a6) C:\Windows\System32\rasmans.dll
19:12:00.0294 2192 RasMan - ok
19:12:00.0387 2192 RasPppoe (3e9d9b048107b40d87b97df2e48e0744) C:\Windows\system32\DRIVERS\raspppoe.sys
19:12:00.0387 2192 RasPppoe - ok
19:12:00.0512 2192 RasSstp (a7d141684e9500ac928a772ed8e6b671) C:\Windows\system32\DRIVERS\rassstp.sys
19:12:00.0512 2192 RasSstp - ok
19:12:00.0637 2192 rdbss (6e1c5d0457622f9ee35f683110e93d14) C:\Windows\system32\DRIVERS\rdbss.sys
19:12:00.0637 2192 rdbss - ok
19:12:00.0668 2192 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
19:12:00.0668 2192 RDPCDD - ok
19:12:00.0715 2192 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
19:12:00.0715 2192 rdpdr - ok
19:12:00.0715 2192 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
19:12:00.0715 2192 RDPENCDD - ok
19:12:00.0746 2192 RDPWD (e1c18f4097a5abcec941dc4b2f99db7e) C:\Windows\system32\drivers\RDPWD.sys
19:12:00.0746 2192 RDPWD - ok
19:12:00.0793 2192 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
19:12:00.0793 2192 RemoteAccess - ok
19:12:00.0824 2192 RemoteRegistry (cc4e32400f3c7253400cf8f3f3a0b676) C:\Windows\system32\regsvc.dll
19:12:00.0824 2192 RemoteRegistry - ok
19:12:00.0855 2192 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
19:12:00.0855 2192 RpcLocator - ok
19:12:00.0933 2192 RpcSs (33fb1f0193ee2051067441492d56113c) C:\Windows\system32\rpcss.dll
19:12:00.0949 2192 RpcSs - ok
19:12:00.0980 2192 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
19:12:00.0980 2192 rspndr - ok
19:12:01.0011 2192 SamSs (dcf733788c7d088d814e5f80eb4b3e0f) C:\Windows\system32\lsass.exe
19:12:01.0011 2192 SamSs - ok
19:12:01.0074 2192 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
19:12:01.0074 2192 sbp2port - ok
19:12:01.0121 2192 SCardSvr (11387e32642269c7e62e8b52c060b3c6) C:\Windows\System32\SCardSvr.dll
19:12:01.0121 2192 SCardSvr - ok
19:12:01.0199 2192 Schedule (1d5e99db3c10f4fa034010dc49043ca4) C:\Windows\system32\schedsvc.dll
19:12:01.0199 2192 Schedule - ok
19:12:01.0230 2192 SCPolicySvc (87c2d0377b23e2d8a41093c2f5fb1a5b) C:\Windows\System32\certprop.dll
19:12:01.0230 2192 SCPolicySvc - ok
19:12:01.0261 2192 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
19:12:01.0261 2192 SDRSVC - ok
19:12:01.0292 2192 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
19:12:01.0292 2192 secdrv - ok
19:12:01.0339 2192 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
19:12:01.0355 2192 seclogon - ok
19:12:01.0355 2192 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\System32\sens.dll
19:12:01.0355 2192 SENS - ok
19:12:01.0370 2192 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
19:12:01.0370 2192 Serenum - ok
19:12:01.0401 2192 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
19:12:01.0401 2192 Serial - ok
19:12:01.0417 2192 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
19:12:01.0417 2192 sermouse - ok
19:12:01.0464 2192 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
19:12:01.0464 2192 SessionEnv - ok
19:12:01.0479 2192 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
19:12:01.0479 2192 sffdisk - ok
19:12:01.0511 2192 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
19:12:01.0511 2192 sffp_mmc - ok
19:12:01.0526 2192 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
19:12:01.0526 2192 sffp_sd - ok
19:12:01.0542 2192 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
19:12:01.0542 2192 sfloppy - ok
19:12:01.0604 2192 SharedAccess (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll
19:12:01.0604 2192 SharedAccess - ok
19:12:01.0651 2192 ShellHWDetection (27f10f348e508243f6254846f8370d0d) C:\Windows\System32\shsvcs.dll
19:12:01.0651 2192 ShellHWDetection - ok
19:12:01.0682 2192 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
19:12:01.0682 2192 sisagp - ok
19:12:01.0760 2192 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
19:12:01.0760 2192 SiSRaid2 - ok
19:12:01.0807 2192 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
19:12:01.0807 2192 SiSRaid4 - ok
19:12:02.0088 2192 slsvc (0ba91e1358ad25236863039bb2609a2e) C:\Windows\system32\SLsvc.exe
19:12:02.0166 2192 slsvc - ok
19:12:02.0337 2192 SLUINotify (7c6dc44ca0bfa6291629ab764200d1d4) C:\Windows\system32\SLUINotify.dll
19:12:02.0337 2192 SLUINotify - ok
19:12:02.0400 2192 Smb (031e6bcd53c9b2b9ace111eafec347b6) C:\Windows\system32\DRIVERS\smb.sys
19:12:02.0400 2192 Smb - ok
19:12:02.0462 2192 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
19:12:02.0462 2192 SNMPTRAP - ok
19:12:02.0493 2192 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
19:12:02.0493 2192 spldr - ok
19:12:02.0509 2192 Spooler (846cdf9a3cf4da9b306adfb7d55ee4c2) C:\Windows\System32\spoolsv.exe
19:12:02.0525 2192 Spooler - ok
19:12:02.0556 2192 srv (3d7c04aba41ac96ba7e9d123ec8f7fa3) C:\Windows\system32\DRIVERS\srv.sys
19:12:02.0556 2192 srv - ok
19:12:02.0571 2192 srv2 (805fac010405ad3f82ef8df0bb035d81) C:\Windows\system32\DRIVERS\srv2.sys
19:12:02.0571 2192 srv2 - ok
19:12:02.0587 2192 srvnet (f63a0a58aafe34d7a1a0a74abccdd9c0) C:\Windows\system32\DRIVERS\srvnet.sys
19:12:02.0587 2192 srvnet - ok
19:12:02.0634 2192 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
19:12:02.0649 2192 SSDPSRV - ok
19:12:02.0681 2192 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
19:12:02.0681 2192 SstpSvc - ok
19:12:02.0743 2192 Steam Client Service - ok
19:12:02.0821 2192 stisvc (7dd08a597bc56051f320da0baf69e389) C:\Windows\System32\wiaservc.dll
19:12:02.0837 2192 stisvc - ok
19:12:02.0868 2192 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
19:12:02.0868 2192 swenum - ok
19:12:02.0961 2192 SwitchBoard (f577910a133a592234ebaad3f3afa258) C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
19:12:02.0977 2192 SwitchBoard - ok
