Jump to content

ping.exe troubles


Recommended Posts

Pretty frustrated with this one, haven't had a virus in longer than I can remember. I guess that's the issue this time, as I'm out of practice with dealing with them and this one has me completely shattered. Googling symptomps seems to have me in line with a lot of other people, ping.exe permanently replicating itself and causing massive computer and network use, browser popups randomly, and redirects from links. Every few scans of malewarebytes seems to catch a file or two, but nothing actually gets fixed in the end. Spybot finds nothing; I ran combofix myself (stupidly) a few days ago, which seemed to fix it, and today everything is back to the same old virus-y past. After fighting this for almost two weeks now, I give up; I guess I can let someone much more experienced help for a change.

Of reference, while typing this I was running malwarebytes again, it removed c:\Windows\assembly\temp\kwrd.dll

If you want me to rescan, I can do that, of course. I'm going to go ahead and assume it isn't the only thing causing my computer issues.

On to posting the contents of my private computer all over the internet for anyone to see...

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_27

Run by Icey at 3:34:21 on 2011-12-19

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4094.2579 [GMT -8:00]

.

SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\taskeng.exe

C:\Windows\Explorer.EXE

C:\Windows\DAODx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\System32\svchost.exe -k HPZ12

C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\system32\SearchIndexer.exe

C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe

C:\Program Files (x86)\mIRC\mirc.exe

C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe

C:\Windows\system32\Dwm.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Windows\system32\taskhost.exe

C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

C:\Windows\system32\taskmgr.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Windows\SysWOW64\ping.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll

TB: {EFEED92A-A33D-4873-BA8F-32BAA631E54D} - No File

uRun: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe

mRun: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRun: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xport to Microsoft Excel

LSP: mswsock.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab

TCP: DhcpNameServer = 192.168.1.1

TCP: Interfaces\{71E6D7DF-A180-4445-B988-9B6615FC6F00} : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{9C047B78-32CC-4F96-80D3-4E2C616933D6} : DhcpNameServer = 192.168.254.254

TCP: Interfaces\{9C047B78-32CC-4F96-80D3-4E2C616933D6}\143786C65697 : DhcpNameServer = 209.18.47.61 209.18.47.62

Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\puresp4.dll

SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 consrv:ConServerDllInitialization,2 sxssrv,4

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB-X64: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll

TB-X64: {EFEED92A-A33D-4873-BA8F-32BAA631E54D} - No File

mRun-x64: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"

mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRun-x64: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Icey\AppData\Roaming\Mozilla\Firefox\Profiles\lhdc1s61.default\

FF - prefs.js: network.proxy.type - 0

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.50917.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

.

============= SERVICES / DRIVERS ===============

.

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-12-10 366152]

R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]

R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]

R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

R3 t3;Sound Blaster X-Fi Xtreme Audio;C:\Windows\system32\drivers\t3.sys --> C:\Windows\system32\drivers\t3.sys [?]

R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]

R3 VaneFltr;Lachesis Mouse Driver;C:\Windows\system32\drivers\Lachesis.sys --> C:\Windows\system32\drivers\Lachesis.sys [?]

R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\Windows\system32\drivers\viahduaa.sys --> C:\Windows\system32\drivers\viahduaa.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]

S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-4-28 704872]

S3 WUSB54GCv3;Compact Wireless-G USB Network Adapter;C:\Windows\system32\DRIVERS\WUSB54GCv3.sys --> C:\Windows\system32\DRIVERS\WUSB54GCv3.sys [?]

S4 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2009-7-13 20992]

S4 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2010-6-20 79360]

S4 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-5-25 79360]

.

=============== Created Last 30 ================

.

2011-12-19 11:13:09 41272 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys

2011-12-19 08:37:14 -------- d-----w- C:\Users\Icey\AppData\Roaming\NVIDIA

2011-12-18 06:21:10 -------- d-----w- C:\Users\Icey\AppData\Roaming\PC Cleaners

2011-12-18 06:21:06 5122320 ----a-w- C:\Windows\uninst.exe

2011-12-17 20:29:45 -------- d-----we C:\Windows\system64

2011-12-12 23:28:13 -------- d-----w- C:\ProgramData\Astroburn Lite

2011-12-12 23:28:12 -------- d-----w- C:\Program Files (x86)\Astroburn Lite

2011-12-11 22:34:40 -------- d-sh--w- C:\$RECYCLE.BIN

2011-12-11 22:26:23 98816 ----a-w- C:\Windows\sed.exe

2011-12-11 22:26:23 518144 ----a-w- C:\Windows\SWREG.exe

2011-12-11 22:26:23 256000 ----a-w- C:\Windows\PEV.exe

2011-12-11 22:26:23 208896 ----a-w- C:\Windows\MBR.exe

2011-12-11 21:48:59 6188 ----a-w- C:\Windows\System32\PerfStringBackup.TMP

2011-12-11 09:33:22 -------- d-----w- C:\Users\Icey\AppData\Local\WindowTools

2011-12-11 06:13:27 -------- d-----w- C:\Windows\pss

2011-12-11 05:14:01 -------- d-----w- C:\Users\Icey\AppData\Roaming\Malwarebytes

2011-12-11 05:13:53 -------- d-----w- C:\ProgramData\Malwarebytes

2011-12-11 05:13:50 25416 ----a-w- C:\Windows\System32\drivers\mbam.sys

2011-12-11 05:13:50 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2011-12-09 11:52:51 -------- d-----w- C:\Program Files (x86)\Common Files\Steam

2011-12-09 11:52:49 -------- d-----w- C:\Program Files (x86)\Steam

.

==================== Find3M ====================

.

