Jump to content

Must be a virus, right?


JLedge

Recommended Posts

A couple weeks ago, my computer started getting a lot of BSoD's...Now I get it maybe once every 3 days. I had scanned my computer, deleted some malwares with AVG. Then I kept getting more problems, so I uninstalled AVG which was outdated, installed different antiviruses which helped a little, to the point where I'm at now.

If I sit idle for 5-10 minutes, my PC "locks up" and the programs won't open and Ctrl+alt+Del results in an error.

Google results in redirects to some puma website...

WinRAR somehow was corrupted and even after reinstalling it's still messed up.

I downloaded MalwareBytes to help with the problems, it found some more malwares and deleted them, but the problem keeps persisting.

Now for two days straight I've been getting popups regarding blocked IPs, associated with SVCHost.exe

Attach.txt

DDS.txt

Link to post
Share on other sites

I ran TrendMicro and it detected something in system32/drivers, then it prompted me to the rescuedisk USB method, which I did, and that said nothing turned up....

I have the same exact problem as in this thread now...

http://www.techsupportforum.com/forums/f50/cant-view-google-web-threats-piling-up-via-trend-micro-629248.html

It's blocking that website a billion times a minute.

Link to post
Share on other sites

Hello and :welcome:

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!

  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.

COMBOFIX

---------------

Please download ComboFix from one of these locations:


Bleepingcomputer
ForoSpyware

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Query_RC.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC_successful.gif

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\Combofix.txt in your next reply.

Link to post
Share on other sites

14:54:12.0416 5756 TDSS rootkit removing tool 2.7.11.0 Feb 9 2012 10:12:57

14:54:12.0825 5756 ============================================================

14:54:12.0825 5756 Current date / time: 2012/02/09 14:54:12.0825

14:54:12.0825 5756 SystemInfo:

14:54:12.0825 5756

14:54:12.0825 5756 OS Version: 6.0.6002 ServicePack: 2.0

14:54:12.0825 5756 Product type: Workstation

14:54:12.0825 5756 ComputerName: JARED-PC

14:54:12.0825 5756 UserName: Richard

14:54:12.0825 5756 Windows directory: C:\Windows

14:54:12.0825 5756 System windows directory: C:\Windows

14:54:12.0826 5756 Processor architecture: Intel x86

14:54:12.0826 5756 Number of processors: 2

14:54:12.0826 5756 Page size: 0x1000

14:54:12.0826 5756 Boot type: Normal boot

14:54:12.0826 5756 ============================================================

14:54:19.0053 5756 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050

14:54:19.0073 5756 \Device\Harddisk0\DR0:

14:54:19.0216 5756 MBR used

14:54:19.0217 5756 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x3A385000

14:54:19.0364 5756 Initialize success

14:54:19.0364 5756 ============================================================

14:54:37.0578 3972 ============================================================

14:54:37.0578 3972 Scan started

14:54:37.0578 3972 Mode: Manual;

14:54:37.0578 3972 ============================================================

14:54:52.0298 3972 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys

14:54:52.0384 3972 ACPI - ok

14:54:52.0983 3972 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys

14:54:53.0424 3972 adp94xx - ok

14:54:53.0826 3972 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys

14:54:53.0929 3972 adpahci - ok

14:54:54.0012 3972 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys

14:54:54.0068 3972 adpu160m - ok

14:54:54.0390 3972 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys

14:54:54.0507 3972 adpu320 - ok

14:54:54.0671 3972 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys

14:54:54.0852 3972 AFD - ok

14:54:55.0199 3972 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys

14:54:55.0238 3972 agp440 - ok

14:54:55.0391 3972 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys

14:54:55.0497 3972 aic78xx - ok

14:54:55.0755 3972 aliide (3a99cb23a2d326fd532618705d6e3048) C:\Windows\system32\drivers\aliide.sys

14:54:55.0852 3972 aliide - ok

14:54:56.0113 3972 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys

14:54:56.0162 3972 amdagp - ok

14:54:56.0431 3972 amdide (4333c133dbd71c7d7fe4fb1b83f9ee3e) C:\Windows\system32\drivers\amdide.sys

14:54:56.0510 3972 amdide - ok

14:54:56.0625 3972 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys

14:54:56.0666 3972 AmdK7 - ok

14:54:56.0913 3972 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys

14:54:56.0951 3972 AmdK8 - ok

14:54:58.0492 3972 amdkmdag (8e6bf8e8b78ba958b30b0c0e83c86c87) C:\Windows\system32\DRIVERS\atikmdag.sys

14:55:02.0413 3972 amdkmdag - ok

14:55:03.0234 3972 amdkmdap (31de9b1ceaa9e25b141232f7f1443239) C:\Windows\system32\DRIVERS\atikmpag.sys

14:55:03.0381 3972 amdkmdap - ok

14:55:03.0824 3972 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys

14:55:03.0860 3972 arc - ok

14:55:04.0048 3972 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys

14:55:04.0111 3972 arcsas - ok

14:55:04.0383 3972 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys

14:55:04.0415 3972 AsyncMac - ok

14:55:04.0551 3972 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys

14:55:04.0552 3972 atapi - ok

14:55:06.0079 3972 atikmdag (8e6bf8e8b78ba958b30b0c0e83c86c87) C:\Windows\system32\DRIVERS\atikmdag.sys

14:55:06.0125 3972 atikmdag - ok

14:55:06.0611 3972 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys

14:55:06.0637 3972 Beep - ok

14:55:06.0997 3972 blbdrive - ok

14:55:07.0298 3972 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys

14:55:07.0337 3972 bowser - ok

14:55:07.0746 3972 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys

14:55:07.0787 3972 BrFiltLo - ok

14:55:08.0020 3972 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys

14:55:08.0141 3972 BrFiltUp - ok

14:55:08.0319 3972 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys

14:55:08.0364 3972 Brserid - ok

14:55:08.0572 3972 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys

14:55:08.0656 3972 BrSerWdm - ok

14:55:08.0859 3972 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys

14:55:08.0888 3972 BrUsbMdm - ok

14:55:09.0122 3972 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys

14:55:09.0134 3972 BrUsbSer - ok

14:55:09.0352 3972 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys

14:55:09.0462 3972 BTHMODEM - ok

14:55:09.0799 3972 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys

14:55:09.0876 3972 cdfs - ok

14:55:10.0090 3972 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys

14:55:10.0126 3972 cdrom - ok

14:55:10.0296 3972 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys

14:55:10.0338 3972 circlass - ok

14:55:10.0427 3972 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys

14:55:10.0478 3972 CLFS - ok

14:55:10.0790 3972 cmdide (dfb94a6fc3a26972b0461ab5f1d8272b) C:\Windows\system32\drivers\cmdide.sys