19:12:03.0039 2192 swprv (b36c7cdb86f7f7a8e884479219766950) C:\Windows\System32\swprv.dll
19:12:03.0055 2192 swprv - ok
19:12:03.0071 2192 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
19:12:03.0071 2192 Symc8xx - ok
19:12:03.0102 2192 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
19:12:03.0102 2192 Sym_hi - ok
19:12:03.0117 2192 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
19:12:03.0117 2192 Sym_u3 - ok
19:12:03.0273 2192 SysMain (8710a92d0024b03b5fb9540df1f71f1d) C:\Windows\system32\sysmain.dll
19:12:03.0289 2192 SysMain - ok
19:12:03.0305 2192 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
19:12:03.0305 2192 TabletInputService - ok
19:12:03.0351 2192 TapiSrv (680916bb09ee0f3a6aca7c274b0d633f) C:\Windows\System32\tapisrv.dll
19:12:03.0351 2192 TapiSrv - ok
19:12:03.0383 2192 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
19:12:03.0383 2192 TBS - ok
19:12:03.0476 2192 Tcpip (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\drivers\tcpip.sys
19:12:03.0492 2192 Tcpip - ok
19:12:03.0492 2192 Tcpip6 (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\DRIVERS\tcpip.sys
19:12:03.0507 2192 Tcpip6 - ok
19:12:03.0539 2192 tcpipreg (d4a2e4a4b011f3a883af77315a5ae76b) C:\Windows\system32\drivers\tcpipreg.sys
19:12:03.0539 2192 tcpipreg - ok
19:12:03.0554 2192 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
19:12:03.0570 2192 TDPIPE - ok
19:12:03.0570 2192 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
19:12:03.0570 2192 TDTCP - ok
19:12:03.0617 2192 tdx (d09276b1fab033ce1d40dcbdf303d10f) C:\Windows\system32\DRIVERS\tdx.sys
19:12:03.0617 2192 tdx - ok
19:12:03.0663 2192 TermDD (a048056f5e1a96a9bf3071b91741a5aa) C:\Windows\system32\DRIVERS\termdd.sys
19:12:03.0663 2192 TermDD - ok
19:12:03.0710 2192 TermService (d605031e225aaccbceb5b76a4f1603a6) C:\Windows\System32\termsrv.dll
19:12:03.0726 2192 TermService - ok
19:12:03.0757 2192 Themes (27f10f348e508243f6254846f8370d0d) C:\Windows\system32\shsvcs.dll
19:12:03.0773 2192 Themes - ok
19:12:03.0804 2192 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
19:12:03.0804 2192 THREADORDER - ok
19:12:03.0929 2192 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
19:12:03.0929 2192 TrkWks - ok
19:12:03.0991 2192 TrustedInstaller (16613a1bad034d4ecf957af18b7c2ff5) C:\Windows\servicing\TrustedInstaller.exe
19:12:03.0991 2192 TrustedInstaller - ok
19:12:04.0022 2192 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
19:12:04.0022 2192 tssecsrv - ok
19:12:04.0053 2192 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
19:12:04.0053 2192 tunmp - ok
19:12:04.0069 2192 tunnel (119b8184e106baedc83fce5ddf3950da) C:\Windows\system32\DRIVERS\tunnel.sys
19:12:04.0069 2192 tunnel - ok
19:12:04.0100 2192 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
19:12:04.0116 2192 uagp35 - ok
19:12:04.0178 2192 udfs (8b5088058fa1d1cd897a2113ccff6c58) C:\Windows\system32\DRIVERS\udfs.sys
19:12:04.0178 2192 udfs - ok
19:12:04.0209 2192 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
19:12:04.0209 2192 UI0Detect - ok
19:12:04.0303 2192 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
19:12:04.0303 2192 uliagpkx - ok
19:12:04.0381 2192 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
19:12:04.0381 2192 uliahci - ok
19:12:04.0443 2192 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
19:12:04.0443 2192 UlSata - ok
19:12:04.0521 2192 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
19:12:04.0521 2192 ulsata2 - ok
19:12:04.0537 2192 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
19:12:04.0537 2192 umbus - ok
19:12:04.0615 2192 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
19:12:04.0615 2192 upnphost - ok
19:12:04.0662 2192 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
19:12:04.0677 2192 usbccgp - ok
19:12:04.0677 2192 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
19:12:04.0677 2192 usbcir - ok
19:12:04.0739 2192 usbehci (cebe90821810e76320155beba722fcf9) C:\Windows\system32\DRIVERS\usbehci.sys
19:12:04.0739 2192 usbehci - ok
19:12:04.0779 2192 usbhub (cc6b28e4ce39951357963119ce47b143) C:\Windows\system32\DRIVERS\usbhub.sys
19:12:04.0779 2192 usbhub - ok
19:12:04.0819 2192 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
19:12:04.0819 2192 usbohci - ok
19:12:04.0829 2192 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
19:12:04.0829 2192 usbprint - ok
19:12:04.0859 2192 USBSTOR (87ba6b83c5d19b69160968d07d6e2982) C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:12:04.0859 2192 USBSTOR - ok
19:12:04.0899 2192 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
19:12:04.0899 2192 usbuhci - ok
19:12:04.0929 2192 UxSms (032a0acc3909ae7215d524e29d536797) C:\Windows\System32\uxsms.dll
19:12:04.0929 2192 UxSms - ok
19:12:04.0989 2192 vds (b13bc395b9d6116628f5af47e0802ac4) C:\Windows\System32\vds.exe
19:12:04.0989 2192 vds - ok
19:12:05.0019 2192 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
19:12:05.0019 2192 vga - ok
19:12:05.0039 2192 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
19:12:05.0039 2192 VgaSave - ok
19:12:05.0049 2192 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
19:12:05.0049 2192 viaagp - ok
19:12:05.0079 2192 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
19:12:05.0079 2192 ViaC7 - ok
19:12:05.0099 2192 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
19:12:05.0099 2192 viaide - ok
19:12:05.0119 2192 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
19:12:05.0129 2192 volmgr - ok
19:12:05.0159 2192 volmgrx (98f5ffe6316bd74e9e2c97206c190196) C:\Windows\system32\drivers\volmgrx.sys
19:12:05.0159 2192 volmgrx - ok
19:12:05.0199 2192 volsnap (d8b4a53dd2769f226b3eb374374987c9) C:\Windows\system32\drivers\volsnap.sys
19:12:05.0199 2192 volsnap - ok
