Jump to content

Trojan agent - windows\svchost.exe


JR777

Recommended Posts

I purchase malware about over a week ago because my pc became infected by a trojan virus. I ran the software several times in safe mode removing about 30 objects. There are two objects that the malware software is having an issue removing. It seems that trojan has infected my registry and the each time a reboot my Windows 7 dual core 2 machine in safe mode and run the scan it detects 2 objects...stating Trojan. Agent C:\windows\svchost.exe. I read some where in this forum that I need to run the scan and post 2 zip files containing the scan information so that someone can help get resolve the issue. I am listing one the logs and will attach the other one zipped on rely. I appreciate any help this one....I had to purchase a new machine just so that I can access the internet and post to this site. The virus on my other machine will not let me get out on the internet.

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421

Run by Fisherman at 20:14:18 on 2012-02-12

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.5887.4780 [GMT -6:00]

.

AV: System Shield *Enabled/Updated* {C132074B-BF68-2E15-D4FD-E242EED15F18}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: System Shield *Disabled/Updated* {7A53E6AF-9952-219B-EE4D-D930955615A5}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\SysWOW64\ANIWConnService.exe

C:\Program Files (x86)\ANI\ANIWZCS2 Service\ANIWZCSdS.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe

C:\Windows\system32\lxcrcoms.exe

C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe

C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe

C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe

C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe

C:\Program Files\Common Files\Authentium\AntiVirus5\vseqrts.exe

C:\Windows\system32\WUDFHost.exe

-netsvcs

C:\Windows\system32\conhost.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files (x86)\iolo\System Mechanic Professional\System Shield\ioloSSTray.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files (x86)\Lexmark 2400 Series\lxcrmon.exe

C:\Program Files (x86)\Lexmark 2400 Series\ezprint.exe

C:\Users\Fisherman\Documents\RCA easyRip\EZDock.exe

C:\Program Files (x86)\D-Link\DWA-125 revA\AirGCFG.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\mmc.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

uDefault_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=et1331g&r=17361109g116p0325v155r4711s270

mDefault_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=et1331g&r=17361109g116p0325v155r4711s270

mStart Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=et1331g&r=17361109g116p0325v155r4711s270

mWinlogon: Userinit=userinit.exe,

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: {62960D20-6D0D-1AB4-4BF1-95B0B5B8783A} - No File

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL

BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB: {5BED3930-2E9E-76D8-BACC-80DF2188D455} - No File

TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File

TB: {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - No File

uRun: [Easy Dock] C:\Users\Fisherman\Documents\RCA easyRip\EZDock.exe

mRun: [iolo Startup] "C:\Program Files (x86)\iolo\Common\Lib\ioloLManager.exe"

mRun: [D-Link D-Link Wireless 150 USB Adapter DWA-125] C:\Program Files (x86)\D-Link\DWA-125 revA\AirGCFG.exe

mRun: [lxcrmon.exe] "C:\Program Files (x86) (x86)\Lexmark 2400 Series\lxcrmon.exe"

mRun: [EzPrint] "C:\Program Files (x86) (x86)\Lexmark 2400 Series\ezprint.exe"

mRun: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

dRun: [dplaysvr] C:\Windows\system32\config\systemprofile\AppData\Local\dplaysvr.exe

StartupFolder: C:\Users\FISHER~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\RCADET~1.LNK - C:\Users\Fisherman\Documents\RCA Detective\RCADetective.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-explorer: HideSCAHealth = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

dPolicies-system: DisableTaskMgr = 1 (0x1)

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000

IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html

IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

LSP: C:\Windows\system32\iavlsp.dll

DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} - hxxp://www.ipix.com/download/ipixx.cab

DPF: {38AB0814-B09B-4378-9940-14A19638C3C2} - hxxp://www.auctiva.com/Aurigma/ImageUploader57.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://fastaccess.fdic.gov/dana-cached/sc/JuniperSetupClient.cab

TCP: Interfaces\{45CBD719-D524-40E3-BF7B-BBDA324B44F6} : DhcpNameServer = 192.168.2.1

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: {62960D20-6D0D-1AB4-4BF1-95B0B5B8783A} - No File

BHO-X64: TTB000000 - No File

BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL

BHO-X64: URLRedirectionBHO - No File

BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB-X64: {5BED3930-2E9E-76D8-BACC-80DF2188D455} - No File

TB-X64: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File

TB-X64: {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - No File

mRun-x64: [iolo Startup] "C:\Program Files (x86)\iolo\Common\Lib\ioloLManager.exe"

mRun-x64: [D-Link D-Link Wireless 150 USB Adapter DWA-125] C:\Program Files (x86)\D-Link\DWA-125 revA\AirGCFG.exe

mRun-x64: [lxcrmon.exe] "C:\Program Files (x86) (x86)\Lexmark 2400 Series\lxcrmon.exe"

mRun-x64: [EzPrint] "C:\Program Files (x86) (x86)\Lexmark 2400 Series\ezprint.exe"

mRun-x64: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices

mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL

Hosts: 94.63.147.16 www.google.com

Hosts: 94.63.147.17 www.bing.com

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Fisherman\AppData\Roaming\Mozilla\Firefox\Profiles\wjyremce.default\

FF - prefs.js: network.proxy.http - 127.0.0.1

FF - prefs.js: network.proxy.http_port - 61152

FF - prefs.js: network.proxy.type - 1

FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL

FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

.

============= SERVICES / DRIVERS ===============

.

R1 anodlwf;ANOD Network Security Filter driver;C:\Windows\system32\DRIVERS\anodlwfx.sys --> C:\Windows\system32\DRIVERS\anodlwfx.sys [?]

R1 ElRawDisk;ElRawDisk;\??\C:\Windows\system32\drivers\ElRawDsk.sys --> C:\Windows\system32\drivers\ElRawDsk.sys [?]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 AMP;AMP;C:\Windows\system32\DRIVERS\amp.sys --> C:\Windows\system32\DRIVERS\amp.sys [?]

R2 AMPSE;AMPSE;C:\Windows\system32\DRIVERS\ampse.sys --> C:\Windows\system32\DRIVERS\ampse.sys [?]