14:55:10.0857 3972 cmdide - ok

14:55:11.0110 3972 Compbatt (82b8c91d327cfecf76cb58716f7d4997) C:\Windows\system32\drivers\compbatt.sys

14:55:11.0140 3972 Compbatt - ok

14:55:11.0251 3972 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys

14:55:11.0295 3972 crcdisk - ok

14:55:11.0582 3972 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys

14:55:11.0614 3972 Crusoe - ok

14:55:11.0976 3972 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys

14:55:12.0057 3972 DfsC - ok

14:55:12.0502 3972 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys

14:55:12.0607 3972 disk - ok

14:55:13.0039 3972 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys

14:55:13.0075 3972 drmkaud - ok

14:55:13.0286 3972 DrvAgent32 (651554e483712b708ede864d0ca1aa73) C:\Windows\system32\Drivers\DrvAgent32.sys

14:55:13.0320 3972 DrvAgent32 - ok

14:55:13.0798 3972 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys

14:55:13.0962 3972 DXGKrnl - ok

14:55:14.0246 3972 e1express (422ca8361d33da819976b428b9c8e560) C:\Windows\system32\DRIVERS\e1e6032.sys

14:55:14.0372 3972 e1express - ok

14:55:14.0650 3972 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys

14:55:14.0972 3972 E1G60 - ok

14:55:16.0047 3972 EagleNT - ok

14:55:16.0830 3972 EagleXNt - ok

14:55:17.0050 3972 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys

14:55:17.0089 3972 Ecache - ok

14:55:17.0193 3972 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys

14:55:17.0293 3972 elxstor - ok

14:55:17.0566 3972 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys

14:55:17.0627 3972 exfat - ok

14:55:17.0865 3972 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys

14:55:17.0956 3972 fastfat - ok

14:55:18.0145 3972 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys

14:55:18.0256 3972 fdc - ok

14:55:18.0494 3972 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys

14:55:18.0596 3972 FileInfo - ok

14:55:18.0701 3972 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys

14:55:18.0774 3972 Filetrace - ok

14:55:18.0998 3972 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys

14:55:19.0028 3972 flpydisk - ok

14:55:19.0297 3972 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys

14:55:19.0440 3972 FltMgr - ok

14:55:19.0719 3972 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys

14:55:19.0749 3972 Fs_Rec - ok

14:55:19.0923 3972 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys

14:55:19.0988 3972 gagp30kx - ok

14:55:20.0359 3972 GarenaPEngine - ok

14:55:20.0473 3972 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

14:55:20.0499 3972 GEARAspiWDM - ok

14:55:20.0554 3972 GGSAFERDriver - ok

14:55:20.0947 3972 hamachi (833051c6c6c42117191935f734cfbd97) C:\Windows\system32\DRIVERS\hamachi.sys

14:55:20.0990 3972 hamachi - ok

14:55:21.0262 3972 HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys

14:55:21.0336 3972 HdAudAddService - ok

14:55:21.0476 3972 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys

14:55:21.0663 3972 HDAudBus - ok

14:55:21.0856 3972 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys

14:55:21.0896 3972 HidBth - ok

14:55:21.0929 3972 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys

14:55:22.0003 3972 HidIr - ok

14:55:22.0370 3972 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys

14:55:22.0399 3972 HidUsb - ok

14:55:22.0527 3972 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys

14:55:22.0571 3972 HpCISSs - ok

14:55:22.0937 3972 HTCAND32 (cbd09ed9cf6822177ee85aea4d8816a2) C:\Windows\system32\Drivers\ANDROIDUSB.sys

14:55:22.0968 3972 HTCAND32 - ok

14:55:23.0086 3972 HtcUsbMdmV32 (89e2296561fce84ac9f34ee7243d78ac) C:\Windows\system32\DRIVERS\HtcUsbMdmV32.sys

14:55:23.0193 3972 HtcUsbMdmV32 - ok

14:55:23.0537 3972 HtcVCom32 (89e2296561fce84ac9f34ee7243d78ac) C:\Windows\system32\DRIVERS\HtcVComV32.sys

14:55:23.0671 3972 HtcVCom32 - ok

14:55:23.0845 3972 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys

14:55:24.0010 3972 HTTP - ok

14:55:24.0132 3972 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys

14:55:24.0178 3972 i2omp - ok

14:55:24.0835 3972 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys

14:55:24.0904 3972 i8042prt - ok

14:55:25.0082 3972 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys

14:55:25.0164 3972 iaStorV - ok

14:55:25.0588 3972 igfx (5f43e40c46d98e5e1e7d8a77d7bbf738) C:\Windows\system32\DRIVERS\igdkmd32.sys

14:55:25.0750 3972 igfx - ok

14:55:26.0149 3972 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys

14:55:26.0168 3972 iirsp - ok

14:55:26.0484 3972 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys

14:55:26.0515 3972 intelide - ok

14:55:26.0925 3972 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys

14:55:26.0945 3972 intelppm - ok

14:55:27.0221 3972 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys

14:55:27.0347 3972 IpFilterDriver - ok

14:55:27.0519 3972 IpInIp - ok

14:55:27.0800 3972 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys

14:55:27.0886 3972 IPMIDRV - ok

14:55:28.0127 3972 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys

14:55:28.0246 3972 IPNAT - ok

14:55:28.0404 3972 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys

14:55:28.0560 3972 IRENUM - ok

14:55:29.0155 3972 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys

14:55:29.0223 3972 isapnp - ok

14:55:29.0569 3972 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys

14:55:29.0698 3972 iScsiPrt - ok

14:55:29.0893 3972 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys

14:55:30.0123 3972 iteatapi - ok

14:55:30.0373 3972 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys

14:55:30.0450 3972 iteraid - ok

14:55:30.0774 3972 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys

14:55:30.0862 3972 kbdclass - ok

14:55:31.0096 3972 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys

14:55:31.0147 3972 kbdhid - ok

14:55:31.0355 3972 KSecDD (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys

14:55:31.0558 3972 KSecDD - ok

14:55:31.0831 3972 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys

14:55:31.0915 3972 lltdio - ok

14:55:32.0105 3972 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys

14:55:32.0159 3972 LSI_FC - ok

14:55:32.0214 3972 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys

14:55:32.0258 3972 LSI_SAS - ok

14:55:32.0340 3972 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys

14:55:32.0441 3972 LSI_SCSI - ok

14:55:32.0667 3972 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys

14:55:32.0732 3972 luafv - ok

14:55:32.0840 3972 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys

14:55:32.0878 3972 megasas - ok

14:55:33.0158 3972 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys

14:55:33.0189 3972 Modem - ok

14:55:33.0370 3972 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys

14:55:33.0375 3972 monitor - ok

14:55:33.0700 3972 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys

14:55:33.0721 3972 mouclass - ok

14:55:33.0898 3972 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys

14:55:33.0914 3972 mouhid - ok

14:55:34.0063 3972 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys

14:55:34.0175 3972 MountMgr - ok

14:55:34.0379 3972 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys

14:55:34.0422 3972 mpio - ok

14:55:34.0683 3972 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys

14:55:34.0761 3972 mpsdrv - ok

14:55:34.0882 3972 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys

14:55:34.0975 3972 Mraid35x - ok

14:55:35.0463 3972 MRV6X32U (27454c7ce157ae14fe82070eee2504d5) C:\Windows\system32\DRIVERS\WN111.sys

14:55:35.0723 3972 MRV6X32U - ok

14:55:35.0902 3972 Mrvleap (f87d977649d2d067697a3c331794785d) C:\Windows\system32\DRIVERS\mrveap32.sys

14:55:35.0935 3972 Mrvleap - ok

14:55:36.0269 3972 MRVW245 (1e68eebb627f31409c9eeedc64924b29) C:\Windows\system32\DRIVERS\WN121TXP.sys

14:55:36.0669 3972 MRVW245 - ok

14:55:36.0852 3972 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys

14:55:36.0890 3972 MRxDAV - ok

14:55:37.0095 3972 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys

14:55:37.0181 3972 mrxsmb - ok

14:55:37.0286 3972 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys

14:55:37.0460 3972 mrxsmb10 - ok

14:55:37.0622 3972 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

14:55:37.0721 3972 mrxsmb20 - ok

14:55:37.0766 3972 msahci (f0ec3a4e0693a34b148723b4da31668c) C:\Windows\system32\drivers\msahci.sys

14:55:37.0804 3972 msahci - ok

14:55:37.0976 3972 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys

14:55:38.0027 3972 msdsm - ok

14:55:38.0084 3972 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys

14:55:38.0113 3972 Msfs - ok

14:55:38.0350 3972 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys

14:55:38.0362 3972 msisadrv - ok

14:55:38.0658 3972 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys

14:55:38.0695 3972 MSKSSRV - ok

14:55:39.0128 3972 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys

14:55:39.0157 3972 MSPCLOCK - ok

14:55:39.0358 3972 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys

14:55:39.0388 3972 MSPQM - ok

14:55:39.0817 3972 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys

14:55:39.0927 3972 MsRPC - ok

14:55:40.0120 3972 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys

14:55:40.0180 3972 mssmbios - ok

14:55:40.0390 3972 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys

14:55:40.0440 3972 MSTEE - ok

14:55:40.0599 3972 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys

14:55:40.0660 3972 Mup - ok

14:55:41.0111 3972 NAL (f6e75901ddb5f54005cfce9edf2ec237) C:\Windows\system32\Drivers\iqvw32.sys

14:55:41.0199 3972 NAL - ok

14:55:41.0578 3972 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys

14:55:41.0712 3972 NativeWifiP - ok

14:55:42.0010 3972 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys

14:55:42.0117 3972 NDIS - ok

14:55:42.0416 3972 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys

14:55:42.0457 3972 NdisTapi - ok

14:55:42.0692 3972 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys

14:55:42.0723 3972 Ndisuio - ok

14:55:42.0811 3972 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys

14:55:42.0847 3972 NdisWan - ok

14:55:42.0955 3972 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys

14:55:42.0987 3972 NDProxy - ok

14:55:43.0237 3972 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys

14:55:43.0263 3972 NetBIOS - ok

14:55:43.0305 3972 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys

14:55:43.0443 3972 netbt - ok

14:55:43.0799 3972 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys

14:55:43.0873 3972 nfrd960 - ok

14:55:43.0928 3972 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys

14:55:43.0961 3972 Npfs - ok

14:55:44.0286 3972 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys

14:55:44.0322 3972 nsiproxy - ok

14:55:44.0751 3972 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys

14:55:45.0302 3972 Ntfs - ok

14:55:45.0817 3972 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys

14:55:45.0953 3972 ntrigdigi - ok

14:55:46.0463 3972 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys

14:55:46.0513 3972 Null - ok

14:55:46.0781 3972 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys

14:55:46.0832 3972 nvraid - ok

14:55:46.0929 3972 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys

14:55:46.0962 3972 nvstor - ok

14:55:47.0104 3972 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys

14:55:47.0250 3972 nv_agp - ok

14:55:47.0330 3972 NwlnkFlt - ok

14:55:47.0378 3972 NwlnkFwd - ok

14:55:47.0501 3972 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys

14:55:47.0544 3972 ohci1394 - ok

14:55:48.0191 3972 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys

14:55:48.0226 3972 Parport - ok

14:55:48.0333 3972 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys

14:55:48.0360 3972 partmgr - ok

14:55:48.0425 3972 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys

14:55:48.0450 3972 Parvdm - ok

14:55:48.0537 3972 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys

14:55:48.0562 3972 pci - ok

14:55:48.0717 3972 pciide (20b869152448f80ac49cf10264e91f5e) C:\Windows\system32\drivers\pciide.sys

