Jump to content

\Windows\svchost.exe (Trojan.Agent) infection


AsifH

Recommended Posts

I am getting a \Windows\svchost.exe (Trojan.Agent) error. When I reboot when prompted by Malwarebytes scan (I did a quick scan), the infection is still present. When I start up my PC normally, there are a lot of IP addresses being blocked. I am running Windows 7 Home OS. I will appreciate help in removing this infection.

Content of my mbam-log:

Malwarebytes Anti-Malware 1.60.0.1800

www.malwarebytes.org

Database version: v2012.01.11.03

Windows 7 Service Pack 1 x64 NTFS (Safe Mode/Networking)

Internet Explorer 8.0.7601.17514

Azam :: AZAM-PC [administrator]

1/15/2012 6:45:04 PM

mbam-log-2012-01-15 (18-45-04).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 202637

Time elapsed: 4 minute(s), 26 second(s)

Memory Processes Detected: 1

C:\Windows\svchost.exe (Trojan.Agent) -> 1476 -> Delete on reboot.

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 1

C:\Windows\svchost.exe (Trojan.Agent) -> Delete on reboot.

(end)

I also ran DDS, contents of the resulting text file as pasted below:

.

DDS (Ver_2011-08-26.01) - NTFSAMD64 MINIMAL

Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_30

Run by Azam at 19:41:34 on 2012-01-15

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3895.2701 [GMT -5:00]

.

AV: Trend Micro OfficeScan Antivirus *Enabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902}

AV: Norton AntiVirus *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

SP: Trend Micro OfficeScan Anti-spyware *Enabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Norton AntiVirus *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

.

============== Running Processes ===============

.

C:\windows\system32\wininit.exe

C:\windows\system32\lsm.exe

C:\windows\system32\svchost.exe -k DcomLaunch

C:\windows\system32\svchost.exe -k RPCSS

C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\windows\system32\svchost.exe -k netsvcs

C:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted

C:\windows\system32\svchost.exe -k NetworkService

C:\windows\Explorer.EXE

C:\windows\system32\ctfmon.exe

-netsvcs

C:\windows\system32\conhost.exe

C:\windows\SysWOW64\cmd.exe

C:\windows\system32\conhost.exe

C:\windows\SysWOW64\cscript.exe

C:\windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = about:blank

mStart Page = about:blank

uInternet Settings,ProxyOverride = *.local

uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll

mWinlogon: Userinit=userinit.exe,

BHO: IEPlugin Class: {11222041-111b-46e3-bd29-efb2449479b1} - C:\PROGRA~2\ArcSoft\MEDIAC~1\INTERN~1\ARCURL~1.DLL

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton AntiVirus\Engine\18.6.0.29\IPS\IPSBHO.DLL

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL

BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"

BHO: FrostWire Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll

TB: FrostWire Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll

TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"

TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File

mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m

mRun: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"

mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2

mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"

mRun: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter

mRun: [OfficeScanNT Monitor] "C:\Program Files (x86)\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow

mRun: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

mRun: [<NO NAME>]

mRun: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"

mRunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe

StartupFolder: C:\Users\Azam\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files (x86)\Dell\DellDock\DellDock.exe

StartupFolder: C:\Users\Azam\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\PHILIP~1.LNK - C:\Philips\GoGear VIBE Device Manager\GoGear_Vibe_DeviceManager.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - C:\PROGRA~2\MIF5BA~1\Office14\ONBttnIE.dll/105

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

Trusted Zone: real.com\rhap-app-4-0

Trusted Zone: real.com\rhapreg

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab

TCP: DhcpNameServer = 24.229.54.212 207.44.96.129 24.229.54.220

TCP: Interfaces\{6B8A54B5-F9AC-4EA4-93C4-7EAFB8D20B3A} : DhcpNameServer = 10.90.100.15 10.90.100.5

TCP: Interfaces\{92E22BC8-D9C1-4759-9F27-E6D6A66375A1} : DhcpNameServer = 24.229.54.212 207.44.96.129 24.229.54.220

TCP: Interfaces\{92E22BC8-D9C1-4759-9F27-E6D6A66375A1}\255575962756C6563737 : DhcpNameServer = 128.6.224.114 128.6.216.19

TCP: Interfaces\{92E22BC8-D9C1-4759-9F27-E6D6A66375A1}\255575962756C6563737F5355636572756 : DhcpNameServer = 128.6.224.114 128.6.216.19

TCP: Interfaces\{92E22BC8-D9C1-4759-9F27-E6D6A66375A1}\54E2024557E6B6 : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{92E22BC8-D9C1-4759-9F27-E6D6A66375A1}\C496E6B6379737 : DhcpNameServer = 165.230.139.226 165.230.145.19

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL

Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - C:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll

BHO-X64: IEPlugin Class: {11222041-111B-46E3-BD29-EFB2449479B1} - C:\PROGRA~2\ArcSoft\MEDIAC~1\INTERN~1\ARCURL~1.DLL

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO-X64: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton AntiVirus\Engine\18.6.0.29\IPS\IPSBHO.DLL

BHO-X64: Symantec Intrusion Prevention - No File

BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Search Toolbar: {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll

BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL

BHO-X64: URLRedirectionBHO - No File

BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"

BHO-X64: FrostWire Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll

BHO-X64: Ask Toolbar BHO - No File

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB-X64: Search Toolbar: {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll

TB-X64: FrostWire Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll

TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"

TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File

mRun-x64: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun-x64: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m

mRun-x64: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"

mRun-x64: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2

mRun-x64: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"

mRun-x64: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter

mRun-x64: [OfficeScanNT Monitor] "C:\Program Files (x86)\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow

mRun-x64: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

mRun-x64: [(Default)]

mRun-x64: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"

mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRunOnce-x64: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"

mRunOnce-x64: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe

Hosts: 127.0.0.1 www.spywareinfo.com

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Azam\AppData\Roaming\Mozilla\Firefox\Profiles\bcif6g26.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/?ilc=1

FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=FWV5&o=14193&locale=en_US&apn_uid=0594D9E9-0D05-4927-85FC-E8E1C1575E58&apn_ptnrs=FM&apn_sauid=5D68A304-EEF2-48D5-801E-90BDBF502B8C&apn_dtid=TES002YYUS&q=

FF - prefs.js: network.proxy.type - 0

FF - component: C:\Program Files (x86)\ArcSoft\Media Converter for Philips\Internet Video Downloader\Plugin_FireFox\components\nsURLRecordEx.dll

FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL

FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\CambridgeSoft\ChemOffice2010\ChemDrawMGH\NPCDPMGH32.DLL

FF - plugin: C:\Program Files (x86)\Common Files\Wolfram Research\Browser\8.0.1.2077975\npmathplugin.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\nptgeqplugin.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll

.

============= SERVICES / DRIVERS ===============

.

R0 PxHlpa64;PxHlpa64;C:\windows\system32\Drivers\PxHlpa64.sys --> C:\windows\system32\Drivers\PxHlpa64.sys [?]

R0 SymDS;Symantec Data Store;C:\windows\system32\drivers\NAVx64\1206000.01D\SYMDS64.SYS --> C:\windows\system32\drivers\NAVx64\1206000.01D\SYMDS64.SYS [?]

R0 SymEFA;Symantec Extended File Attributes;C:\windows\system32\drivers\NAVx64\1206000.01D\SYMEFA64.SYS --> C:\windows\system32\drivers\NAVx64\1206000.01D\SYMEFA64.SYS [?]

R3 HECIx64;Intel® Management Engine Interface;C:\windows\system32\DRIVERS\HECIx64.sys --> C:\windows\system32\DRIVERS\HECIx64.sys [?]