R2 ANIWConnService;ANIWConn Service;C:\Windows\System32\ANIWConnService.exe [2009-11-29 147456]

R2 Greg_Service;GRegService;C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe [2009-6-4 1150496]

R2 ioloSystemService;iolo System Service;C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe [2011-10-3 722616]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-2-11 652360]

R2 Updater Service;Updater Service;C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe [2009-8-15 240160]

R2 vseamps;vseamps;C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe [2011-1-21 121152]

R2 vsedsps;vsedsps;C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe [2011-1-21 119104]

R2 vseqrts;vseqrts;C:\Program Files\Common Files\Authentium\AntiVirus5\vseqrts.exe [2011-1-21 179008]

R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]

R3 netr28ux;D-Link dnetr28u USB Extensible Wireless LAN Card Driver;C:\Windows\system32\DRIVERS\Dnetr28ux.sys --> C:\Windows\system32\DRIVERS\Dnetr28ux.sys [?]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-3-27 136176]

S2 ioloFileInfoList;iolo FileInfoList Service;C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe [2011-10-3 722616]

S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-3-27 136176]

S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880]

S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

.

=============== File Associations ===============

.

JSEFile=NOTEPAD.EXE %1

VBEFile=NOTEPAD.EXE %1

VBSFile=NOTEPAD.EXE %1

.

=============== Created Last 30 ================

.

2012-02-13 01:37:39 20480 ------w- C:\Windows\svchost.exe

2012-02-12 05:29:17 -------- d-----w- C:\Users\Fisherman\AppData\Roaming\Malwarebytes

2012-02-12 05:29:10 -------- d-----w- C:\ProgramData\Malwarebytes

2012-02-12 05:29:09 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-02-12 05:29:08 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-02-10 05:57:28 -------- d--h--w- C:\Users\Fisherman\AppData\Roaming\07E90

2012-02-10 05:53:42 -------- d--h--w- C:\Users\Fisherman\AppData\Roaming\B2107

2012-02-10 05:09:00 -------- d--h--w- C:\Program Files (x86)\07E90

2012-02-10 05:08:25 -------- d--h--w- C:\Program Files (x86)\LP

2012-02-10 02:53:36 414368 ---ha-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-02-09 18:15:31 8602168 ---ha-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{E88D4D4E-F910-4AFA-8E20-B3CDD9F23BA8}\mpengine.dll

.

==================== Find3M ====================

.

2012-01-27 06:52:58 279656 ------w- C:\Windows\System32\MpSigStub.exe

2011-11-24 04:52:09 3145216 ----a-w- C:\Windows\System32\win32k.sys

2011-11-19 14:58:00 77312 ----a-w- C:\Windows\System32\packager.dll

2011-11-19 14:01:00 67072 ----a-w- C:\Windows\SysWow64\packager.dll

2011-11-17 06:49:14 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys

2011-11-17 06:49:14 152432 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys

2011-11-17 06:44:43 459232 ----a-w- C:\Windows\System32\drivers\cng.sys

2011-11-17 06:41:18 1731920 ----a-w- C:\Windows\System32\ntdll.dll

2011-11-17 06:35:28 395776 ----a-w- C:\Windows\System32\webio.dll

2011-11-17 06:35:26 29184 ----a-w- C:\Windows\System32\sspisrv.dll

2011-11-17 06:35:26 136192 ----a-w- C:\Windows\System32\sspicli.dll

2011-11-17 06:35:25 340992 ----a-w- C:\Windows\System32\schannel.dll

2011-11-17 06:35:25 28160 ----a-w- C:\Windows\System32\secur32.dll

2011-11-17 06:35:19 1447936 ----a-w- C:\Windows\System32\lsasrv.dll

2011-11-17 06:33:55 31232 ----a-w- C:\Windows\System32\lsass.exe

2011-11-17 05:38:39 1292080 ----a-w- C:\Windows\SysWow64\ntdll.dll

2011-11-17 05:35:02 314880 ----a-w- C:\Windows\SysWow64\webio.dll

2011-11-17 05:34:52 224768 ----a-w- C:\Windows\SysWow64\schannel.dll

2011-11-17 05:34:52 22016 ----a-w- C:\Windows\SysWow64\secur32.dll

2011-11-17 05:28:48 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll

.

============= FINISH: 20:15:13.17 ===============

Link to post
Share on other sites

I ran malware bytes again today in safe mode. It found two items infected by a trojan...c:\windows\svchost.exe. Each time I reboot my Windows 7 machine and re-run the malware bytes scan tool (full version) it finds the same two items but it fails to remove them. I appreciate any help on this one..it is nerve racketing trying to remove this.I fear that my machine is severely damaged because when I go to my computer and attempt to open my C: drive it says that nothing is there. But if I right mouse click selecting the drive properties it says that the drive has over 50 Gbs of data.

Link to post
Share on other sites

I really appreciate your help MrCharlie!

Below is the report log.

RogueKiller V7.1.0 [02/15/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User: Fisherman [Admin rights]

Mode: Scan -- Date: 02/21/2012 22:32:48

¤¤¤ Bad processes: 1 ¤¤¤

[sVCHOST] svchost.exe -- \\.\globalroot\systemroot\svchost.exe -> KILLED [TermProc]

¤¤¤ Registry Entries: 18 ¤¤¤

[PROXY IE] HKCU\[...]\Internet Settings : ProxyEnable (1) -> FOUND

[PROXY FF] wjyremce.default\ 127.0.0.1:61152 -> FOUND

[WallPP] HKCU\[...]\Desktop : Wallpaper () -> FOUND

[HJ] HKCU\[...]\Advanced : Start_ShowMyDocs (0) -> FOUND

[HJ] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> FOUND

[HJ] HKCU\[...]\Advanced : Start_ShowUser (0) -> FOUND

[HJ] HKCU\[...]\Advanced : Start_ShowMyPics (0) -> FOUND

[HJ] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND

[HJ] HKCU\[...]\Advanced : Start_ShowMyMusic (0) -> FOUND

[HJ] HKCU\[...]\Advanced : Start_ShowControlPanel (0) -> FOUND

[HJ] HKCU\[...]\Advanced : Start_ShowHelp (0) -> FOUND

[HJ] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> FOUND

[HJ] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

[HJ] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

[HJ] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

94.63.147.16 www.google.com

94.63.147.17 www.bing.com

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST375052 8AS SCSI Disk Device +++++

--- User ---

[MBR] ffe92881260ba0585a4e6a6dcc7e7322

[bSP] 9e1327df3d3a2abe1dacc94c2e5402ee : Acer tatooed MBR Code

Partition table:

0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 15360 Mo

1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 31459328 | Size: 100 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 31664128 | Size: 699942 Mo

User = LL1 ... OK!

Error reading LL2 MBR!