19:12:05.0279 2192 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
19:12:05.0279 2192 vsmraid - ok
19:12:05.0409 2192 VSS (d5fb73d19c46ade183f968e13f186b23) C:\Windows\system32\vssvc.exe
19:12:05.0449 2192 VSS - ok
19:12:05.0489 2192 W32Time (1cf9206966a8458cda9a8b20df8ab7d3) C:\Windows\system32\w32time.dll
19:12:05.0489 2192 W32Time - ok
19:12:05.0559 2192 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
19:12:05.0559 2192 WacomPen - ok
19:12:05.0579 2192 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
19:12:05.0579 2192 Wanarp - ok
19:12:05.0579 2192 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
19:12:05.0579 2192 Wanarpv6 - ok
19:12:05.0679 2192 wcncsvc (f3a5c2e1a6533192b070d06ecf6be796) C:\Windows\System32\wcncsvc.dll
19:12:05.0679 2192 wcncsvc - ok
19:12:05.0719 2192 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
19:12:05.0719 2192 WcsPlugInService - ok
19:12:05.0759 2192 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
19:12:05.0759 2192 Wd - ok
19:12:05.0849 2192 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
19:12:05.0849 2192 Wdf01000 - ok
19:12:05.0909 2192 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
19:12:05.0909 2192 WdiServiceHost - ok
19:12:05.0910 2192 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
19:12:05.0910 2192 WdiSystemHost - ok
19:12:05.0969 2192 WebClient (cf9a5f41789b642db967021de06a2713) C:\Windows\System32\webclnt.dll
19:12:05.0973 2192 WebClient - ok
19:12:06.0014 2192 Wecsvc (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll
19:12:06.0018 2192 Wecsvc - ok
19:12:06.0034 2192 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
19:12:06.0037 2192 wercplsupport - ok
19:12:06.0091 2192 WerSvc (4081288554294f144e5a7d4ee20e3ce6) C:\Windows\System32\WerSvc.dll
19:12:06.0096 2192 WerSvc - ok
19:12:06.0223 2192 WinDefend (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll
19:12:06.0228 2192 WinDefend - ok
19:12:06.0244 2192 WinHttpAutoProxySvc - ok
19:12:06.0345 2192 Winmgmt (00b79a7c984678f24cf052e5beb3a2f5) C:\Windows\system32\wbem\WMIsvc.dll
19:12:06.0349 2192 Winmgmt - ok
19:12:06.0522 2192 WinRM (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll
19:12:06.0560 2192 WinRM - ok
19:12:06.0681 2192 Wlansvc (4b40ff01db5357299dcbdb5a5746ad21) C:\Windows\System32\wlansvc.dll
19:12:06.0715 2192 Wlansvc - ok
19:12:06.0737 2192 wltrysvc - ok
19:12:06.0815 2192 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
19:12:06.0815 2192 WmiAcpi - ok
19:12:06.0956 2192 wmiApSrv (aba4cf9f856d9a3a25f4ddd7690a6e9d) C:\Windows\system32\wbem\WmiApSrv.exe
19:12:06.0956 2192 wmiApSrv - ok
19:12:07.0190 2192 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
19:12:07.0205 2192 WMPNetworkSvc - ok
19:12:07.0236 2192 WPCSvc (5d94cd167751294962ba238d82dd1bb8) C:\Windows\System32\wpcsvc.dll
19:12:07.0252 2192 WPCSvc - ok
19:12:07.0268 2192 WPDBusEnum (396d406292b0cd26e3504ffe82784702) C:\Windows\system32\wpdbusenum.dll
19:12:07.0268 2192 WPDBusEnum - ok
19:12:07.0954 2192 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
19:12:08.0048 2192 WPFFontCache_v0400 - ok
19:12:08.0141 2192 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
19:12:08.0141 2192 ws2ifsl - ok
19:12:08.0188 2192 wscsvc (683dd16b590372f2c9661d277f35e49c) C:\Windows\system32\wscsvc.dll
19:12:08.0188 2192 wscsvc - ok
19:12:08.0204 2192 WSearch - ok
19:12:08.0484 2192 wuauserv (d79538b67fa641e986855def651e78fe) C:\Windows\system32\wuaueng.dll
19:12:08.0531 2192 wuauserv - ok
19:12:08.0687 2192 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
19:12:08.0687 2192 WUDFRd - ok
19:12:08.0718 2192 wudfsvc (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll
19:12:08.0718 2192 wudfsvc - ok
19:12:08.0734 2192 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
19:12:08.0796 2192 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
19:12:08.0796 2192 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)
19:12:08.0859 2192 Boot (0x1200) (05956fdd0ecbebd6a0abf27035854ba4) \Device\Harddisk0\DR0\Partition0
19:12:08.0859 2192 \Device\Harddisk0\DR0\Partition0 - ok
19:12:08.0874 2192 Boot (0x1200) (82b6e5a4bfab65d534dc8b675d302d99) \Device\Harddisk0\DR0\Partition1
19:12:08.0874 2192 \Device\Harddisk0\DR0\Partition1 - ok
19:12:08.0874 2192 ============================================================
19:12:08.0874 2192 Scan finished
19:12:08.0874 2192 ============================================================
19:12:08.0874 3368 Detected object count: 1
19:12:08.0874 3368 Actual detected object count: 1
19:12:29.0429 3368 \Device\Harddisk0\DR0\# - copied to quarantine
19:12:29.0429 3368 \Device\Harddisk0\DR0 - copied to quarantine
19:12:29.0569 3368 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
19:12:29.0600 3368 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
19:12:29.0600 3368 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
19:12:29.0600 3368 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
19:12:29.0600 3368 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
19:12:29.0616 3368 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
19:12:29.0632 3368 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
19:12:29.0647 3368 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
19:12:29.0647 3368 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
19:12:29.0678 3368 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
19:12:29.0678 3368 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
19:12:29.0881 3368 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
19:12:29.0897 3368 \Device\Harddisk0\DR0 - ok
19:12:29.0944 3368 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure
19:12:32.0611 2908 Deinitialize success