S1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.6.0.29\Definitions\BASHDefs\20111223.001\BHDrvx64.sys [2011-11-30 1157240]

S1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.6.0.29\Definitions\IPSDefs\20120111.003\IDSviA64.sys [2012-1-12 488568]

S1 SymIRON;Symantec Iron Driver;C:\windows\system32\drivers\NAVx64\1206000.01D\Ironx64.SYS --> C:\windows\system32\drivers\NAVx64\1206000.01D\Ironx64.SYS [?]

S1 SymNetS;Symantec Network Security WFP Driver;C:\windows\system32\drivers\NAVx64\1206000.01D\SYMNETS.SYS --> C:\windows\system32\drivers\NAVx64\1206000.01D\SYMNETS.SYS [?]

S1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]

S2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_58afa5ca50c7b5e7\AESTSr64.exe [2010-7-14 89600]

S2 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-10-21 196176]

S2 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-10-13 249648]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648]

S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-7-14 13336]

S2 MotoConnect Service;MotoConnect Service;C:\Program Files (x86)\Motorola\MotoConnectService\MotoConnectService.exe [2011-7-9 91456]

S2 NAV;Norton AntiVirus;C:\Program Files (x86)\Norton AntiVirus\Engine\18.6.0.29\ccSvcHst.exe [2011-6-10 130008]

S2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2010-7-14 658656]

S2 TmFilter;Trend Micro Filter;C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmXPFlt.sys [2010-10-9 342288]

S2 TmPreFilter;Trend Micro PreFilter;C:\Program Files (x86)\Trend Micro\OfficeScan Client\tmpreflt.sys [2010-10-9 42768]

S2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-7-14 2320920]

S3 BcmVWL;Broadcom Virtual Wireless;C:\windows\system32\DRIVERS\bcmvwl64.sys --> C:\windows\system32\DRIVERS\bcmvwl64.sys [?]

S3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\windows\system32\DRIVERS\CtClsFlt.sys --> C:\windows\system32\DRIVERS\CtClsFlt.sys [?]

S3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-11-9 138360]

S3 Impcd;Impcd;C:\windows\system32\DRIVERS\Impcd.sys --> C:\windows\system32\DRIVERS\Impcd.sys [?]

S3 IntcDAud;Intel® Display Audio;C:\windows\system32\DRIVERS\IntcDAud.sys --> C:\windows\system32\DRIVERS\IntcDAud.sys [?]

S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]

S3 RTL8167;Realtek 8167 NT Driver;C:\windows\system32\DRIVERS\Rt64win7.sys --> C:\windows\system32\DRIVERS\Rt64win7.sys [?]

S3 TmProxy;OfficeScan NT Proxy Service;C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmProxy.exe [2010-10-9 917768]

S3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys --> C:\windows\system32\drivers\tsusbflt.sys [?]

S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\system32\Drivers\usbaapl64.sys --> C:\windows\system32\Drivers\usbaapl64.sys [?]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\windows\system32\DRIVERS\vwifimp.sys --> C:\windows\system32\DRIVERS\vwifimp.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?]

S3 WSDPrintDevice;WSD Print Support via UMB;C:\windows\system32\DRIVERS\WSDPrint.sys --> C:\windows\system32\DRIVERS\WSDPrint.sys [?]

S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\windows\system32\DRIVERS\yk62x64.sys --> C:\windows\system32\DRIVERS\yk62x64.sys [?]

.

=============== Created Last 30 ================

.

2012-01-15 23:52:06 20480 ----a-w- C:\windows\svchost.exe

2012-01-15 22:53:39 -------- d-----w- C:\Users\Azam\AppData\Roaming\Tific

2012-01-15 22:53:36 -------- d-----w- C:\Users\Azam\AppData\Local\Symantec

2012-01-13 06:20:49 -------- d-----w- C:\Program Files\SUPERAntiSpyware

2012-01-13 04:25:49 -------- d--h--w- C:\$AVG

2012-01-13 03:57:06 -------- d-----w- C:\Users\Azam\AppData\Roaming\AVG2012

2012-01-13 03:55:46 -------- d-----w- C:\ProgramData\AVG2012

2012-01-13 01:30:46 -------- d-----w- C:\Program Files\AVAST Software

2012-01-11 04:51:19 8192 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\A290.tmp

2012-01-11 04:51:19 8192 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\A28F.tmp

2012-01-10 21:57:25 1572864 ----a-w- C:\windows\System32\quartz.dll

2012-01-10 21:57:25 1328128 ----a-w- C:\windows\SysWow64\quartz.dll

2012-01-10 21:57:24 514560 ----a-w- C:\windows\SysWow64\qdvd.dll

2012-01-10 21:57:24 366592 ----a-w- C:\windows\System32\qdvd.dll

2012-01-10 21:57:20 1731920 ----a-w- C:\windows\System32\ntdll.dll

2012-01-10 21:57:20 1292080 ----a-w- C:\windows\SysWow64\ntdll.dll

2012-01-10 21:57:19 77312 ----a-w- C:\windows\System32\packager.dll

2012-01-10 21:57:19 67072 ----a-w- C:\windows\SysWow64\packager.dll

2011-12-30 20:05:24 626688 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcr80.dll

2011-12-30 20:05:24 548864 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcp80.dll

2011-12-30 20:05:24 479232 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcm80.dll

2011-12-30 20:05:24 43992 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozutils.dll

.

==================== Find3M ====================

.

2011-12-10 20:24:08 23152 ----a-w- C:\windows\System32\drivers\mbam.sys

2011-11-24 04:52:09 3145216 ----a-w- C:\windows\System32\win32k.sys

2011-11-10 10:54:13 472808 ----a-w- C:\windows\SysWow64\deployJava1.dll

2011-11-05 05:41:43 1188864 ----a-w- C:\windows\System32\wininet.dll

2011-11-05 05:32:50 2048 ----a-w- C:\windows\System32\tzres.dll

2011-11-05 04:35:00 981504 ----a-w- C:\windows\SysWow64\wininet.dll

2011-11-05 04:26:03 2048 ----a-w- C:\windows\SysWow64\tzres.dll

2011-11-05 03:32:47 1638912 ----a-w- C:\windows\System32\mshtml.tlb

2011-11-05 02:48:51 1638912 ----a-w- C:\windows\SysWow64\mshtml.tlb

2011-10-26 05:21:20 43520 ----a-w- C:\windows\System32\csrsrv.dll

.

============= FINISH: 19:43:36.95 ===============

Thanks for any help.

Link to post
Share on other sites

I know I'm not supposed to run anything without supervision, but there seem to a few people who have reported a similar issue. I went ahead and ran the suggested clean up steps as under. Can you confirm whether my malware infection has been corrected. I ran all of these diagnostics and correction programs while booted in Safe Mode with Networking. All browsers were closed prior to running AFT Cleaner. Also for ATF Cleaner, I selected All for Main and and FireFox although I elected to keep my passwords for Firefox.

I then ran GooredFix.exe which produced the following text file. Note, I did not reboot after running ATF Cleaner and before running GooredFix.exe:

GooredFix by jpshortstuff (03.07.10.1)

Log created at 21:44 on 15/01/2012 (Azam)

Firefox version 9.0.1 (en-US)

========== GooredScan ==========

========== GooredLog ==========

C:\Program Files (x86)\Mozilla Firefox\extensions\

{972ce4c6-7e08-4474-a285-3208198ce6fd} [03:07 11/06/2011]

{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} [08:15 12/01/2012]

C:\Users\Azam\Application Data\Mozilla\Firefox\Profiles\bcif6g26.default\extensions\

searchtoolbar@zugo.com [03:21 26/09/2010]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]

"{B728AB94-9BC7-49b7-B76A-422BB31B2FD0}"="C:\Program Files (x86)\ArcSoft\Media Converter for Philips\Internet Video Downloader\Plugin_FireFox" [21:40 14/11/2010]

"{BBDA0591-3099-440a-AA10-41764D9DB4DB}"="C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.6.0.29\IPSFFPlgn\" [23:42 10/06/2011]

-=E.O.F=-

I then ran TDSSKiller.exe. It found 1 critical (Rootkit.Boot.Pihar.b) and 1 medium (\Device\Harddisk0\DR0 ( TDSS File System ) threat. For the Rootkit critical threat, I selected Cure. For the TDSS File System warning, I selected Skip. I am not sure whether this was the correct choice.