Finished : << RKreport[2].txt >>

RKreport[1].txt ; RKreport[2].txt

Link to post
Share on other sites

Please download and run TDSSKiller to your desktop as outlined below:

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

tdss_1.jpg

-------------------------

Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

tdss_2.jpg

------------------------

Click the Start Scan button.

tdss_3.jpg

-----------------------

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

tdss_4.jpg

----------------------

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

tdss_5.jpg

--------------------

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

MrC

Link to post
Share on other sites

21:12:02.0898 3980 TDSS rootkit removing tool 2.7.13.0 Feb 15 2012 19:33:14

21:12:03.0101 3980 ============================================================

21:12:03.0101 3980 Current date / time: 2012/02/22 21:12:03.0101

21:12:03.0101 3980 SystemInfo:

21:12:03.0101 3980

21:12:03.0101 3980 OS Version: 6.1.7601 ServicePack: 1.0

21:12:03.0101 3980 Product type: Workstation

21:12:03.0101 3980 ComputerName: SWEETLADY

21:12:03.0101 3980 UserName: Fisherman

21:12:03.0101 3980 Windows directory: C:\Windows

21:12:03.0101 3980 System windows directory: C:\Windows

21:12:03.0101 3980 Running under WOW64

21:12:03.0101 3980 Processor architecture: Intel x64

21:12:03.0101 3980 Number of processors: 2

21:12:03.0101 3980 Page size: 0x1000

21:12:03.0101 3980 Boot type: Normal boot

21:12:03.0101 3980 ============================================================

21:12:04.0240 3980 Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

21:12:04.0255 3980 Drive \Device\Harddisk6\DR6 - Size: 0xEEB00000 (3.73 Gb), SectorSize: 0x200, Cylinders: 0x1E6, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'

21:12:04.0255 3980 \Device\Harddisk0\DR0:

21:12:04.0255 3980 MBR used

21:12:04.0255 3980 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1E00800, BlocksNum 0x32000

21:12:04.0255 3980 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1E32800, BlocksNum 0x55713000

21:12:04.0255 3980 \Device\Harddisk6\DR6:

21:12:04.0255 3980 MBR used

21:12:04.0255 3980 \Device\Harddisk6\DR6\Partition0: MBR, Type 0xB, StartLBA 0x20, BlocksNum 0x7757E0

21:12:04.0287 3980 Initialize success

21:12:04.0287 3980 ============================================================

21:12:44.0956 3696 ============================================================

21:12:44.0956 3696 Scan started

21:12:44.0956 3696 Mode: Manual; SigCheck; TDLFS;

21:12:44.0956 3696 ============================================================

21:12:46.0032 3696 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys

21:12:46.0173 3696 1394ohci - ok

21:12:46.0219 3696 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys

21:12:46.0266 3696 ACPI - ok

21:12:46.0297 3696 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys

21:12:46.0360 3696 AcpiPmi - ok

21:12:46.0407 3696 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys

21:12:46.0516 3696 adp94xx - ok

21:12:46.0531 3696 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys

21:12:46.0625 3696 adpahci - ok

21:12:46.0625 3696 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys

21:12:46.0641 3696 adpu320 - ok

21:12:46.0687 3696 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys

21:12:46.0734 3696 AFD - ok

21:12:46.0750 3696 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys

21:12:46.0765 3696 agp440 - ok

21:12:46.0781 3696 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys

21:12:46.0797 3696 aliide - ok

21:12:46.0812 3696 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys

21:12:46.0812 3696 amdide - ok

21:12:46.0828 3696 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys

21:12:46.0875 3696 AmdK8 - ok

21:12:46.0906 3696 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys

21:12:46.0921 3696 AmdPPM - ok

21:12:46.0937 3696 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys

21:12:46.0953 3696 amdsata - ok

21:12:46.0968 3696 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys

21:12:46.0984 3696 amdsbs - ok

21:12:46.0999 3696 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys

21:12:47.0015 3696 amdxata - ok

21:12:47.0031 3696 AMP (6035bf320fd4537912ade40f319ef1b1) C:\Windows\system32\DRIVERS\amp.sys

21:12:47.0124 3696 AMP - ok

21:12:47.0155 3696 AMPSE (5f3c572851c0896b0ee1325832139a15) C:\Windows\system32\DRIVERS\ampse.sys

21:12:47.0202 3696 AMPSE - ok

21:12:47.0233 3696 anodlwf (4ccf421e6c4b2a4cbce000715911f7cc) C:\Windows\system32\DRIVERS\anodlwfx.sys