2011-12-19 08:25:05 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2011-11-06 05:27:27 419840 ----a-w- C:\Windows\System32\systemcpl.dll

2011-11-06 05:27:27 14848 ----a-w- C:\Windows\System32\slwga.dll

2011-11-06 05:27:27 13824 ----a-w- C:\Windows\SysWow64\slwga.dll

2011-11-06 05:27:26 833024 ----a-w- C:\Windows\SysWow64\user32.dll

2011-11-06 05:27:26 1008640 ----a-w- C:\Windows\System32\user32.dll

.

============= FINISH: 3:35:20.69 ===============

Attach.zip

Link to post
Share on other sites

You want me to just copy/paste logs from here on if you need them?

13:22:41.0323 4252 TDSS rootkit removing tool 2.6.23.0 Dec 13 2011 10:39:31

13:22:41.0562 4252 ============================================================

13:22:41.0562 4252 Current date / time: 2011/12/19 13:22:41.0562

13:22:41.0562 4252 SystemInfo:

13:22:41.0562 4252

13:22:41.0562 4252 OS Version: 6.1.7600 ServicePack: 0.0

13:22:41.0562 4252 Product type: Workstation

13:22:41.0562 4252 ComputerName: ICEYDEVIL

13:22:41.0563 4252 UserName: Icey

13:22:41.0563 4252 Windows directory: C:\Windows

13:22:41.0563 4252 System windows directory: C:\Windows

13:22:41.0563 4252 Running under WOW64

13:22:41.0563 4252 Processor architecture: Intel x64

13:22:41.0563 4252 Number of processors: 6

13:22:41.0563 4252 Page size: 0x1000

13:22:41.0563 4252 Boot type: Normal boot

13:22:41.0563 4252 ============================================================

13:22:42.0599 4252 Initialize success

13:23:05.0204 5216 ============================================================

13:23:05.0204 5216 Scan started

13:23:05.0204 5216 Mode: Manual; SigCheck; TDLFS;

13:23:05.0204 5216 ============================================================

13:23:06.0214 5216 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys

13:23:06.0350 5216 1394ohci - ok

13:23:06.0376 5216 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys

13:23:06.0389 5216 ACPI - ok

13:23:06.0409 5216 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys

13:23:06.0447 5216 AcpiPmi - ok

13:23:06.0465 5216 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys

13:23:06.0479 5216 adp94xx - ok

13:23:06.0512 5216 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys

13:23:06.0523 5216 adpahci - ok

13:23:06.0538 5216 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys

13:23:06.0547 5216 adpu320 - ok

13:23:06.0596 5216 AFD (b9384e03479d2506bc924c16a3db87bc) C:\Windows\system32\drivers\afd.sys

13:23:06.0653 5216 AFD - ok

13:23:06.0668 5216 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys

13:23:06.0674 5216 agp440 - ok

13:23:06.0737 5216 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys

13:23:06.0752 5216 aliide - ok

13:23:06.0773 5216 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys

13:23:06.0779 5216 amdide - ok

13:23:06.0794 5216 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys

13:23:06.0815 5216 AmdK8 - ok

13:23:06.0837 5216 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys

13:23:06.0855 5216 AmdPPM - ok

13:23:06.0870 5216 amdsata (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\DRIVERS\amdsata.sys

13:23:06.0877 5216 amdsata - ok

13:23:06.0894 5216 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys

13:23:06.0902 5216 amdsbs - ok

13:23:06.0915 5216 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\DRIVERS\amdxata.sys

13:23:06.0921 5216 amdxata - ok

13:23:06.0949 5216 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys

13:23:07.0018 5216 AppID - ok

13:23:07.0047 5216 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys

13:23:07.0054 5216 arc - ok

13:23:07.0072 5216 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys

13:23:07.0080 5216 arcsas - ok

13:23:07.0104 5216 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys

13:23:07.0163 5216 AsyncMac - ok

13:23:07.0180 5216 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys

13:23:07.0186 5216 atapi - ok

13:23:07.0230 5216 AtiPcie (7c5d273e29dcc5505469b299c6f29163) C:\Windows\system32\DRIVERS\AtiPcie.sys

13:23:07.0252 5216 AtiPcie - ok

13:23:07.0295 5216 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys

13:23:07.0332 5216 b06bdrv - ok

13:23:07.0357 5216 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys

13:23:07.0377 5216 b57nd60a - ok

13:23:07.0407 5216 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys

13:23:07.0464 5216 Beep - ok

13:23:07.0494 5216 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys

13:23:07.0519 5216 blbdrive - ok

13:23:07.0539 5216 bowser (91ce0d3dc57dd377e690a2d324022b08) C:\Windows\system32\DRIVERS\bowser.sys

13:23:07.0581 5216 bowser - ok

13:23:07.0594 5216 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys

13:23:07.0625 5216 BrFiltLo - ok

13:23:07.0643 5216 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys

13:23:07.0663 5216 BrFiltUp - ok

13:23:07.0687 5216 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys

13:23:07.0720 5216 Brserid - ok

13:23:07.0733 5216 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys

13:23:07.0750 5216 BrSerWdm - ok

13:23:07.0764 5216 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys

13:23:07.0814 5216 BrUsbMdm - ok

13:23:07.0825 5216 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys

13:23:07.0841 5216 BrUsbSer - ok

13:23:07.0855 5216 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys

13:23:07.0877 5216 BTHMODEM - ok

13:23:07.0894 5216 catchme - ok

13:23:07.0913 5216 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys

13:23:07.0942 5216 cdfs - ok

13:23:07.0971 5216 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys

13:23:07.0993 5216 cdrom - ok

13:23:08.0022 5216 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys

13:23:08.0044 5216 circlass - ok

13:23:08.0074 5216 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys

13:23:08.0086 5216 CLFS - ok

13:23:08.0139 5216 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys

13:23:08.0163 5216 CmBatt - ok

13:23:08.0178 5216 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys

13:23:08.0184 5216 cmdide - ok

13:23:08.0207 5216 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys

13:23:08.0243 5216 CNG - ok

13:23:08.0263 5216 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys

13:23:08.0269 5216 Compbatt - ok

13:23:08.0294 5216 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys

13:23:08.0315 5216 CompositeBus - ok

13:23:08.0336 5216 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys

13:23:08.0343 5216 crcdisk - ok

13:23:08.0414 5216 DfsC (3f1dc527070acb87e40afe46ef6da749) C:\Windows\system32\Drivers\dfsc.sys