TDSSKiller log:

21:46:41.0786 2692 TDSS rootkit removing tool 2.7.1.0 Jan 13 2012 15:24:05

21:46:42.0083 2692 ============================================================

21:46:42.0083 2692 Current date / time: 2012/01/15 21:46:42.0083

21:46:42.0083 2692 SystemInfo:

21:46:42.0083 2692

21:46:42.0083 2692 OS Version: 6.1.7601 ServicePack: 1.0

21:46:42.0083 2692 Product type: Workstation

21:46:42.0083 2692 ComputerName: AZAM-PC

21:46:42.0083 2692 UserName: Azam

21:46:42.0083 2692 Windows directory: C:\windows

21:46:42.0083 2692 System windows directory: C:\windows

21:46:42.0083 2692 Running under WOW64

21:46:42.0083 2692 Processor architecture: Intel x64

21:46:42.0083 2692 Number of processors: 4

21:46:42.0083 2692 Page size: 0x1000

21:46:42.0083 2692 Boot type: Safe boot with network

21:46:42.0083 2692 ============================================================

21:46:42.0473 2692 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000, SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K', Flags 0x00000040

21:46:42.0520 2692 Initialize success

21:47:02.0425 2712 ============================================================

21:47:02.0425 2712 Scan started

21:47:02.0425 2712 Mode: Manual; SigCheck; TDLFS;

21:47:02.0425 2712 ============================================================

21:47:02.0768 2712 1394ohci (a87d604aea360176311474c87a63bb88) C:\windows\system32\drivers\1394ohci.sys

21:47:02.0862 2712 1394ohci - ok

21:47:03.0018 2712 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\windows\system32\drivers\ACPI.sys

21:47:03.0034 2712 ACPI - ok

21:47:03.0143 2712 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\windows\system32\drivers\acpipmi.sys

21:47:03.0205 2712 AcpiPmi - ok

21:47:03.0330 2712 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\DRIVERS\adp94xx.sys

21:47:03.0361 2712 adp94xx - ok

21:47:03.0486 2712 adpahci (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\DRIVERS\adpahci.sys

21:47:03.0502 2712 adpahci - ok

21:47:03.0611 2712 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\DRIVERS\adpu320.sys

21:47:03.0626 2712 adpu320 - ok

21:47:03.0767 2712 AFD (d5b031c308a409a0a576bff4cf083d30) C:\windows\system32\drivers\afd.sys

21:47:03.0829 2712 AFD - ok

21:47:03.0954 2712 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\drivers\agp440.sys

21:47:03.0954 2712 agp440 - ok

21:47:04.0079 2712 aliide (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\drivers\aliide.sys

21:47:04.0079 2712 aliide - ok

21:47:04.0204 2712 amdide (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\drivers\amdide.sys

21:47:04.0219 2712 amdide - ok

21:47:04.0328 2712 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\DRIVERS\amdk8.sys

21:47:04.0375 2712 AmdK8 - ok

21:47:04.0469 2712 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\DRIVERS\amdppm.sys

21:47:04.0500 2712 AmdPPM - ok

21:47:04.0640 2712 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\windows\system32\drivers\amdsata.sys

21:47:04.0640 2712 amdsata - ok

21:47:04.0750 2712 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\DRIVERS\amdsbs.sys

21:47:04.0750 2712 amdsbs - ok

21:47:04.0859 2712 amdxata (540daf1cea6094886d72126fd7c33048) C:\windows\system32\drivers\amdxata.sys

21:47:04.0859 2712 amdxata - ok

21:47:04.0968 2712 AppID (89a69c3f2f319b43379399547526d952) C:\windows\system32\drivers\appid.sys

21:47:05.0108 2712 AppID - ok

21:47:05.0264 2712 arc (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\DRIVERS\arc.sys

21:47:05.0280 2712 arc - ok

21:47:05.0405 2712 arcsas (019af6924aefe7839f61c830227fe79c) C:\windows\system32\DRIVERS\arcsas.sys

21:47:05.0405 2712 arcsas - ok

21:47:05.0514 2712 AsyncMac (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys

21:47:05.0623 2712 AsyncMac - ok

21:47:05.0717 2712 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\drivers\atapi.sys

21:47:05.0732 2712 atapi - ok

21:47:05.0857 2712 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\windows\system32\DRIVERS\bxvbda.sys

21:47:05.0920 2712 b06bdrv - ok

21:47:06.0029 2712 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys

21:47:06.0060 2712 b57nd60a - ok

21:47:06.0216 2712 BCM42RLY (ac4e2d84de54cd3a013aeff0cc56095c) C:\windows\system32\drivers\BCM42RLY.sys

21:47:06.0232 2712 BCM42RLY - ok

21:47:06.0372 2712 BCM43XX (8b5d16d20774fc3727f44e161be2c0ac) C:\windows\system32\DRIVERS\bcmwl664.sys

21:47:06.0434 2712 BCM43XX - ok

21:47:06.0559 2712 BcmVWL (d224b2e6bb543f1d8f1177d57fec2950) C:\windows\system32\DRIVERS\bcmvwl64.sys

21:47:06.0559 2712 BcmVWL - ok

21:47:06.0684 2712 Beep (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys

21:47:06.0746 2712 Beep - ok

21:47:07.0027 2712 BHDrvx64 (1d757a7e020c577c4259a755f21b7152) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.6.0.29\Definitions\BASHDefs\20111223.001\BHDrvx64.sys

21:47:07.0152 2712 BHDrvx64 - ok

21:47:07.0292 2712 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\DRIVERS\blbdrive.sys

21:47:07.0324 2712 blbdrive - ok

21:47:07.0495 2712 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\windows\system32\DRIVERS\bowser.sys

21:47:07.0542 2712 bowser - ok

21:47:07.0651 2712 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\DRIVERS\BrFiltLo.sys

21:47:07.0698 2712 BrFiltLo - ok

21:47:07.0792 2712 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\DRIVERS\BrFiltUp.sys

21:47:07.0807 2712 BrFiltUp - ok

21:47:07.0901 2712 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\System32\Drivers\Brserid.sys

21:47:07.0948 2712 Brserid - ok

21:47:08.0041 2712 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys

21:47:08.0072 2712 BrSerWdm - ok

21:47:08.0182 2712 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys

21:47:08.0213 2712 BrUsbMdm - ok

21:47:08.0291 2712 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\windows\System32\Drivers\BrUsbSer.sys

21:47:08.0306 2712 BrUsbSer - ok

21:47:08.0431 2712 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\DRIVERS\bthmodem.sys

21:47:08.0447 2712 BTHMODEM - ok

21:47:08.0587 2712 cdfs (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys

21:47:08.0634 2712 cdfs - ok

21:47:08.0743 2712 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\windows\system32\DRIVERS\cdrom.sys

21:47:08.0790 2712 cdrom - ok

21:47:08.0899 2712 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\DRIVERS\circlass.sys

21:47:08.0946 2712 circlass - ok

21:47:09.0086 2712 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys

21:47:09.0118 2712 CLFS - ok

21:47:09.0274 2712 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\DRIVERS\CmBatt.sys

21:47:09.0305 2712 CmBatt - ok

21:47:09.0383 2712 cmdide (e19d3f095812725d88f9001985b94edd) C:\windows\system32\drivers\cmdide.sys

21:47:09.0383 2712 cmdide - ok

21:47:09.0508 2712 CNG (d5fea92400f12412b3922087c09da6a5) C:\windows\system32\Drivers\cng.sys