aswMBR

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-27 19:16:06
-----------------------------
19:16:06.971 OS Version: Windows 6.0.6001 Service Pack 1
19:16:06.971 Number of processors: 2 586 0x170A
19:16:06.971 ComputerName: DEREK-PC UserName: Derek
19:16:08.235 Initialize success
19:17:02.578 AVAST engine defs: 12072701
19:17:21.235 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
19:17:21.235 Disk 0 Vendor: TOSHIBA_MK2555GSX FG000D Size: 238475MB BusType: 3
19:17:21.267 Disk 0 MBR read successfully
19:17:21.267 Disk 0 MBR scan
19:17:21.267 Disk 0 Windows VISTA default MBR code
19:17:21.267 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
19:17:21.298 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 15000 MB offset 81920
19:17:21.313 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 223434 MB offset 30801920
19:17:21.345 Disk 0 scanning sectors +488395120
19:17:21.454 Disk 0 scanning C:\Windows\system32\drivers
19:17:30.003 Service scanning
19:17:59.752 Modules scanning
19:18:18.191 Disk 0 trace - called modules:
19:18:18.721 ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS hal.dll PCIIDEX.SYS msahci.sys dxgkrnl.sys igdkmd32.sys
19:18:18.721 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85b3f730]
19:18:18.737 3 CLASSPNP.SYS[8a3a0745] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x8534eba0]
19:18:20.235 AVAST engine scan C:\Windows
19:18:22.965 AVAST engine scan C:\Windows\system32
19:20:31.764 AVAST engine scan C:\Windows\system32\drivers
19:20:46.319 AVAST engine scan C:\Users\Derek
19:25:14.046 AVAST engine scan C:\ProgramData
19:26:50.486 Scan finished successfully
19:28:17.924 Disk 0 MBR has been saved successfully to "C:\Users\Derek\Desktop\MBR.dat"
19:28:17.940 The log file has been saved successfully to "C:\Users\Derek\Desktop\aswMBR.txt"

Edited by FoolsLove, 27 July 2012 - 07:58 PM.


#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:57 PM

Posted 27 July 2012 - 09:33 PM

Hello

I would like you to download an updated version of combofix.

update combofix

Delete the version of combofix you have now on your desktop and download a new one from here

Link 1
Link 2
Link 3
**Note: It is important that it is saved directly to your desktop**

1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note:Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer
[/list]
"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 FoolsLove

FoolsLove
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:12:57 PM

Posted 27 July 2012 - 10:09 PM

After running ComboFix, my FTP connection problem is now fixed. I can't quite say if my computer is completely fine but it seems fine so far. Thanks.