14:55:48.0757 3972 pciide - ok

14:55:48.0837 3972 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys

14:55:48.0880 3972 pcmcia - ok

14:55:49.0093 3972 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys

14:55:49.0247 3972 PEAUTH - ok

14:55:49.0351 3972 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys

14:55:49.0385 3972 PptpMiniport - ok

14:55:49.0447 3972 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys

14:55:49.0487 3972 Processor - ok

14:55:49.0644 3972 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys

14:55:49.0655 3972 PSched - ok

14:55:50.0025 3972 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys

14:55:50.0474 3972 ql2300 - ok

14:55:50.0537 3972 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys

14:55:50.0653 3972 ql40xx - ok

14:55:50.0875 3972 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys

14:55:50.0876 3972 QWAVEdrv - ok

14:55:51.0075 3972 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys

14:55:51.0099 3972 RasAcd - ok

14:55:51.0269 3972 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys

14:55:51.0360 3972 Rasl2tp - ok

14:55:51.0659 3972 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys

14:55:51.0717 3972 RasPppoe - ok

14:55:51.0876 3972 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys

14:55:51.0907 3972 RasSstp - ok

14:55:52.0010 3972 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys

14:55:52.0067 3972 rdbss - ok

14:55:52.0200 3972 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys

14:55:52.0214 3972 RDPCDD - ok

14:55:52.0415 3972 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys

14:55:52.0604 3972 rdpdr - ok

14:55:52.0777 3972 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys

14:55:52.0789 3972 RDPENCDD - ok

14:55:52.0913 3972 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys

14:55:53.0054 3972 RDPWD - ok

14:55:53.0370 3972 RkHit (330e42b31708ca5a7bad26ff96de2dae) C:\Windows\system32\drivers\RKHit.sys

14:55:53.0408 3972 RkHit - ok

14:55:53.0673 3972 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys

14:55:53.0723 3972 rspndr - ok

14:55:53.0889 3972 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys

14:55:53.0907 3972 sbp2port - ok

14:55:53.0957 3972 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys

14:55:53.0982 3972 secdrv - ok

14:55:54.0227 3972 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\DRIVERS\serenum.sys

14:55:54.0262 3972 Serenum - ok

14:55:54.0581 3972 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys

14:55:54.0768 3972 Serial - ok

14:55:54.0890 3972 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys

14:55:54.0927 3972 sermouse - ok

14:55:54.0998 3972 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys

14:55:55.0078 3972 sffdisk - ok

14:55:55.0216 3972 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys

14:55:55.0231 3972 sffp_mmc - ok

14:55:55.0417 3972 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys

14:55:55.0500 3972 sffp_sd - ok

14:55:55.0758 3972 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys

14:55:55.0786 3972 sfloppy - ok

14:55:55.0941 3972 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys

14:55:56.0031 3972 sisagp - ok

14:55:56.0274 3972 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys

14:55:56.0304 3972 SiSRaid2 - ok

14:55:56.0337 3972 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys

14:55:56.0452 3972 SiSRaid4 - ok

14:55:56.0735 3972 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys

14:55:56.0767 3972 Smb - ok

14:55:57.0061 3972 SMSIVZAM5 (1e715247efffdda938c085913045d599) C:\PROGRA~1\VERIZO~1\VZACCE~1\SMSIVZAM5.SYS

14:55:57.0292 3972 SMSIVZAM5 - ok

14:55:57.0538 3972 SPCP825K (eab58359f7de5eece6e0c8d4221046fa) C:\Windows\system32\DRIVERS\SPCP825K.sys

14:55:57.0599 3972 SPCP825K - ok

14:55:57.0936 3972 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys

14:55:58.0077 3972 spldr - ok

14:55:58.0613 3972 sptd (d15da1ba189770d93eea2d7e18f95af9) C:\Windows\system32\Drivers\sptd.sys

14:55:58.0903 3972 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: d15da1ba189770d93eea2d7e18f95af9

14:55:58.0930 3972 sptd ( LockedFile.Multi.Generic ) - warning

14:55:58.0931 3972 sptd - detected LockedFile.Multi.Generic (1)

14:55:59.0079 3972 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys

14:55:59.0344 3972 srv - ok

14:55:59.0483 3972 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys

14:55:59.0695 3972 srv2 - ok

14:55:59.0934 3972 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys

14:56:00.0038 3972 srvnet - ok

14:56:00.0185 3972 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys

14:56:00.0199 3972 swenum - ok

14:56:00.0313 3972 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys

14:56:00.0354 3972 Symc8xx - ok

14:56:00.0486 3972 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys

14:56:00.0510 3972 Sym_hi - ok

14:56:00.0763 3972 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys

14:56:00.0851 3972 Sym_u3 - ok

14:56:01.0224 3972 Tcpip (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys

14:56:01.0616 3972 Tcpip - ok

14:56:01.0685 3972 Tcpip6 (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys

14:56:01.0693 3972 Tcpip6 - ok

14:56:01.0915 3972 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys

14:56:01.0951 3972 tcpipreg - ok

14:56:02.0109 3972 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys

14:56:02.0141 3972 TDPIPE - ok

14:56:02.0197 3972 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys

14:56:02.0233 3972 TDTCP - ok

14:56:02.0613 3972 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys

14:56:02.0755 3972 tdx - ok

14:56:03.0248 3972 teamviewervpn (9101fffcfccd1a30e870a5b8a9091b10) C:\Windows\system32\DRIVERS\teamviewervpn.sys

14:56:03.0323 3972 teamviewervpn - ok

14:56:03.0554 3972 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys

14:56:03.0599 3972 TermDD - ok

14:56:03.0847 3972 tmactmon (e8e528896ff2595cfada88749cd72ef8) C:\Windows\system32\DRIVERS\tmactmon.sys

14:56:03.0870 3972 tmactmon - ok

14:56:04.0181 3972 tmcomm (1837512d4aab862bd297a2ef035fba14) C:\Windows\system32\DRIVERS\tmcomm.sys

14:56:04.0330 3972 tmcomm - ok

14:56:04.0705 3972 tmeevw (f49ca5c26378f4d5603f2a2fc86e09a1) C:\Windows\system32\DRIVERS\tmeevw.sys

14:56:04.0804 3972 tmeevw - ok

14:56:04.0935 3972 tmevtmgr (dbac510d1c7cc66b7a78eb2264f3072e) C:\Windows\system32\DRIVERS\tmevtmgr.sys

14:56:05.0002 3972 tmevtmgr - ok

14:56:05.0199 3972 tmnciesc (2e078184034a179c47787f87f238d5ba) C:\Windows\system32\DRIVERS\tmnciesc.sys

14:56:05.0243 3972 tmnciesc - ok

14:56:05.0288 3972 tmtdi (a6e20b094a8d3e3f46d10bbe7e1ebb82) C:\Windows\system32\DRIVERS\tmtdi.sys