21:12:47.0265 3696 anodlwf - ok

21:12:47.0296 3696 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys

21:12:47.0421 3696 AppID - ok

21:12:47.0436 3696 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys

21:12:47.0452 3696 arc - ok

21:12:47.0483 3696 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys

21:12:47.0499 3696 arcsas - ok

21:12:47.0514 3696 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys

21:12:47.0623 3696 AsyncMac - ok

21:12:47.0655 3696 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys

21:12:47.0655 3696 atapi - ok

21:12:47.0686 3696 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys

21:12:47.0733 3696 b06bdrv - ok

21:12:47.0779 3696 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys

21:12:47.0857 3696 b57nd60a - ok

21:12:47.0904 3696 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys

21:12:47.0982 3696 Beep - ok

21:12:48.0029 3696 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys

21:12:48.0045 3696 blbdrive - ok

21:12:48.0091 3696 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys

21:12:48.0123 3696 bowser - ok

21:12:48.0154 3696 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys

21:12:48.0169 3696 BrFiltLo - ok

21:12:48.0185 3696 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys

21:12:48.0201 3696 BrFiltUp - ok

21:12:48.0216 3696 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys

21:12:48.0263 3696 Brserid - ok

21:12:48.0294 3696 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys

21:12:48.0325 3696 BrSerWdm - ok

21:12:48.0341 3696 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys

21:12:48.0403 3696 BrUsbMdm - ok

21:12:48.0435 3696 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys

21:12:48.0497 3696 BrUsbSer - ok

21:12:48.0528 3696 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys

21:12:48.0559 3696 BTHMODEM - ok

21:12:48.0591 3696 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys

21:12:48.0622 3696 cdfs - ok

21:12:48.0653 3696 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys

21:12:48.0684 3696 cdrom - ok

21:12:48.0715 3696 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys

21:12:48.0747 3696 circlass - ok

21:12:48.0762 3696 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys

21:12:48.0778 3696 CLFS - ok

21:12:48.0809 3696 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys

21:12:48.0840 3696 CmBatt - ok

21:12:48.0887 3696 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys

21:12:48.0887 3696 cmdide - ok

21:12:48.0965 3696 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys

21:12:48.0996 3696 CNG - ok

21:12:49.0027 3696 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys

21:12:49.0059 3696 Compbatt - ok

21:12:49.0074 3696 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys

21:12:49.0121 3696 CompositeBus - ok

21:12:49.0137 3696 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys

21:12:49.0152 3696 crcdisk - ok

21:12:49.0199 3696 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys

21:12:49.0246 3696 DfsC - ok

21:12:49.0293 3696 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys

21:12:49.0339 3696 discache - ok

21:12:49.0355 3696 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys

21:12:49.0402 3696 Disk - ok

21:12:49.0417 3696 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys

21:12:49.0480 3696 drmkaud - ok

21:12:49.0542 3696 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys

21:12:49.0589 3696 DXGKrnl - ok

21:12:49.0651 3696 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys

21:12:49.0761 3696 ebdrv - ok

21:12:49.0792 3696 ElRawDisk (d38a883309e04b9fbffe1aca60ea3bbf) C:\Windows\system32\drivers\ElRawDsk.sys

21:12:49.0823 3696 ElRawDisk - ok

21:12:49.0839 3696 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys

21:12:49.0870 3696 elxstor - ok

21:12:49.0901 3696 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys

21:12:49.0932 3696 ErrDev - ok

21:12:49.0963 3696 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys

21:12:49.0995 3696 exfat - ok

21:12:50.0010 3696 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys

21:12:50.0057 3696 fastfat - ok

21:12:50.0088 3696 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys

21:12:50.0119 3696 fdc - ok

21:12:50.0135 3696 FileDisk - ok

21:12:50.0166 3696 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys

21:12:50.0182 3696 FileInfo - ok

21:12:50.0197 3696 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys

21:12:50.0260 3696 Filetrace - ok

21:12:50.0291 3696 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys

21:12:50.0307 3696 flpydisk - ok

21:12:50.0353 3696 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys

21:12:50.0369 3696 FltMgr - ok

21:12:50.0400 3696 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys

21:12:50.0416 3696 FsDepends - ok

21:12:50.0447 3696 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys

21:12:50.0447 3696 Fs_Rec - ok

21:12:50.0478 3696 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys

21:12:50.0494 3696 fvevol - ok

21:12:50.0525 3696 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys

21:12:50.0541 3696 gagp30kx - ok

21:12:50.0572 3696 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys

21:12:50.0587 3696 hcw85cir - ok

21:12:50.0634 3696 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys

21:12:50.0681 3696 HdAudAddService - ok

21:12:50.0712 3696 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys

21:12:50.0775 3696 HDAudBus - ok

21:12:50.0790 3696 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys

21:12:50.0837 3696 HidBatt - ok

21:12:50.0868 3696 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys

21:12:50.0915 3696 HidBth - ok

21:12:50.0931 3696 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys

21:12:50.0962 3696 HidIr - ok

21:12:50.0993 3696 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys

21:12:51.0055 3696 HidUsb - ok

21:12:51.0180 3696 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys

21:12:51.0196 3696 HpSAMD - ok

21:12:51.0227 3696 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys

21:12:51.0305 3696 HTTP - ok

21:12:51.0336 3696 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys

21:12:51.0352 3696 hwpolicy - ok

21:12:51.0414 3696 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys

21:12:51.0430 3696 i8042prt - ok

21:12:51.0492 3696 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys

21:12:51.0539 3696 iaStorV - ok

21:12:51.0570 3696 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys

21:12:51.0586 3696 iirsp - ok

21:12:51.0648 3696 IntcAzAudAddService (bc64b75e8e0a0b8982ab773483164e72) C:\Windows\system32\drivers\RTKVHD64.sys

21:12:51.0695 3696 IntcAzAudAddService - ok

21:12:51.0726 3696 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys

21:12:51.0726 3696 intelide - ok

21:12:51.0742 3696 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys

21:12:51.0773 3696 intelppm - ok

21:12:51.0820 3696 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys

21:12:51.0867 3696 IpFilterDriver - ok

21:12:51.0913 3696 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys

21:12:51.0945 3696 IPMIDRV - ok

21:12:51.0976 3696 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys

21:12:52.0023 3696 IPNAT - ok

21:12:52.0054 3696 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys

21:12:52.0085 3696 IRENUM - ok

21:12:52.0116 3696 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys

21:12:52.0132 3696 isapnp - ok

21:12:52.0147 3696 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys

21:12:52.0163 3696 iScsiPrt - ok

21:12:52.0179 3696 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys

21:12:52.0179 3696 kbdclass - ok

21:12:52.0194 3696 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys

21:12:52.0241 3696 kbdhid - ok

21:12:52.0272 3696 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys

21:12:52.0288 3696 KSecDD - ok

21:12:52.0303 3696 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys

21:12:52.0319 3696 KSecPkg - ok

21:12:52.0350 3696 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys

21:12:52.0381 3696 ksthunk - ok

21:12:52.0428 3696 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys

21:12:52.0491 3696 lltdio - ok

21:12:52.0522 3696 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys

21:12:52.0537 3696 LSI_FC - ok

21:12:52.0553 3696 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys

21:12:52.0569 3696 LSI_SAS - ok

21:12:52.0600 3696 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys

21:12:52.0615 3696 LSI_SAS2 - ok

21:12:52.0631 3696 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys

21:12:52.0647 3696 LSI_SCSI - ok

21:12:52.0678 3696 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys

21:12:52.0725 3696 luafv - ok

21:12:52.0740 3696 MagicTune - ok

21:12:52.0771 3696 mbamchameleon (51914228d4b9610fba24f249c0fdd871) C:\Windows\system32\drivers\mbamchameleon.sys

21:12:52.0803 3696 mbamchameleon - ok

21:12:52.0849 3696 MBAMProtector (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys

21:12:52.0896 3696 MBAMProtector - ok

21:12:52.0927 3696 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys

21:12:52.0927 3696 megasas - ok

21:12:52.0943 3696 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys

21:12:53.0115 3696 MegaSR - ok

21:12:53.0130 3696 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys

21:12:53.0177 3696 Modem - ok

21:12:53.0208 3696 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys

21:12:53.0255 3696 monitor - ok

21:12:53.0302 3696 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys

21:12:53.0317 3696 mouclass - ok

21:12:53.0333 3696 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys

21:12:53.0349 3696 mouhid - ok

21:12:53.0380 3696 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys

21:12:53.0395 3696 mountmgr - ok

21:12:53.0427 3696 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys

21:12:53.0442 3696 mpio - ok

21:12:53.0442 3696 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys

21:12:53.0505 3696 mpsdrv - ok

21:12:53.0583 3696 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys

21:12:53.0629 3696 MRxDAV - ok

21:12:53.0692 3696 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys

21:12:53.0739 3696 mrxsmb - ok

21:12:53.0785 3696 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys

21:12:53.0832 3696 mrxsmb10 - ok

21:12:53.0863 3696 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

21:12:53.0879 3696 mrxsmb20 - ok

21:12:53.0895 3696 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys

21:12:53.0910 3696 msahci - ok

21:12:53.0941 3696 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys

21:12:53.0957 3696 msdsm - ok

21:12:54.0004 3696 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys

21:12:54.0066 3696 Msfs - ok

21:12:54.0082 3696 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys

21:12:54.0144 3696 mshidkmdf - ok

21:12:54.0160 3696 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys

21:12:54.0175 3696 msisadrv - ok

21:12:54.0191 3696 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys

21:12:54.0253 3696 MSKSSRV - ok

21:12:54.0269 3696 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys

21:12:54.0331 3696 MSPCLOCK - ok

21:12:54.0347 3696 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys

21:12:54.0409 3696 MSPQM - ok

21:12:54.0456 3696 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys

21:12:54.0472 3696 MsRPC - ok

21:12:54.0503 3696 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys

21:12:54.0519 3696 mssmbios - ok

21:12:54.0534 3696 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys

21:12:54.0597 3696 MSTEE - ok

21:12:54.0612 3696 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys

21:12:54.0643 3696 MTConfig - ok

21:12:54.0675 3696 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys

21:12:54.0690 3696 Mup - ok

21:12:54.0706 3696 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys

21:12:54.0753 3696 NativeWifiP - ok

21:12:54.0753 3696 NCPro - ok

21:12:54.0815 3696 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys

21:12:54.0831 3696 NDIS - ok

21:12:54.0846 3696 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys

21:12:54.0877 3696 NdisCap - ok

21:12:54.0893 3696 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys

21:12:54.0940 3696 NdisTapi - ok

21:12:54.0971 3696 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys

21:12:55.0065 3696 Ndisuio - ok

21:12:55.0096 3696 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys

21:12:55.0174 3696 NdisWan - ok

21:12:55.0221 3696 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys

21:12:55.0299 3696 NDProxy - ok

21:12:55.0330 3696 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys

21:12:55.0361 3696 NetBIOS - ok

21:12:55.0377 3696 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys

21:12:55.0423 3696 NetBT - ok

21:12:55.0486 3696 netr28ux (26672f93749ac9fd28da1b0f94efa78d) C:\Windows\system32\DRIVERS\Dnetr28ux.sys

21:12:55.0548 3696 netr28ux - ok

21:12:55.0579 3696 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys

21:12:55.0595 3696 nfrd960 - ok

21:12:55.0611 3696 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys

21:12:55.0673 3696 Npfs - ok

21:12:55.0704 3696 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys

21:12:55.0767 3696 nsiproxy - ok

21:12:55.0845 3696 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys

21:12:55.0907 3696 Ntfs - ok

21:12:55.0907 3696 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys

21:12:55.0954 3696 Null - ok

21:12:55.0985 3696 NVENETFD (a85b4f2ef3a7304a5399ef0526423040) C:\Windows\system32\DRIVERS\nvm62x64.sys

21:12:56.0016 3696 NVENETFD - ok

21:12:56.0328 3696 nvlddmkm (d7a2cd1d76e6cc996a0852d566af2f73) C:\Windows\system32\DRIVERS\nvlddmkm.sys

21:12:56.0609 3696 nvlddmkm - ok

21:12:56.0640 3696 NVNET (956a1f47826514c1ea0c295fe13c7377) C:\Windows\system32\DRIVERS\nvmf6264.sys

21:12:56.0671 3696 NVNET - ok

21:12:56.0703 3696 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys

21:12:56.0718 3696 nvraid - ok

21:12:56.0734 3696 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys

21:12:56.0749 3696 nvstor - ok

21:12:56.0781 3696 nvstor64 (7c7eef51979658ce15bbc04f96a77d56) C:\Windows\system32\DRIVERS\nvstor64.sys