21:47:09.0539 2712 CNG - ok

21:47:09.0664 2712 Compbatt (102de219c3f61415f964c88e9085ad14) C:\windows\system32\DRIVERS\compbatt.sys

21:47:09.0679 2712 Compbatt - ok

21:47:09.0788 2712 CompositeBus (03edb043586cceba243d689bdda370a8) C:\windows\system32\drivers\CompositeBus.sys

21:47:09.0820 2712 CompositeBus - ok

21:47:09.0913 2712 crcdisk (1c827878a998c18847245fe1f34ee597) C:\windows\system32\DRIVERS\crcdisk.sys

21:47:09.0913 2712 crcdisk - ok

21:47:10.0038 2712 CtClsFlt (ed5cf92396a62f4c15110dcdb5e854d9) C:\windows\system32\DRIVERS\CtClsFlt.sys

21:47:10.0085 2712 CtClsFlt - ok

21:47:10.0225 2712 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\windows\system32\Drivers\dfsc.sys

21:47:10.0272 2712 DfsC - ok

21:47:10.0366 2712 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys

21:47:10.0412 2712 discache - ok

21:47:10.0522 2712 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\DRIVERS\disk.sys

21:47:10.0522 2712 Disk - ok

21:47:10.0662 2712 drmkaud (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys

21:47:10.0693 2712 drmkaud - ok

21:47:10.0818 2712 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\windows\System32\drivers\dxgkrnl.sys

21:47:10.0849 2712 DXGKrnl - ok

21:47:10.0990 2712 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\DRIVERS\evbda.sys

21:47:11.0083 2712 ebdrv - ok

21:47:11.0239 2712 eeCtrl (5ccf1be80930aeb1cdebf561666325e8) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys

21:47:11.0255 2712 eeCtrl - ok

21:47:11.0380 2712 elxstor (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\DRIVERS\elxstor.sys

21:47:11.0395 2712 elxstor - ok

21:47:11.0551 2712 EraserUtilRebootDrv (7a898e4a744621711be7e7b796c69876) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys

21:47:11.0567 2712 EraserUtilRebootDrv - ok

21:47:11.0645 2712 ErrDev (34a3c54752046e79a126e15c51db409b) C:\windows\system32\drivers\errdev.sys

21:47:11.0676 2712 ErrDev - ok

21:47:11.0801 2712 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys

21:47:11.0848 2712 exfat - ok

21:47:11.0941 2712 fastfat (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys

21:47:11.0988 2712 fastfat - ok

21:47:12.0113 2712 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\DRIVERS\fdc.sys

21:47:12.0144 2712 fdc - ok

21:47:12.0222 2712 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\windows\system32\drivers\fileinfo.sys

21:47:12.0238 2712 FileInfo - ok

21:47:12.0316 2712 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\windows\system32\drivers\filetrace.sys

21:47:12.0378 2712 Filetrace - ok

21:47:12.0472 2712 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\windows\system32\DRIVERS\flpydisk.sys

21:47:12.0487 2712 flpydisk - ok

21:47:12.0565 2712 FltMgr (da6b67270fd9db3697b20fce94950741) C:\windows\system32\drivers\fltmgr.sys

21:47:12.0581 2712 FltMgr - ok

21:47:12.0690 2712 FsDepends (d43703496149971890703b4b1b723eac) C:\windows\system32\drivers\FsDepends.sys

21:47:12.0706 2712 FsDepends - ok

21:47:12.0721 2712 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\windows\system32\drivers\Fs_Rec.sys

21:47:12.0737 2712 Fs_Rec - ok

21:47:12.0846 2712 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\windows\system32\DRIVERS\fvevol.sys

21:47:12.0862 2712 fvevol - ok

21:47:12.0986 2712 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\windows\system32\DRIVERS\gagp30kx.sys

21:47:12.0986 2712 gagp30kx - ok

21:47:13.0096 2712 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\windows\system32\DRIVERS\GEARAspiWDM.sys

21:47:13.0111 2712 GEARAspiWDM - ok

21:47:13.0236 2712 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\windows\system32\drivers\hcw85cir.sys

21:47:13.0267 2712 hcw85cir - ok

21:47:13.0392 2712 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\windows\system32\drivers\HdAudio.sys

21:47:13.0423 2712 HdAudAddService - ok

21:47:13.0548 2712 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\windows\system32\drivers\HDAudBus.sys

21:47:13.0579 2712 HDAudBus - ok

21:47:13.0704 2712 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\windows\system32\DRIVERS\HECIx64.sys

21:47:13.0704 2712 HECIx64 - ok

21:47:13.0782 2712 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\windows\system32\DRIVERS\HidBatt.sys

21:47:13.0813 2712 HidBatt - ok

21:47:13.0891 2712 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\windows\system32\DRIVERS\hidbth.sys

21:47:13.0938 2712 HidBth - ok

21:47:14.0016 2712 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\windows\system32\DRIVERS\hidir.sys

21:47:14.0047 2712 HidIr - ok

21:47:14.0141 2712 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\windows\system32\drivers\hidusb.sys

21:47:14.0172 2712 HidUsb - ok

21:47:14.0281 2712 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\windows\system32\drivers\HpSAMD.sys

21:47:14.0297 2712 HpSAMD - ok

21:47:14.0390 2712 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\windows\system32\drivers\HTTP.sys

21:47:14.0453 2712 HTTP - ok

21:47:14.0546 2712 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\windows\system32\drivers\hwpolicy.sys

21:47:14.0546 2712 hwpolicy - ok

21:47:14.0656 2712 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\windows\system32\drivers\i8042prt.sys

21:47:14.0671 2712 i8042prt - ok

21:47:14.0780 2712 iaStor (42e00996dfc13c46366689c0ea8abc5e) C:\windows\system32\DRIVERS\iaStor.sys

21:47:14.0780 2712 iaStor - ok

21:47:14.0921 2712 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\windows\system32\drivers\iaStorV.sys

21:47:14.0936 2712 iaStorV - ok

21:47:15.0155 2712 IDSVia64 (0b97f1a640ad3d159a7b5d2164c42e50) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.6.0.29\Definitions\IPSDefs\20120111.003\IDSvia64.sys

21:47:15.0217 2712 IDSVia64 - ok

21:47:15.0482 2712 igfx (677aa5991026a65ada128c4b59cf2bad) C:\windows\system32\DRIVERS\igdkmd64.sys

21:47:15.0826 2712 igfx - ok

21:47:15.0935 2712 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\windows\system32\DRIVERS\iirsp.sys

21:47:15.0935 2712 iirsp - ok

21:47:16.0060 2712 Impcd (dd587a55390ed2295bce6d36ad567da9) C:\windows\system32\DRIVERS\Impcd.sys

21:47:16.0106 2712 Impcd - ok

21:47:16.0231 2712 IntcDAud (58cf58dee26c909bd6f977b61d246295) C:\windows\system32\DRIVERS\IntcDAud.sys

21:47:16.0262 2712 IntcDAud - ok

21:47:16.0372 2712 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\windows\system32\drivers\intelide.sys

21:47:16.0372 2712 intelide - ok

21:47:16.0481 2712 intelppm (ada036632c664caa754079041cf1f8c1) C:\windows\system32\DRIVERS\intelppm.sys

21:47:16.0512 2712 intelppm - ok

21:47:16.0621 2712 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\windows\system32\DRIVERS\ipfltdrv.sys

21:47:16.0668 2712 IpFilterDriver - ok

21:47:16.0762 2712 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\windows\system32\drivers\IPMIDrv.sys

21:47:16.0793 2712 IPMIDRV - ok

21:47:16.0902 2712 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\windows\system32\drivers\ipnat.sys

21:47:16.0949 2712 IPNAT - ok

21:47:17.0074 2712 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\windows\system32\drivers\irenum.sys