ComboFix log

ComboFix 12-07-27.03 - Derek 07/27/2012 21:55:13.2.2 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.1.1033.18.3034.1909 [GMT -5:00]
Running from: c:\users\Derek\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\users\Derek\AppData\Roaming\mIRC\logs\status.log
c:\windows\system32\oem2.inf
D:\Autorun.inf
.
.
((((((((((((((((((((((((( Files Created from 2012-06-28 to 2012-07-28 )))))))))))))))))))))))))))))))
.
.
2012-07-28 03:01 . 2012-07-28 03:01 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-28 00:12 . 2012-07-28 00:12 -------- d-----w- C:\TDSSKiller_Quarantine
2012-07-28 00:03 . 2012-07-28 00:03 -------- d-----w- c:\program files\Microsoft.NET
2012-07-28 00:02 . 2012-07-28 00:02 -------- d-----w- c:\program files\Seagate
2012-07-28 00:00 . 2012-07-28 00:00 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2012-07-26 15:13 . 2012-07-26 15:13 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-07-24 06:48 . 2008-05-13 22:23 417792 ----a-w- c:\program files\Windows Media Player\Plugins\wmp_scrobbler.dll
2012-07-24 06:48 . 2012-07-24 06:48 -------- d-----w- c:\programdata\Last.fm
2012-07-24 04:02 . 2012-07-24 04:02 -------- d-----w- c:\program files\Common Files\Windows Live
2012-07-23 01:26 . 2012-07-23 01:26 -------- dc-h--w- c:\programdata\{9C69499E-D8CC-4C66-B856-7076DB8C275E}
2012-07-23 01:26 . 2012-07-23 01:26 -------- dc-h--w- c:\programdata\{529BBEB3-0369-420C-BD9C-37553D289203}
2012-07-22 21:17 . 2012-07-22 21:17 -------- d-----w- c:\programdata\regid.1986-12.com.adobe
2012-07-22 21:07 . 2012-07-23 01:26 -------- d-----w- c:\program files\Common Files\Topaz Labs
2012-07-22 21:06 . 2012-07-23 01:26 -------- d-----w- c:\program files\Topaz Labs
2012-07-22 20:42 . 2012-07-22 20:42 -------- d-----w- c:\program files\Common Files\Adobe AIR
2012-07-22 20:36 . 2012-07-22 20:46 -------- d-----w- c:\program files\Common Files\Adobe
2012-07-22 08:02 . 2009-11-08 15:55 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2012-07-22 08:02 . 2009-11-08 15:55 297808 ----a-w- c:\windows\system32\mscoree.dll
2012-07-22 08:02 . 2009-11-08 15:55 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2012-07-22 08:02 . 2009-11-08 15:55 49472 ----a-w- c:\windows\system32\netfxperf.dll
2012-07-22 08:02 . 2009-11-08 15:55 1130824 ----a-w- c:\windows\system32\dfshim.dll
2012-07-22 08:02 . 2010-09-20 09:25 231936 ----a-w- c:\windows\system32\msshsq.dll
2012-07-22 07:10 . 2012-07-22 07:10 -------- d-----w- c:\program files\Common Files\Steam
2012-07-22 07:10 . 2012-07-28 03:02 -------- d-----w- c:\program files\Steam
2012-07-22 06:42 . 2012-07-22 06:42 -------- d-----w- c:\program files\OpenOffice.org 3
2012-07-22 06:09 . 2012-07-22 06:09 -------- d-----w- c:\programdata\Malwarebytes
2012-07-22 06:09 . 2012-07-22 06:09 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-07-22 06:09 . 2012-07-03 18:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-22 05:48 . 2012-07-22 05:48 -------- dc----w- c:\windows\system32\DRVSTORE
2012-07-22 05:48 . 2009-05-18 18:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-07-22 05:48 . 2008-04-17 17:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2012-07-22 05:47 . 2012-07-22 05:47 -------- d-----w- c:\program files\iPod
2012-07-22 05:47 . 2012-07-24 06:48 -------- d-----w- c:\program files\iTunes
2012-07-22 05:47 . 2012-07-22 05:48 -------- d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2012-07-22 05:47 . 2012-07-22 05:47 -------- d-----w- c:\programdata\Apple Computer
2012-07-22 05:47 . 2012-07-22 05:47 -------- d-----w- c:\program files\Apple Software Update
2012-07-22 05:46 . 2012-07-22 05:46 -------- d-----w- c:\program files\Bonjour
2012-07-22 05:46 . 2012-07-22 05:47 -------- d-----w- c:\program files\Common Files\Apple
2012-07-22 05:46 . 2012-07-22 05:47 -------- d-----w- c:\programdata\Apple
2012-07-22 05:45 . 2012-07-22 05:45 -------- d-----w- c:\program files\Last.fm
2012-07-22 05:17 . 2012-07-22 05:17 -------- d-----w- c:\windows\system32\Lang
2012-07-22 05:17 . 2009-03-27 14:06 993816 ----a-w- c:\windows\system32\igxpun.exe
2012-07-22 05:17 . 2006-11-10 14:25 319456 ----a-w- c:\windows\system32\difxapi.dll
2012-07-22 05:08 . 2008-05-27 05:17 11776 ----a-w- c:\windows\system32\msshooks.dll
2012-07-22 05:07 . 2009-10-09 21:56 2048 ----a-w- c:\windows\system32\winrsmgr.dll
2012-07-22 03:58 . 2012-07-22 03:58 -------- d-----w- c:\program files\ATI Technologies
2012-07-22 03:58 . 2012-07-22 03:58 -------- d-----w- c:\program files\ATI
2012-07-22 03:30 . 2012-07-22 03:30 -------- d-----w- c:\program files\Intel
2012-07-22 03:30 . 2008-02-22 18:06 53248 ----a-w- c:\windows\system32\CSVer.dll
2012-07-22 03:29 . 2012-07-22 03:29 -------- d-----w- C:\Intel
2012-07-22 02:59 . 2012-07-22 02:59 -------- d-----w- c:\program files\uTorrent
2012-07-22 02:48 . 2012-07-22 02:49 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-22 02:48 . 2012-07-22 02:49 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-22 02:48 . 2012-07-22 02:48 -------- d-----w- c:\windows\system32\Macromed
2012-07-22 02:38 . 2012-06-09 17:21 178688 ----a-w- c:\windows\system32\unrar.dll
2012-07-22 02:38 . 2012-07-22 02:39 -------- d-----w- c:\program files\K-Lite Codec Pack
2012-07-22 02:34 . 2012-07-22 02:34 -------- d-----w- c:\program files\FileZilla FTP Client
2012-07-22 02:34 . 2012-07-22 02:34 -------- d-----w- c:\program files\7-Zip
2012-07-22 02:18 . 2012-07-22 01:26 -------- d-----w- c:\windows\Panther
2012-07-22 02:18 . 2012-07-22 02:18 -------- d-----w- C:\Boot
2012-07-22 02:18 . 2012-07-22 02:18 -------- d-----w- c:\windows\system32\OEM
2012-07-22 01:25 . 2012-07-22 21:17 -------- d-----w- c:\windows\Debug
2012-07-22 01:25 . 2012-07-22 01:25 -------- d-----w- c:\program files\CCleaner
2012-07-22 01:16 . 2009-08-10 11:01 1399296 ----a-w- c:\windows\system32\msxml6.dll
2012-07-22 01:16 . 2012-07-24 06:08 -------- d-----w- c:\programdata\AVAST Software
2012-07-22 01:16 . 2012-07-22 01:16 -------- d-----w- c:\program files\AVAST Software
2012-07-22 01:15 . 2010-05-27 19:16 81920 ----a-w- c:\windows\system32\iccvid.dll
2012-07-22 01:14 . 2008-04-30 05:36 454656 ----a-w- c:\program files\Common Files\System\msadc\msadce.dll
2012-07-22 01:14 . 2010-06-11 15:30 1257472 ----a-w- c:\windows\system32\msxml3.dll
2012-07-22 01:14 . 2012-07-16 07:41 6891424 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9B9662F8-14D1-421C-BCF6-06162D377547}\mpengine.dll
2012-07-22 01:14 . 2012-05-31 17:25 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-07-22 01:10 . 2008-06-20 01:14 105016 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2012-07-22 01:10 . 2008-06-20 01:14 97800 ----a-w- c:\windows\system32\infocardapi.dll
2012-07-22 01:10 . 2008-06-20 01:14 781344 ----a-w- c:\windows\system32\PresentationNative_v0300.dll
2012-07-22 01:10 . 2008-06-20 01:14 37384 ----a-w- c:\windows\system32\infocardcpl.cpl
2012-07-22 01:10 . 2008-06-20 01:14 11264 ----a-w- c:\windows\system32\icardres.dll
2012-07-22 01:10 . 2008-06-20 01:14 622080 ----a-w- c:\windows\system32\icardagt.exe
2012-07-22 01:06 . 2008-07-27 18:03 158720 ----a-w- c:\windows\system32\mscorier.dll
2012-07-22 01:06 . 2008-07-27 18:03 83968 ----a-w- c:\windows\system32\mscories.dll
2012-07-22 01:06 . 2008-05-08 21:59 90112 ----a-w- c:\windows\system32\wshext.dll
2012-07-22 01:06 . 2008-05-08 21:59 430080 ----a-w- c:\windows\system32\vbscript.dll
2012-07-22 01:06 . 2008-05-08 21:59 180224 ----a-w- c:\windows\system32\scrobj.dll
2012-07-22 01:06 . 2008-05-08 21:59 172032 ----a-w- c:\windows\system32\scrrun.dll
2012-07-22 01:06 . 2008-05-08 21:59 155648 ----a-w- c:\windows\system32\wscript.exe
2012-07-22 01:06 . 2008-05-08 21:58 135168 ----a-w- c:\windows\system32\cscript.exe
2012-07-22 01:06 . 2008-05-08 21:58 135168 ----a-w- c:\windows\system32\wshom.ocx
2012-07-22 01:06 . 2010-06-16 15:59 898952 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-07-22 00:54 . 2012-07-22 00:55 -------- d-----w- c:\programdata\Xfire
2012-07-22 00:54 . 2012-07-22 00:54 -------- d-----w- c:\program files\Xfire
2012-07-22 00:48 . 2010-10-15 14:08 3600272 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-07-22 00:48 . 2010-10-15 14:08 3548048 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-07-22 00:48 . 2010-10-15 13:48 1205080 ----a-w- c:\windows\system32\ntdll.dll
2012-07-22 00:45 . 2012-07-22 00:45 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-07-22 00:35 . 2012-07-28 02:31 -------- d-----w- c:\program files\mIRC
2012-07-22 00:28 . 2012-07-22 00:28 -------- d-----w- c:\program files\Cisco
2012-07-22 00:27 . 2012-07-28 00:06 -------- d-sh--w- c:\windows\Installer
2012-07-21 23:27 . 2012-07-22 05:58 -------- d-----w- c:\users\Derek
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-16 00:17 . 2012-06-16 00:17 42432 ----a-w- c:\windows\system32\xfcodec.dll
2012-07-14 00:17 . 2012-07-22 00:45 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files\Steam\Steam.exe" [2012-07-22 1242448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-11-17 3810304]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-01-16 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-01-16 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-01-16 150552]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-06-08 421776]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-30 499608]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5.5ServiceManager"="c:\program files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1695881587-2996411510-4261787991-1000Core.job
- c:\users\Derek\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-22 01:42]
.
2012-07-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1695881587-2996411510-4261787991-1000UA.job
- c:\users\Derek\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-22 01:42]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\Derek\AppData\Roaming\Mozilla\Firefox\Profiles\xdmvjw21.default\
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-07-27 22:02
Windows 6.0.6001 Service Pack 1 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\bcmwltry.exe
c:\windows\system32\WLANExt.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
c:\windows\system32\DllHost.exe
.
**************************************************************************
.
Completion time: 2012-07-27 22:06:05 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-28 03:06
.
Pre-Run: 189,757,214,720 bytes free
Post-Run: 191,402,516,480 bytes free
.
- - End Of File - - 26C485C55932EE8DAC18CB037FCB05FB