21:12:56.0796 3696 nvstor64 - ok

21:12:56.0827 3696 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys

21:12:56.0843 3696 nv_agp - ok

21:12:56.0859 3696 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys

21:12:56.0890 3696 ohci1394 - ok

21:12:56.0937 3696 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys

21:12:56.0952 3696 Parport - ok

21:12:56.0983 3696 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys

21:12:56.0999 3696 partmgr - ok

21:12:57.0030 3696 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys

21:12:57.0046 3696 pci - ok

21:12:57.0061 3696 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys

21:12:57.0077 3696 pciide - ok

21:12:57.0093 3696 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys

21:12:57.0108 3696 pcmcia - ok

21:12:57.0124 3696 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys

21:12:57.0139 3696 pcw - ok

21:12:57.0155 3696 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys

21:12:57.0217 3696 PEAUTH - ok

21:12:57.0295 3696 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys

21:12:57.0373 3696 PptpMiniport - ok

21:12:57.0405 3696 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys

21:12:57.0436 3696 Processor - ok

21:12:57.0483 3696 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys

21:12:57.0561 3696 Psched - ok

21:12:57.0607 3696 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys

21:12:57.0670 3696 ql2300 - ok

21:12:57.0701 3696 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys

21:12:57.0717 3696 ql40xx - ok

21:12:57.0732 3696 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys

21:12:57.0763 3696 QWAVEdrv - ok

21:12:57.0795 3696 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys

21:12:57.0826 3696 RasAcd - ok

21:12:57.0857 3696 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys

21:12:57.0888 3696 RasAgileVpn - ok

21:12:57.0919 3696 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys

21:12:57.0966 3696 Rasl2tp - ok

21:12:57.0997 3696 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys

21:12:58.0044 3696 RasPppoe - ok

21:12:58.0075 3696 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys

21:12:58.0122 3696 RasSstp - ok

21:12:58.0153 3696 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys

21:12:58.0185 3696 rdbss - ok

21:12:58.0200 3696 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys

21:12:58.0231 3696 rdpbus - ok

21:12:58.0231 3696 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys

21:12:58.0278 3696 RDPCDD - ok

21:12:58.0278 3696 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys

21:12:58.0341 3696 RDPENCDD - ok

21:12:58.0372 3696 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys

21:12:58.0403 3696 RDPREFMP - ok

21:12:58.0465 3696 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys

21:12:58.0528 3696 RDPWD - ok

21:12:58.0559 3696 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys

21:12:58.0621 3696 rdyboost - ok

21:12:58.0668 3696 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys

21:12:58.0731 3696 rspndr - ok

21:12:58.0793 3696 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys

21:12:58.0824 3696 sbp2port - ok

21:12:58.0871 3696 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys

21:12:58.0918 3696 scfilter - ok

21:12:58.0949 3696 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

21:12:58.0980 3696 secdrv - ok

21:12:59.0011 3696 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys

21:12:59.0043 3696 Serenum - ok

21:12:59.0058 3696 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys

21:12:59.0074 3696 Serial - ok

21:12:59.0121 3696 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys

21:12:59.0152 3696 sermouse - ok

21:12:59.0183 3696 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys

21:12:59.0230 3696 sffdisk - ok

21:12:59.0261 3696 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys

21:12:59.0277 3696 sffp_mmc - ok

21:12:59.0292 3696 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys

21:12:59.0323 3696 sffp_sd - ok

21:12:59.0355 3696 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys

21:12:59.0386 3696 sfloppy - ok

21:12:59.0417 3696 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys

21:12:59.0417 3696 SiSRaid2 - ok

21:12:59.0448 3696 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys

21:12:59.0464 3696 SiSRaid4 - ok

21:12:59.0479 3696 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys

21:12:59.0511 3696 Smb - ok

21:12:59.0526 3696 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys

21:12:59.0542 3696 spldr - ok

21:12:59.0589 3696 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys

21:12:59.0620 3696 srv - ok

21:12:59.0635 3696 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys

21:12:59.0667 3696 srv2 - ok

21:12:59.0729 3696 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys

21:12:59.0791 3696 srvnet - ok

21:12:59.0807 3696 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys

21:12:59.0823 3696 stexstor - ok

21:12:59.0854 3696 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys

21:12:59.0869 3696 swenum - ok

21:12:59.0932 3696 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys

21:12:59.0963 3696 Tcpip - ok

21:13:00.0010 3696 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys

21:13:00.0041 3696 TCPIP6 - ok

21:13:00.0072 3696 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys

21:13:00.0119 3696 tcpipreg - ok

21:13:00.0150 3696 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys

21:13:00.0197 3696 TDPIPE - ok

21:13:00.0228 3696 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys

21:13:00.0306 3696 TDTCP - ok

21:13:00.0369 3696 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys

21:13:00.0431 3696 tdx - ok

21:13:00.0447 3696 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys

21:13:00.0462 3696 TermDD - ok

21:13:00.0509 3696 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys

21:13:00.0618 3696 tssecsrv - ok

21:13:00.0665 3696 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys

21:13:00.0712 3696 TsUsbFlt - ok

21:13:00.0727 3696 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys

21:13:00.0805 3696 tunnel - ok

21:13:00.0805 3696 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys

21:13:00.0821 3696 uagp35 - ok

21:13:00.0852 3696 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys

21:13:00.0946 3696 udfs - ok

21:13:00.0977 3696 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys

21:13:00.0993 3696 uliagpkx - ok

21:13:01.0008 3696 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys

21:13:01.0055 3696 umbus - ok

21:13:01.0055 3696 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys

21:13:01.0086 3696 UmPass - ok

21:13:01.0133 3696 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys

21:13:01.0164 3696 usbccgp - ok

21:13:01.0195 3696 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys

21:13:01.0211 3696 usbcir - ok

21:13:01.0242 3696 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys

21:13:01.0258 3696 usbehci - ok

21:13:01.0289 3696 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys

21:13:01.0320 3696 usbhub - ok

21:13:01.0351 3696 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys

21:13:01.0398 3696 usbohci - ok

21:13:01.0523 3696 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys

21:13:01.0554 3696 usbprint - ok

21:13:01.0585 3696 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys

21:13:01.0617 3696 usbscan - ok

21:13:01.0648 3696 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS

21:13:01.0679 3696 USBSTOR - ok

21:13:01.0695 3696 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys

21:13:01.0757 3696 usbuhci - ok

21:13:01.0773 3696 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys

21:13:01.0819 3696 usbvideo - ok

21:13:01.0835 3696 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys

21:13:01.0851 3696 vdrvroot - ok

21:13:01.0866 3696 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys

21:13:01.0882 3696 vga - ok

21:13:01.0897 3696 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys

21:13:01.0944 3696 VgaSave - ok

21:13:01.0991 3696 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys

21:13:02.0007 3696 vhdmp - ok

21:13:02.0022 3696 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys

21:13:02.0038 3696 viaide - ok

21:13:02.0069 3696 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys

21:13:02.0069 3696 volmgr - ok

21:13:02.0116 3696 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys

21:13:02.0131 3696 volmgrx - ok

21:13:02.0163 3696 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys

21:13:02.0178 3696 volsnap - ok

21:13:02.0194 3696 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys

21:13:02.0209 3696 vsmraid - ok

21:13:02.0241 3696 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys

21:13:02.0272 3696 vwifibus - ok

21:13:02.0287 3696 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys

21:13:02.0334 3696 vwififlt - ok

21:13:02.0365 3696 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys

21:13:02.0381 3696 vwifimp - ok

21:13:02.0397 3696 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys

21:13:02.0428 3696 WacomPen - ok

21:13:02.0584 3696 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

21:13:02.0646 3696 WANARP - ok

21:13:02.0662 3696 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

21:13:02.0677 3696 Wanarpv6 - ok

21:13:02.0709 3696 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys

21:13:02.0724 3696 Wd - ok

21:13:02.0755 3696 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys

21:13:02.0787 3696 Wdf01000 - ok

21:13:02.0865 3696 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys

21:13:02.0927 3696 WfpLwf - ok

21:13:02.0927 3696 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys

21:13:02.0943 3696 WIMMount - ok

21:13:02.0974 3696 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys

21:13:03.0021 3696 WinUsb - ok

21:13:03.0052 3696 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys

21:13:03.0067 3696 WmiAcpi - ok

21:13:03.0099 3696 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys

21:13:03.0130 3696 ws2ifsl - ok

21:13:03.0177 3696 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys

21:13:03.0208 3696 WudfPf - ok

21:13:03.0223 3696 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys

21:13:03.0270 3696 WUDFRd - ok

21:13:03.0286 3696 MBR (0x1B8) (98c463cba70ed23d2549b17f914eb467) \Device\Harddisk0\DR0