21:47:17.0120 2712 IRENUM - ok

21:47:17.0214 2712 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\windows\system32\drivers\isapnp.sys

21:47:17.0230 2712 isapnp - ok

21:47:17.0323 2712 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\windows\system32\drivers\msiscsi.sys

21:47:17.0339 2712 iScsiPrt - ok

21:47:17.0464 2712 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\windows\system32\drivers\kbdclass.sys

21:47:17.0464 2712 kbdclass - ok

21:47:17.0573 2712 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\windows\system32\drivers\kbdhid.sys

21:47:17.0604 2712 kbdhid - ok

21:47:17.0698 2712 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\windows\system32\Drivers\ksecdd.sys

21:47:17.0698 2712 KSecDD - ok

21:47:17.0807 2712 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\windows\system32\Drivers\ksecpkg.sys

21:47:17.0822 2712 KSecPkg - ok

21:47:17.0932 2712 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\windows\system32\drivers\ksthunk.sys

21:47:17.0978 2712 ksthunk - ok

21:47:18.0134 2712 lltdio (1538831cf8ad2979a04c423779465827) C:\windows\system32\DRIVERS\lltdio.sys

21:47:18.0181 2712 lltdio - ok

21:47:18.0322 2712 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\windows\system32\DRIVERS\lsi_fc.sys

21:47:18.0337 2712 LSI_FC - ok

21:47:18.0446 2712 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\windows\system32\DRIVERS\lsi_sas.sys

21:47:18.0446 2712 LSI_SAS - ok

21:47:18.0540 2712 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\windows\system32\DRIVERS\lsi_sas2.sys

21:47:18.0556 2712 LSI_SAS2 - ok

21:47:18.0649 2712 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\windows\system32\DRIVERS\lsi_scsi.sys

21:47:18.0665 2712 LSI_SCSI - ok

21:47:18.0790 2712 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys

21:47:18.0836 2712 luafv - ok

21:47:18.0930 2712 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\DRIVERS\megasas.sys

21:47:18.0930 2712 megasas - ok

21:47:19.0024 2712 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\DRIVERS\MegaSR.sys

21:47:19.0039 2712 MegaSR - ok

21:47:19.0133 2712 Modem (800ba92f7010378b09f9ed9270f07137) C:\windows\system32\drivers\modem.sys

21:47:19.0180 2712 Modem - ok

21:47:19.0304 2712 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\windows\system32\DRIVERS\monitor.sys

21:47:19.0336 2712 monitor - ok

21:47:19.0460 2712 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\windows\system32\drivers\mouclass.sys

21:47:19.0460 2712 mouclass - ok

21:47:19.0585 2712 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\windows\system32\DRIVERS\mouhid.sys

21:47:19.0601 2712 mouhid - ok

21:47:19.0710 2712 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\windows\system32\drivers\mountmgr.sys

21:47:19.0726 2712 mountmgr - ok

21:47:19.0819 2712 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\windows\system32\drivers\mpio.sys

21:47:19.0835 2712 mpio - ok

21:47:19.0897 2712 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\windows\system32\drivers\mpsdrv.sys

21:47:19.0944 2712 mpsdrv - ok

21:47:20.0069 2712 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\windows\system32\drivers\mrxdav.sys

21:47:20.0131 2712 MRxDAV - ok

21:47:20.0209 2712 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\windows\system32\DRIVERS\mrxsmb.sys

21:47:20.0256 2712 mrxsmb - ok

21:47:20.0365 2712 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\windows\system32\DRIVERS\mrxsmb10.sys

21:47:20.0381 2712 mrxsmb10 - ok

21:47:20.0459 2712 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\windows\system32\DRIVERS\mrxsmb20.sys

21:47:20.0474 2712 mrxsmb20 - ok

21:47:20.0584 2712 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\windows\system32\drivers\msahci.sys

21:47:20.0584 2712 msahci - ok

21:47:20.0662 2712 msdsm (db801a638d011b9633829eb6f663c900) C:\windows\system32\drivers\msdsm.sys

21:47:20.0677 2712 msdsm - ok

21:47:20.0802 2712 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\windows\system32\drivers\Msfs.sys

21:47:20.0849 2712 Msfs - ok

21:47:20.0942 2712 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\windows\System32\drivers\mshidkmdf.sys

21:47:20.0989 2712 mshidkmdf - ok

21:47:21.0067 2712 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\windows\system32\drivers\msisadrv.sys

21:47:21.0083 2712 msisadrv - ok

21:47:21.0208 2712 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\windows\system32\drivers\MSKSSRV.sys

21:47:21.0270 2712 MSKSSRV - ok

21:47:21.0364 2712 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\windows\system32\drivers\MSPCLOCK.sys

21:47:21.0410 2712 MSPCLOCK - ok

21:47:21.0520 2712 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\windows\system32\drivers\MSPQM.sys

21:47:21.0582 2712 MSPQM - ok

21:47:21.0660 2712 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\windows\system32\drivers\MsRPC.sys

21:47:21.0676 2712 MsRPC - ok

21:47:21.0769 2712 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\windows\system32\drivers\mssmbios.sys

21:47:21.0769 2712 mssmbios - ok

21:47:21.0894 2712 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\windows\system32\drivers\MSTEE.sys

21:47:21.0941 2712 MSTEE - ok

21:47:22.0034 2712 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\windows\system32\DRIVERS\MTConfig.sys

21:47:22.0050 2712 MTConfig - ok

21:47:22.0144 2712 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\windows\system32\Drivers\mup.sys

21:47:22.0144 2712 Mup - ok

21:47:22.0268 2712 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\windows\system32\DRIVERS\nwifi.sys

21:47:22.0300 2712 NativeWifiP - ok

21:47:22.0456 2712 NAVENG (2dbe90210de76be6e1653bb20ec70ec2) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.6.0.29\Definitions\VirusDefs\20120111.018\ENG64.SYS

21:47:22.0456 2712 NAVENG - ok

21:47:22.0658 2712 NAVEX15 (346da70e203b8e2c850277713de8f71b) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.6.0.29\Definitions\VirusDefs\20120111.018\EX64.SYS

21:47:22.0752 2712 NAVEX15 - ok

21:47:22.0892 2712 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\windows\system32\drivers\ndis.sys

21:47:22.0908 2712 NDIS - ok

21:47:23.0017 2712 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\windows\system32\DRIVERS\ndiscap.sys

21:47:23.0080 2712 NdisCap - ok

21:47:23.0173 2712 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\windows\system32\DRIVERS\ndistapi.sys

21:47:23.0236 2712 NdisTapi - ok

21:47:23.0345 2712 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\windows\system32\DRIVERS\ndisuio.sys

21:47:23.0392 2712 Ndisuio - ok

21:47:23.0470 2712 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\windows\system32\DRIVERS\ndiswan.sys

21:47:23.0532 2712 NdisWan - ok

21:47:23.0626 2712 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\windows\system32\drivers\NDProxy.sys

21:47:23.0672 2712 NDProxy - ok

21:47:23.0766 2712 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\windows\system32\DRIVERS\netbios.sys

21:47:23.0813 2712 NetBIOS - ok

21:47:23.0922 2712 NetBT (09594d1089c523423b32a4229263f068) C:\windows\system32\DRIVERS\netbt.sys

21:47:23.0969 2712 NetBT - ok

21:47:24.0109 2712 nfrd960 (77889813be4d166cdab78ddba990da92) C:\windows\system32\DRIVERS\nfrd960.sys

21:47:24.0109 2712 nfrd960 - ok

21:47:24.0218 2712 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\windows\system32\drivers\Npfs.sys

21:47:24.0265 2712 Npfs - ok

21:47:24.0343 2712 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\windows\system32\drivers\nsiproxy.sys

21:47:24.0406 2712 nsiproxy - ok

21:47:24.0515 2712 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\windows\system32\drivers\Ntfs.sys