13:23:08.0455 5216 DfsC - ok

13:23:08.0473 5216 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys

13:23:08.0508 5216 discache - ok

13:23:08.0541 5216 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys

13:23:08.0546 5216 Disk - ok

13:23:08.0574 5216 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys

13:23:08.0592 5216 drmkaud - ok

13:23:08.0621 5216 DXGKrnl (ebce0b0924835f635f620d19f0529dce) C:\Windows\System32\drivers\dxgkrnl.sys

13:23:08.0649 5216 DXGKrnl - ok

13:23:08.0690 5216 EagleX64 - ok

13:23:08.0782 5216 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys

13:23:08.0879 5216 ebdrv - ok

13:23:08.0915 5216 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys

13:23:08.0928 5216 elxstor - ok

13:23:08.0948 5216 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys

13:23:08.0965 5216 ErrDev - ok

13:23:08.0988 5216 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys

13:23:09.0013 5216 exfat - ok

13:23:09.0027 5216 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys

13:23:09.0081 5216 fastfat - ok

13:23:09.0102 5216 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys

13:23:09.0118 5216 fdc - ok

13:23:09.0137 5216 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys

13:23:09.0144 5216 FileInfo - ok

13:23:09.0154 5216 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys

13:23:09.0187 5216 Filetrace - ok

13:23:09.0203 5216 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys

13:23:09.0210 5216 flpydisk - ok

13:23:09.0232 5216 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys

13:23:09.0241 5216 FltMgr - ok

13:23:09.0259 5216 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys

13:23:09.0265 5216 FsDepends - ok

13:23:09.0291 5216 fssfltr (53dab1791917a72738539ad25c4eed7f) C:\Windows\system32\DRIVERS\fssfltr.sys

13:23:09.0296 5216 fssfltr - ok

13:23:09.0319 5216 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys

13:23:09.0324 5216 Fs_Rec - ok

13:23:09.0363 5216 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys

13:23:09.0372 5216 fvevol - ok

13:23:09.0394 5216 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys

13:23:09.0400 5216 gagp30kx - ok

13:23:09.0418 5216 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys

13:23:09.0447 5216 hcw85cir - ok

13:23:09.0473 5216 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys

13:23:09.0513 5216 HdAudAddService - ok

13:23:09.0545 5216 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys

13:23:09.0567 5216 HDAudBus - ok

13:23:09.0579 5216 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys

13:23:09.0599 5216 HidBatt - ok

13:23:09.0614 5216 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys

13:23:09.0647 5216 HidBth - ok

13:23:09.0658 5216 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys

13:23:09.0678 5216 HidIr - ok

13:23:09.0703 5216 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys

13:23:09.0713 5216 HidUsb - ok

13:23:09.0733 5216 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys

13:23:09.0740 5216 HpSAMD - ok

13:23:09.0770 5216 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys

13:23:09.0828 5216 HTTP - ok

13:23:09.0845 5216 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys

13:23:09.0850 5216 hwpolicy - ok

13:23:09.0885 5216 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys

13:23:09.0907 5216 i8042prt - ok

13:23:09.0931 5216 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys

13:23:09.0944 5216 iaStorV - ok

13:23:09.0973 5216 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys

13:23:09.0980 5216 iirsp - ok

13:23:10.0008 5216 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys

13:23:10.0015 5216 intelide - ok

13:23:10.0031 5216 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys

13:23:10.0064 5216 intelppm - ok

13:23:10.0080 5216 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys

13:23:10.0108 5216 IpFilterDriver - ok

13:23:10.0120 5216 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys

13:23:10.0128 5216 IPMIDRV - ok

13:23:10.0140 5216 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys

13:23:10.0172 5216 IPNAT - ok

13:23:10.0200 5216 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys

13:23:10.0210 5216 IRENUM - ok

13:23:10.0293 5216 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys

13:23:10.0328 5216 isapnp - ok

13:23:10.0347 5216 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys

13:23:10.0357 5216 iScsiPrt - ok

13:23:10.0405 5216 JRAID (4a8a242fda43765f4f73ecde2ba0d62a) C:\Windows\system32\DRIVERS\jraid.sys

13:23:10.0420 5216 JRAID - ok

13:23:10.0447 5216 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys

13:23:10.0459 5216 kbdclass - ok

13:23:10.0474 5216 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys

13:23:10.0492 5216 kbdhid - ok

13:23:10.0511 5216 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys

13:23:10.0521 5216 KSecDD - ok

13:23:10.0564 5216 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys

13:23:10.0575 5216 KSecPkg - ok

13:23:10.0588 5216 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys

13:23:10.0652 5216 ksthunk - ok

13:23:10.0688 5216 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys

13:23:10.0723 5216 lltdio - ok

13:23:10.0752 5216 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys

13:23:10.0759 5216 LSI_FC - ok

13:23:10.0773 5216 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys

13:23:10.0779 5216 LSI_SAS - ok

13:23:10.0798 5216 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys

13:23:10.0803 5216 LSI_SAS2 - ok

13:23:10.0820 5216 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys

13:23:10.0827 5216 LSI_SCSI - ok

13:23:10.0849 5216 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys

13:23:10.0880 5216 luafv - ok

13:23:10.0917 5216 MBAMProtector (23a854450dab5c9b7a42ab9be6f2e4bd) C:\Windows\system32\drivers\mbam.sys