14:56:05.0401 3972 tmtdi - ok

14:56:05.0680 3972 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys

14:56:05.0772 3972 tssecsrv - ok

14:56:05.0966 3972 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys

14:56:05.0995 3972 tunmp - ok

14:56:06.0225 3972 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys

14:56:06.0262 3972 tunnel - ok

14:56:06.0516 3972 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys

14:56:06.0661 3972 uagp35 - ok

14:56:06.0907 3972 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys

14:56:07.0000 3972 udfs - ok

14:56:07.0057 3972 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys

14:56:07.0180 3972 uliagpkx - ok

14:56:07.0346 3972 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys

14:56:07.0463 3972 uliahci - ok

14:56:07.0689 3972 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys

14:56:07.0750 3972 UlSata - ok

14:56:07.0872 3972 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys

14:56:08.0129 3972 ulsata2 - ok

14:56:08.0234 3972 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys

14:56:08.0270 3972 umbus - ok

14:56:08.0582 3972 UMPass (88bd96a1baeed33ee8bdf9499c07a841) C:\Windows\system32\DRIVERS\umpass.sys

14:56:08.0607 3972 UMPass - ok

14:56:08.0863 3972 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys

14:56:08.0899 3972 USBAAPL - ok

14:56:09.0201 3972 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys

14:56:09.0275 3972 usbaudio - ok

14:56:09.0516 3972 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys

14:56:09.0583 3972 usbccgp - ok

14:56:09.0766 3972 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys

14:56:09.0806 3972 usbcir - ok

14:56:09.0948 3972 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys

14:56:10.0003 3972 usbehci - ok

14:56:10.0160 3972 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys

14:56:10.0263 3972 usbhub - ok

14:56:10.0438 3972 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys

14:56:10.0524 3972 usbohci - ok

14:56:10.0973 3972 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys

14:56:11.0091 3972 usbprint - ok

14:56:11.0356 3972 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS

14:56:11.0451 3972 USBSTOR - ok

14:56:11.0521 3972 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys

14:56:11.0549 3972 usbuhci - ok

14:56:12.0093 3972 vga (f81c2da3d75352e50f4a9ac2c7fdd492) C:\Windows\system32\DRIVERS\vgapnp.sys

14:56:12.0151 3972 vga - ok

14:56:12.0343 3972 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys

14:56:12.0375 3972 VgaSave - ok

14:56:12.0642 3972 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys

14:56:12.0710 3972 viaagp - ok

14:56:12.0831 3972 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys

14:56:12.0866 3972 ViaC7 - ok

14:56:13.0115 3972 viaide (58c8d5ac5c3eef40e7e704a5ced7987d) C:\Windows\system32\drivers\viaide.sys

14:56:13.0130 3972 viaide - ok

14:56:13.0506 3972 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys

14:56:13.0555 3972 volmgr - ok

14:56:13.0813 3972 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys

14:56:13.0948 3972 volmgrx - ok

14:56:14.0238 3972 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys

14:56:14.0434 3972 volsnap - ok

14:56:14.0673 3972 vsbus - ok

14:56:14.0810 3972 vserial (b6103690e7764bd77500ac03e78c3bc0) C:\Windows\system32\DRIVERS\vserial.sys

14:56:14.0890 3972 vserial - ok

14:56:15.0119 3972 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys

14:56:15.0217 3972 vsmraid - ok

14:56:15.0668 3972 VSTHWBS2 (c466021d31ff6c0a6069d12299d80c0b) C:\Windows\system32\DRIVERS\VSTBS23.SYS

14:56:15.0894 3972 VSTHWBS2 - ok

14:56:16.0339 3972 VST_DPV (ec36f1d542ed4252390d446bf6d4dfd0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS

14:56:17.0109 3972 VST_DPV - ok

14:56:18.0022 3972 VX3000 (42870675b4d84acd81a9da69b83f14c5) C:\Windows\system32\DRIVERS\VX3000.sys

14:56:19.0751 3972 VX3000 - ok

14:56:20.0307 3972 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys

14:56:20.0410 3972 WacomPen - ok

14:56:20.0678 3972 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys

14:56:20.0800 3972 Wanarp - ok

14:56:20.0919 3972 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys

14:56:20.0921 3972 Wanarpv6 - ok

14:56:21.0213 3972 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys

14:56:21.0299 3972 Wd - ok

14:56:21.0484 3972 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys

14:56:21.0864 3972 Wdf01000 - ok

14:56:22.0177 3972 winachsf (5c7bdcf5864db00323fe2d90fa26a8a2) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS

14:56:22.0637 3972 winachsf - ok

14:56:22.0943 3972 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys

14:56:22.0982 3972 WmiAcpi - ok

14:56:23.0188 3972 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys

14:56:23.0311 3972 WpdUsb - ok

14:56:23.0575 3972 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys

14:56:23.0631 3972 ws2ifsl - ok

14:56:23.0762 3972 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys

14:56:23.0804 3972 WUDFRd - ok

14:56:23.0934 3972 XDva332 - ok

14:56:23.0998 3972 XDva337 - ok

14:56:24.0114 3972 XDva341 - ok

14:56:24.0314 3972 XDva343 - ok

14:56:24.0527 3972 XDva346 - ok

14:56:24.0801 3972 XDva347 - ok

14:56:24.0942 3972 XDva349 - ok

14:56:25.0067 3972 XDva351 - ok

14:56:25.0121 3972 XDva352 - ok

14:56:25.0332 3972 XDva358 - ok

14:56:25.0391 3972 XDva359 - ok

14:56:25.0401 3972 XDva362 - ok

14:56:25.0423 3972 XDva370 - ok

14:56:25.0452 3972 XDva380 - ok

14:56:25.0664 3972 xusb21 (a640c90b007762939507c28a021be3b3) C:\Windows\system32\DRIVERS\xusb21.sys

14:56:25.0708 3972 xusb21 - ok

14:56:25.0722 3972 MBR (0x1B8) (4bf077b4df3f4f5483a79d4ce511c7f3) \Device\Harddisk0\DR0

14:56:25.0752 3972 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected

14:56:25.0752 3972 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)

14:56:25.0791 3972 Boot (0x1200) (e7cbbebbd4d255e4f1daa771892bf184) \Device\Harddisk0\DR0\Partition0