21:47:24.0562 2712 Ntfs - ok

21:47:24.0702 2712 Null (9899284589f75fa8724ff3d16aed75c1) C:\windows\system32\drivers\Null.sys

21:47:24.0749 2712 Null - ok

21:47:24.0858 2712 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\windows\system32\drivers\nvraid.sys

21:47:24.0874 2712 nvraid - ok

21:47:24.0967 2712 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\windows\system32\drivers\nvstor.sys

21:47:24.0967 2712 nvstor - ok

21:47:25.0076 2712 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\windows\system32\drivers\nv_agp.sys

21:47:25.0092 2712 nv_agp - ok

21:47:25.0170 2712 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\windows\system32\drivers\ohci1394.sys

21:47:25.0201 2712 ohci1394 - ok

21:47:25.0342 2712 Parport (0086431c29c35be1dbc43f52cc273887) C:\windows\system32\DRIVERS\parport.sys

21:47:25.0342 2712 Parport - ok

21:47:25.0420 2712 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\windows\system32\drivers\partmgr.sys

21:47:25.0435 2712 partmgr - ok

21:47:25.0544 2712 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\windows\system32\drivers\pci.sys

21:47:25.0544 2712 pci - ok

21:47:25.0638 2712 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\windows\system32\drivers\pciide.sys

21:47:25.0654 2712 pciide - ok

21:47:25.0716 2712 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\windows\system32\DRIVERS\pcmcia.sys

21:47:25.0732 2712 pcmcia - ok

21:47:25.0810 2712 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\windows\system32\drivers\pcw.sys

21:47:25.0825 2712 pcw - ok

21:47:25.0919 2712 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\windows\system32\drivers\peauth.sys

21:47:25.0981 2712 PEAUTH - ok

21:47:26.0122 2712 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\windows\system32\DRIVERS\raspptp.sys

21:47:26.0168 2712 PptpMiniport - ok

21:47:26.0246 2712 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\windows\system32\DRIVERS\processr.sys

21:47:26.0278 2712 Processor - ok

21:47:26.0402 2712 Psched (0557cf5a2556bd58e26384169d72438d) C:\windows\system32\DRIVERS\pacer.sys

21:47:26.0465 2712 Psched - ok

21:47:26.0558 2712 PxHlpa64 (4712cc14e720ecccc0aa16949d18aaf1) C:\windows\system32\Drivers\PxHlpa64.sys

21:47:26.0558 2712 PxHlpa64 - ok

21:47:26.0652 2712 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\windows\system32\DRIVERS\ql2300.sys

21:47:26.0683 2712 ql2300 - ok

21:47:26.0761 2712 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\windows\system32\DRIVERS\ql40xx.sys

21:47:26.0777 2712 ql40xx - ok

21:47:26.0839 2712 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\windows\system32\drivers\qwavedrv.sys

21:47:26.0886 2712 QWAVEdrv - ok

21:47:26.0948 2712 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\windows\system32\DRIVERS\rasacd.sys

21:47:27.0011 2712 RasAcd - ok

21:47:27.0120 2712 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\windows\system32\DRIVERS\AgileVpn.sys

21:47:27.0151 2712 RasAgileVpn - ok

21:47:27.0260 2712 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\windows\system32\DRIVERS\rasl2tp.sys

21:47:27.0307 2712 Rasl2tp - ok

21:47:27.0401 2712 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\windows\system32\DRIVERS\raspppoe.sys

21:47:27.0463 2712 RasPppoe - ok

21:47:27.0557 2712 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\windows\system32\DRIVERS\rassstp.sys

21:47:27.0619 2712 RasSstp - ok

21:47:27.0713 2712 rdbss (77f665941019a1594d887a74f301fa2f) C:\windows\system32\DRIVERS\rdbss.sys

21:47:27.0775 2712 rdbss - ok

21:47:27.0838 2712 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\windows\system32\DRIVERS\rdpbus.sys

21:47:27.0869 2712 rdpbus - ok

21:47:27.0947 2712 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\windows\system32\DRIVERS\RDPCDD.sys

21:47:27.0994 2712 RDPCDD - ok

21:47:28.0118 2712 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\windows\system32\drivers\rdpencdd.sys

21:47:28.0165 2712 RDPENCDD - ok

21:47:28.0243 2712 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\windows\system32\drivers\rdprefmp.sys

21:47:28.0290 2712 RDPREFMP - ok

21:47:28.0368 2712 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\windows\system32\drivers\RDPWD.sys

21:47:28.0399 2712 RDPWD - ok

21:47:28.0524 2712 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\windows\system32\drivers\rdyboost.sys

21:47:28.0524 2712 rdyboost - ok

21:47:28.0649 2712 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\windows\system32\DRIVERS\rspndr.sys

21:47:28.0711 2712 rspndr - ok

21:47:28.0820 2712 RTL8167 (fd978b2bf8a9b2390dcbef435e9c1f9f) C:\windows\system32\DRIVERS\Rt64win7.sys

21:47:28.0836 2712 RTL8167 - ok

21:47:28.0914 2712 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\windows\system32\drivers\sbp2port.sys

21:47:28.0930 2712 sbp2port - ok

21:47:29.0039 2712 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\windows\system32\DRIVERS\scfilter.sys

21:47:29.0086 2712 scfilter - ok

21:47:29.0195 2712 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys

21:47:29.0257 2712 secdrv - ok

21:47:29.0351 2712 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\windows\system32\DRIVERS\serenum.sys

21:47:29.0366 2712 Serenum - ok

21:47:29.0476 2712 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\windows\system32\DRIVERS\serial.sys

21:47:29.0491 2712 Serial - ok

21:47:29.0585 2712 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\windows\system32\DRIVERS\sermouse.sys

21:47:29.0600 2712 sermouse - ok

21:47:29.0694 2712 sffdisk (a554811bcd09279536440c964ae35bbf) C:\windows\system32\drivers\sffdisk.sys

21:47:29.0710 2712 sffdisk - ok

21:47:29.0803 2712 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\windows\system32\drivers\sffp_mmc.sys

21:47:29.0834 2712 sffp_mmc - ok

21:47:29.0928 2712 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\windows\system32\drivers\sffp_sd.sys

21:47:29.0959 2712 sffp_sd - ok

21:47:30.0037 2712 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\windows\system32\DRIVERS\sfloppy.sys

21:47:30.0037 2712 sfloppy - ok

21:47:30.0162 2712 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\windows\system32\DRIVERS\SiSRaid2.sys

21:47:30.0162 2712 SiSRaid2 - ok

21:47:30.0240 2712 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\windows\system32\DRIVERS\sisraid4.sys

21:47:30.0256 2712 SiSRaid4 - ok

21:47:30.0349 2712 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\windows\system32\DRIVERS\smb.sys

21:47:30.0396 2712 Smb - ok

21:47:30.0505 2712 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\windows\system32\drivers\spldr.sys

21:47:30.0505 2712 spldr - ok

21:47:30.0661 2712 SRTSP (90ef30c3867bcde4579c01a6d6e75a7a) C:\windows\system32\drivers\NAVx64\1206000.01D\SRTSP64.SYS

21:47:30.0677 2712 SRTSP - ok

21:47:30.0786 2712 SRTSPX (c513e8a5e7978da49077f5484344ee1b) C:\windows\system32\drivers\NAVx64\1206000.01D\SRTSPX64.SYS

21:47:30.0786 2712 SRTSPX - ok

21:47:30.0864 2712 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\windows\system32\DRIVERS\srv.sys

21:47:30.0911 2712 srv - ok

21:47:30.0989 2712 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\windows\system32\DRIVERS\srv2.sys

21:47:31.0004 2712 srv2 - ok

21:47:31.0067 2712 srvnet (27e461f0be5bff5fc737328f749538c3) C:\windows\system32\DRIVERS\srvnet.sys