13:23:10.0922 5216 MBAMProtector - ok

13:23:10.0962 5216 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys

13:23:10.0967 5216 megasas - ok

13:23:10.0987 5216 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys

13:23:10.0996 5216 MegaSR - ok

13:23:11.0010 5216 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys

13:23:11.0043 5216 Modem - ok

13:23:11.0061 5216 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys

13:23:11.0076 5216 monitor - ok

13:23:11.0088 5216 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys

13:23:11.0093 5216 mouclass - ok

13:23:11.0111 5216 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys

13:23:11.0117 5216 mouhid - ok

13:23:11.0129 5216 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys

13:23:11.0135 5216 mountmgr - ok

13:23:11.0154 5216 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys

13:23:11.0161 5216 mpio - ok

13:23:11.0174 5216 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys

13:23:11.0209 5216 mpsdrv - ok

13:23:11.0228 5216 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys

13:23:11.0244 5216 MRxDAV - ok

13:23:11.0290 5216 mrxsmb (767a4c3bcf9410c286ced15a2db17108) C:\Windows\system32\DRIVERS\mrxsmb.sys

13:23:11.0324 5216 mrxsmb - ok

13:23:11.0342 5216 mrxsmb10 (920ee0ff995fcfdeb08c41605a959e1c) C:\Windows\system32\DRIVERS\mrxsmb10.sys

13:23:11.0359 5216 mrxsmb10 - ok

13:23:11.0391 5216 mrxsmb20 (740d7ea9d72c981510a5292cf6adc941) C:\Windows\system32\DRIVERS\mrxsmb20.sys

13:23:11.0412 5216 mrxsmb20 - ok

13:23:11.0428 5216 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys

13:23:11.0435 5216 msahci - ok

13:23:11.0453 5216 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys

13:23:11.0461 5216 msdsm - ok

13:23:11.0483 5216 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys

13:23:11.0509 5216 Msfs - ok

13:23:11.0519 5216 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys

13:23:11.0550 5216 mshidkmdf - ok

13:23:11.0564 5216 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys

13:23:11.0569 5216 msisadrv - ok

13:23:11.0599 5216 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys

13:23:11.0627 5216 MSKSSRV - ok

13:23:11.0638 5216 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys

13:23:11.0660 5216 MSPCLOCK - ok

13:23:11.0674 5216 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys

13:23:11.0700 5216 MSPQM - ok

13:23:11.0722 5216 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys

13:23:11.0732 5216 MsRPC - ok

13:23:11.0746 5216 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys

13:23:11.0751 5216 mssmbios - ok

13:23:11.0764 5216 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys

13:23:11.0796 5216 MSTEE - ok

13:23:11.0811 5216 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys

13:23:11.0829 5216 MTConfig - ok

13:23:11.0864 5216 MTsensor (19b006b181e3875fd254f7b67acf1e7c) C:\Windows\system32\DRIVERS\ASACPI.sys

13:23:11.0875 5216 MTsensor - ok

13:23:11.0904 5216 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys

13:23:11.0920 5216 Mup - ok

13:23:11.0945 5216 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys

13:23:11.0968 5216 NativeWifiP - ok

13:23:12.0006 5216 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys

13:23:12.0035 5216 NDIS - ok

13:23:12.0057 5216 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys

13:23:12.0080 5216 NdisCap - ok

13:23:12.0101 5216 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys

13:23:12.0129 5216 NdisTapi - ok

13:23:12.0149 5216 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys

13:23:12.0177 5216 Ndisuio - ok

13:23:12.0197 5216 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys

13:23:12.0230 5216 NdisWan - ok

13:23:12.0249 5216 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys

13:23:12.0272 5216 NDProxy - ok

13:23:12.0299 5216 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys

13:23:12.0321 5216 NetBIOS - ok

13:23:12.0337 5216 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys

13:23:12.0367 5216 NetBT - ok

13:23:12.0413 5216 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys

13:23:12.0418 5216 nfrd960 - ok

13:23:12.0434 5216 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys

13:23:12.0469 5216 Npfs - ok

13:23:12.0489 5216 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys

13:23:12.0523 5216 nsiproxy - ok

13:23:12.0576 5216 Ntfs (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys

13:23:12.0638 5216 Ntfs - ok

13:23:12.0651 5216 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys

13:23:12.0681 5216 Null - ok

13:23:12.0714 5216 nusb3hub (8ebcb9165ee7f1571842f4d9d624a74c) C:\Windows\system32\DRIVERS\nusb3hub.sys

13:23:12.0741 5216 nusb3hub - ok

13:23:12.0755 5216 nusb3xhc (5d54dbb12bbfe07cc283fd39f2cd6d63) C:\Windows\system32\DRIVERS\nusb3xhc.sys

13:23:12.0763 5216 nusb3xhc - ok

13:23:12.0995 5216 nvlddmkm (aaf5559039e99d0cc22e25255f3dc06e) C:\Windows\system32\DRIVERS\nvlddmkm.sys