Edited by FoolsLove, 27 July 2012 - 10:11 PM.


#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:57 PM

Posted 27 July 2012 - 10:41 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 FoolsLove

FoolsLove
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:12:57 PM

Posted 28 July 2012 - 02:25 AM

Well, after a little while the FTP connection issues popped back up, and other tiny things did as well. However after running ComboFix and rebooting the issue once again disappeared. So I can't see it being fixed, so much as temporarily held off by running ComboFix or other things.

Here's the new combofix log. While the issue was back again:

ComboFix 12-07-27.03 - Derek 07/28/2012 2:12.3.2 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.1.1033.18.3034.2133 [GMT -5:00]
Running from: c:\users\Derek\Desktop\ComboFix.exe
Command switches used :: c:\users\Derek\Desktop\CFScript.txt
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Derek\AppData\Roaming\mIRC\logs\status.log
.
.
((((((((((((((((((((((((( Files Created from 2012-06-28 to 2012-07-28 )))))))))))))))))))))))))))))))
.
.
2012-07-28 07:16 . 2012-07-28 07:16 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-28 00:12 . 2012-07-28 00:12 -------- d-----w- C:\TDSSKiller_Quarantine
2012-07-28 00:03 . 2012-07-28 00:03 -------- d-----w- c:\program files\Microsoft.NET
2012-07-28 00:02 . 2012-07-28 00:02 -------- d-----w- c:\program files\Seagate
2012-07-28 00:00 . 2012-07-28 00:00 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2012-07-26 15:13 . 2012-07-26 15:13 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-07-24 06:48 . 2008-05-13 22:23 417792 ----a-w- c:\program files\Windows Media Player\Plugins\wmp_scrobbler.dll
2012-07-24 06:48 . 2012-07-24 06:48 -------- d-----w- c:\programdata\Last.fm
2012-07-24 04:02 . 2012-07-24 04:02 -------- d-----w- c:\program files\Common Files\Windows Live
2012-07-23 01:26 . 2012-07-23 01:26 -------- dc-h--w- c:\programdata\{9C69499E-D8CC-4C66-B856-7076DB8C275E}
2012-07-23 01:26 . 2012-07-23 01:26 -------- dc-h--w- c:\programdata\{529BBEB3-0369-420C-BD9C-37553D289203}
2012-07-22 21:17 . 2012-07-22 21:17 -------- d-----w- c:\programdata\regid.1986-12.com.adobe
2012-07-22 21:07 . 2012-07-23 01:26 -------- d-----w- c:\program files\Common Files\Topaz Labs
2012-07-22 21:06 . 2012-07-23 01:26 -------- d-----w- c:\program files\Topaz Labs
2012-07-22 20:42 . 2012-07-22 20:42 -------- d-----w- c:\program files\Common Files\Adobe AIR
2012-07-22 20:36 . 2012-07-22 20:46 -------- d-----w- c:\program files\Common Files\Adobe
2012-07-22 08:02 . 2009-11-08 15:55 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2012-07-22 08:02 . 2009-11-08 15:55 297808 ----a-w- c:\windows\system32\mscoree.dll
2012-07-22 08:02 . 2009-11-08 15:55 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2012-07-22 08:02 . 2009-11-08 15:55 49472 ----a-w- c:\windows\system32\netfxperf.dll
2012-07-22 08:02 . 2009-11-08 15:55 1130824 ----a-w- c:\windows\system32\dfshim.dll
2012-07-22 08:02 . 2010-09-20 09:25 231936 ----a-w- c:\windows\system32\msshsq.dll
2012-07-22 07:10 . 2012-07-22 07:10 -------- d-----w- c:\program files\Common Files\Steam
2012-07-22 07:10 . 2012-07-28 07:17 -------- d-----w- c:\program files\Steam
2012-07-22 06:42 . 2012-07-22 06:42 -------- d-----w- c:\program files\OpenOffice.org 3
2012-07-22 06:09 . 2012-07-22 06:09 -------- d-----w- c:\programdata\Malwarebytes
2012-07-22 06:09 . 2012-07-22 06:09 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-07-22 06:09 . 2012-07-03 18:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-22 05:48 . 2012-07-22 05:48 -------- dc----w- c:\windows\system32\DRVSTORE
2012-07-22 05:48 . 2009-05-18 18:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-07-22 05:48 . 2008-04-17 17:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2012-07-22 05:47 . 2012-07-22 05:47 -------- d-----w- c:\program files\iPod
2012-07-22 05:47 . 2012-07-24 06:48 -------- d-----w- c:\program files\iTunes
2012-07-22 05:47 . 2012-07-22 05:48 -------- d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2012-07-22 05:47 . 2012-07-22 05:47 -------- d-----w- c:\programdata\Apple Computer
2012-07-22 05:47 . 2012-07-22 05:47 -------- d-----w- c:\program files\Apple Software Update
2012-07-22 05:46 . 2012-07-22 05:46 -------- d-----w- c:\program files\Bonjour
2012-07-22 05:46 . 2012-07-22 05:47 -------- d-----w- c:\program files\Common Files\Apple
2012-07-22 05:46 . 2012-07-22 05:47 -------- d-----w- c:\programdata\Apple
2012-07-22 05:45 . 2012-07-22 05:45 -------- d-----w- c:\program files\Last.fm
2012-07-22 05:17 . 2012-07-22 05:17 -------- d-----w- c:\windows\system32\Lang
2012-07-22 05:17 . 2009-03-27 14:06 993816 ----a-w- c:\windows\system32\igxpun.exe
2012-07-22 05:17 . 2006-11-10 14:25 319456 ----a-w- c:\windows\system32\difxapi.dll
2012-07-22 05:08 . 2008-05-27 05:17 11776 ----a-w- c:\windows\system32\msshooks.dll
2012-07-22 05:07 . 2009-10-09 21:56 2048 ----a-w- c:\windows\system32\winrsmgr.dll
2012-07-22 03:58 . 2012-07-22 03:58 -------- d-----w- c:\program files\ATI Technologies
2012-07-22 03:58 . 2012-07-22 03:58 -------- d-----w- c:\program files\ATI
2012-07-22 03:30 . 2012-07-22 03:30 -------- d-----w- c:\program files\Intel
2012-07-22 03:30 . 2008-02-22 18:06 53248 ----a-w- c:\windows\system32\CSVer.dll
2012-07-22 03:29 . 2012-07-22 03:29 -------- d-----w- C:\Intel
2012-07-22 02:59 . 2012-07-22 02:59 -------- d-----w- c:\program files\uTorrent