21:47:31.0098 2712 srvnet - ok

21:47:31.0207 2712 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\windows\system32\DRIVERS\stexstor.sys

21:47:31.0223 2712 stexstor - ok

21:47:31.0348 2712 STHDA (caf5a9708671b14b9670260735b22c4e) C:\windows\system32\DRIVERS\stwrt64.sys

21:47:31.0379 2712 STHDA - ok

21:47:31.0488 2712 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\windows\system32\drivers\swenum.sys

21:47:31.0488 2712 swenum - ok

21:47:31.0628 2712 SymDS (6160145c7a87fc7672e8e3b886888176) C:\windows\system32\drivers\NAVx64\1206000.01D\SYMDS64.SYS

21:47:31.0644 2712 SymDS - ok

21:47:31.0784 2712 SymEFA (96aeed40d4d3521568b42027687e69e0) C:\windows\system32\drivers\NAVx64\1206000.01D\SYMEFA64.SYS

21:47:31.0816 2712 SymEFA - ok

21:47:31.0894 2712 SymEvent (21a1c2d694c3cf962d31f5e873ab3d6f) C:\windows\system32\Drivers\SYMEVENT64x86.SYS

21:47:31.0909 2712 SymEvent - ok

21:47:32.0018 2712 SymIRON (bd0d711d8cbfcaa19ca123306eaf53a5) C:\windows\system32\drivers\NAVx64\1206000.01D\Ironx64.SYS

21:47:32.0034 2712 SymIRON - ok

21:47:32.0174 2712 SymNetS (a6adb3d83023f8daa0f7b6fda785d83b) C:\windows\system32\drivers\NAVx64\1206000.01D\SYMNETS.SYS

21:47:32.0174 2712 SymNetS - ok

21:47:32.0284 2712 SynTP (8a3fbcb3d6d4710730d27da4392a4863) C:\windows\system32\DRIVERS\SynTP.sys

21:47:32.0299 2712 SynTP - ok

21:47:32.0455 2712 Tcpip (fc62769e7bff2896035aeed399108162) C:\windows\system32\drivers\tcpip.sys

21:47:32.0502 2712 Tcpip - ok

21:47:32.0642 2712 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\windows\system32\DRIVERS\tcpip.sys

21:47:32.0674 2712 TCPIP6 - ok

21:47:32.0752 2712 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\windows\system32\drivers\tcpipreg.sys

21:47:32.0814 2712 tcpipreg - ok

21:47:32.0892 2712 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\windows\system32\drivers\tdpipe.sys

21:47:32.0954 2712 TDPIPE - ok

21:47:33.0032 2712 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\windows\system32\drivers\tdtcp.sys

21:47:33.0079 2712 TDTCP - ok

21:47:33.0173 2712 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\windows\system32\DRIVERS\tdx.sys

21:47:33.0220 2712 tdx - ok

21:47:33.0298 2712 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\windows\system32\drivers\termdd.sys

21:47:33.0313 2712 TermDD - ok

21:47:33.0469 2712 TmFilter (8b97ba7e28bd39a2bc4a2bb66a83fec0) C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmXPFlt.sys

21:47:33.0516 2712 TmFilter - ok

21:47:33.0672 2712 TmPreFilter (1889f49a828b1cf0e2866cdd325875b0) C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmPreFlt.sys

21:47:33.0672 2712 TmPreFilter - ok

21:47:33.0766 2712 tmtdi - ok

21:47:33.0859 2712 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\windows\system32\DRIVERS\tssecsrv.sys

21:47:33.0906 2712 tssecsrv - ok

21:47:34.0031 2712 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\windows\system32\drivers\tsusbflt.sys

21:47:34.0062 2712 TsUsbFlt - ok

21:47:34.0171 2712 tunnel (3566a8daafa27af944f5d705eaa64894) C:\windows\system32\DRIVERS\tunnel.sys

21:47:34.0234 2712 tunnel - ok

21:47:34.0312 2712 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\windows\system32\DRIVERS\uagp35.sys

21:47:34.0312 2712 uagp35 - ok

21:47:34.0390 2712 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\windows\system32\DRIVERS\udfs.sys

21:47:34.0436 2712 udfs - ok

21:47:34.0546 2712 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\windows\system32\drivers\uliagpkx.sys

21:47:34.0561 2712 uliagpkx - ok

21:47:34.0670 2712 umbus (dc54a574663a895c8763af0fa1ff7561) C:\windows\system32\drivers\umbus.sys

21:47:34.0686 2712 umbus - ok

21:47:34.0764 2712 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\windows\system32\DRIVERS\umpass.sys

21:47:34.0780 2712 UmPass - ok

21:47:34.0904 2712 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\windows\system32\Drivers\usbaapl64.sys

21:47:34.0951 2712 USBAAPL64 - ok

21:47:35.0029 2712 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\windows\system32\DRIVERS\usbccgp.sys

21:47:35.0045 2712 usbccgp - ok

21:47:35.0154 2712 usbcir (af0892a803fdda7492f595368e3b68e7) C:\windows\system32\drivers\usbcir.sys

21:47:35.0201 2712 usbcir - ok

21:47:35.0216 2712 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\windows\system32\drivers\usbehci.sys

21:47:35.0232 2712 usbehci - ok

21:47:35.0357 2712 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\windows\system32\DRIVERS\usbhub.sys

21:47:35.0388 2712 usbhub - ok

21:47:35.0497 2712 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\windows\system32\drivers\usbohci.sys

21:47:35.0497 2712 usbohci - ok

21:47:35.0606 2712 usbprint (73188f58fb384e75c4063d29413cee3d) C:\windows\system32\DRIVERS\usbprint.sys

21:47:35.0622 2712 usbprint - ok

21:47:35.0747 2712 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\windows\system32\DRIVERS\usbscan.sys

21:47:35.0794 2712 usbscan - ok

21:47:35.0887 2712 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\windows\system32\DRIVERS\USBSTOR.SYS

21:47:35.0919 2712 USBSTOR - ok

21:47:35.0997 2712 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\windows\system32\drivers\usbuhci.sys

21:47:36.0028 2712 usbuhci - ok

21:47:36.0137 2712 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\windows\System32\Drivers\usbvideo.sys

21:47:36.0153 2712 usbvideo - ok

21:47:36.0277 2712 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\windows\system32\drivers\vdrvroot.sys

21:47:36.0277 2712 vdrvroot - ok

21:47:36.0371 2712 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\windows\system32\DRIVERS\vgapnp.sys

21:47:36.0387 2712 vga - ok

21:47:36.0465 2712 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\windows\System32\drivers\vga.sys

21:47:36.0511 2712 VgaSave - ok

21:47:36.0589 2712 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\windows\system32\drivers\vhdmp.sys

21:47:36.0605 2712 vhdmp - ok

21:47:36.0683 2712 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\windows\system32\drivers\viaide.sys

21:47:36.0683 2712 viaide - ok

21:47:36.0777 2712 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\windows\system32\drivers\volmgr.sys

21:47:36.0792 2712 volmgr - ok

21:47:36.0870 2712 volmgrx (a255814907c89be58b79ef2f189b843b) C:\windows\system32\drivers\volmgrx.sys

21:47:36.0886 2712 volmgrx - ok

21:47:36.0964 2712 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\windows\system32\drivers\volsnap.sys

21:47:36.0979 2712 volsnap - ok

21:47:37.0151 2712 VSApiNt (3a5862d9a4fe4bbb2ffa1700e2b21b9b) C:\Program Files (x86)\Trend Micro\OfficeScan Client\VSApiNt.sys

21:47:37.0276 2712 VSApiNt - ok

21:47:37.0385 2712 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\windows\system32\DRIVERS\vsmraid.sys

21:47:37.0385 2712 vsmraid - ok

21:47:37.0463 2712 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\windows\system32\DRIVERS\vwifibus.sys