14:56:25.0928 3972 \Device\Harddisk0\DR0\Partition0 - ok

14:56:25.0928 3972 ============================================================

14:56:25.0928 3972 Scan finished

14:56:25.0928 3972 ============================================================

14:56:25.0940 1448 Detected object count: 2

14:56:25.0940 1448 Actual detected object count: 2

14:58:10.0739 1448 C:\Windows\system32\Drivers\sptd.sys - copied to quarantine

14:58:10.0839 1448 sptd ( LockedFile.Multi.Generic ) - User select action: Quarantine

14:58:16.0079 1448 \Device\Harddisk0\DR0\# - copied to quarantine

14:58:16.0087 1448 \Device\Harddisk0\DR0 - copied to quarantine

14:58:18.0084 1448 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine

14:58:18.0322 1448 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine

14:58:19.0676 1448 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine

14:58:44.0615 1448 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine

14:58:47.0253 1448 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine

14:58:49.0403 1448 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine

14:59:13.0408 1448 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine

14:59:18.0332 1448 \Device\Harddisk0\DR0\TDLFS\xh.dll - copied to quarantine

14:59:21.0069 1448 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot

14:59:21.0181 1448 \Device\Harddisk0\DR0 - ok

14:59:21.0472 1448 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure

14:59:53.0048 4816 Deinitialize success

Link to post
Share on other sites

ComboFix 12-02-09.04 - Richard 02/09/2012 15:14:57.1.2 - x86

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2045.1135 [GMT -5:00]

Running from: c:\users\Richard\Desktop\ComboFix.exe

AV: Trend Micro Titanium Maximum Security 2012 *Disabled/Updated* {7193B549-236F-55EE-9AEC-F65279E59A92}

SP: Trend Micro Titanium Maximum Security 2012 *Disabled/Updated* {CAF254AD-0555-5A60-A05C-CD200262D02F}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\install.exe

c:\users\Richard\AppData\Local\{10F81AF6-DA6F-4E47-B538-0E556692F35D}

c:\users\Richard\AppData\Local\{10F81AF6-DA6F-4E47-B538-0E556692F35D}\chrome.manifest

c:\users\Richard\AppData\Local\{10F81AF6-DA6F-4E47-B538-0E556692F35D}\chrome\content\overlay.xul

c:\users\Richard\AppData\Local\{10F81AF6-DA6F-4E47-B538-0E556692F35D}\install.rdf

c:\windows\system32\2f42b6ea.dll

c:\windows\system32\514a280.dll

c:\windows\system32\725ae3e.dll

c:\windows\system32\dc4afcc.dll

c:\windows\system32\drivers\etc\hosts.ics

c:\windows\system32\drivers\RKHit.sys

c:\windows\system32\system

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Legacy_RKHIT

-------\Service_RkHit

.

.

((((((((((((((((((((((((( Files Created from 2012-01-09 to 2012-02-09 )))))))))))))))))))))))))))))))

.

.

2012-02-09 20:29 . 2012-02-09 20:39 -------- d-----w- c:\users\Richard\AppData\Local\temp

2012-02-09 20:29 . 2012-02-09 20:29 -------- d-----w- c:\users\Mcx1\AppData\Local\temp

2012-02-09 20:29 . 2012-02-09 20:29 -------- d-----w- c:\users\Guest\AppData\Local\temp

2012-02-09 20:29 . 2012-02-09 20:29 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-02-09 19:58 . 2012-02-09 19:58 -------- d-----w- C:\TDSSKiller_Quarantine

2012-02-09 00:05 . 2012-02-09 00:05 -------- d-----w- c:\users\Richard\AppData\Local\Trend Micro

2012-02-09 00:02 . 2012-02-08 23:39 55056 ----a-w- c:\windows\system32\drivers\tmeevw.sys

2012-02-09 00:02 . 2012-02-08 23:39 171280 ----a-w- c:\windows\system32\drivers\tmnciesc.sys

2012-02-09 00:02 . 2012-02-08 23:39 92432 ----a-w- c:\windows\system32\drivers\tmtdi.sys

2012-02-09 00:00 . 2012-02-08 23:39 68368 ----a-w- c:\windows\system32\drivers\tmevtmgr.sys

2012-02-09 00:00 . 2012-02-08 23:39 205072 ----a-w- c:\windows\system32\drivers\tmcomm.sys

2012-02-09 00:00 . 2012-02-08 23:39 81168 ----a-w- c:\windows\system32\drivers\tmactmon.sys

2012-02-08 23:57 . 2012-02-09 00:06 -------- d-----w- c:\programdata\Trend Micro

2012-02-08 23:56 . 2012-02-08 23:56 56 ----a-w- c:\windows\system32\SupportTool.exe.bat

2012-02-08 23:38 . 2012-02-09 00:08 -------- d-----w- c:\program files\Trend Micro

2012-02-08 19:33 . 2012-02-08 19:33 -------- d---a-w- C:\tmbrfix

2012-02-07 21:03 . 2012-02-07 21:03 -------- d-----w- c:\users\Richard\AppData\Roaming\Malwarebytes

2012-02-07 21:03 . 2012-02-07 21:03 -------- d-----w- c:\programdata\Malwarebytes

2012-01-31 03:40 . 2011-11-09 22:38 132768 ----a-w- c:\windows\system32\IPROSetMonitor.exe

2012-01-31 03:39 . 2012-02-01 00:58 -------- d-----w- c:\program files\Intel

2012-01-31 03:39 . 2011-10-14 17:16 294600 ----a-w- c:\windows\system32\PROUnstl.exe

2012-01-31 03:36 . 2011-10-14 15:36 231112 ----a-w- c:\windows\system32\drivers\e1e6032.sys

2012-01-31 03:36 . 2011-06-16 05:04 81592 ----a-w- c:\windows\system32\NicInE6.dll

2012-01-31 03:36 . 2007-12-14 17:06 121440 ----a-w- c:\windows\system32\e1000msg.dll

2012-01-31 03:36 . 2007-08-24 12:58 28272 ----a-w- c:\windows\system32\NicCo26.dll

2012-01-31 02:59 . 2012-01-31 02:59 -------- d-----w- c:\program files\SystemRequirementsLab

2012-01-31 02:51 . 2012-01-31 02:51 -------- d-----w- c:\users\Richard\AppData\Roaming\SystemRequirementsLab

2012-01-31 02:49 . 2012-01-31 02:49 -------- d-----w- c:\users\Richard\AppData\Local\eSupport.com