13:23:13.0302 5216 nvlddmkm - ok

13:23:13.0333 5216 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys

13:23:13.0340 5216 nvraid - ok

13:23:13.0356 5216 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys

13:23:13.0363 5216 nvstor - ok

13:23:13.0391 5216 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys

13:23:13.0410 5216 nv_agp - ok

13:23:13.0448 5216 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys

13:23:13.0456 5216 ohci1394 - ok

13:23:13.0493 5216 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys

13:23:13.0502 5216 Parport - ok

13:23:13.0522 5216 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys

13:23:13.0529 5216 partmgr - ok

13:23:13.0544 5216 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys

13:23:13.0553 5216 pci - ok

13:23:13.0566 5216 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys

13:23:13.0572 5216 pciide - ok

13:23:13.0589 5216 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys

13:23:13.0598 5216 pcmcia - ok

13:23:13.0613 5216 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys

13:23:13.0619 5216 pcw - ok

13:23:13.0641 5216 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys

13:23:13.0687 5216 PEAUTH - ok

13:23:13.0748 5216 pnarp (4ff73a83a25d0eead4f5e6c841bb6704) C:\Windows\system32\DRIVERS\pnarp.sys

13:23:13.0753 5216 pnarp - ok

13:23:13.0805 5216 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys

13:23:13.0857 5216 PptpMiniport - ok

13:23:13.0877 5216 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys

13:23:13.0893 5216 Processor - ok

13:23:13.0928 5216 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys

13:23:13.0985 5216 Psched - ok

13:23:14.0035 5216 purendis (9a68a89f10f283a23afee2a1bfe4bffb) C:\Windows\system32\DRIVERS\purendis.sys

13:23:14.0047 5216 purendis - ok

13:23:14.0114 5216 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys

13:23:14.0187 5216 ql2300 - ok

13:23:14.0205 5216 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys

13:23:14.0211 5216 ql40xx - ok

13:23:14.0231 5216 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys

13:23:14.0241 5216 QWAVEdrv - ok

13:23:14.0253 5216 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys

13:23:14.0275 5216 RasAcd - ok

13:23:14.0312 5216 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys

13:23:14.0334 5216 RasAgileVpn - ok

13:23:14.0348 5216 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys

13:23:14.0371 5216 Rasl2tp - ok

13:23:14.0388 5216 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys

13:23:14.0420 5216 RasPppoe - ok

13:23:14.0427 5216 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys

13:23:14.0458 5216 RasSstp - ok

13:23:14.0473 5216 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys

13:23:14.0508 5216 rdbss - ok

13:23:14.0525 5216 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys

13:23:14.0534 5216 rdpbus - ok

13:23:14.0548 5216 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys

13:23:14.0571 5216 RDPCDD - ok

13:23:14.0589 5216 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys

13:23:14.0611 5216 RDPENCDD - ok

13:23:14.0621 5216 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys

13:23:14.0643 5216 RDPREFMP - ok

13:23:14.0663 5216 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys

13:23:14.0695 5216 RDPWD - ok

13:23:14.0717 5216 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys

13:23:14.0724 5216 rdyboost - ok

13:23:14.0762 5216 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys

13:23:14.0814 5216 rspndr - ok

13:23:14.0838 5216 RTL8167 (8de1701afcc1855c6a9df28a25a0ef3e) C:\Windows\system32\DRIVERS\Rt64win7.sys

13:23:14.0848 5216 RTL8167 - ok

13:23:14.0868 5216 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys

13:23:14.0876 5216 sbp2port - ok

13:23:14.0898 5216 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys

13:23:14.0930 5216 scfilter - ok

13:23:14.0959 5216 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

13:23:14.0982 5216 secdrv - ok

13:23:14.0999 5216 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys

13:23:15.0006 5216 Serenum - ok

13:23:15.0032 5216 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys

13:23:15.0058 5216 Serial - ok

13:23:15.0086 5216 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys

13:23:15.0101 5216 sermouse - ok

13:23:15.0150 5216 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys

13:23:15.0179 5216 sffdisk - ok

13:23:15.0194 5216 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys

13:23:15.0215 5216 sffp_mmc - ok

13:23:15.0230 5216 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\DRIVERS\sffp_sd.sys

13:23:15.0252 5216 sffp_sd - ok

13:23:15.0267 5216 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys

13:23:15.0278 5216 sfloppy - ok

13:23:15.0307 5216 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys

13:23:15.0316 5216 SiSRaid2 - ok

13:23:15.0351 5216 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys

13:23:15.0361 5216 SiSRaid4 - ok

13:23:15.0391 5216 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys

13:23:15.0431 5216 Smb - ok

13:23:15.0468 5216 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys

13:23:15.0473 5216 spldr - ok

13:23:15.0565 5216 sptd (a6cff1af7664627a296b6a0a96cf876e) C:\Windows\System32\Drivers\sptd.sys

13:23:15.0565 5216 Suspicious file (NoAccess): C:\Windows\System32\Drivers\sptd.sys. md5: a6cff1af7664627a296b6a0a96cf876e

13:23:15.0568 5216 sptd ( LockedFile.Multi.Generic ) - warning

13:23:15.0568 5216 sptd - detected LockedFile.Multi.Generic (1)

13:23:15.0622 5216 srv (de6f5658da951c4bc8e498570b5b0d5f) C:\Windows\system32\DRIVERS\srv.sys

13:23:15.0683 5216 srv - ok

13:23:15.0732 5216 srv2 (4d33d59c0b930c523d29f9bd40cda9d2) C:\Windows\system32\DRIVERS\srv2.sys

13:23:15.0778 5216 srv2 - ok

13:23:15.0828 5216 srvnet (5a663fd67049267bc5c3f3279e631ffb) C:\Windows\system32\DRIVERS\srvnet.sys