2012-07-22 02:48 . 2012-07-22 02:49 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-22 02:48 . 2012-07-22 02:49 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-22 02:48 . 2012-07-22 02:48 -------- d-----w- c:\windows\system32\Macromed
2012-07-22 02:38 . 2012-06-09 17:21 178688 ----a-w- c:\windows\system32\unrar.dll
2012-07-22 02:38 . 2012-07-22 02:39 -------- d-----w- c:\program files\K-Lite Codec Pack
2012-07-22 02:34 . 2012-07-22 02:34 -------- d-----w- c:\program files\FileZilla FTP Client
2012-07-22 02:34 . 2012-07-22 02:34 -------- d-----w- c:\program files\7-Zip
2012-07-22 02:18 . 2012-07-22 01:26 -------- d-----w- c:\windows\Panther
2012-07-22 02:18 . 2012-07-22 02:18 -------- d-----w- C:\Boot
2012-07-22 02:18 . 2012-07-22 02:18 -------- d-----w- c:\windows\system32\OEM
2012-07-22 01:25 . 2012-07-22 21:17 -------- d-----w- c:\windows\Debug
2012-07-22 01:25 . 2012-07-22 01:25 -------- d-----w- c:\program files\CCleaner
2012-07-22 01:16 . 2009-08-10 11:01 1399296 ----a-w- c:\windows\system32\msxml6.dll
2012-07-22 01:16 . 2012-07-24 06:08 -------- d-----w- c:\programdata\AVAST Software
2012-07-22 01:16 . 2012-07-22 01:16 -------- d-----w- c:\program files\AVAST Software
2012-07-22 01:15 . 2010-05-27 19:16 81920 ----a-w- c:\windows\system32\iccvid.dll
2012-07-22 01:14 . 2008-04-30 05:36 454656 ----a-w- c:\program files\Common Files\System\msadc\msadce.dll
2012-07-22 01:14 . 2010-06-11 15:30 1257472 ----a-w- c:\windows\system32\msxml3.dll
2012-07-22 01:14 . 2012-07-16 07:41 6891424 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9B9662F8-14D1-421C-BCF6-06162D377547}\mpengine.dll
2012-07-22 01:14 . 2012-05-31 17:25 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-07-22 01:10 . 2008-06-20 01:14 105016 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2012-07-22 01:10 . 2008-06-20 01:14 97800 ----a-w- c:\windows\system32\infocardapi.dll
2012-07-22 01:10 . 2008-06-20 01:14 781344 ----a-w- c:\windows\system32\PresentationNative_v0300.dll
2012-07-22 01:10 . 2008-06-20 01:14 37384 ----a-w- c:\windows\system32\infocardcpl.cpl
2012-07-22 01:10 . 2008-06-20 01:14 11264 ----a-w- c:\windows\system32\icardres.dll
2012-07-22 01:10 . 2008-06-20 01:14 622080 ----a-w- c:\windows\system32\icardagt.exe
2012-07-22 01:06 . 2008-07-27 18:03 158720 ----a-w- c:\windows\system32\mscorier.dll
2012-07-22 01:06 . 2008-07-27 18:03 83968 ----a-w- c:\windows\system32\mscories.dll
2012-07-22 01:06 . 2008-05-08 21:59 90112 ----a-w- c:\windows\system32\wshext.dll
2012-07-22 01:06 . 2008-05-08 21:59 430080 ----a-w- c:\windows\system32\vbscript.dll
2012-07-22 01:06 . 2008-05-08 21:59 180224 ----a-w- c:\windows\system32\scrobj.dll
2012-07-22 01:06 . 2008-05-08 21:59 172032 ----a-w- c:\windows\system32\scrrun.dll
2012-07-22 01:06 . 2008-05-08 21:59 155648 ----a-w- c:\windows\system32\wscript.exe
2012-07-22 01:06 . 2008-05-08 21:58 135168 ----a-w- c:\windows\system32\cscript.exe
2012-07-22 01:06 . 2008-05-08 21:58 135168 ----a-w- c:\windows\system32\wshom.ocx
2012-07-22 01:06 . 2010-06-16 15:59 898952 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-07-22 00:54 . 2012-07-22 00:55 -------- d-----w- c:\programdata\Xfire
2012-07-22 00:54 . 2012-07-22 00:54 -------- d-----w- c:\program files\Xfire
2012-07-22 00:48 . 2010-10-15 14:08 3600272 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-07-22 00:48 . 2010-10-15 14:08 3548048 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-07-22 00:48 . 2010-10-15 13:48 1205080 ----a-w- c:\windows\system32\ntdll.dll
2012-07-22 00:45 . 2012-07-22 00:45 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-07-22 00:35 . 2012-07-28 03:18 -------- d-----w- c:\program files\mIRC
2012-07-22 00:28 . 2012-07-22 00:28 -------- d-----w- c:\program files\Cisco
2012-07-22 00:27 . 2012-07-28 00:06 -------- d-sh--w- c:\windows\Installer
2012-07-21 23:27 . 2012-07-22 05:58 -------- d-----w- c:\users\Derek
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-16 00:17 . 2012-06-16 00:17 42432 ----a-w- c:\windows\system32\xfcodec.dll
2012-07-14 00:17 . 2012-07-22 00:45 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files\Steam\Steam.exe" [2012-07-22 1242448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-11-17 3810304]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-01-16 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-01-16 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-01-16 150552]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-06-08 421776]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-30 499608]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5.5ServiceManager"="c:\program files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1695881587-2996411510-4261787991-1000Core.job
- c:\users\Derek\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-22 01:42]
.
2012-07-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1695881587-2996411510-4261787991-1000UA.job
- c:\users\Derek\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-22 01:42]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\Derek\AppData\Roaming\Mozilla\Firefox\Profiles\xdmvjw21.default\
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-07-28 02:17
Windows 6.0.6001 Service Pack 1 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\bcmwltry.exe
c:\windows\system32\WLANExt.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe
.
**************************************************************************
.
Completion time: 2012-07-28 02:21:03 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-28 07:21
ComboFix2.txt 2012-07-28 03:06
.
Pre-Run: 189,348,646,912 bytes free
Post-Run: 188,968,980,480 bytes free
.
- - End Of File - - 581702C4A5A78FB91200540122439426