2012-01-31 02:49 . 2012-01-31 02:49 23456 ----a-w- c:\windows\system32\drivers\DrvAgent32.sys

2012-01-31 02:15 . 2012-02-01 23:24 -------- d-----w- c:\program files\PCSafeDoctor

2012-01-28 01:35 . 2012-02-09 20:32 -------- d-----w- c:\windows\system32\wbem\repository

2012-01-27 22:09 . 2012-01-27 22:09 -------- d-----w- c:\program files\CCleaner

2012-01-21 00:19 . 2012-01-21 00:19 -------- d-----w- c:\program files\iPod

2012-01-21 00:19 . 2012-01-26 01:09 -------- d-----w- c:\program files\iTunes

2012-01-11 20:51 . 2011-11-16 16:23 278528 ----a-w- c:\windows\system32\schannel.dll

2012-01-11 20:51 . 2011-11-17 06:48 440192 ----a-w- c:\windows\system32\drivers\ksecdd.sys

2012-01-11 20:51 . 2011-11-16 16:23 377344 ----a-w- c:\windows\system32\winhttp.dll

2012-01-11 20:51 . 2011-11-16 16:21 1259008 ----a-w- c:\windows\system32\lsasrv.dll

2012-01-11 20:51 . 2011-11-16 16:23 72704 ----a-w- c:\windows\system32\secur32.dll

2012-01-11 20:51 . 2011-11-16 14:12 9728 ----a-w- c:\windows\system32\lsass.exe

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-01-31 12:44 . 2009-10-02 18:47 237072 ------w- c:\windows\system32\MpSigStub.exe

2011-11-27 16:41 . 2011-05-18 17:45 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-11-25 15:59 . 2012-01-10 20:09 376320 ----a-w- c:\windows\system32\winsrv.dll

2011-11-23 13:37 . 2011-12-15 19:43 2043904 ----a-w- c:\windows\system32\win32k.sys

2011-11-18 22:31 . 2011-11-18 22:31 169472 ----a-w- c:\windows\system32\Ncs2Setp.dll

2011-11-18 22:17 . 2011-11-18 22:17 683640 ----a-w- c:\windows\system32\ncs2dmix.dll

2011-11-18 22:17 . 2011-11-18 22:17 557176 ----a-w- c:\windows\system32\accesor.dll

2011-11-18 22:07 . 2011-11-18 22:07 160376 ----a-w- c:\windows\system32\ncs2instutility.dll

2011-11-18 22:04 . 2011-11-18 22:04 2241656 ----a-w- c:\windows\system32\ncscolib.dll

2011-11-18 20:23 . 2012-01-10 20:09 1205064 ----a-w- c:\windows\system32\ntdll.dll

2011-11-18 17:47 . 2012-01-10 20:09 66560 ----a-w- c:\windows\system32\packager.dll

2012-02-02 03:52 . 2011-05-01 16:43 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

2009-10-19 23:59 . 2009-07-10 15:30 47104 ----a-w- c:\program files\mozilla firefox\components\FFComm.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{b760d5a4-8d24-4cb6-942e-d6bb540ad88c}"= "c:\program files\Messenger_Plus\prxtbMess.dll" [2011-01-17 175912]

.

[HKEY_CLASSES_ROOT\clsid\{b760d5a4-8d24-4cb6-942e-d6bb540ad88c}]

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b760d5a4-8d24-4cb6-942e-d6bb540ad88c}]

2011-01-17 20:54 175912 ----a-w- c:\program files\Messenger_Plus\prxtbMess.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{b760d5a4-8d24-4cb6-942e-d6bb540ad88c}"= "c:\program files\Messenger_Plus\prxtbMess.dll" [2011-01-17 175912]

.

[HKEY_CLASSES_ROOT\clsid\{b760d5a4-8d24-4cb6-942e-d6bb540ad88c}]

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{B760D5A4-8D24-4CB6-942E-D6BB540AD88C}"= "c:\program files\Messenger_Plus\prxtbMess.dll" [2011-01-17 175912]

.

[HKEY_CLASSES_ROOT\clsid\{b760d5a4-8d24-4cb6-942e-d6bb540ad88c}]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]

@="{C5994560-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]

2010-03-21 12:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]

@="{C5994561-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]

2010-03-21 12:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]

@="{C5994562-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]

2010-03-21 12:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]

@="{C5994563-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]

2010-03-21 12:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]

@="{C5994564-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]

2010-03-21 12:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]

@="{C5994565-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]

2010-03-21 12:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]

@="{C5994566-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]

2010-03-21 12:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]

@="{C5994567-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]

2010-03-21 12:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]

@="{C5994568-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]

2010-03-21 12:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]

"Steam"="c:\program files\Steam\steam.exe" [2011-08-02 1242448]

"WindowsLivePhone"="c:\program files\Windows Live\Device Manager\msgrdvmn.exe" [2008-12-22 787816]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-10-13 17351304]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-07-04 39408]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"VX3000"="c:\windows\vVX3000.exe" [2009-06-26 757248]

"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2009-07-24 118640]

"WindowsLivePhone"="c:\program files\Windows Live\Device Manager\msgrdvmn.exe" [2008-12-22 787816]

"PlusService"="c:\program files\Yuna Software\Messenger Plus!\PlusService.exe" [2011-10-24 801792]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-04 37296]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]

"pcsafedoctor.exe"="c:\program files\PCSafeDoctor\pcsafedoctor.exe" [2012-01-18 2055680]

"Trend Micro Client Framework"="c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2012-02-08 129304]

"Trend Micro Titanium"="c:\program files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe" [2011-10-05 1300672]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"AvgUninstallURL"="start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=OABNAEUASAAtAFIAQgAzADIARwAtAFUAUABXADgAVQAtAFQAUgBMAFEAUgAtAEIAQQBRAEYAUAAtAEMARQBNAEIAUgA&inst=NwA2AC0ANQAxADYANQAwADIANQA0ADUALQBEADMAOAAxAEwAKwA1AC0AWABPADMANgArADEALQBUAEIAOQArADIALQBOADEARAArADEALQBQAEwAKwA5AC0ARABEAFQAKwA0ADEAOQA3AC0ASQA5ADAAKwAxAC0ARABEADkAMAArADEALQBTAFQAOQAwAEEAUABQACsAMQAtAEYAVQBJACsAMgAtAFAAOQAwAFQAQgArADIA∏=53&ver=9.0.894" [?]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-17 3872080]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