13:23:15.0859 5216 srvnet - ok

13:23:15.0936 5216 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys

13:23:15.0952 5216 stexstor - ok

13:23:15.0983 5216 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys

13:23:15.0999 5216 swenum - ok

13:23:16.0081 5216 t3 (6b153e518dbe6ef59191152e1ecf7ed4) C:\Windows\system32\drivers\t3.sys

13:23:16.0122 5216 t3 - ok

13:23:16.0216 5216 Tcpip (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\drivers\tcpip.sys

13:23:16.0279 5216 Tcpip - ok

13:23:16.0324 5216 TCPIP6 (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\DRIVERS\tcpip.sys

13:23:16.0347 5216 TCPIP6 - ok

13:23:16.0367 5216 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys

13:23:16.0389 5216 tcpipreg - ok

13:23:16.0404 5216 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys

13:23:16.0460 5216 TDPIPE - ok

13:23:16.0473 5216 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys

13:23:16.0501 5216 TDTCP - ok

13:23:16.0516 5216 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys

13:23:16.0545 5216 tdx - ok

13:23:16.0565 5216 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys

13:23:16.0570 5216 TermDD - ok

13:23:16.0591 5216 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys

13:23:16.0625 5216 tssecsrv - ok

13:23:16.0646 5216 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys

13:23:16.0705 5216 tunnel - ok

13:23:16.0719 5216 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys

13:23:16.0726 5216 uagp35 - ok

13:23:16.0744 5216 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys

13:23:16.0781 5216 udfs - ok

13:23:16.0803 5216 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys

13:23:16.0809 5216 uliagpkx - ok

13:23:16.0823 5216 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys

13:23:16.0838 5216 umbus - ok

13:23:16.0850 5216 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys

13:23:16.0867 5216 UmPass - ok

13:23:16.0882 5216 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys

13:23:16.0921 5216 usbccgp - ok

13:23:16.0945 5216 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys

13:23:16.0981 5216 usbcir - ok

13:23:16.0997 5216 usbehci (df9f9afc9aaabd8ed47975d44e38169a) C:\Windows\system32\DRIVERS\usbehci.sys

13:23:17.0015 5216 usbehci - ok

13:23:17.0037 5216 usbfilter (858be9c0e498c8e505e198e17eece0d9) C:\Windows\system32\DRIVERS\usbfilter.sys

13:23:17.0041 5216 usbfilter - ok

13:23:17.0069 5216 usbhub (372a91bc3c6603080a793880b0873785) C:\Windows\system32\DRIVERS\usbhub.sys

13:23:17.0081 5216 usbhub - ok

13:23:17.0093 5216 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys

13:23:17.0101 5216 usbohci - ok

13:23:17.0120 5216 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys

13:23:17.0131 5216 usbprint - ok

13:23:17.0148 5216 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS

13:23:17.0158 5216 USBSTOR - ok

13:23:17.0173 5216 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys

13:23:17.0181 5216 usbuhci - ok

13:23:17.0215 5216 VaneFltr (81a9f455bf2c9180348949f7c8d93e66) C:\Windows\system32\drivers\Lachesis.sys

13:23:17.0246 5216 VaneFltr - ok

13:23:17.0275 5216 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys

13:23:17.0280 5216 vdrvroot - ok

13:23:17.0310 5216 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys

13:23:17.0320 5216 vga - ok

13:23:17.0333 5216 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys

13:23:17.0367 5216 VgaSave - ok

13:23:17.0390 5216 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys

13:23:17.0400 5216 vhdmp - ok

13:23:17.0467 5216 VIAHdAudAddService (dfdf7f9caa50ee72a633ea4bbd65a557) C:\Windows\system32\drivers\viahduaa.sys

13:23:17.0531 5216 VIAHdAudAddService - ok

13:23:17.0544 5216 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys

13:23:17.0549 5216 viaide - ok

13:23:17.0564 5216 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys

13:23:17.0570 5216 volmgr - ok

13:23:17.0587 5216 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys

13:23:17.0597 5216 volmgrx - ok

13:23:17.0618 5216 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys

13:23:17.0627 5216 volsnap - ok

13:23:17.0652 5216 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys

13:23:17.0659 5216 vsmraid - ok

13:23:17.0679 5216 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys

13:23:17.0687 5216 vwifibus - ok

13:23:17.0707 5216 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys

13:23:17.0714 5216 WacomPen - ok

13:23:17.0743 5216 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys

13:23:17.0791 5216 WANARP - ok

13:23:17.0804 5216 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys

13:23:17.0826 5216 Wanarpv6 - ok

13:23:17.0851 5216 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys

13:23:17.0856 5216 Wd - ok

13:23:17.0883 5216 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys

13:23:17.0926 5216 Wdf01000 - ok

13:23:17.0952 5216 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys

13:23:17.0980 5216 WfpLwf - ok

13:23:17.0992 5216 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys

13:23:17.0997 5216 WIMMount - ok

13:23:18.0057 5216 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys

13:23:18.0083 5216 WinUsb - ok

13:23:18.0103 5216 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys

13:23:18.0124 5216 WmiAcpi - ok

13:23:18.0152 5216 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys

13:23:18.0191 5216 ws2ifsl - ok

13:23:18.0208 5216 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys

13:23:18.0242 5216 WudfPf - ok

13:23:18.0266 5216 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys

13:23:18.0325 5216 WUDFRd - ok

13:23:18.0382 5216 WUSB54GCv3 (c088056dfba2b3a6955ea596ee5cc507) C:\Windows\system32\DRIVERS\WUSB54GCv3.sys

13:23:18.0436 5216 WUSB54GCv3 - ok

13:23:18.0461 5216 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0

13:23:18.0537 5216 \Device\Harddisk0\DR0 - ok

13:23:18.0540 5216 Boot (0x1200) (f2c70f033519c4c1cea268cbe6ba462a) \Device\Harddisk0\DR0\Partition0