21:47:37.0494 2712 vwifibus - ok

21:47:37.0572 2712 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\windows\system32\DRIVERS\vwififlt.sys

21:47:37.0603 2712 vwififlt - ok

21:47:37.0713 2712 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\windows\system32\DRIVERS\vwifimp.sys

21:47:37.0728 2712 vwifimp - ok

21:47:37.0822 2712 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\windows\system32\DRIVERS\wacompen.sys

21:47:37.0853 2712 WacomPen - ok

21:47:37.0962 2712 WANARP (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys

21:47:38.0009 2712 WANARP - ok

21:47:38.0025 2712 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys

21:47:38.0071 2712 Wanarpv6 - ok

21:47:38.0181 2712 Wd (72889e16ff12ba0f235467d6091b17dc) C:\windows\system32\DRIVERS\wd.sys

21:47:38.0181 2712 Wd - ok

21:47:38.0259 2712 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\windows\system32\drivers\Wdf01000.sys

21:47:38.0290 2712 Wdf01000 - ok

21:47:38.0399 2712 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\windows\system32\DRIVERS\wfplwf.sys

21:47:38.0446 2712 WfpLwf - ok

21:47:38.0508 2712 WimFltr (b14ef15bd757fa488f9c970eee9c0d35) C:\windows\system32\DRIVERS\wimfltr.sys

21:47:38.0524 2712 WimFltr - ok

21:47:38.0602 2712 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\windows\system32\drivers\wimmount.sys

21:47:38.0602 2712 WIMMount - ok

21:47:38.0742 2712 WinUsb (fe88b288356e7b47b74b13372add906d) C:\windows\system32\DRIVERS\WinUsb.sys

21:47:38.0773 2712 WinUsb - ok

21:47:38.0883 2712 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\windows\system32\drivers\wmiacpi.sys

21:47:38.0914 2712 WmiAcpi - ok

21:47:39.0023 2712 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\windows\system32\drivers\ws2ifsl.sys

21:47:39.0070 2712 ws2ifsl - ok

21:47:39.0179 2712 WSDPrintDevice (8d918b1db190a4d9b1753a66fa8c96e8) C:\windows\system32\DRIVERS\WSDPrint.sys

21:47:39.0210 2712 WSDPrintDevice - ok

21:47:39.0288 2712 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\windows\system32\drivers\WudfPf.sys

21:47:39.0351 2712 WudfPf - ok

21:47:39.0460 2712 WUDFRd (cf8d590be3373029d57af80914190682) C:\windows\system32\DRIVERS\WUDFRd.sys

21:47:39.0507 2712 WUDFRd - ok

21:47:39.0616 2712 yukonw7 (b3eeacf62445e24fbb2cd4b0fb4db026) C:\windows\system32\DRIVERS\yk62x64.sys

21:47:39.0647 2712 yukonw7 - ok

21:47:39.0709 2712 MBR (0x1B8) (4f67409277c79a1c33061decc087f711) \Device\Harddisk0\DR0

21:47:39.0725 2712 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected

21:47:39.0725 2712 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)

21:47:40.0443 2712 \Device\Harddisk0\DR0 ( TDSS File System ) - warning

21:47:40.0443 2712 \Device\Harddisk0\DR0 - detected TDSS File System (1)

21:47:40.0458 2712 Boot (0x1200) (b4a651ea79a9998884da67ecffb5e2e7) \Device\Harddisk0\DR0\Partition0

21:47:40.0458 2712 \Device\Harddisk0\DR0\Partition0 - ok

21:47:40.0474 2712 Boot (0x1200) (42830d70bbef9b5ec0b23baae40fa686) \Device\Harddisk0\DR0\Partition1

21:47:40.0474 2712 \Device\Harddisk0\DR0\Partition1 - ok

21:47:40.0489 2712 ============================================================

21:47:40.0489 2712 Scan finished

21:47:40.0489 2712 ============================================================

21:47:40.0489 2924 Detected object count: 2

21:47:40.0489 2924 Actual detected object count: 2

21:49:15.0275 2924 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot

21:49:15.0275 2924 \Device\Harddisk0\DR0 - ok

21:49:15.0275 2924 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure

21:49:15.0275 2924 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user

21:49:15.0275 2924 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

21:49:45.0430 2664 Deinitialize success

Can you review the above and let me know if the issue has been corrected 100%. I did log in normally and the IP blocking seems to have gone away.

Link to post
Share on other sites

TDSSKiller is showing following threats detected:

TDSS File System Physical Drive: \Device\Harddisk0\DR0 Suspicious object, medium risk.

Should I select Skip, Copy to Quarantine or Delete option? I have selected Skip.

Running MalwareBytes Anti-malware quick scan again generated the following mbam log:

Malwarebytes Anti-Malware 1.60.0.1800

www.malwarebytes.org

Database version: v2012.01.11.03

Windows 7 Service Pack 1 x64 NTFS (Safe Mode/Networking)

Internet Explorer 8.0.7601.17514

Azam :: AZAM-PC [administrator]

1/15/2012 11:13:07 PM

mbam-log-2012-01-15 (23-13-07).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 198608

Time elapsed: 3 minute(s), 33 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Link to post
Share on other sites

  • 1 month later...

Hello,

Please advise if you have resolved your issue. If not, and you need guided help, do the following to get fresh reports.

Keep in mind, if I do not hear back from you in 4 days, I will close this topic.

Step 1

1. Go >> Here << and download ERUNT

(ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)

2. Install ERUNT by following the prompts

(use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)

3. Start ERUNT

(either by double clicking on the desktop icon or choosing to start the program at the end of the setup)

4. Choose a location for the backup

(the default location is C:\WINDOWS\ERDNT which is acceptable).

5. Make sure that at least the first two check boxes are ticked

6. Press OK

7. Press YES to create the folder.

Step 2

To show all files:

  • Go to your Desktop
  • Double-Click the Computer icon.
  • From the menu options, Select Tools, then Folder Options.
  • Next click the View tab.
  • Locate and uncheck Hide file extensions for known file types.
  • Locate and uncheck Hide protected operating system files (Recommended).
  • Locate and click Show hidden files and folders and drives.
  • Click Apply > OK.

Step 3

Download Random's System Information Tool (RSIT) by random/random from here and save it to your desktop.

  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

Step 4

Download Security Check by screen317 and save it to your Desktop: here or here

  • Run Security Check
  • Follow the onscreen instructions inside of the command window.
  • A Notepad document should open automatically called checkup.txt; close Notepad. We will need this log, too, so remember where you've saved it!

Step 5

Close all open browsers at this point.

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Do NOT turn off the firewall

Start Internet Explorer

Using Internet Explorer browser only, go to BitDefender Quickscan website:

http://quickscan.bitdefender.com

and click "Start Scan".

Observe your browser in case it shows a notice/message bar to allow download and installation of a tool.

Allow the download and install of qsax.cab from BitDefender. Right-click the IE info bar and select Install to install the BitDefender quick scan module.

If prompted, reply yes to allow it to run.

Press the Allow button and follow prompts.

Press the "Start Scan" once more.

You'll see the EULA in a pop-up window. Click the I accept & then the OK button

Note: The FAQ is here --> http://quickscan.bitdefender.com/faq/

and that QuickScan has no removal capability.

The site boasts a 60-second scan. Do have patience as it likely will take longer.

It may seem to stall at moments, but have patience; it will move on.

You'll see a progress bar at top right of window.

Hopefully you will see a No infections found in the bar-winddow. Press the View Log button.

The log report will show in your text editor. Save the log.

Do a Select ALL, Copy. Then paste contents into your next reply.

RE-Enable your antivirus program.

Copy & Paste contents of Log.txt & Info.txt & Checkup.txt & log from Bitdefender.

Use separate replies as needed if logs do not fit into one reply box.

Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.