Edited by FoolsLove, 28 July 2012 - 02:25 AM.


#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:57 PM

Posted 28 July 2012 - 02:29 AM

Hello

I would like to see a report that combofix makes.

extra combofix report

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\Add-Remove Programs.txt
  • click ok

copy and paste the report into this topic for me to review

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 FoolsLove

FoolsLove
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:12:57 PM

Posted 28 July 2012 - 02:58 AM

µTorrent
7-Zip 9.20
Adobe AIR
Adobe Community Help
Adobe Creative Suite 5.5 Design Premium
Adobe Flash Player 11 Plugin
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ATI Catalyst Install Manager
Bonjour
CCleaner
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Dell Wireless WLAN Card Utility
FileZilla Client 3.5.3
Google Chrome
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Intel® Graphics Media Accelerator Driver
iTunes
K-Lite Codec Pack 9.0.2 (Standard)
Last.fm 1.5.4.27091
Malwarebytes Anti-Malware version 1.62.0.1300
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFCLOC_x86
Mozilla Firefox 14.0.1 (x86 en-US)
Mozilla Maintenance Service
OpenOffice.org 3.4
PDF Settings CS5
SeaTools for Windows
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Steam
Topaz Clean 3
Topaz Denoise 3
Topaz DeNoise 5
Topaz Fusion Express 2
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Xfire (remove only)

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:57 PM

Posted 28 July 2012 - 03:03 AM

Hello

:P2P Warning!:

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
Once upon a time, P2P file sharing was fairly safe. That is no longer true. P2P programs form a direct conduit on to your computer, their security measures are easily circumvented and malware writers are increasingly exploiting them to spread their wares on to your computer. Further to that, if your P2P program is not configured correctly, your computer may be sharing more files than you realise. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.

FBI Cyber Education Letter
File sharing infects 500,000 computers
USAToday
infoworld


These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

µTorrent
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.



Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 FoolsLove

FoolsLove
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:12:57 PM

Posted 28 July 2012 - 06:42 PM

Once again the issue of connecting to FTP servers and small other issues popped up today after waking up. So whatever I have is definitely still around, it just seems running ComboFix and/or some other things fixes it very temporarily.

I ran MBAM again, but after about 2 and a half hours of scanning, I once again got BSOD'd. It took a lot longer than it did previously, where as before it'd only be about 30-40 minutes into a scan from MBAM when it BSOD'd. So, no log from that. :|

Here's the hijackthis log

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 6:35:06 PM, on 7/28/2012
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\WLTRAY.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Derek\Desktop\HijackThis.exe
C:\Windows\system32\wuauclt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE

--
End of file - 4074 bytes

Edited by FoolsLove, 28 July 2012 - 06:44 PM.


#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:57 PM

Posted 28 July 2012 - 08:18 PM

Create and Run Batch File
Open Notepad and copy/paste the entire contents of the codebox below, into Notepad:
@echo off
>Log1.txt (
ipconfig /all
nslookup google.com
nslookup yahoo.com
ping -n 2 google.com
ping -n 2 yahoo.com
route print
)
start Log1.txt
del %0
Save this as router.bat Choose to Save type as - All Files and where to save - Desktop - then close the Notepad file.

It should look like this: Posted Image <--XP
Double-click on router.bat to run it. it will open notepad when done please post back the results
gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users