21:13:03.0301 3696 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected

21:13:03.0301 3696 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)

21:13:03.0348 3696 \Device\Harddisk0\DR0 ( TDSS File System ) - warning

21:13:03.0348 3696 \Device\Harddisk0\DR0 - detected TDSS File System (1)

21:13:03.0364 3696 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk6\DR6

21:13:03.0520 3696 \Device\Harddisk6\DR6 - ok

21:13:03.0535 3696 Boot (0x1200) (5089ea643958713dbc3e5a40665458a9) \Device\Harddisk0\DR0\Partition0

21:13:03.0551 3696 \Device\Harddisk0\DR0\Partition0 - ok

21:13:03.0551 3696 Boot (0x1200) (32df57acd14ba1904fac7137bbc466af) \Device\Harddisk0\DR0\Partition1

21:13:03.0551 3696 \Device\Harddisk0\DR0\Partition1 - ok

21:13:03.0567 3696 Boot (0x1200) (1725a056569c3b64844a82b51cbeb648) \Device\Harddisk6\DR6\Partition0

21:13:03.0567 3696 \Device\Harddisk6\DR6\Partition0 - ok

21:13:03.0567 3696 ============================================================

21:13:03.0567 3696 Scan finished

21:13:03.0567 3696 ============================================================

21:13:03.0567 3352 Detected object count: 2

21:13:03.0567 3352 Actual detected object count: 2

21:13:49.0758 3352 \Device\Harddisk0\DR0\# - copied to quarantine

21:13:49.0758 3352 \Device\Harddisk0\DR0 - copied to quarantine

21:13:49.0867 3352 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine

21:13:49.0899 3352 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine

21:13:49.0914 3352 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine

21:13:49.0930 3352 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine

21:13:49.0945 3352 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine

21:13:49.0945 3352 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine

21:13:49.0945 3352 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine

21:13:49.0961 3352 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine

21:13:49.0961 3352 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine

21:13:49.0977 3352 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine

21:13:50.0008 3352 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot

21:13:50.0008 3352 \Device\Harddisk0\DR0 - ok

21:16:08.0240 3352 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure

21:16:08.0240 3352 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user

21:16:08.0240 3352 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

21:23:51.0077 3732 Deinitialize success

Link to post
Share on other sites

Next......

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingc...to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Make sure you run ComboFix from your desktop.

Please include the C:\ComboFix.txt in your next reply for further review.

MrC

Link to post
Share on other sites

Sorry it took a few days to get to back MrC!

I ran Combo Fix.

I can now connect to the internet from the infected machine.Below is the log report.

Thank you!!!!!!!!!!!!!!!!!!!!!!!!!!!!! :-)

omboFix 12-02-25.02 - Fisherman 02/26/2012 0:11.1.2 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.5887.4723 [GMT -6:00]

Running from: c:\users\Fisherman\Desktop\ComboFix.exe

AV: System Shield *Enabled/Updated* {C132074B-BF68-2E15-D4FD-E242EED15F18}

SP: System Shield *Disabled/Updated* {7A53E6AF-9952-219B-EE4D-D930955615A5}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\program files (x86)\LP

c:\programdata\u45skZGMJRbkt7

c:\users\Fisherman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check

c:\users\Fisherman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check\System Check.lnk

c:\users\Fisherman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check\Uninstall System Check.lnk

c:\users\Fisherman\Desktop\System Check.lnk

.

.

((((((((((((((((((((((((( Files Created from 2012-01-26 to 2012-02-26 )))))))))))))))))))))))))))))))

.

.

2012-02-26 06:15 . 2012-02-26 06:15 -------- d-----w- c:\users\Guest\AppData\Local\temp

2012-02-26 06:15 . 2012-02-26 06:15 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-02-23 03:13 . 2012-02-23 03:13 -------- d-----w- C:\TDSSKiller_Quarantine

2012-02-22 04:27 . 2012-02-22 04:15 1251328 ----a-w- C:\RogueKiller.exe

2012-02-20 17:38 . 2012-02-20 17:41 29808 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys

2012-02-12 05:29 . 2012-02-12 05:29 -------- d-----w- c:\users\Fisherman\AppData\Roaming\Malwarebytes

2012-02-12 05:29 . 2012-02-12 05:29 -------- d-----w- c:\programdata\Malwarebytes

2012-02-12 05:29 . 2011-12-10 21:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-02-12 05:29 . 2012-02-12 05:29 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-02-11 05:19 . 2012-02-12 06:40 -------- d-----w- c:\users\Guest\AppData\Roaming\07E90

2012-02-11 05:18 . 2012-02-12 06:40 -------- d-----w- c:\users\Guest\AppData\Roaming\B2107

2012-02-10 05:57 . 2012-02-12 06:40 -------- d--h--w- c:\users\Fisherman\AppData\Roaming\07E90

2012-02-10 05:53 . 2012-02-12 06:40 -------- d--h--w- c:\users\Fisherman\AppData\Roaming\B2107

2012-02-10 05:09 . 2012-02-12 06:40 -------- d--h--w- c:\program files (x86)\07E90

2012-02-10 02:53 . 2012-02-10 02:53 414368 ---ha-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-02-10 02:46 . 2012-02-10 02:46 -------- d--h--w- c:\users\Fisherman\AppData\Local\Mozilla

2012-02-09 18:15 . 2012-01-06 05:15 8602168 ---ha-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E88D4D4E-F910-4AFA-8E20-B3CDD9F23BA8}\mpengine.dll

2012-02-08 04:00 . 2012-02-08 04:00 -------- d--h--w- c:\users\sgrant\System Mechanic receipt

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-01-27 06:52 . 2009-11-28 22:32 279656 ------w- c:\windows\system32\MpSigStub.exe