NETGEAR WN121T Smart Wizard.lnk - c:\program files\NETGEAR\WN121T\wn121t.exe [2008-3-17 2498560]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Akamai NetSession Interface]

2011-12-23 10:57 3334432 ----a-w- c:\users\Richard\AppData\Local\Akamai\netsession_win.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]

2011-04-20 16:48 58656 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]

2011-11-02 04:25 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2012-01-16 22:22 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando Media Booster]

2011-09-15 01:19 3077528 ----a-w- c:\program files\Pando Networks\Media Booster\PMB.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2011-07-05 22:36 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

2009-07-04 21:56 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WS2IFSL

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

getPlusHelper REG_MULTI_SZ getPlusHelper

Akamai REG_MULTI_SZ Akamai

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2949154

uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.1.1

FF - ProfilePath - c:\users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\9ry7duts.default\

FF - prefs.js: browser.search.selectedEngine - AVG Secure Search

FF - prefs.js: browser.startup.homepage - hxxp://drgunz.net/forum/forum.php

FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4b494177&v=7.007.026.001&i=26&tp=ab&iy=&ychte=us&lng=en-US&q=

FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false

FF - user.js: browser.sessionstore.resume_from_crash - false

FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false

.

- - - - ORPHANS REMOVED - - - -

.

BHO-{30F9B915-B755-4826-820B-08FBA6BD249D} - c:\program files\ConduitEngine\prxConduitEngine.dll

Toolbar-{3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\AskBarDis\bar\bin\askBar.dll

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

Toolbar-{30F9B915-B755-4826-820B-08FBA6BD249D} - c:\program files\ConduitEngine\prxConduitEngine.dll

WebBrowser-{3041D03E-FD4B-44E0-B742-2D9B88305F98} - c:\program files\AskBarDis\bar\bin\askBar.dll

WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)

MSConfigStartUp-HLBackupScheduler - c:\program files\Verizon V CAST Media Manager\V CAST Backup Scheduler.exe

MSConfigStartUp-LogMeIn Hamachi Ui - c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe

MSConfigStartUp-ROC_roc_dec12 - c:\program files\AVG Secure Search\ROC_roc_dec12.exe

MSConfigStartUp-SunJavaUpdateSched - c:\program files\Common Files\Java\Java Update\jusched.exe

AddRemove-{E2883E8F-472F-4fb0-9522-AC9BF37916A7} - c:\program files\NOS\bin\getPlus_Helper.dll

AddRemove-Project Gunz V3.0 Beta - c:\program files\Project Gamers\Project Gunz V3.0 Beta\Uninstal.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-02-09 15:39

Windows 6.0.6002 Service Pack 2 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Akamai]

"ServiceDll"="c:\program files\common files\akamai/netsession_win_e286960.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\GarenaPEngine]

"ImagePath"="\??\c:\users\Richard\AppData\Local\Temp\EIWF4AA.tmp"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\npggsvc]

"ImagePath"="c:\windows\system32\GameMon.des -service"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\.Default\Software\SetID\Internal]

@Denied: (A 2) (LocalSystem)

"DATA"="<settings expireTime=\"0\" productStatus=\"1\" obSize=\"0\" InstallSTD=\"2145870353\" isSubsc=\"0\" version=\"12.0.1\" timeDiff=\"1\" oldDevice=\"\" authStatus_av=\"0\" />"

"Device"="xr3Pxr2+yLnPx87MzrzMy8y7zcs="

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'Explorer.exe'(3008)

c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

c:\program files\TortoiseSVN\bin\TortoiseStub.dll

c:\program files\TortoiseSVN\bin\TortoiseSVN.dll

c:\program files\TortoiseSVN\bin\libapr_tsvn.dll

c:\program files\TortoiseSVN\bin\libaprutil_tsvn.dll

c:\program files\TortoiseSVN\bin\intl3_tsvn.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\atiesrxx.exe

c:\windows\system32\atieclxx.exe

c:\program files\Trend Micro\AMSP\coreServiceShell.exe

c:\program files\Trend Micro\AMSP\coreFrameworkHost.exe

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\windows\system32\IProsetMonitor.exe

c:\program files\Microsoft LifeCam\MSCamS32.exe

c:\program files\TeamViewer\Version5\TeamViewer_Service.exe

c:\program files\TeamViewer\Version6\TeamViewer_Service.exe

c:\program files\Viewpoint\Common\ViewpointService.exe

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

c:\windows\system32\wbem\unsecapp.exe

c:\program files\TortoiseSVN\bin\TSVNCache.exe

c:\program files\Windows Media Player\wmpnetwk.exe

.

**************************************************************************

.

Completion time: 2012-02-09 15:49:02 - machine was rebooted

ComboFix-quarantined-files.txt 2012-02-09 20:48

.

Pre-Run: 302,074,236,928 bytes free

Post-Run: 302,549,864,448 bytes free

.

- - End Of File - - 592E79CC88B5D2386CFA75D331990EEE

Link to post
Share on other sites

Hi, as I had some notification problems the last few days, please send me a PM if I have not replied to your topic within 24 hours.

You had a nasty rootkit on your computer. Although it is gone now, please read the following information.

BACKDOOR WARNING

------------------------------

One or more of the identified infections is known to use a backdoor.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the infection has been identified and cleaned, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.

CF-SCRIPT

-------------

We need to execute a CF-script.

  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Click Start > Run and in the box that opens type notepad and press enter. Copy/paste the text in the codebox below into it:


DDS::
uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;

Save this as CFScript.txt, in the same location as ComboFix.exe

CFScriptB-4.gif

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Link to post
Share on other sites

Is there a 100% chance that someone was accessing my PC with this, or was it just a function of it that someone COULD do. I'm a gamer so I usually use Pre-paid cards for everything...So I'm not too worried about anything financial. The last time I used my Credit Card was for a college application, and that's not saved info that stays on the browser's cookies (or whatever), and I didn't get the rootkit til about two weeks ago, a month after I used the card. So if there's a keylogger there's no chance that info could've been stored right?

If I do the re-format and reinstallation of the OS, would it be safe to trust my pc fully?

Link to post
Share on other sites

This is not a keylogger, it is the possibility. A "hole" was created in your windows security, which cannot be identified/fixed without a reformat/reinstall (it is impossible to say what the rootkit did when it was active. However, this does not mean someone actually accessed all data, it means that theoretically they have the possibility to do it.

Link to post
Share on other sites

  • 1 month later...
  • 1 month later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.