13:23:18.0540 5216 \Device\Harddisk0\DR0\Partition0 - ok

13:23:18.0573 5216 Boot (0x1200) (77e1c8ecd6f775b54f9e6884914395be) \Device\Harddisk0\DR0\Partition1

13:23:18.0574 5216 \Device\Harddisk0\DR0\Partition1 - ok

13:23:18.0575 5216 ============================================================

13:23:18.0575 5216 Scan finished

13:23:18.0575 5216 ============================================================

13:23:18.0588 2828 Detected object count: 1

13:23:18.0588 2828 Actual detected object count: 1

13:23:56.0206 2828 sptd ( LockedFile.Multi.Generic ) - skipped by user

13:23:56.0207 2828 sptd ( LockedFile.Multi.Generic ) - User select action: Skip

13:24:34.0807 0804 Deinitialize success

Link to post
Share on other sites

Yes copy and paste the logs.........

Please download Farbar Service Scanner and run it on the computer with the issue.


  • Make sure "Include All Files" option remains checked.
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

MrC

Link to post
Share on other sites

Round one -

Farbar Service Scanner

Ran by Icey (administrator) on 19-12-2011 at 16:59:55

Microsoft Windows 7 Home Premium (X64)

********************************************************

Service Check:

==============

File Check:

===========

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\System32\rpcss.dll

[2009-07-13 16:00] - [2009-07-13 17:41] - 0509440 ____A (Microsoft Corporation)

C:\Windows\System32\nsisvc.dll => MD5 is legit

C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit

C:\Windows\System32\dhcpcore.dll => MD5 is legit

C:\Windows\System32\drivers\afd.sys

[2009-07-13 15:21] - [2009-07-13 15:21] - 0500224 ____A (Microsoft Corporation) B9384E03479D2506BC924C16A3DB87BC

C:\Windows\System32\drivers\tdx.sys => MD5 is legit

C:\Windows\System32\Drivers\tcpip.sys

[2010-08-11 02:50] - [2010-06-13 22:37] - 1896832 ____A (Microsoft Corporation) 90A2D722CF64D911879D6C4A4F802A4D

C:\Windows\System32\dnsrslvr.dll

[2009-07-13 15:21] - [2009-07-13 17:40] - 0182272 ____A (Microsoft Corporation) 676108C4E3AA6F6B34633748BD0BEBD9

Connection Status:

==================

Localhost is accessible.

LAN connected.

Google IP is accessible.

Yahoo IP is accessible.

**** End of log ****

Link to post
Share on other sites

Delete your copy of ComboFix and download a fresh one and run it as outlined:

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Make sure you run ComboFix from your desktop.

Please include the C:\ComboFix.txt in your next reply for further review.

MrC

Link to post
Share on other sites

It rebooted my system, SpyBot came up with the registry defender and had a bunch of prompts for allowing the deletion of startup values such as taskmgr, I denied them all because I figure that's safer, but I'm not sure if that's something combofix was trying to do that ended up not happening now. Something that may or may not matter, can't hurt to write it I guess.

Anyway, log

ComboFix 11-12-19.03 - Icey 12/19/2011 17:18:08.2.6 - x64

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4094.2960 [GMT -8:00]

Running from: c:\users\Icey\Desktop\ComboFix.exe

SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\windows\system32\consrv.dll

c:\windows\System64

.

.

((((((((((((((((((((((((( Files Created from 2011-11-20 to 2011-12-20 )))))))))))))))))))))))))))))))

.

.

2011-12-20 01:21 . 2011-12-20 01:21 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-12-19 08:37 . 2011-12-19 08:37 -------- d-----w- c:\users\Icey\AppData\Roaming\NVIDIA

2011-12-18 06:21 . 2011-12-18 06:21 -------- d-----w- c:\users\Icey\AppData\Roaming\PC Cleaners

2011-12-18 06:21 . 2011-12-18 06:20 5122320 ----a-w- c:\windows\uninst.exe

2011-12-12 23:28 . 2011-12-12 23:28 -------- d-----w- c:\programdata\Astroburn Lite

2011-12-12 23:28 . 2011-12-12 23:28 -------- d-----w- c:\program files (x86)\Astroburn Lite

2011-12-11 21:48 . 2011-12-19 08:10 6188 ----a-w- c:\windows\system32\PerfStringBackup.TMP

2011-12-11 09:33 . 2011-12-11 09:33 -------- d-----w- c:\users\Icey\AppData\Local\WindowTools

2011-12-11 05:14 . 2011-12-11 05:14 -------- d-----w- c:\users\Icey\AppData\Roaming\Malwarebytes

2011-12-11 05:13 . 2011-12-11 05:13 -------- d-----w- c:\programdata\Malwarebytes

2011-12-11 05:13 . 2011-12-11 05:13 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2011-12-11 05:13 . 2011-09-01 01:00 25416 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-12-09 11:52 . 2011-12-19 11:59 -------- d-----w- c:\program files (x86)\Common Files\Steam

2011-12-09 11:52 . 2011-12-19 21:34 -------- d-----w- c:\program files (x86)\Steam

2011-12-06 01:41 . 2011-12-06 01:41 -------- d-----w- c:\windows\Sun

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-12-19 08:25 . 2011-07-17 06:29 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2011-11-06 05:27 . 2009-07-13 23:56 419840 ----a-w- c:\windows\system32\systemcpl.dll

2011-11-06 05:27 . 2009-07-13 23:52 14848 ----a-w- c:\windows\system32\slwga.dll

2011-11-06 05:27 . 2009-07-13 23:36 13824 ----a-w- c:\windows\SysWow64\slwga.dll

2011-11-06 05:27 . 2009-07-13 23:38 1008640 ----a-w- c:\windows\system32\user32.dll