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Easy Dock"="c:\users\Fisherman\Documents\RCA easyRip\EZDock.exe" [2011-01-18 585728]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"iolo Startup"="c:\program files (x86)\iolo\Common\Lib\ioloLManager.exe" [2011-08-08 606392]

"D-Link D-Link Wireless 150 USB Adapter DWA-125"="c:\program files (x86)\D-Link\DWA-125 revA\AirGCFG.exe" [2009-04-22 1683456]

"lxcrmon.exe"="c:\program files (x86) (x86)\Lexmark 2400 Series\lxcrmon.exe" [2009-05-01 291496]

"EzPrint"="c:\program files (x86) (x86)\Lexmark 2400 Series\ezprint.exe" [2009-05-01 82600]

"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]

.

c:\users\Fisherman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

RCA Detective.lnk - c:\users\Fisherman\Documents\RCA Detective\RCADetective.exe [2011-4-5 804352]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"HideSCAHealth"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EventSystem]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ioloSystemService]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vseamps]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vsedsps]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vseqrts]

@="Service"

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-27 136176]

R2 ioloFileInfoList;iolo FileInfoList Service;c:\program files (x86)\iolo\Common\Lib\ioloServiceManager.exe [2011-08-08 722616]

R2 ioloSystemService;iolo System Service;c:\program files (x86)\iolo\Common\Lib\ioloServiceManager.exe [2011-08-08 722616]

R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-27 136176]

R3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [x]

R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]

R3 netr28ux;D-Link dnetr28u USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\Dnetr28ux.sys [x]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

S1 anodlwf;ANOD Network Security Filter driver;c:\windows\system32\DRIVERS\anodlwfx.sys [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 AMP;AMP;c:\windows\system32\DRIVERS\amp.sys [x]

S2 AMPSE;AMPSE;c:\windows\system32\DRIVERS\ampse.sys [x]

S2 Greg_Service;GRegService;c:\program files (x86)\eMachines\Registration\GregHSRW.exe [2009-06-04 1150496]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]

S2 Updater Service;Updater Service;c:\program files\eMachines\eMachines Updater\UpdaterService.exe [2009-07-04 240160]

S2 vseamps;vseamps;c:\program files\Common Files\Authentium\AntiVirus5\vseamps.exe [2011-01-21 121152]

S2 vsedsps;vsedsps;c:\program files\Common Files\Authentium\AntiVirus5\vsedsps.exe [2011-01-21 119104]

S2 vseqrts;vseqrts;c:\program files\Common Files\Authentium\AntiVirus5\vseqrts.exe [2011-01-21 179008]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

.

.

--- Other Services/Drivers In Memory ---

.

*Deregistered* - ElRawDisk

.

Contents of the 'Scheduled Tasks' folder

.

2012-02-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-27 19:44]

.

2012-02-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-27 19:44]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-20 7981088]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-14 16333856]

"lxcrmon.exe"="c:\program files (x86)\Lexmark 2400 Series\lxcrmon.exe" [2009-05-01 291496]

"EzPrint"="c:\program files (x86)\Lexmark 2400 Series\ezprint.exe" [2009-05-01 82600]

"LXCRCATS"="c:\windows\system32\spool\DRIVERS\x64\3\LXCRtime.dll" [2006-11-21 31744]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x1

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

uLocal Page = c:\windows\system32\blank.htm

mStart Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=et1331g&r=17361109g116p0325v155r4711s270

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html

IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105

LSP: c:\windows\system32\iavlsp.dll

TCP: DhcpNameServer = 192.168.2.1

FF - ProfilePath - c:\users\Fisherman\AppData\Roaming\Mozilla\Firefox\Profiles\wjyremce.default\

FF - prefs.js: network.proxy.http - 127.0.0.1

FF - prefs.js: network.proxy.http_port - 61152

FF - prefs.js: network.proxy.type - 1

.

.

------- File Associations -------

.

JSEFile=NOTEPAD.EXE %1

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

Wow6432Node-HKU-Default-Run-dplaysvr - c:\windows\system32\config\systemprofile\AppData\Local\dplaysvr.exe

SafeBoot-AMP

SafeBoot-AMPSE

Toolbar-Locked - (no file)

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2012-02-26 00:17:42

ComboFix-quarantined-files.txt 2012-02-26 06:17

.

Pre-Run: 676,101,619,712 bytes free

Post-Run: 675,989,123,072 bytes free

.

- - End Of File - - BB6B4590DAA7FDC4C2B657E3F6BD77FC

Link to post
Share on other sites

Looks Good

Can you take a look in these folders and let me know what's inside and if you recognize them:

You may have to enable hidden files to see them:

http://www.bleepingc...s-in-windows-7/

c:\users\Guest\AppData\Roaming\07E90

c:\users\Guest\AppData\Roaming\B2107

c:\users\Fisherman\AppData\Roaming\07E90

c:\users\Fisherman\AppData\Roaming\B2107

c:\program files (x86)\07E90

-------------------------

also in Firefox you have a proxy set, did you do this?

FF - prefs.js: network.proxy.http - 127.0.0.1

FF - prefs.js: network.proxy.http_port - 61152

FF - prefs.js: network.proxy.type - 1

Let me know, MrC

Link to post
Share on other sites

Hello MrC

Below is my analysis:

c:\users\Guest\AppData\Roaming\07E90 - When I first attempted to open the folder as admin it stated I didn't have access and then I was prompted to get access and once the folder opened it was empty, which was the case with other directories that contained the folder 07E90. The same thing happen for c:\users\Guest\AppData\Roaming\B2107

but there is a file that I don't recognize called 7E90.210 I ran a scan on it....nothing malacious found this was same case for c:\users\Fisherman\AppData\Roaming\B2107. For Firefox I did not set up proxy....at least I don't remember doing so. I have not tried using it since I was able to use this machine again....just IE so far..no issues. Does this mean I still have an infection?

Thanks again!!!

Link to post
Share on other sites

Good and Yes....as far as I see you're clean!

Please Uninstall ComboFix:

Press the Windows logo key + R to bring up the "run box"

Copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /

cf2.jpg

Then hit enter.

This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

--------------------

Please download OTL from one of the links below:

http://oldtimer.geekstogo.com/OTL.exe

http://oldtimer.geekstogo.com/OTL.com

Save it to your desktop.

Run OTL and hit the CleanUp button. (This will cleanup the tools and logs used including itself)

Any other programs you can manually delete.

Any questions...please post back.

If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.

Take a look at My Preventive Maintenance to avoid being infected again.

Good Luck and Thanks for using the forum, MrC

Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.