2011-11-06 05:27 . 2009-07-13 23:24 833024 ----a-w- c:\windows\SysWow64\user32.dll

2011-09-27 05:17 . 2011-09-23 19:26 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll

2011-09-27 05:17 . 2011-09-23 19:26 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll

2011-09-27 05:17 . 2011-09-23 19:26 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll

2011-09-27 05:17 . 2011-09-27 05:17 539968 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll

2011-09-24 16:36 . 2011-09-24 16:36 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll

2011-09-24 16:36 . 2011-09-24 16:36 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll

2011-09-24 16:36 . 2011-09-24 16:36 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll

2011-09-23 19:26 . 2011-09-23 19:26 539968 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll

.

.

------- Sigcheck -------

Note: Unsigned files aren't necessarily malware.

.

[7] 2009-07-14 . 72D7B3EA16946E8F0CF7458150031CC6 . 1008640 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll

[-] 2011-11-06 . 2C353B6CE0C8D03225CAA2AF33B68D79 . 1008640 . . [6.1.7600.16385] .. c:\windows\system32\user32.dll

.

[-] 2011-11-06 . 861C4346F9281DC0380DE72C8D55D6BE . 833024 . . [6.1.7600.16385] .. c:\windows\SysWOW64\user32.dll

[7] 2009-07-14 . E8B0FFC209E504CB7E79FC24E6C085F0 . 833024 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"NUSB3MON"="c:\program files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-01-22 106496]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-09-01 449608]

"Malwarebytes' Anti-Malware (reboot)"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbam.exe" [2011-09-01 1047208]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux1"=wdmaud.drv

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R3 WUSB54GCv3;Compact Wireless-G USB Network Adapter;c:\windows\system32\DRIVERS\WUSB54GCv3.sys [x]

R4 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]

R4 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2010-06-21 79360]

R4 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-05-26 79360]

R4 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-04-03 240232]

S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-09-01 366152]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]

S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

S3 t3;Sound Blaster X-Fi Xtreme Audio;c:\windows\system32\drivers\t3.sys [x]

S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]

S3 VaneFltr;Lachesis Mouse Driver;c:\windows\system32\drivers\Lachesis.sys [x]

S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [x]

.

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

Hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

Akamai REG_MULTI_SZ Akamai

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"combofix"="c:\combofix\CF29091.3XE" [2009-07-14 344576]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.google.com/

mLocal Page = c:\windows\SYSTEM32\blank.htm

IE: E&xport to Microsoft Excel

TCP: DhcpNameServer = 192.168.1.1

TCP: Interfaces\{71E6D7DF-A180-4445-B988-9B6615FC6F00}: DhcpNameServer = 192.168.1.1

FF - ProfilePath - c:\users\Icey\AppData\Roaming\Mozilla\Firefox\Profiles\lhdc1s61.default\

FF - prefs.js: network.proxy.type - 0

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

Toolbar-{EFEED92A-A33D-4873-BA8F-32BAA631E54D} - c:\program files (x86)\Astroburn Toolbar\ABToolbar64.dll

WebBrowser-{EFEED92A-A33D-4873-BA8F-32BAA631E54D} - c:\program files (x86)\Astroburn Toolbar\ABToolbar64.dll

AddRemove-Fraps - c:\fraps\uninstall.exe

.

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]

"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_d768ebc.dll"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10u_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10u_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

c:\fraps\fraps.exe

c:\windows\DAODx.exe

.

**************************************************************************

.

Completion time: 2011-12-19 17:27:13 - machine was rebooted

ComboFix-quarantined-files.txt 2011-12-20 01:27

ComboFix2.txt 2011-12-11 22:39

.

Pre-Run: 96,685,035,520 bytes free

Post-Run: 96,774,393,856 bytes free

.

- - End Of File - - 40A83B55600B73715A4246962F46C100

Link to post
Share on other sites

Updated and quick scan, no finds.

Log

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org

Database version: 8400

Windows 6.1.7600

Internet Explorer 8.0.7600.16385

12/19/2011 5:57:03 PM

mbam-log-2011-12-19 (17-57-03).txt

Scan type: Quick scan

Objects scanned: 173142

Time elapsed: 1 minute(s), 19 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

ping.exe hasn't started since combofix restarted the system. I'll report back if I'm still getting popups/redirects I guess? When I ran combofix about a week ago, it seemed to fix the ping.exe issue, but I was still having browser problems, and then the ping.exe issue came back which is why I came here. I wouldn't complain if it was done with =)

Link to post
Share on other sites

OK

Please uninstall ComboFix:

Click on the Start button and then in the Search field enter combofix /uninstall

Please note that there is a space between combofix and /uninstall.

Once you have typed this in, press Enter on your Keyboard.

A Open File security warning will appear asking if you are sure you want to run ComboFix. Please click on the Run button to start the program.

ComboFix will now uninstall itself from your computer and remove any backups and quarantined files.

When it has finished you will be greeted by a dialog box stating that ComboFix has been uninstalled.

You can now delete the ComboFix.exe program from your computer.

ComboFix has now been uninstalled from your Windows Vista or Windows 7 computer.

--------------------

Please download OTL from one of the links below:

http://oldtimer.geekstogo.com/OTL.exe

http://oldtimer.geekstogo.com/OTL.com

Save it to your desktop.

Run OTL and hit the CleanUp button. (This will cleanup the tools and logs used including itself)

-----------

Any questions...please post back.

Take a look at My Preventive Maintenance to avoid being infected again.

Good Luck and Thanks for using the forum, MrC

Have a Good Holiday and New Year!

Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.